Year after year, cybersecurity organizations have detected a continuous rise in malware and ransomware attacks across the globe. According to IBM, small and medium businesses (SMBs) are hit by close to 4,000 attacks per year. By the end of 2018, over 600 participating SMB spokespersons reported the rise of ransomware attacks, that’s 61 percent, up from 55 percent in 2017. The evolving ransomware is adept at evading the firewalls and antivirus solutions that 81 percent of the SMBs employ. With each passing month, experts are detecting an increase in the number of cyberattacks and cybersecurity threats on SMBs. These malware and ransomware threats are evolving along with cyber-defense tech. However, one trend has become quite clear from the ransomware attacks of the last few years — personal computers are not likely the prime targets of the attackers. They are mainly attacking the retail and SMB systems and the lion’s share of the successful attacks in the past year was fileless.
Fileless malware is likely to leverage “safe” and “known” applications people already have on their computers. Experts predict that these ransomware attacks will cost small and medium-sized businesses close to $11 billion next year. Unprepared SMBs are at high risk of falling victim to these ransomware threats. The only way to combat the rising threat is by learning about the workings of the evolving threats and their targets.
1. Weaponizing your AI
Artificial Intelligence has attracted considerable controversy ever since its inception. Security experts use neural networks and machine learning to perfect their AI technology. It can be an effective method for the prediction and detection of cyberattacks, but more than 91 percent of the experts who leverage this technology consider AI to be a double-edged sword. Hackers can use existing machine learning algorithms to create ransomware that can bypass the current sandboxes, firewalls, and any other security solutions. They can also utilize AI to hone their spear-phishing attacks by crafting believable messages for target recipients within the SMB network. They can trick people into divulging sensitive data and installing malware to make their entrance into the system core comfortable and hassle-free.
2. Ransomware targets health care and related industries
Across the world, leading ransomware strains are mainly attacking health-care industries. The choice is quite logical. Health-care organizations, their vendors, and related SMB partners have lots of sensitive personal data. Of all ransomware attacks in 2018, around 45 percent targeted health-care organizations, and 12 percent occurred on financial companies. Loss of data can be expensive for either of these industries, but FinTech companies typically have better security than health-care organizations.
3. Malware will evade your sandbox
Right now, SMBs are employing sandboxes as endpoint security solutions to protect their data from malware and ransomware attacks. Sandboxes have proven to be effective in detecting and preventing malware attacks. However, modern ransomware strains are becoming smarter than they were yesterday. Hackers are creating new malware programs that can evade the sandbox environment by pretending to be harmless. The moment the new generation of ransomware enter the sandbox, they become inert and cease all malware activities. That causes the sandbox solutions to deem them as harmless. Once they leave the sandbox, they regain their activity and begin their exploits.
4. The cost of ransomware attacks will increase
Currently, companies in the U.S. are the second-most affected by the Petya strain. In the last year, 97 percent of the companies in the U.S. refused to pay the ransom, although 75 percent of Canadian companies complied. Even with the staggeringly high rate of non-payment, ransomware attacks on the SMBs can cost them between $500 and $2,000. The cost of ransomware attacks is deemed to be much higher in 2019 than it was last year. Since SMBs face multiple attacks every year, the financial loss can be significant. The amount is quite small considering the value of daily operations most global corporations have, but losing $2,000 multiple times a year can cripple the financial backbone of a small business. A vital fact here is that paying the ransom does not guarantee the return of the critical data. There have been multiple instances where the hackers have deleted critical files after receiving the pre-decided amount.
5. Personal digital devices will lead the breach
Until now, personal digital devices including employee laptops and smartphones have been the leading sources of a data breach. Among the 67 percent of the participants in a study stated that IoT devices and personal digital devices were the most vulnerable during a future malware attack. An increasing number of companies are encouraging their employees to BYOD (bring your own device). Employees are logging into company email and user accounts in company databases using personal devices. Since personal devices, especially the ones with Windows operating systems, do not have state-of-the-art ransomware detection and prevention systems, they are exposing company data to threats as well.
6. Ransomware attacks will increase downtime
The loss of sales and profit will become secondary compared to the damage caused by the downtime of software and database. Larger companies can lose millions of dollars due to ransomware attacks, but the SMBs lose things far more valuable – credibility and consumer loyalty. When ransomware strains attack SMB databases, losing money is the least of their concerns. The new businesses can lose new customers, new leads and conversions depending on the period of downtime resulting from the ransomware attack.
7. A majority of ransomware threats will target Windows systems
Today, the safest of all operating systems include Linux and Mac. Up and until now, 99 percent of all malware attacks have targeted Windows systems only. According to data from Kaspersky Lab, 98 percent of all computers affected by WannaCry ransomware were using Windows 7 or some version of it. A few were also running Windows XP. Although the most recent versions of Windows are not vulnerable to WannaCry attacks, only a handful of SMBs use these updated versions. Most SMBs use Windows 7 since it is cheaper, more readily available, and accessible to service than the other versions of Windows. Shifting to a Mac is a costly decision for any new business establishment and changing only one access point machine is not enough. Implementing the change across the entire office is beyond the means of many small and medium businesses even in a stellar economy.
Linux is a more cost-effective solution, but most employees have to undergo training to use the OS. Linux is not as popular as Windows, and most employees at SMBs are familiar with Windows versions only. That leaves a gaping hole in the security that can let malware and ransomware strains in. Strong passwords, additional firewalls, and updated antivirus software programs are all useful ways of detecting and preventing malware attacks, but none of them are foolproof. This means it is crucial for SMBs to upgrade their cyber-defense systems. The only way to avoid malware and defend against ransomware threats on your system is to be cautious while downloading and installing new applications.
You should also be careful about clicking links and images attached to emails from unknown sources. Hyper-vigilance and zero-trust security models are the only ways SMBs can remain safe from the evolving ransomware threats we will see in 2019.