Ransomware will exploit server vulnerabilities, proliferate across networks and use encryption to hide itself, says Cisco report
Ransomware has rapidly established itself as one of the biggest security threats for businesses and now researchers are warning that such attacks are likely to become more complex and devastating.
Cisco predicts new strains of ransomware will be able to dynamically change tactics and target networks rather than individual users, dramatically expanding the scale of assaults.
Attackers will also look to exploit server-side vulnerabilities, not just client side, and will look to avoid detection by using encryption and other techniques such as limiting CPU and bandwidth use.
It says some organisations aren’t identifying new threats fast enough, sometimes taking up to 200 days, or installing patches and software updates with a sense of urgency.
Given that as many as four fifths of ransomware attacks are carried out by exploiting Flash vulnerabilities, this is cause of concern.
Flash-based adverts are often used to distribute malicious software across genuine ad networks using a technique known as malvertising, Furthermore, many of the server side exploits have been known for years.
Cisco says its own equipment is not immune. It examined 103,121 of its devices and found each had 28 vulnerabilities on average and nine percent had been discovered more than a decade ago. It urged its own customers to install the latest security updates as soon as they are released.
“As organizations capitalise on new business models presented by digital transformation, security is the critical foundation,” said Marty Roesch, chief architect ad Cisco’s security business group.
“Attackers are going undetected and expanding their time to operate. To close the attackers’ windows of opportunity, customers will require more visibility into their networks and must improve activities, like patching and retiring aging infrastructure lacking in advanced security capabilities.”
Ransomware has targeted organisations in all walks of life, including medical facilities, Office 365 customers and NASCAR racing teams. More recent types have deleted random files as hostages to encourage victims to pay up while other types of malware have purported to be ransomware but simply delete files rather than encrypt them.