I’ve been making ransomware predictions since 2014, when I first was asked to give a keynote on the subject. At the time, I made a dozen or so predictions that have all since come true. More recently, I was asked to contribute to ITSP’s magazine, highlighting additional, more specialized future predictions that I thought would ‘push the edge’ of what was likely to happen… and all of them were scary.
What we learned in our Incident Containment Practice last spring during the bout of SamSam ransomware hitting hospitals, was that criminals were: a) indiscriminate and entirely uncaring about human life, b) realizing now that they can extract more money when human life/safety is at stake and, c) were focusing on a campaign centered on human life and safety as the pretext.
That’s when this particular prediction occurred to me: critical infrastructure will be next, because the stakes are higher and there is already a significant attacker foothold in our critical infrastructure; both opportunistic and targeted attackers have been lurking for many years persistently. With higher stakes comes bigger payoff for attackers – ransomware in the healthcare industry is the perfect example of this.
Understanding What Motivates Attackers
I learned in my Department of Defense Information Assurance (DoD IA) career to define a threat as any actor that has a significant amount of at least two of these three enablers: Means, Opportunity, and Motive (what I call the MOM Principle):
The Means is a massive commodity market for the creation of fully undetectable ransomware (AKA, ransomware as a service or RaaS). This is a marked development in contrast to the legacy means of requiring a criminal to buy (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Scott Scheferman. Read the original post at: https://threatmatrix.cylance.com/en_us/home/critical-infrastructure-ransomware-predictions.html