WannaCry. NotPetya. KRACK. BadRabbit–with all the new friends we made in 2017, organizations have to wonder what the new year has in store in regards to cyber security. A meteoric rise in ransomware has the healthcare industry on its toes. Corporate email breach rates are soaring. Surely there must be someone that can help us make sense of it all!
Well, Sophos can. A few months ago SophosLabs released its 2018 Malware Forecast. In this week’s blog post, we’ll look at the data, the predictions, and what business owners should take away from the research. Ready to get secure and stay secure in 2018? Keep reading to learn how you can pull it off.
3 Key Points of the SophosLabs Malware Forecast
1. Ransomware-as-a-Service is the New Normal
The real boogeyman in the world of cyber security is no longer individual hackers, but the toolkits and custom code they distribute. The Dark Web is littered with DIY exploit kits and pre-built ransomware payloads just waiting to be aimed and fired, for a price. Any Joe Shmoe off the street can bring a hospital campus to a grinding halt, even if they can’t tell a secure socket from an electrical socket. Ransomware-as-a-Service is an all-inclusive heist-in-a-box that even low-tier baddies can use to separate your organization from its wallet.
Just how commodified has ransomware become? Well, why not watch the world’s first commercial for a ransomware toolkit?
What It Means for You
More attempts. More spam. More danger lurking around every corner. Sure, these DIY exploiters may not have the expertise or dedication that hackers of old once touted, but cyber crime in 2018 is a numbers game. Expect to see the total number of attempted attacks rise as ransomware-as-a-service kits multiply and the entry threshold for cyber criminals lowers.
2. Windows is Still Vulnerable
As the author of the report states, “the Windows threat landscape hasn’t changed much in the past year…” Realistically, that’s no better news than claiming the yapping dog next door hasn’t been barking much louder than usual. One important trend that SophosLabs reported was an increased concentration of attack payloads nested in Microsoft Office applications such as Word and Excel. Droppers like these execute macros inside Windows documents to deliver their payload, turning innocent-looking files into landmines. If anything, these improvements in the world of Office exploits translate into shorter attack time frames and more efficient exploits.
What It Means for You
Like years past, the most likely attack vector against your organization in 2018 will be an attachment in your inbox. However, expect phishing attempts that are more deceptive, more persuasive, and, should you fall victim, more unforgiving. Tag teamed with a blossoming ransomware-as-a-service sector and we can expect Windows exploits that are deployed more dynamically than ever. The turnaround time is shrinking between when new vulnerabilities are discovered and attack payloads being built to exploit them.
3. Cybercriminals As Opportunistic Hunters
The bad guys are wasting less of their time on targets that won’t pay up. That’s bad news for those of us that don’t have the luxury of choice. The healthcare, government, and education industries will have inescapable targets looming over their heads throughout 2018. Healthcare in particular is already attacked more frequently than any other sector. Each instance of ransomware attack is an experiment in which criminals are learning who will convert into a sale and which targets are least prepared.
What It Means for You
Cyber crime is a growing industry and like any budding industry, they are piecing together their target audience and exploring strategies to shorten their “sales funnel.” With ransomware, that’s accomplished by targeting critical infrastructure, medical records, and sensitive financial information. If your industry touches on those goalposts, you’ve probably made it onto the bad guys’ shortlist.
How Can I Prepare for 2018?
Adware, spyware, and viruses are all very much real and salient worries. But let’s not kid ourselves about who the big bad final boss is on this level: ransomware. Any industries that could find themselves staring down the barrel of a custom-design exploit kit should be preparing for that possibility by putting preventative measures in place. Step one is as easy as learning as much as possible about ransomware, so why not hop over to our article “Ransomware Warfare: How to Protect Your Files From Hostage Takers” to brush up on your safety basics?
Sophos Intercept X is a powerful weapon that most organizations should be adding to their arsenal. Intercept X is designed to run alongside any other endpoint applications on your system, so most network environments will welcome it. Intercept X is built to go toe-to-toe with zero day threats because Sophos analyzes threats based on behavior rather than known signature. Behavior-based scanning ensures that even if an attack has never been documented before, it’s still going to get the ax if it walks like ransomware, talks like ransomware, and smells like ransomware. In an era of bespoke and rapid-deployment ransomware, we can no longer rely on only fighting the enemies we’re familiar with.
However, the most impressive feature of Intercept X is its ability to literally roll back damage from ransomware that lands on your system. Even if ransomware makes it onto your network and manages to encrypt a few files, Intercept X will be able to shut the attack down, restore your files, and reverse the damage right before your eyes. In fact, you can watch it demonstrated in this one-minute video:
Remember, an organization is only as secure as its employees make it. Human error will occur. Honest mistakes happen. But if the worst happens, Intercept X will be there to clean up.