RANSOMWARE 2.0: say goodbye to all your data

10

October

2022

No ratings yet.

Cybercrime is nothing new. Everyone has heard stories about people being hacked. There are endless ways people can be hacked, varying from simple password-guessing to Cookie theft. Today we are discussing the newest version of a specific type of hacking, namely ransomware, software deployed by ransomware groups to access, encrypt, and even destroy people’s data.

Ransomware groups are essentially online mafia groups. After stealing and encrypting your data, these groups hand you two options: either pay a tremendous amount of money, usually in Bitcoin, to get it back through an encryption code or lose everything. Most ransomware groups target big companies since they will have more money to extract. Moreover, their data is likely to be of very high value to them, making them feasible targets. However, this does not mean you, and I cannot be directly affected. The groups are merciless, as they even target hospitals (Collier, 2022). Imagine the impact this can have on the patients.

A well-known dilemma with ransomware is whether or not to pay (Sloof, 2021). Paying means you will get your data back, right? Of course, you can never wholly trust an organization that has taken your data hostage and is now asking for money for its release. Thus, how would you know paying means you are safe? Moreover, there should be more ways of retrieving your belongings. Organizations indeed often try decrypting themselves. This is where ransomware 2.0 comes into play.

Lately, at least one ransomware group called BlackCat has moved away from encrypting data and is now destroying it if their ransom is not met. The threat is thus even more significant than before because once they destroy it, there is no way back (Palmer, 2022). Consequently, the threat is more effective because more victims choose to pay the ransom instead of going to battle by trying to find other ways to get their hands on the key. Moreover, developing destructive malware is easier, less time intensive, and thus cheaper than creating ‘regular ransomware’. This way, the criminals get 1) more effective bait and 2) more net profits (Palmer, 2022).

In short, ransomware is a hazardous way of hacking, and it is only becoming more and more effective. I am inquisitive about the answer the world will have to this malware since I expect cyber criminals to always be one step ahead of the ones trying to stop them

References:

Collier, K. (2022, October 7). Ransomware attack delays patient care at hospitals across the U.S. NBC News. Retrieved October 10, 2022, from https://www.nbcnews.com/tech/security/ransomware-attack-delays-patient-care-hospitals-us-rcna50919

Palmer, D. (2022, September 27). Hackers are testing a destructive new way to make ransomware attacks more effective. ZDNET. Retrieved October 10, 2022, from https://www.zdnet.com/article/hackers-are-testing-a-destructive-new-way-to-make-ransomware-attacks-more-effective/

Sloof, A. M. (2021, September 28). To pay or not to pay: the dilemma of ransomware. Social Blog. Retrieved October 10, 2022, from https://digitalstrategy.rsm.nl/2021/09/28/to-pay-or-not-to-pay-the-dilemma-of-ransomware/

Please rate this

Deepfake Fraud – The Other Side of Artificial Intelligence

8

October

2021

Dangers of AI: How deepfakes through Artificial Intelligence could be used for fraud, scams and cybercrime.

No ratings yet.

Together with Machine Learning, Artificial Intelligence (or: AI) can be considered one of if not the hottest emerging innovations in the field of technology nowadays (Duggal, 2021). AI entails the ability of a computer or a machine to ‘think by itself’, as it strives to mimic human intelligence instead of simply executing actions it was programmed to carry out. By using algorithms and historical data, AI utilizes Machine Learning in order to comprehend patterns and how to respond to certain actions, thus creating ‘a mind of its own’ (Andersen, n.d.). 

History

Even though the initial days of Artificial Intelligence research date back to the late 1950s, the technology has just recently been introduced to the general mass on a wider scale. The science behind the technology is complex, however AI is becoming more widely known and used on a day-to-day basis. This is due to the fact that computers have become much faster and data (for the AI to derive from) has become more accessible (Kaplan & Haenlein, 2020). This allows for AI to be more effective, to the point where it has already been implemented in every-day devices i.e. our smartphones. Do you use speech or facial recognition for unlocking your phone? Do you use Siri, Alexa or Google Assistant? Ever felt like advertisements on social media resonate a bit too much with your actual interests? Whether you believe it or not, it is highly likely that both you and I come into contact with AI on a daily basis.

AI in a nutshell: How it connects to Machine/Deep Learning

That’s good… right?

Although the possibilities for positively exploiting AI seem endless, one of the more recent events which shocked the world about the dangers of AI is a phenomenon called ‘deepfaking’. This is where AI utilizes a Deep Learning algorithm to replace a person from a photo/video with someone else, creating seemingly (!) authentic and real visuals of that person. As one can imagine, this results in situations where people seem to be doing things through media, which in reality they have not. Although people fear the usage of this deepfake technology against celebrities or high-status individuals, this can – and actually does – happen to regular people, possibly you and I.

Cybercrime

Just last month, scammers from all over the world are reported to have been creatively using this cybercrime ‘technique’ in order to commit fraud against, scam or blackmail ordinary people (Pashaeva, 2021). From posing as a wealthy bank owner to extract money from investors, to blackmailing people with videos of them seemingly engaging in a sexual act… as mentioned before, the possibilities for exploiting AI seem endless. Deepfakes are just another perfect illustration of this fact. I simply hope that, in time, the positives of AI outweigh the negatives. I would love to hear your perspective on this matter.

Discussion: Deepfake singularity

For example, would you believe this was actually Morgan Freeman if you did not know about Artificial Intelligence and deepfakes? What do you think this technology could cause in the long term, when the AI develops itself into a much more believable state? Will we be able to always spot the fakes? What do you think this could lead to in terms of possible scamming or blackmailing, if e.g. Morgan Freeman were to say other things…?

References

Duggal, N. (2021). Top 9 New Technology Trends for 2021. Available at: https://www.simplilearn.com/top-technology-trends-and-jobs-article

Andersen, I. (n.d.). What Is AI and How Does It Work? Available at: https://www.revlocal.com/resources/library/blog/what-is-ai-and-how-does-it-work

Kaplan, A., & Haenlein, M. (2020). Rulers of the world, unite! The challenges and opportunities of artificial intelligence. Business Horizons, 63(1). https://doi.org/10.1016/j.bushor.2019.09.003

Pashaeva, Y. (2021). Scammers Are Using Deepfake Videos Now. Available at: https://slate.com/technology/2021/09/deepfake-video-scams.html

Please rate this

Author: Roël van der Valk

MSc Business Information Management student at RSM Erasmus University - Student number: 483426 TA BM01BIM Information Strategy 2022

Criminals working from home

9

October

2020

No ratings yet. During the COVID-19 pandemic, the time we spent on our screens has increased drastically. Everything became remote and most of our human interaction consisted of our online contact. Instead of being able to speak with our colleagues, most of our face-to-face conversations turned to emails and Zoom calls. People who started a position while working from home may not even be able to recognize their colleagues if their cameras were not on during the virtual meetings. Working from home became the new normal, but is this transition safe? Will the threat to our cybersecurity be greater as we spend more time and share more online?

The need for keeping our data safe online has become increasingly important during the pandemic, as we spend more time interacting online, sharing more information, and working from home. Remote working has had an impact on the average cost of a data breach already, increasing it by $137,000. Employees working on private home networks rather than secure company ones are left more vulnerable. The pandemic has also limited the number of activities we can enjoy outside of our houses and provided us with more spare time. For hackers, this time was not wasted as pandemic related fraud reports, in the US, have cost around $114.4 million by mid-August 2020. Even when it comes to Zoom, our data has not been safe. In April, more than 500,000 users have been victims of a breach and the accounts were sold on the dark web. It is increasingly important for people to be aware of online threats, and for companies to ensure their cybersecurity strategies sufficiently protect our data, both as consumers and employees.

It has become increasingly attractive for cyber-criminals to attack as the value of data increases and we become more vulnerable. Individuals are not the only ones at risk, companies and other institutions have also felt the increase in cyber-crime. The laboratory at the University of California had their system frozen and ended up having to pay 116.4 bitcoins ($1.14m) to the hackers. The system was worth the money to the laboratory, since it had contained research relating to the search for a Covid-19 cure.

As more companies find ways to monetize data, there will be more money and value for cybercriminals to extort. There are many ways to protect ourselves such as checking our emails for phishing, using an anti-virus, using a VPN, strong passwords, two-factor verification, etc. However, even if we take the necessary steps to protect ourselves, we may still become victims. Facebook is constantly involved in data breaches and third-party misusage of users’ information. In 2019, 267 million Facebook user accounts were compromised with phone numbers and names obtained, then offered for sale on the dark web. Do you trust companies with protecting our data? I believe cybercrime will become an increasingly important issue as we transition to hybrid ways of working in the post-pandemic life (hopefully). Are you concerned about cybercrime and the safety of your data?

 

Sources:

https://www.pandasecurity.com/mediacenter/news/covid-cybersecurity-statistics/

https://www.ibm.com/security/data-breach

https://mitsloan.mit.edu/ideas-made-to-matter/how-to-think-about-cybersecurity-era-covid-19

https://www.forbes.com/sites/zakdoffman/2020/04/20/facebook-users-beware-hackers-just-sold-267-million-of-your-profiles-for-540/

https://www.ft.com/content/935a9004-0aa5-47a2-897a-2fe173116cc9

https://www.telegraph.co.uk/news/2019/12/20/facebook-personal-details-267-million-users-exposed-online/

Please rate this

Diagnosis: Cyberattack – A New Threat for Healthcare

2

October

2020

5/5 (1) Cybercrime and healthcare… One might think what a weird combination – right? However, I have to disappoint you. It is a cruel reality.

But let’s start at the beginning… the enabler: It is, what a ’surprise’, the increasing use of technology in the healthcare industry. But using technology does not only imply risks. We all know how beneficial technology in healthcare is. No matter which technology, it (most of the time…) all comes down to an increase in efficiency and effectiveness (AIMS Education 2019). Furthermore, those improvements aim to increase our quality of life while, hopefully, reduce its costs (AIMS Education 2019).

One of the easiest and best examples of technological adoption in healthcare is the digitalization of health records (Online Health Informatics 2020). Do you remember one of your doctors using a paper record? No? Me neither. This example might sound too simple to be true. However, digital healthcare records had a positive impact on not only the quality of public healthcare but also its costs. Those records can be communicated through the Internet of Things (IoT) within hospitals and stored in, e.g., clouds (Jayaraman et al. 2019).

The consequences are tremendous: Due to the sensitivity of medical data, its value is constantly increasing, making it a vulnerable target for cybercrime (Jayaraman et al. 2019). To get a glimpse of how valuable healthcare records are; it is up to 20x higher when compared to credit card details…

Cybercrime – two real-world examples and its dramatic consequence(s): The most recent (known) happened this Monday (28/09/20). The American hospital chain ‘Universal Health Services’ with its over 250 hospitals experienced an IT outage due to a cyberattack – causing no access to medical records and everything connected to WiFi (including the devices that monitored critical care patients) (CBS News 2020). Luckily, this cyber attack had no fatalities. The latter, however, happened two weeks earlier to a hospital in Düsseldorf, Germany. There, a cyberattack caused the death of a critical patient (The Guardian 2020)…

Even though it is highly unethical to put monetary gains over human life; I do personally think that this trend will continue. The increasing use of interconnected devices in healthcare will create even more sensitive data which will make it an even more attractive target to hackers…

What do you think? Will this trend will continue, or are technological enhancements, such as blockchain, chances to put an end to it? Let me know in the comments!

 

References:

AIMS Education. (2019). The Impact Of Technology In Healthcare. [online] Available at: <https://aimseducation.edu/blog/the-impact-of-technology-on-healthcare> [Accessed 1 October 2020].

CBS News. (2020). Cyberattack Hobbles Hospital Chain Universal Health Services. [online] Available at: <https://www.cbsnews.com/news/cyberattack-universal-health-services-hospital-chain-united-states/> [Accessed 1 October 2020].

Jayaraman, P. P. et al. (2020) “Healthcare 4.0: A Review of Frontiers in Digital Health,” Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 10(2).

Online Health Informatics. (2020). 5 Ways Technology Is Improving Health. [online] Available at: <https://healthinformatics.uic.edu/blog/5-ways-technology-is-improving-health/> [Accessed 1 October 2020].

The Guardian. (2020). Prosecutors Open Homicide Case After Cyber-Attack On German Hospital. [online] Available at: <https://www.theguardian.com/technology/2020/sep/18/prosecutors-open-homicide-case-after-cyber-attack-on-german-hospital> [Accessed 1 October 2020]

Please rate this

Beware of new threat of cyberattack to worldwide banks

17

October

2017

No ratings yet. Earlier this year, 5 European banks have been reportedly stolen of up to 10 million dollars each by an unknown well-organized cybercrime organization.

How does it come about?

The 6-month-long theft operation happened like this: The attackers initially recruit mules, economically enticing them to open bank account with given counterfeit documents. Upon receiving debit cards, the attackers gained access to bank employee’s credentials via phishing websites or emails, gradually acquiring control of processing network. With the malicious installed payloads, the attackers were able to manipulate risk ratings and overdraft limit at random, while at the same time removing all anti-fraud control in place. The adept cash withdrawal took place   instantly within minutes after the draft limit change made via card management application.

How well-planned was the cybercrime organization?

Some victim banks even remain unconscious of the loss well after the completion of criminal action. All these evidence strongly indicates this as a knowledgeable, well-organized cybercrime group. In addition to adopting emerging high-end tactic coupled with physical elements, they elaborately select solitary ATMs, mostly in remote areas, but essentially without security guard protection and without withdrawal limit. Moreover, the attackers spared no effort in wiping out the criminal tracks by leaving an exe. in the system before restarting it. Thanassis Diogos from Trustwave’s SpiderLabs security team even expressed not previous knowledge about this TYPE of attack ever before, which is really astonishing.

How shall the other banks worldwide react in the future?

The key lies in cooperating and learn from failures. In retrospect, though, inspire of the well-planned criminal, banks have many more things to do in terms of enhancing its defensive system. First, filtering and management of phishing emails.   Second is regulation of personal card risk ratings and overdraft enablement. Cyber attacks is a eternal topic across all industry, affecting individuals alike. In order to prevent potential loss in the future, banks worldwide shouldn’t just sit around, but collaborate together, with stronger resolution to combat against die-hard cybercrime.

Sources:

http://www.computerweekly.com/news/450427919/Cyber-heist-hits-banks-in-Russia-and-eastern-Europe

https://www.darkreading.com/endpoint/cybercrime-gangs-blend-cyber-espionage-and-old-school-hacks-in-bank-heists/d/d-id/1324222

 

Please rate this