Ransomware: Blackmailers take over the World Wide Web

The Internet is a dangerous turf – it harbours too many criminals who are after money or data. 2016 could be considered the year of cyber extortion.

The previously known ransomware practises lock the screen and demand money, threaten to make arrests and levy fines, like BKA Trojans, or are after their victim’s data, just like crypto ransomware. New scams, in which victims transfer money to the cybercriminals’ account, are expected in 2016. Delinquents use programs such as Hawkeye, Cuckoo Minter and Predator Pain to first intercept the communication between their victims.

In addition to employing tactics such as the defacement of websites or DDoS attacks (Distributed Denial of Service), criminals are now also likely to create and exploit data leaks. The latest attacks also disclose prejudicial information, including questionable messages or suspicious transactions of the companies concerned.

According to the annual report of the Japanese security firm Trend Micro, attacks on the Internet of Things are also becoming increasingly probable. Although 2015 saw the first incidents of hacked baby monitors, televisions and cars and although in principle the security risks are known, networking of almost all terminal devices continues to rise. The number of smart home devices is thus expected to grow by 67% annually over the next five years and reach nearly two billion by 2019, resulting in a significantly higher growth rate than for smartphones and tablets.

Given the wide range of devices, platforms, operating systems and applications as well as the lack of legal regulations, although a large-scale hacking attack may not yet be in sight, there is a much greater risk of malfunction: The more drones are in the air, the more terminal devices are used in medicine and the more private and business appliances use the Internet, the more likely defects, hacking attacks and abuse will become.

2015 was also marked by a wave of malvertising attacks: Cybercriminals use ads to smuggle malicious code onto popular and otherwise innocuous websites. Primarily exploit kits were used to do so in the first half of the year: In September, for example, approximately 3,000 renowned Japanese websites were victims of a massive campaign, in which data was stolen from nearly half a million users.

Although such malicious ads can also be expected in 2016, there appears to be some improvement on this front: Since more and more people are using online ad blockers – almost half of users in the US alone – online advertisers will change their advertising strategies. The proliferation of advertising blockers is forcing cybercriminals to seek new avenues of attack, which in turn will lead to less harmful advertisements.

The cooperation of IT security providers and Interpol could also lead to successes such as the immobilisation of the Simda botnet in April 2015. The key to this were the IP addresses of the servers involved and statistical information on the malicious software employed. The botnet had modified hosts’ files and thus redirected users who were trying to access legal sites (such as Facebook, Bing, Yahoo or Google Analytics) to malicious sites. One should therefore never really feel safe anywhere on the Web. (Source: Trend Micro/rf)