Q&A: Ransomware, botnets and cyber insurance in 2017

We spoke to Dr. Bruce Roberts, Chief Technology Officer at DomainTools, about what cyber attacks might look like in 2017.

We recently spoke to Dr. Bruce Roberts, Chief Technology Officer at DomainTools, about what cyber attacks might look like in 2017, with botnets and ransomware taking centre stage.

Ransomware has significantly affected businesses of all sizes in 2016. As this form of cybercrime is becoming increasingly popular and successful, how can we expect to see ransomware advance as we enter the New Year?

We will continue to see new variants and new approaches as the older variants become better understood and protected against. We will also see expansion of targeting specific high-value verticals. We've seen particular emphasis on targeting health care because of both the high level of vulnerability there plus the importance of restoring the systems affected.

We could easily see similar emphasised campaigns against other critical industries such as power systems, life safety, and transportation. These are the organisations with high incentive to pay, and with larger budgets to pay out as well, increasing the ROI for the cybercriminals.

Cyber attacks are not just a business problem; consumers are affected as well. What are the new threats that consumers will be exposed to in 2017? 

This past week I came across an online ad for a Wi-Fi enabled Crockpot. The product description includes the phrase "The slow cooker connects to your home WiFi network and you can control it from anywhere".  And my thought was "and so can anyone else". I don't think that cybersecurity is high on Black and Decker's checklist. And I don't think that the value such a product brings outweighs the risk.

A lot of the Mirai botnet was in industrial systems. Many consumer eyeball networks are behind various protections provided by an ISP versus direct access to all devices on the home network. As more and more things become "control it from anywhere" the need to have direct access to the device will expose more and more of these to cyber attacks. I believe that criminals will be looking for active ways to exploit more and more of the home network, so they can "control it from anywhere."

Following October’s massive DDoS attack on brands such as Twitter, Spotify, and Reddit, will 2017 be the year of the "Botnet of Things"?

I think 2016 was already the year of the "Botnet of Things". In 2017 we will see intensified efforts to utilise IoT devices, particularly directly connected devices on the home network. But we will also improve response among the defenders. 

We're already seeing the Mirai botnet fragment among different cybercrime groups, and upstream providers filter ports such as 23 and 2323 to block both growth and control of this network. We are also seeing increased awareness of the need for security in the devices, and increasing awareness in the technology community that if the community doesn't take significant steps to address the issue, there will be legislation to address it that may have vast unintended consequences for technology companies and innovation.

The importance of a functioning internet is far too great to leave it to market forces - this leaves technical community effort or legislation. Our industry needs to make a choice on which it wants. If you're an ISP for home or business customers, and you aren't scanning your end-user networks for known vulnerabilities and working to remediate them, even if it costs you, you're going to be a target of legislation.

With cybercrime costs projected to rise to $2 trillion by 2019, will cyber-insurance finally become more commonplace?

It will certainly be more commonplace, but it's still a specialised market with difficulties assessing risk, particularly in the face of a changing cybersecurity attack landscape. I'm just not sure we have enough data to inform an efficient, mature cyber-insurance marketplace.

Image source: Shutterstock/lolloj