Recently, gas has been a hot topic in the news. In the encryption media, it’s about Ethereum miners ’fees. In the main media, it has been the good old-fashioned gasoline, including the short-term lack of it on the east coast, thanks to an alleged attack of Darkside ransomware on Colonial Pipeline system, which provides the 45 % of the supply of diesel of the coast this. , Gasoline and aircraft fuel.
In ransomware cases, we usually see the repetition of a typical cycle: Initially, attention is focused on the attack, the root cause, the consequences, and the steps organizations can take to prevent future attacks. Then the approach often begins to turn to digital currency and how its perceived anonymity helps increase ransomware attacks, inspiring more cybercriminals to enter the game.
However, looking at the macro image of cybersecurity attacks, we see some trends that have been emerging. For example, cyberattack losses grew by 50% between 2018 and 2020, and global losses amounted to more than $ 1 trillion. It is an inevitable conclusion that speaks to the ubiquity of the security vulnerabilities available to exploit.
related: Report on digital currency exchange hacks 2011-2020
The rise in cybercrime is also driven by the availability of ready-to-use and ready-to-use malware, which is easily found on the dark web for those with little skill, but who still want to take advantage of opportunities to free money presented by unsecured organizations. . It is important to note that offenders themselves have continued to evolve their strategies to evade defensive security tactics, techniques, and procedures (TTP) to ensure they can remain profitable. If digital currency were no longer a viable payment option, attackers would almost certainly switch to a different payment approach. The idea that they would simply stop attacking these organizations without cryptography challenges credulity.
The “root cause”, so to speak, of these events is not the payment method used to reward the criminals, it is the security breaches that allowed them to rape the company and obviously the fact that there are criminals. who commit these crimes. crimes.
With ransomware in trend (and within the Darkside attack), we see how this ever-changing modus operandi is demonstrated. In the early days of ransomware, it was relatively straightforward: a cyber attacker finds a way into the company, most often through a social engineering attack, such as phishing email or a protocol unsafe remote desktop, and encrypts the victim’s files. The victim pays the ransom through a bank transfer or encryption and, in most cases, gets the decryption key, which normally (but not always) decrypts the files. Another alternative is for the victim to choose not to pay and restore their files from a backup or simply accept the loss of their data.
By the end of 2019, more companies were preparing with support strategies to deal with these threats and refused to pay. Ransomware actors, such as the ransomware group Maze, emerged, evolved, and changed tactics. They began leaking data and extorting their victims: “Pay, or we will also publicly publish the confidential data we stole from them.” This greatly increased the costs of a ransomware attack, effectively turning a business issue into a notification event, requiring data discovery, even more legal advice and public scrutiny, while proving the attacker’s determination to find ways to avoid impediments to payment. (Darkside, believed to be the group behind the Colonial Pipeline attack, is an extortionist group). Another trend, as cited in the previous report, is the increase in the selection of victims, finding those who can pay higher amounts in dollars. , As well as those with data they would not like to be shared publicly.
Cyberattackers will continue to evolve their tactics as long as there is someone or some organization to attack; they have been doing so since the beginning of piracy. Before cryptography and even cybercrime, we had to leave cash in a bag at night and bank transfers as options for anonymous payments to criminals. They will continue to find ways to collect, and the benefits of digital currency (financial freedom, resistance to censorship, privacy, and security for the individual) far outweigh the disadvantage of its appeal to criminals who may find its convenience appealing. Vilifying digital currency will not eliminate crime.
It can be difficult, even (probably) impossible, to close all security breaches in the company. But too often, security fundamentals, such as periodic patchwork and security awareness, are omitted, which contribute greatly to reducing the risk of ransomware. Let’s keep our eye on the goal, the company, and not on the award, the cryptography. Or we can then blame the court order for all the other financial crimes.
This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers must conduct their own research when making a decision.
The views, thoughts and opinions expressed herein are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Michael Perklin is the director of information security at ShapeShift, where he oversees all security practices for products, services, and businesses, while ensuring that they adhere to or surpass industry best practices. With more than a decade of experience in blockchain and cryptography, he leads a team that ensures that best security practices are used using specific cybersecurity and blockchain methodologies. Perklin is the president of Digital Currency Certification Consortium (C4), has worked on several industry boards and is a co-author of the Digital Currency Security Standard (CCSS), which is used by hundreds of global organizations.