Are malware authors becoming more unpleasant? The amount of cyber-crime goes up year after year and 2013 will be no exception. Bad guys will continue to dream up new ways to rip people off. Sure, we’ll be stolen from, spied on and threatened in 2013. None of this will be new. But there is a new trend that started in 2012 and seeming set to take off in 2013. I call it nastiness.
We didn’t call out this trend in our 2013 predictions. But if you look at those predictions you can see it. I can’t tell you why this is or why it started. This nastiness is happening in targeted attacks and in massive attacks. They are quite separate trends—done for quite different reasons and against different kinds of people—but they both started in 2012 and threaten to become prevalent in 2013.
These threats seem to have no other purpose than to punish the victims. It can be argued that this is nothing more that cyber-sabotage—and that Stuxnet started it. But Stuxnet had a very specific goal in mind and if it wasn’t a uranium enrichment cylinder, it caused no harm. Flamer had a Wiper component. It appears this may have inspired the Shamoon attackers, but the Wiper module only attempted to wipe itself off a hard drive to cover its tracks. Flamer/Wiper and Stuxnet had a purpose. It’s really hard to see the purpose behind Shamoon and Batchwiper. They are just destructive. Call it statement malware. I call it just plain nasty.
Even nastier is a threat quite a few end-users experienced this year and that more will see in the future— ransomware. This is the next great gold rush in cyber-crime. Like in the legitimate business world, a successful business creates imitator and competitors. We’ve certainly seen this with ransomware. We’ve estimated there are at least 16 gangs now engaged in this scam. This does not make it unusual or nasty. We saw similar “market success” drive increases with other scams like fake AV, even Nigerian 911 scams.
What marks ransomware as another sign of nasty malware in the future is how it works. It’s not just fooling you into paying off the scammer—it’s threatening you. If you don’t pay them off you’re threatened with a huge fine and jail time. They pretend to know who you are by guessing your location based on our IP address. They try to intimidate you by turning on your webcam, pretending to be recording you. You’re being accused of having child pornography on your computer.
If they can make you believe any of these things, they are filling you with fear. It’s mean. And even if you don’t believe them, they’ve taken control of your computer and will not give it back to you. Your stuff—pictures, music, financial and personal info—is being held hostage. And even if you pay the ransom you will not get them back.
What makes the future look even more concerning is the innovation to come. As the market becomes saturated with multiple players and the public becomes savvier at identifying the scam and avoiding the ransom, we’ll see the gangs trying different tactics to get the victims to pay. We’ll see more effective locking down of systems. And the social engineering, which in ransomware is about creating so much fear that you abandon logic and pay the ransom, will get ratcheted up.
Malware in 2012 took a turn towards the mean side. I fear 2013 will be worse. Symantec has no intentions of getting bullied in 2013. Neither should you.