1. Home
  2. Ransomware, Muleware and Extortionware to Take Center Stage

Ransomware, Muleware and Extortionware to Take Center Stage

  •  BY
  •  In
  •  Dec 19, 2014
  •  1001
  •  0

In order to combat these and other types of attacks, organizations must continue to refine their incident response processes

The CTO of Lancope,  Keanini predicts that the following types of attacks will become bigger concerns in 2015:

  • Muleware – Unlike malware, muleware solicits the participation of end users and offers them incentives to play a small role in the attack. Up until this point, cyber criminals have had to exploit and compromise users' devices to attain valuable resources. Moving forward, Keanini predicts that we will see more internal users involved in externally-launched attacks, making it easier for attackers to infiltrate the network and stay under the radar. This practice brings a new level of concern when it comes to insider threats.
  • Ransomware – Ransomware such as CryptoLocker remains very profitable, and Lancope expects to see an expanded use of ransomware in the coming year. One industry at great risk here is healthcare. Three factors make it a highly attractive target for ransomware expansion: 1) the mandate to move to electronic records, 2) the sensitive nature of healthcare data, and 3) the immaturity of the information security practices that exist in the healthcare industry today.
  • Extortionware – Extortionware is a spinoff of ransomware whereby unless you pay a certain amount to the attacker, your sensitive (and potentially incriminating) data will be made public for all to see. Much like spear phishing, this type of attack is more targeted than ransomware, but attackers will yield a higher take per victim, and the victims are less likely to involve law enforcement due to the sensitive nature of their data.
  • Re-Authentication Exploitation – Authentication methods are getting stronger, and the adoption of two-factor authentication is growing and defeating historical brute-force password attacks. However, the bad news is that attackers are innovating and finding weaknesses in re-authentication processes where standards are not widely adopted. Various instances have proven that a very persistent and irate customer can almost always get re-authenticated without the proper credentials, and this is not good when that person is actually an attacker.

 

Nike Blog


Add new comment