Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Information Unleashed

Merry Xmas and a Nasty New Year

Created: 21 Dec 2012 • 2 comments
khaley's picture
0 0 Votes
Login to vote

Are malware authors becoming more unpleasant? The amount of cyber-crime goes up year after year and 2013 will be no exception. Bad guys will continue to dream up new ways to rip people off.  Sure, we’ll be stolen from, spied on and threatened in 2013. None of this will be new. But there is a new trend that started in 2012 and seeming set to take off in 2013. I call it nastiness.

We didn’t call out this trend in our 2013 predictions. But if you look at those predictions you can see it. I can’t tell you why this is or why it started. This nastiness is happening in targeted attacks and in massive attacks. They are quite separate trends—done for quite different reasons and against different kinds of people—but they both started in 2012 and threaten to become prevalent in 2013.

The first sign of the coming nastiness is targeted attacks that don’t attempt to steal information—instead they wipe out hard drives. We first saw it with Shamoon and most recently with Batchwiper

These threats seem to have no other purpose than to punish the victims. It can be argued that this is nothing more that cyber-sabotage—and that Stuxnet started it. But Stuxnet had a very specific goal in mind and if it wasn’t a uranium enrichment cylinder, it caused no harm. Flamer had a Wiper component. It appears this may have inspired the Shamoon attackers, but the Wiper module only attempted to wipe itself off a hard drive to cover its tracks. Flamer/Wiper and Stuxnet had a purpose. It’s really hard to see the purpose behind Shamoon and Batchwiper. They are just destructive. Call it statement malware. I call it just plain nasty.

Even nastier is a threat quite a few end-users experienced this year and that more will see in the future— ransomware. This is the next great gold rush in cyber-crime. Like in the legitimate business world, a successful business creates imitator and competitors. We’ve certainly seen this with ransomware. We’ve estimated there are at least 16 gangs now engaged in this scam. This does not make it unusual or nasty. We saw similar “market success” drive increases with other scams like fake AV, even Nigerian 911 scams. 

What marks ransomware as another sign of nasty malware in the future is how it works. It’s not just fooling you into paying off the scammer—it’s threatening you. If you don’t pay them off you’re threatened with a huge fine and jail time. They pretend to know who you are by guessing your location based on our IP address. They try to intimidate you by turning on your webcam, pretending to be recording you. You’re being accused of having child pornography on your computer.

If they can make you believe any of these things, they are filling you with fear. It’s mean. And even if you don’t believe them, they’ve taken control of your computer and will not give it back to you. Your stuff—pictures, music, financial and personal info—is being held hostage. And even if you pay the ransom you will not get them back.

What makes the future look even more concerning is the innovation to come. As the market becomes saturated with multiple players and the public becomes savvier at identifying the scam and avoiding the ransom, we’ll see the gangs trying different tactics to get the victims to pay. We’ll see more effective locking down of systems.  And the social engineering, which in ransomware is about creating so much fear that you abandon logic and pay the ransom, will get ratcheted up. 

Malware in 2012 took a turn towards the mean side. I fear 2013 will be worse. Symantec has no intentions of getting bullied in 2013. Neither should you.  

Comments 2 CommentsJump to latest comment

Leroy Scandal's picture

You lay it on a little thick,

Ransomware? How many instances of this have you actually seen in the wild?

If you have one hundred users, how many of them do you expect to experience

"ransomware" style attacks?

I doubt even one out of one hundred, I doubt 1 out of 100,000 ,

I doubt one out of one million.

However, I have seen this style of attack, I saw it ten years ago in a

data center. Some clown outfit demmanded five million dollars, 

and said they would d-dos the data center until we paid them.

We laughed in their faces and hung up on them.

This is not new,

this is not wide spread,

99% of the world will never have an issue with this sort of thing.

Don't fear the stupid, unless they are selling you anti-virus software. 

just cause they say it, doesn't mean they can do it.

+1
Login to vote
nate.hall's picture

While I agree that most people will not run into it, its still comething you be aware of and keep any eye out for.

+1
Login to vote