The WannaCry and Petya attacks have shown that they can do damage on a global scale. New vulnerabilities are constantly discovered, and cybercriminals are quick to exploit these for financial gain. They are also adept at adding new capabilities to make the malware more dangerous. For example, the Petya attack in June 2017 was the first time that ransomware had worming capabilities, which allowed it to spread with alarming speed.
Arctic Wolf conducted a survey to better understand where the ransomware could go next, and the results showed that the ransomware of things was likely the next chapter in the evolution of this digital plague. Ransomware of things is the convergence of ransomware and the Internet of Things (IoT)—rather than attacking a personal computer or server, ransomware would attack a IoT endpoint to extort a ransom.
Mid-market companies have embraced IoT, but unfortunately they still have rudimentary security. 62% do not perform log analysis, and 80% are not protected against zero day threats. In the event they experience a ransomware attack, 69% do not have a formal incident response plan, and 45% are likely to pay the ransom to get access to the data.
IoT is an emerging technology that promises to provide productivity and cost-saving benefits. However, it lacks standards, and most of the existing products were not designed with robust security in mind. Consequently, there are countless demonstrations of IoT devices being hacked, including medical devices, automobiles, cameras and physical locks.
The lack of focus on security has left commercial IoT devices vulnerable, and the cybercriminals have started to turn their attention to IoT attacks. The Arctic Wolf survey showed 13% of all survey respondents have experienced an IoT attack. When the data was looked at by industry, it showed that more than 20% of the companies in four industries saying that they had an IoT attack. The transportation industry was the most alarming with 29% of respondents saying they had an IoT attack.
With IoT attacks already a common event in several industries and ransomware continuing to become more prevalent, the combination of the two is very likely. Ransomware is already a billion dollar industry, and there are entrepreneurial cybercriminals who offer ransomware-as-a-service. To charge more and gain new customers, ransomware expanding beyond computers and servers is inevitable.
Cybersecurity today needs to go beyond the basics of just protecting the perimeter and endpoints of a company’s network. Log analysis, third party threat intelligence and protection against zero day threats are all basic requirements of a robust security program. Nowadays, cybercriminals are organized, educated and well-funded, sometimes by nation states. Companies who rely on rudimentary security will eventually fall prey to these criminals, and the unfortunate truth is that this will be more common than it ever should be.
Read the complete survey results here.