BrainBlog for Tanium by Jason English
If one topic has been on the minds of CISOs and CIOs alike over the last three years of Covid and post-Covid hybrid enterprise work environments, it’s ransomware.
A distributed tech workforce — using distributed software services — proved to be no match for highly automated ransomware bots and malware executing encryption attacks. But this year, like the end of War of the Worlds, the attacking bots may suddenly fall silent.
Is ransomware dead? And if it is out of the way, what will top the list of executive cybersecurity concerns for 2023?
Sorry, ransomware is back with a cybernetic twist
We did see one kind of ransomware profile fade away — as darkweb-sourced encryption attack chains and cryptocurrency ransoms started becoming known quantities to the security community. Further, many of the crypto-exchanges that once would have laundered ransomed Monero and BTC to real currency are going belly-up or getting seized by authorities.
Despite that, ransomware is only picking up steam now. NCC group reported a 41% increase in ransomware attacks in just the month of November 2022, as impending holidays left many companies short-staffed to deal with them.
This attacker is also reappearing in a new, half-human/half-silicon-based cybernetic form. Even unskilled script kiddies can use ChatGPT or other AI-based chatbot routines to write and run sophisticated attack code.
What’s particularly insidious about this approach is the conversational AI power of today’s chatbot, and its willingness to help as an accomplice to its human counterparts. ChatGPT can adapt automated hacks from a universe of existing code and shell scripts.
AI chatbots can also write up a believable business dialogue based on past customer service conversations that can fool employees and effectively social engineer its way into account or network privileges to deliver malware — which it may have helped to write.
Most of these attacks are not even trying the old way of encrypting data and charging a ransom to unlock it anymore, such that nobody should believe a hacker will deliver on promises to remove the threat. Cybercriminals are straight up extorting second or third payments to avoid the future destruction of data or infrastructure.
Read the entire BrainBlog here.