Sophos: Why you still need to beware ransomware

null

With the sheer scale of cyber threats facing businesses today, it can be hard to focus your attention in one place. But asides from the new smart, AI-enabled attacks, it seems that more old-school threats are also making somewhat of a comeback.

Speaking to ITProPortal at the recent InfoSecurity Europe event in London, James Lyne, principal security researcher at Sophos, told us that ransomware and malware threats are once again raising their heads.

"Ransomware sticks around because despite any technical innovation the industry is making  - commercially, it is a wonderfully effective tool for cybercriminals,” Lyne says, “it's just brilliantly effective."

Lyne’s research has helped him identify new, almost business-like methods being used by cybercriminals as they deploy what Sophos has called ‘ransomware as a service’. This utilises ideas such as subscription models and affiliate programs to sign up more funding for criminal activities - with the ill-gotten gains being shared among everyone.

Elsewhere, Lyne notes that email malware and phishing schemes are still a majorly potent threat for many businesses, despite having been around for so long.

He highlights Excel-based document variants as making a particular resurgence, with criminals now increasingly carrying out more selective and targeted attacks, rather than so-called “spray and pray” tactics used in the past.

As more and more organisations use cloud-based platforms such as G Suite and Office 365, criminals only need to infiltrate a single document or user in order to gain access to an entire business network.

"I know it's ridiculous and annoying to still be saying that,” Lyne notes, “but it doesn't stop it from being true and what we need to focus on."

So how can the security industry lead the fight back against the growing number of threats? 

“Good security is always a combination of the right technology, the right process, and the people,” Lyne says, pointing to the ever-expanding fields of machine learning and AI as the key, with new methods being developed to aid with threat detection.

"It's the next big transformative thing,” Lyne says, “it's like when industry went from signature-based detection to writing more generic detection...it's potentially going to have huge applications in every area.”

Sophos is looking to lead the way when it comes to the introduction of such technology, imbuing its products with the latest AI tools in order to spot new threats.

Lyne states that the security industry as a whole cannot fall behind when it comes to utilising state-of-the-art technology to stop threats, as the services are also being used by criminals to evolve their threats to the next level.

“We're just scratching the surface of its potential,” he says.