Ransomware has been spectacularly successful. Stories abound of enterprises stockpiling bitcoin in anticipation of attack and of frequent capitulation to attackers. But it is simply the latest iteration of digital extortion — its forebear being denial-of-service (DoS) attacks.
In the 1990s, for example, criminals would threaten online gambling firms with crude DoS attacks unless they paid a “protection” ransom. This tactic was remarkably effective during prominent sporting events, such as the NFL Super Bowl. The earliest ransomware attacks were crude but successful, but as defenses improve criminals are being forced to innovate.
Unfortunately, they have many new extortion opportunities because our digital devices live with us, often attached to our bodies like an extra limb. Their microphones are in range of our intimate conversations, their cameras directed toward our most private activities.
When activated, they could capture confidential negotiation positions for a billion-dollar corporate acquisition, or the most intimate moments between a married couple. Our devices are also littered with artifacts that betray our consciousness. Our browsing history and email correspondence can reveal our innermost thoughts. Indeed, there has perhaps never been a greater source of intelligence on any one person than his or her digital device.
Our greatest vulnerability
Criminals have yet to exploit this rich source of intelligence at a human level. Attacks have focused on credit card theft or encrypting data for ransom.
In the near future there will be a much more prominent flow of blackmail coursing through the arteries of the criminal body. Attackers will steal documents, browsing histories, mail repositories, photos and videos, as well as activate the microphone and camera to capture intimate activities of their victim. In aggregation, this will provide a rich portrait of the victim and will be as good a dataset as could be wished for by any blackmailer.
With a ransomware attack, criminals will first ask for full payment to destroy their data haul. If the victim refuses, the criminal will likely release a subset of the data to the target’s contact list to incentivize payment. A further escalation could then be to post the files online.
Given the sensitivity of conversations, videos and documents that could be captured, the victim will likely pay the ransom. The internet remembers. That memory could be to the detriment of future personal and professional relationships.
The potential of brand damage will be particularly incentivizing where enterprises are concerned. In many cases, given the potential to extract higher ransoms, criminal organizations will dedicate resources to manually assessing their data haul from enterprise executives to ensure the ransom is commensurate with the sensitivity of the data. Even when paid, there is no guarantee that the data will be destroyed.
The best defense will be to prevent the criminal from ever reaching the endpoints. When this is not possible, data loss prevention (DLP) solutions should help to identify data leaving the network.
Enterprises can also benefit from less data being stored permanently on the endpoint and more being stored in cloud architectures. However, because of unreliable WiFi connectivity, many traveling professionals will prefer to trust their own machines over access to a cloud.
Old-school solutions should also be embraced: A simple cover over a webcam when not in use can remove the threat of webcams being activated. Enterprises also should ensure that their incident/crisis response playbooks include such scenarios. The worst time to be debating who is in charge and what the company’s extortion policy is, is when you’re under fire.
This is part of a series of articles from DXC Labs | Security that explores how threats we confront are likely to evolve, and the countermeasures we should be preparing.