Forget ransomware – emails are what cybercriminals are really exploiting

SHARE



Ransomware may have had a high profile in recent times, but cybercriminals are still extracting far more cash out of organisations via maliciously targeted business emails according to a new report from Cisco.

The Cisco 2017 Midyear Cybersecurity Report takes a close look at the current threat landscape, and found that business email compromise (BEC) made criminals a massive total of $5.3 billion (around £4 billion) over a three-year period (from October 2013 through to the end of 2016) according to figures from the Internet Crime Complaint Center (IC3).

Whereas ransomware victims were extorted to the tune of about $1 billion (around £765 million) throughout the whole of last year. Obviously that’s still a very sizeable sum of money, but if you average out the figures for the above period for exploits delivered by emails to staff members, that works out at around $1.63 billion (£1.25 billion) annually.

In the timeframe covered by IC3, there were 22,300 companies who fell prey to BEC incidents in the US alone.

These type of malicious emails are often well-crafted attacks involving social engineering and in-depth research on the company’s staff members, with the messages being designed to appear to be sent by someone high up the food chain like the chief executive, with an urgent demand to wire a payment (into the hands of the criminals, of course).

As Cisco notes, there is no malware content in these emails – nothing for even the most sophisticated network defence mechanisms to pick up – they simply aim to trick the receiver.

Education is the key

As ever, the best way to combat these threats is to educate staff members to be aware that these sort of scams exist, and the typical things to look out for, along with obvious countermeasures such as double-checking with the apparent sender that this is indeed a genuine message they’ve sent.

All this isn’t to say ransomware is not a threat, of course; it is indeed still a big problem as a billion dollar per year money-spinner, and as we’ve seen in recent times, major attacks like WannaCry have caused havoc.

Cisco observed that malicious parties are creating ransomware easily and quickly by using open source codebases which publicly release ransomware code for ‘educational’ purposes. Unfortunately, that code can then be tweaked to make new strains of ransomware.

Ransomware-as-a-Service (RaaS) platforms also represent a swiftly growing phenomenon, with offerings such as ‘Satan’ that allow those with no programming chops to launch basic ransomware attacks if they give away a cut of their profits to the platform owner.

Malware is increasingly being seen as a business in its own right, sadly, with RaaS ‘providers’ offering services like the ability for users to track their own malware campaigns, and cybercriminals offering ‘helpdesk’ services to victims in order to facilitate payment of the demand.