Christian Karam, director of Cyber Threat Intelligence at UBS, sharing how ransomware has evolved over the years at the Computerworld Singapore Security Summit 2017.
Cybercrime isn't something new — it's an evolution of 'traditional' crime.
After Tim Berners-Lee invented the World Wide Web in 1989, criminals gradually shifted their operations online. This was because it was easier to demand for money while hiding behind a computer screen, and the chances of getting caught were slimmer, said Christian Karam, director of Cyber Threat Intelligence at UBS. He was speaking at the Computerworld Singapore Security Summit 2017.
He went on to share that the first ransomware was documented in 1989. Called the AIDS Trojan, the ransomware was released onto floppy disks.
Once the floppy disks were inserted into PCs, the AIDS Trojan horse will count the number of times the infected computer was booted. Once the number hits 90, the virus will hide directories and encrypt or lock the names of the files on the C drive. Users who want to regain access those files were told send US$189 to a PO Box address in Panama.
Ransomware attacks have been evolving since then. For instance, 2006 saw the rise of spyware, which captures online information about users without their consent. According to Webroot's State of Spyware report, the first quarter of 2006 saw a 15 percent increase in the number of consumer PCs getting infected with spyware.
Seven years after that, we heard about the first CryptoLocker ransomware attack. Once installed on a computer, the ransomware encrypts data on the compromised system. It then prompts the user to pay the equivalent of US$300 or €300 in Bitcoins or via MoneyPak to decrypt those files. If the demand is not met, the unique decryption key for the locked files will be automatically destroyed.
Karam added that cybercriminals have progressed to conduct large-scale attacks too. For example, Yahoo said that hackers used the source code it used to generate cookies to access user accounts in 2015 or 2016. The internet giant announced last September that 500 million records were affected, and in December 2016 revealed that an additional 1 billion records may have been stolen in another cyberattack.
Noting that cybercriminal activity has escalated over the years, Karam urged IT and security teams to adopt the "observe, orient, decide and act" (OODA) model for their day-to-day cyber risk management.
According to the Center for Internet Security, organisations need to track security bulletins and advisories for the observe part of the OODAmodel. The orient stage is where organisations assess operational issues and risks. They can then prioritise their remediation strategy under the decide stage, before taking actions on the cyber incident/threats.
Sign up for CIO Asia eNewsletters.