FBI warns of increasing ransomware, firmware attacks
Corporate IT systems will see skyrocketing numbers of cyberattacks using ransomware, insider threats, and vulnerabilities in firmware and hardware as sophisticated criminals seek new ways to make money, according to an FBI cybersecurity expert.
James Morrison, a computer scientist with the FBI’s Houston Cyber Task Force, explained that criminal organizations are constantly looking for new avenues of attack, with ransomware and attacks on firmware and hardware gaining prominence as holes in operating systems and software are patched.
Along with those newer types of attacks, the tried-and-true insider threat also isn’t going away soon, said Morrison, speaking at the Hewlett Packard Enterprise Discover conference in Las Vegas on Wednesday. The organizations taking advantage of those attacks are increasingly sophisticated and well-funded criminal groups.
“We need to get off the mindset that criminals are living in their basement, that a cybercriminal is some kid that’s living in the basement of their mom’s house,” Morrison said. “These are fully functional, 24/7 data center operations, operating in countries where they have some kind of asylum, in many cases.”
About 75 percent of the cyberattacks against companies in the United States come from organized crime groups, Morrison added. “Understand that’s the magnitude of what you’re facing,” he told the audience.
In some cases, these criminal organizations also have ties to nation states. “We’re seeing this blending of nation state and criminal organizations,” Morrison said. After all, “why would a nation state take a chance of being exposed when they can just hire a criminal group?”
Ransomware, in particular, is exploding, said Bob Moore, director of server software and product security at HPE. In the past two years, ransomware attacks have increased by a factor of 15, and by next year, a new ransomware infection will happen every 14 seconds, according to research from Cybersecurity Ventures.
By 2021, the global cost of cybersecurity breaches will reach $6 trillion, equal to one-third of the gross domestic product of the United States. That figure is larger than the entire global illegal drug trade, and it is projected using only reported data breaches. “It’s the largest transfer of wealth in the history of mankind.”
In addition to becoming more organized, Morrison said, cybercriminals are becoming more creative. He pointed to other attack surfaces, noting that in addition to one-time phishing attacks, some criminals are now engaging in ongoing conversations with company insiders in an effort to build trusted relationships. The criminal could pose as a potential customer or even a co-worker who asks the accounting department to transfer money to a partner of the company.
Criminals are also turning to multiprong attacks, Morrison said. In one recent case, an attack on the hardware of a bank was cover for the criminals to use wire transfers to steal money from the organization.
The good news is there are ways to defend against these attacks, HPE representatives said. Technology such as the company’s "silicon root of trust" is designed to lock down firmware on servers and make it impossible to install rogue code, said Scott Farrand, HPE’s vice president for hybrid IT, platform firmware, and software.
To minimize insider threats, companies should adopt training programs to test employee response to phishing and other attacks, recommended Lois Boliek, HPE security and assurance strategist. She pointed out that companies can also monitor employees for unexpected behaviors as a way to head off inadvertent or malicious actions.
Many employees have gotten the word that they’re not supposed to click on links or open attachments in email from unknown senders, said the FBI’s Morrison.
Still, about 4 percent of employees will click on every link they see in an email. Some companies have gone so far as firing employees who fail a phishing test, Morrison noted.
Morrison recommended companies keep updating their security practices to reflect new types of attacks. “Cybersecurity has to be a constant process,” he said. “It’s not like something you can put out there and hope it stays good for three years.”
He also suggested companies work with trusted vendors to deal with their security challenges. “What I tell everybody is, don’t do it alone,” Morrison said. “There’s too much of a threat out there for you to go it alone.”
Cyberthreats: Lessons for leaders
- Ransomware and attacks on firmware and hardware are growing cyberthreats.
- The cost of reported data breaches will reach $6 trillion in 2021.
- Insider threats remain another major attack surface, according to the FBI.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.