More ransomware and IoT threats. That’s the forecast for 2017. Cyber security firms report that the number of typical malware attacks has decreased, while ransomware attacks and attacks utilizing compromised Internet of Things (IoT) devices have increased. More new types of Linux malware is being discovered in the wild. These exploit vulnerabilities in IoT devices and use them as part of bot networks to launch Distributed Denial of Service (DDoS) attacks. Most IoT devices run on Linux OS and this has led to an increase in malware targeting Linux devices. Smart homes with smart devices are the rage; their advantages and the better comfort they offer is leading to increasing adoption, and hence are being targeted.
The next predominant target has been Android devices. Increasing adoption of android devices and the craze users seem to have for Android applications (APKs) has led to malware developers targeting android smartphones and devices. The convenience of mobile banking and anywhere banking has induced more users to utilize banking and other financial apks. However, as with advantages, there are disadvantages too. Cyber criminals have been targeting these devices with ransomware. There are basically two types of ransomware – screen lockers and encrypters. In the first type, the malware locks the screen of the device preventing the user from accessing any data on the device unless a ransom is paid. In the other type called as cryptolockers, the ransomware encrypts the files on the device using a RSA-2048 key, which is AES CBC 256-bit encryption algorithm. This level of encryption is believed to be undecryptable as of today. The attackers demand that a ransom be paid within a specific time period or else the decrypting key stored in the attacker’s server would be destroyed. Many victims have paid a ransom and some have got the decrypting key, while others have not. It is not guaranteed that payment of ransom will guarantee receipt of the key.
Traditional antivirus program do not identify or block most ransomware as they work on the blacklisting principle. Antivirus companies maintain a database of the definition of viruses and other malware. Every new file that enters the system is matched against the database and if it not in the list then it is allowed. Most new malware and ransomware are zero-day threats, which means that the definition of these threats does not exist in any database. Traditional antivirus programs will allow these zero-day threats into the system, and the malware infection will be successful.
The only way to stop zero-day threats would be to consider all new files as “unknown”, and all such files are allowed to execute in a “contained” environment from where they will not be able to infect the other data on the device. This system of containerization (automatic containment) effectively protects the system/device against all unknowns and zero-day exploits. In fact, containerization is the only way to ensure security for financial transactions, as lack of security could lead to theft of financial data. A successful ransomware attack on financial firms could get all the financial data get locked or encrypted. Financial data is valuable and its implications could be disastrous for the financial firm.