Sophos: Beware the rise of the super-professional cyber-criminal

Following the WannaCry attack last month, ransomware was one of the big topics at this week’s Infosecurity Europe event in London.

The worldwide assault woke many businesses and organisations up to the real danger that ransomware poses, but new research has also discovered that the criminals behind such attacks could be gearing up for even bigger attacks soon.

As one of the world’s leading cyber-security companies, Sophos is able to track habits and trends across the globe, and has noted that criminals are becoming ever more sophisticated when it comes to ransomware.

Speaking to ITProPortal this week, the company’s senior security researcher James Lyne revealed the sheer scale of professionalism involved in this new ‘Ransomware as a Service’ industry.

"It's a business, but there's something in this new professionalism that is crossing the technical to business boundary...and they are getting better,” he warned.

Lyne explained that malware packets are being sold on online marketplaces, allowing criminals to personalise their own attacks, with some even featuring marketing videos to show off their wares.

"We are dealing with a new level of productisation,” he notes, “at the moment the code quality is low, but they're still succeeding."

"If you look at ransomware distribution,” he added, “there are a few things that become quickly obvious. First off, there are many campaigns that are pathetically implemented, their social engineering is bad, their code quality is low...and they still succeed!"

Fortunately, the WannaCry attacks have helped raise awareness of the importance of cyber-security, Lyne said, that this is one of the few silver linings of the attack.

He notes that, "a large portion" of most campaigns can be detected and thwarted by basic security models and up to date security software, with most ransomware attacks "often eminently preventable" by following simple steps.

However as criminals become more ‘professional’ and business-like, the potential threat to consumers and businesses will continue to grow, so the need to increase research and protection levels is now, Lyne says.

"There are much bigger industry trends and problems we have to focus on here,” he notes, “We've got some real work to do around communication as an industry, and presenting a united front."