The evolution of ransomware: Get ready for more advanced social engineering tactics

Prepare your company for more sophisticated, complex, and devastating ransomware attacks in 2018, says Avecto COO Andrew Avanessian.

Ransomware became a massive nuisance for enterprises, SMBs, and consumers in 2017—and that threat is not going anywhere in the coming year. TechRepublic's Dan Patterson spoke with Avecto's COO Andrew Avanessian to discuss how ransomware will become more complex in 2018.

End users are the easiest thing in the world to dupe into clicking something, Avanessian said. If a hacker can socially engineer a user into using their code, they get control over a network.

Cybercriminals have moved away from trying to hack a system to now leveraging the internal users, or employees in order to use them as a way to execute their own code. "If you get someone to use your code there are very little ways to detect that because it's user-initiated activity," he said.

One of the tactics hackers used most in 2017 is phishing, sending emails such as fake purchase orders in hopes that users would be tricked into clicking the malicious links the emails contained.

SEE: Information security incident reporting policy (Tech Pro Research)

Avanessian broke down the cyberattack chain into three parts. A malicious attacker—insider or external—will:

  1. Leverage the rights a user has to a system.
  2. Try to execute a piece of code.
  3. Abuse trusted applications.

Companies must remove unnecessary privileges from people, and take admin rights away, if they want to protect their systems. If you're a cybercriminal and you manage to convince somebody to open a document that has a malicious link in it, "then you've got keys to the kingdom. You've got admin rights to that box. You can evade detection," he said.

Secondly, companies should be stopping unknown code from executing. For cybercriminals, "if you can't execute untrusted code within an environment, you can't execute your attack," he said. This is why companies should be application whitelisting to prevent these codes from executing. However, it's becoming harder to detect what codes are good or bad.

Thirdly, companies should be looking at their trusted applications such as Microsoft Office, Outlook, Adobe, and Explorer, and see what those apps can be doing in how they operate to stop loading malicious code. And companies should make sure their apps are patched.

Cybersecurity should be at the forefront of your employees' minds. Education is an important defense, however employees forget their training, and will still be tricked into clicking bad links.

"People are more tech-savvy these days, but they're not necessarily cybersecurity-savvy," Avanessian said. "We as organizations and cybersecurity professionals need to be putting the foundations in place so we're protecting you from accidentally becoming a victim."

Also see

Image: iStock/nicescene

About Leah Brown

Leah Brown is the Associate Social Media Editor for TechRepublic. She manages and develops social strategies for TechRepublic and Tech Pro Research.

Editor's Picks

Free Newsletters, In your Inbox