Taking Ransomware to Court

By Kurt Baumgartner, part of Kaspersky's Global Research and Analysis Team (GReAT)

Following a tumultuous year, some of the biggest cybersecurity stories may not be done with us just yet. COVID, ransomware and disinformation helped craft a painful narrative in 2020 and are each poised to turn the page to a new chapter.

Here's what could come next on those fronts:

Corporate America fights ransomware in the courts

Because America is particularly litigious, and the ransomware epidemic is out of control in the US, corporate America may send in legal teams to try to tackle the open source malware supply chain. These advanced frameworks are freely released with no distribution control and the ransomware industry is currently dependent on them. These toolkits and malware enable ransomware incidents on a daily basis, with damages in at least the hundreds of millions, so corporations are looking for a remedy.

Deepfakes take disinformation to the next level

Active measures have taken a new place in American politics. Beyond simple spin, constant disinformation dominates headlines on a daily basis and has led news media to maintain full-time fact checking staff. We can expect to see technology taking these deceptions to a new level. Deepfake technologies will connect with distribution chains and advance to support disinformation efforts in coordinated new ways.

COVID-era attacks on work-from-home are just the beginning

WFH environments have yet to attract the same level of focus as ransomware opportunities in large businesses, but they are definitely being targeted by cybercriminals. According to year-end data from Kaspersky, brute force attacks on remote desktop protocol (software commonly used by businesses to enable remote work) grew by 242% in 2020, making it the cybersecurity story of the year. There were also the Zoom vulnerabilities that were quickly attended to this summer. But these were just the beginning. Attacks on home routers and environments are slowly picking up, and will lead to bigger issues in this work-from-home shift.

COVID vaccine is an effective phishing lure

With the global pandemic still in full swing, we expect Covid-19 spear phishing themes to continue well into the new year. With vaccine approval and early distribution underway, we will see new lures trying to capitalize on this crucial subject, targeting people who let their guard down out of eagerness for a cure.

Cybercriminals increasingly target medical records

Leaked medical records could also become part of the hook in targeted attacks, since accurate patient information will make fake messages far more credible. Many of those will likely come from cloud services. Medical organizations' transition to cloud infrastructures is already creating risks, while interest in patient data is growing. Other records will be stolen from smaller, private healthcare organizations. Protecting patient data and infrastructure is fairly expensive and thus difficult for SMBs to implement at the best of times, let alone during an economic crisis.

Healthcare-targeting ransomware evolves

The particularly cruel practice of targeting the medical industry with ransomware during a pandemic continues. In 2020, we saw and prevented hundreds of Ryuk ransomware attacks on European and Middle Eastern targets. After recent efforts to disrupt the Trickbot infrastructure related to Ryuk, the group moved to Bazar, then Qakbot, then brought back Trickbot itself, and currently we see them using two bot families in parallel. Unfortunately, their active and agile formula for penetrating networks, disrupting them, and coercing for ransom is one that will continue to work in the US.

Vaccines give us a light at the end of the tunnel, but the impact of COVID-19 will be felt across the world of cybersecurity for a long time, and the efforts by security pros to adapt to a dramatically different threat landscape have only just begun.

##

About the Author

Kurt Baumgartner is part of Kaspersky's Global Research and Analysis Team (GReAT). He monitors the malware landscape in the Americas, analyzes targeted attacks and authors intelligence reports on the world's most sophisticated APT groups.