Cyber Extortion Getting Renewed Interest from Criminals

If the signs are right, then, sometime in the next six-to-12 months or sooner, companies may be facing a new form of an ages-old (even in Internet years) practice: Extortion.

Even though cyber-extortion—where a group of criminals encrypts data and holds it hostage (ransomware) or threatens a massive denial-of-service (DoS) attack if you don’t pay—pre-dates the Internet age by a decade or so, a new wave of criminals is dusting off the practice.

“We are observing certain, although below-the-radar right now, certain activities in the cyber-extortion area. In particular, to do with new and better technologies,” said Maksym Schipka, senior antivirus researcher for Message Labs, a provider of messaging security and management services.

These new technologies—or at least new ways to use existing technologies—include over a million bots detected by the company in the past couple of weeks and the use of RSA 660 encryption algorithms that are virtually unbreakable without the key.

Other Security Articles on CIO Update

Malware Metamorphosing, But This Ain’t No Butterfly

The Best Defense Against Social Engineering

Zombies Control Half of Windows PCs

FREE Tech Newsletters

According to Schipka, proof-of-concept work is being conducted in primarily Eastern European countries on perfecting ways to unleash these bots on unsuspecting companies and their customers in the form of ransomware—where RSA 660 is used to encrypt files or entire databases including back-ups.

“This number does keep rising,” he said. “There’s a lot of activity right now on the forums these bad guys use to communicate.”

Over the last few weeks alone, MessageLabs has tracked a 25-to-30 percent increase in bot traffic, mostly in the form of “personalized” or “targeted” spam. This is “massive” increase in activity, said Schipka.

If the beta trials work out successfully, a whole new wave of malware could roll West encrypting critical corporate and personal data and infecting personal PCs with keylogging Trojans that will, in turn, use that information to steal identities and target individual’s financial accounts. By default, banks and other financial institutions may be particularly at risk.

While most of these firms are prepared to deal with attacks on their corporate assets a new wrinkle in the game may be black-hats going after a company’s customers and, by proxy, the company itself, said Barrett Lyon, founder of Prolexic, an DoS security firm, and now co-founder of CTO of start-up Bit Gravity.

“I think by targeting the individual you could still target a corporation,” he said. “So, if you wanted to attack Ameritrade you attack Ameritrade’s clients and just destroy their accounts, transfer money and, as a result, you’re attacking Ameritrade. If you … think about what kind of financial calamity that would cause it’s pretty significant.”

While anyone attached to the Internet is at risk, Richard Stiennon, former VP of Threat Research at WebRoot and now running his own security-analysis firm IT Harvest, believes banks and other financial institutions as well as stock exchanges are next big targets for cyber-extortionists.