[ad_1]
Recently, natural gas has become a hot topic in the news. In encrypted media, This is about the fees of Ethereum minersIn mainstream media, it has been talking about high-quality vintage gasoline, including the short-term lack of East Coast, Thank you The DarkSide ransomware allegedly attacked the Colonial Pipeline system, which provided 45% of the East Coast’s diesel, gasoline, and jet fuel supply.
In the case of ransomware, we usually see a typical repetition of cycles: initially, the focus is on the attack, the root cause, the consequences, and what steps the organization can take to avoid future attacks. Then, the focus usually starts to turn to how cryptocurrency and its perceived anonymity can help increase ransomware attacks, thereby inspiring more cybercriminals to enter the game.
However, from the macro picture of cyber security attacks, we see some emerging trends.For example, losses caused by cyber attacks growing up There has been a 50% reduction between 2018 and 2020, and global losses totaled more than US$1 trillion. This is an inevitable conclusion that illustrates the universality of exploitable security vulnerabilities.
related: 2011-2020 Crypto Exchange Hacking Report
It is easy to find off-the-shelf, off-the-shelf malware on the dark web. These malware are easy to find on the dark web, but still want to profit from the free funding opportunities provided by unsecured organizations, which has also stimulated the increase in cyber crime. Important However, criminals themselves are constantly improving their strategies to circumvent defensive security strategies, techniques and procedures (TTP) to ensure that they can continue to profit. If cryptocurrency is no longer a viable payment option, attackers will almost certainly switch to different payment methods. The idea that they will simply stop attacking these organizations without encryption is untrustworthy.
If you want, the “root cause” of these incidents is not the payment method used to reward criminals, but the security breaches that enable them to destroy the enterprise, and obviously, there are factual crimes for criminals to commit these actions.
With the trend of ransomware itself (and in the DarkSide attack), we see this constantly changing Modus operandi ShowsIn the early days of ransomware, it was relatively simple and boring: cyber attackers found a way into the enterprise—most commonly through social engineering attacks, such as phishing emails or insecure remote desktop protocols—and encrypted victims document. The victim pays the ransom by wire transfer or encryption, and in most cases, obtains the decryption key, and usually (but not always) decrypts the file. Another option is for victims to choose not to pay, either to restore their files from backups, or just accept data loss.
Cyber attack strategy
Around the end of 2019, more companies prepared backup strategies to deal with these threats and refused to pay. Ransomware attackers (such as the Maze ransomware organization) emerged, developed, and changed their strategies. They started stealing data and blackmailing victims: “Pay, otherwise we will publicly release the sensitive data we stolen from you.” This greatly increases the cost of ransomware attacks, effectively turning them from a company problem to a notification event , Requires data discovery, more legal counsel and public supervision, and at the same time shows that the attacker is determined to find a solution to the payment barrier. (It is believed to be the organization behind the colonial pipeline attack. DarkSide is an extortion organization.) As mentioned in the above report, another trend is the increase in the targeting of victims, the discovery of those who can pay higher amounts, and Those who do not want to see people who share data publicly.
As long as someone or an organization can attack, cyber attackers will continue to improve their strategies; they have been doing this since hackers started. Before cryptocurrency or even cybercrime, we put cash in a bag at night and used wire transfer as an option to make anonymous payments to criminals. They will continue to look for ways to get paid, and the benefits of cryptocurrency — financial freedom, censorship resistance, privacy, and personal security — far outweigh the disadvantages of its attractiveness to criminals who might find its convenience attractive . Defamation of encryption will not eliminate crime.
It can be difficult or even (maybe) impossible to fill every security hole in the enterprise. But in many cases, basic security knowledge is ignored, such as regular patching and security awareness training, which greatly helps reduce the risk of ransomware. Let us focus on the target-the enterprise-not the prize-encryption. Or, we might later attribute all other financial crimes to the law.
This article does not contain investment advice or recommendations. Every investment and trading action involves risks, and readers should research on their own when making a decision.
The views, thoughts, and opinions expressed here are only those of the author, and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Michael Parklin He is the Chief Information Security Officer of ShapeShift, responsible for overseeing all products, services, and corporate security practices, while ensuring that they comply with or exceed industry best practices. With more than ten years of experience in the blockchain and encryption field, his team ensures that the use of network security and blockchain-specific methods adopt security best practices. Perklin is the chairman of the CryptoCurrency Certification Consortium (C4), has served on multiple industry committees, and is a co-author of the CryptoCurrency Security Standard (CCSS), which is used by hundreds of global organizations.
[ad_2]
Source link
