Ransomware is shifting targets, moving from victimizing consumers to attacking enterprises, where infections rose by 12% in 2018 even as overall ransomware infections were down, according to Symantec’s 2019 Internet Security Threat Report.
Cyber criminals are flexing their muscles, with one expert seeing a “major increase” in organized crime.
“This trend has been going up steadily over the past five years. You have the usual suspects – you have Russia, you have China, you have North Korea, and you have Iran, which are the top four in the category,” said Daniel Tobok, CEO of cybersecurity firm Cytelligence. “When you look at ransomware today, outside of organized crime, there are now also state-sponsored attacks, and the reason state-sponsored attacks have gotten into it is because it’s a revenue stream for those particular countries.”
While Canadians might be perceived as polite maple syrup guzzlers, businesses in the country are not safe from state-sponsored cyberattacks.
“For Canada in particular, when we have a strained relationship with some of these countries with organized crime and the state-sponsored attacks are coming from [inside their borders], it just makes it worse for us,” explained Tobok.
In this evolving threat environment, ransomware is still the top choice for cybercriminals.
“It accounts for about 75% of all the compromises out there. It’s easy, it’s cheap, it’s dirty, and it’s extremely effective,” said Tobok. “You can literally buy a turnkey solution from between $10,000 to $50,000 with a minimum return of 10 to 50 times that.”
Some of the key emerging trends in 2018 included the Ryuk and LockerGoga ransomware, added Tobok, which are some of the most expensive types of ransomware on the black market today – threat actors using Ryuk have netted around US$3.7 million from that ransomware alone. Many cybercriminals have also been active in the business for a long time, and have infiltrated and penetrated many different systems, collaborating with other cybercriminals to sell them access to these networks.
Cyber insurance professionals might be doing their best to spread awareness about the threats on the horizon, but many Canadian firms continue to misunderstand their level of exposure.
“The US is about 10 years ahead of us, in terms of maturity in the market from an insurance perspective, from an advisory [perspective], and from what I would call a proper calculation of risk,” said Tobok. “In Canada, we’re still fairly conservative. We are getting better, but we are behind. What is still mind-puzzling for me in Canada is with everything that happens on the news and everything that they hear, and conferences like NetDiligence, [businesses] just don’t think they’ll be a direct victim or it won’t be as bad, and they’re not putting the right strategies in place.”
The small and medium-sized business space is particularly behind, and according to Tobok, “grossly underserved,” and while moves by some governments, like GDPR in the EU, have gotten people’s attention, Canada still needs to be more vigilant in its own regulatory framework.
“While we made the right move here with the new breach notification legislation, the penalties should’ve been higher – at least three or four times more. It’s got to be to the point that if they get breached, it’s really going to cost them,” said Tobok, though there is a plus to the new regulations. “What we are hoping is that people will understand that [pre-breach planning] is not a ‘nice to have.’ There are now actually certain compliance and legislation you have to follow.”