Ever since the 1970’s people have been creating computer viruses to do all sorts of malicious things. And since the dawn of the Internet, attacks have been getting broader and more complex. Around 2006, seriously organized cyber criminals started becoming more active by using an ever-expanding toolkit to do damage or extract money or information from companies.
The term malware grew out of this phenomenon as attacks were no longer simple viruses or scripts but a variety of attacks, sometimes orchestrated together to achieve a specific goal. Enter ransomware, which is usually a combination of human social engineering, a trojan horse and encryption tools. These attacks trick users into clicking, and then encrypt the drive on the computer (and will potentially spread to everything else that computer can connect to on the network), and then the culprits threaten with a ransom request (usually for a near impossible to trace e-currency called bitcoin). Removing these infections is almost always impossible. In many cases, the encryption cannot be reversed. The best course of action ends up being that the victim will have to restore systems from backups and re-image workstations.
All of this built up during the 2000s and forward with hackers (amateur through to nation states) continually evolving in a never-ending arms race between them and security solutions. And as computers have become more advanced and easier to use, while at the same time the Internet has become broader, its darkweb underground stealthier, ‘malice’ as a service has become a major economy.
Where back in the ‘90s hackers might have shared snippets of code from tools and viruses that they made, so, doing a significant amount of harm took a fair amount of skill and knowledge in programming and systems. Today’s world is just a click and a (stolen) credit card or bitcoin ransom away. Ransomware, DDoS (distributed denial of service) as a service, cyber intelligence, and even directed attacks are all available on marketplaces, and are being provided by professional-level, organized, and in some cases, stated-backed systems which are hosted all over the world. Check out this example of what these threats can do and look like in this SentinelOne blog about Thanos Ransomware-as-a-service (warning this blog is technical).
In today’s security world there is no perfectly safe online system. If it is connected to the Internet or a human has access to it with some means of running something unauthorized, or removing data, it could be compromised. So, where does that leave most businesses?
Layered security software, advanced firewalls (for office networks), security and phishing training for all staff, and more recently a move to SOC and xDR (Extended Detection and Response) services for higher threat networks are important safeguards to have in place. The latter is to detect infiltration/threats that traditional antivirus cannot catch.
Better user training and behavior is now the best way to protect technology. The monitoring and analyzing of the user, network and file behavior (both in-house and in the cloud), and looking for correlation and trends rather than specific ‘definitions’ as threats are evolving to hide from traditional antivirus, firewalls etc. If you aren’t evolving your security and practices the risks are growing every day, and all it takes is for those attackers to target your company, randomly or directly, to have your security and practices limits tested.