Getting Ahead of Critical Infrastructure Ransomware Predictions

I’ve been making ransomware predictions since 2014, when I first was asked to give a keynote on the subject. At the time, I made a dozen or so predictions that have all since come true. More recently, I was asked to contribute to ITSP’s magazine, highlighting additional, more specialized future predictions that I thought would ‘push the edge’ of what was likely to happen… and all of them were scary.

Today, research by David Formby, CEO/CTO of Fortiphyd Logic, confirms one of the scariest predictions I made: Targeting Critical Infrastructure for Ransom.

What we learned in our Incident Containment Practice last spring during the bout of SamSam ransomware hitting hospitals, was that criminals were: a) indiscriminate and entirely uncaring about human life, b) realizing now that they can extract more money when human life/safety is at stake and, c) were focusing on a campaign centered on human life and safety as the pretext.

That’s when this particular prediction occurred to me: critical infrastructure will be next, because the stakes are higher and there is already a significant attacker foothold in our critical infrastructure; both opportunistic and targeted attackers have been lurking for many years persistently. With higher stakes comes bigger payoff for attackers – ransomware in the healthcare industry is the perfect example of this.

Understanding What Motivates Attackers

I learned in my Department of Defense Information Assurance (DoD IA) career to define a threat as any actor that has a significant amount of at least two of these three enablers: Means, Opportunity, and Motive (what I call the MOM Principle):

The Means is a massive commodity market for the creation of fully undetectable ransomware (AKA, ransomware as a service or RaaS). This is a marked development in contrast to the legacy means of requiring a criminal to buy (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Scott Scheferman. Read the original post at: Cylance Blog