New technology and digital advances enable firms to grow their businesses faster than ever. Cybercrime is also evolving and growing at a similar pace and continues to threaten and limit this potential. Recently the U.S. Director of National Intelligence ranked cybercrime as the top national security threat — higher than that of terrorism, espionage and weapons of mass destruction. In 2015 alone, Symantec discovered more than 430 million new unique pieces of malware, up 36% from the previous year. Cyberattacks are no longer a question of if — they are simply a question of when.
Losses from cyberattacks can be significant. Financial costs alone can be in the millions. Some larger firms have reported losses associated with a cyberattack in excess of $100 million. But cyberattacks don’t just affect the bottom line. They can also seriously damage a firm’s reputation and business continuity efforts. According to one 2015 survey, only 36% of companies that experienced a cyberattack chose to report it to authorities. For cybercrimes involving extortion, many companies chose to pay the attackers in bitcoin to avoid publicity and potential reputation damage.
Today’s cybercriminals are proving adept at creating new ways of committing classic crimes. One of the newer malware threats affecting businesses and individuals alike is ransomware. In 2015 alone, reported incidents of “crypto-style”ransomware grew by 35%, according to Symantec. This variant of ransomware is a family of malware that takes files on a PC or network storage, encrypts them and then extorts money to unlock the files. This can often be sums in the five-figures for business entities. Furthermore, when ransomware is present, the targeted computer will not only encrypt local files, but often attempt to encrypt files on other network-connected devices and locations as well.
Ransomware has also evolved in recent years and moved beyond the PC to Macs, smartphones and Linux systems. Experts predict that smartwatches and televisions will also be susceptible to ransomware attacks by year-end.
Peeling the Onion
Onion-layered incidents have also emerged in the last year as a top cyberthreat for businesses. While teams address a primary cyberattack, such as a distributed denial of services (DDoS), a secondary attack — often far more damaging — is uncovered. This type of multi-layered attack can require a large amount of resources and time to investigate and resolve, as the security team must peel back layers of information (the “onion”) to establish the root of the problem.
Use of TOR (the onion router) makes things even more difficult for security teams because of the anonymity it provides by encrypting and randomly forwarding traffic through a multi-layered network of relays.