Will Ransomware Get Worse in 2018?

January 5, 2018 Arctic Wolf Networks

There were many notable cybersecurity concerns in 2017, from the global rise of self-propagating ransomware such as WannaCry and Bad Rabbit, to the revelation of backdoors in major cryptocurrency wallets, popular PC utilities like CCleaner and many other prominent programs. Should we expect even more challenges for network security in 2018?

The short answer is “yes.” However, to understand why, we have to look at the trends in malware development and propagation that weren’t resolved when the specific threats listed above were neutralized. Fending off successors to last year’s most crippling malware will require sophisticated strategies backed by dependable technical solutions.

Why Ransomware and Major Exploits Could Get Worse in 2018

“Ransomware architects have already moved on new targets in IoT.”

Ransomware and backdoor bypasses may seem like unrelated issues, but they’re actually closely connected. Indeed, critical flaws in legacy technologies such as a deprecated version of Microsoft’s Server Message Block (SMB) protocol were instrumental to the success of WannaCry et al.

Exploitation of similar vulnerabilities will likely remain front and center concerns for network security teams throughout 2018. An IBM report on the history of ransomware charted the meteoric rise of ransomware attachments to spam emails; in 2015, virtually no spam messages included ransomware, but by late 2016, 60 percent did. Typically, such attachments are designed to take advantage of flaws in widely used productivity software used by SMBs and the enterprise. There will be more trouble ahead, due to:

  • Shortages of experienced IT personnel to monitor security environments 24/7
  • Misuse of legitimate programs such as Mimikatz to harvest credentials and infect additional machines
  • Novel delivery methods, like the PDF embedment technique of Locky, a ransomware once distributed only via Word macros
  • The expansion of the attack surface to the vast Internet of Things (IoT)

Indeed, with many of the most commonly targeted loopholes now closed in the wake of their discoveries, ransomware architects have moved on to new targets in IoT. Many IoT devices have little recourse against debilitating attacks such as ransomware because of their infrequent and often complex update schedules, which require coordination between multiple vendors.

Ransomware usually weaponizes strong encryption against file owners.Ransomware usually weaponizes strong encryption against file owners.

The KRACK attack against WPA2 Wi-Fi security revealed IoT’s soft underbelly and prompted a Wired Magazine writer to declare it would take decades to clean up because of lingering problems with outdated IoT endpoints. Defending against the next wave of ransomware attacks will require:

  • Keeping hardware and software up to date.
  • Removing known liabilities such as File Server Resource Manager from Windows Server 2008, a common risk in healthcare IT environments, in particular.
  • Working with a managed security services provider to address constraints created by shorthanded security teams.

Managed and hosted services as an allocation of IT budgets expects to increase in 2018 to come in line with expenditures such as traditional software, according to the 2018 Spiceworks State of IT survey. That’s good news on the surface, but it doesn’t explain what solutions will actually be implemented in the near future to shield data and devices from advanced attacks.

SOC-as-a-Service for a Safer 2018

The sheer volume and sophistication of threats across today’s networks necessitates new approaches to risk management and mitigation. Instead of treating IT infrastructure as a static fortresses to board-up against all possible intruders, decision makers should evolve their strategies with help from trusted security partners.

Upgrading to a Security Operations Center (SOC)-as-a-service offering delivers modern protection at scale, while responding to a rapidly shifting threat environment. Arctic Wolf’s AWN CyberSOC™ includes cloud-based security information and event management (SIEM) technology, continuous monitoring, threat detection and response, and security experts who become a seamless extension of your internal IT team. Read this white paper to learn more about how AWN CyberSOC can trim your cybersecurity costs while dramatically improving your overall security posture against ransomware and other cyberattacks.


Previous Article
Assessing the Damage from the Meltdown and Spectre CPU Exploits
Assessing the Damage from the Meltdown and Spectre CPU Exploits

Meltdown and Spectre are among the most significant vulnerabilities ever discovered.

Next Article
The Rising Risks of Cryptocurrency-Mining Malware
The Rising Risks of Cryptocurrency-Mining Malware

As cryptocurrencies become more prominent, it's time to think about the risks from mining malware.


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!