Major security breaches have hit headlines the past year, their severity ranging from infecting a few hundred to a few million users. We have seen much variety, like holding sensitive data hostage for ransom, DDoS attacks, and various exploitations of IoT devices.
Sadly, this trend will continue to rise if security remains a secondary concern. ESET researchers predict the next step in the evolution of malware could be a cross between the known approaches. This new uprising, termed “Jackware”, is ransomware designed to target connected devices, subsequently creating the ransomware of things (RoT).
The Evolution To Jackware
Ransomware has been a nuisance since its advent. One of the earliest ransomware attacks, TROJ_CRYZIP.A, was localized in Russia created by Russian organized criminals.
Since then, ransomware has been more widespread and moved from local targets to international victims. In the first quarter of 2015, over 725,000 ransomware samples were collected by McAfee Labs, representing a quarterly increase of almost 165%.
Cobb, a security expert at ESET, expresses his concern that “malicious software that seeks to take control of a device”, or Jackware, may infiltrate 2017.
Jackware as malicious software seeks control of a device, but it does not aim for data processing or digital communications. The goal of Jackware is to lock a physical device until you pay up the ransom. Mostly aimed at cars, Jackware turns out to be a specialized form of ransomware.
Ransomware of Things
According to Cobb:
WHILE I ORIGINALLY THOUGHT OF JACKWARE AS AN EVOLUTION OF MALICIOUS CODE TARGETING VEHICLES, IT WAS SOON CLEAR THAT THIS TREND COULD MANIFEST ITSELF MORE BROADLY.
The insecure nature of internet of things (IoT) devices and the growing prevalence of ransomware may lead to a wider Ransomware of Things.
A lot of IoT technology relies on a support system that extends well beyond the device itself. Anything that offers scope for remote administration is under threat of such seizes.
An example is an attack on VTech, an e-learning leader on Internet of Children’s Things (IoCT). It exposed personal data about children, making it clear that security must not be taken for granted.
Breaches were discovered in the online web app for BMW ConnectedDrive, which connects BMWs to the IoT. ConnectedDrive can regulate one’s home’s heating, lights, and alarm system from within the car.
Ransomware of Things, as evident, can have a far reach, thanks to the plethora of IoT devices available. Starting from toys for your kids to home and industrial automation, all fields are in jeopardy as long as IoT has security loopholes.
Prevention Against RoT
It is needless to say, IoT security must be fortified to prevent the advent of RoT. Although Jackware and RoT are still concepts that haven’t broken out, Cobb fears these are very much realistic.
Hence, prevention against RoT must gain priority and involve a number of considerations.
First, comes the strengthening of security. Take vehicular security, for example.
Traditional security techniques like filtering, encrypting and authenticating can consume costly processing power and bandwidth.
In an industry where production costs are strictly monitored, significant overhead expenses are something of a turn-down.
Secondly, there needs to be a collaborative effort in terms of policies and politics to tone down cybercrime in general. A collective international failure to prevent a thriving cyber-criminal community threatens all diverse spheres.
Although a possible threat, RoT is not, at present, a topic of alarm. However, as means of safeguarding, steps are being taken to keep RoT at bay.
Government agencies are valiantly trying to make IoT more secure. The publication of the Strategic Principles for Securing the Internet of Things from the US Department of Homeland Security, and the NIST Special Publication, show that the matter at hand is being taken seriously.
Moreover, a general awareness about the possible insecurities of using IoT devices is on an increase. Users, if made aware of the possible threats, would refrain from sharing private information with a possibly insecure system. In some cases, using a ransomware protector may go a long way to protect sensitive data.
Other Ransomware Articles
- Android Ransomware App Hosted in Google Play Infects Unsuspecting Android User
- Destructive KillDisk Malware Turns Into Ransomware
- RansomFree: Ransomware Protection by Cybereason
- Expert Talks: Q & A with Malware Analyst, Karsten Hahn