Well-known ethical hacker describes recent cybersecurity and ransomware attack scenario

Singapore universities cyber attack
Cyberattack (Representational picture) Pixabay

A few days ago experts from cybersecurity industry revealed that hackers who are behind ransomware attacks are responsible for driving up the price of Bitcoin. After this revelation, a well-known ethical hacker, who leads the team at HORNE Cyber has given answers to the queries related to recent cybersecurity and ransomware attack.

It should be mentioned that ethical hacking or ethical hacker is a term which is used to describe hacking performed by a company or individual to help identify potential cybersecurity threats on a computer or a network.

Wesley McGrew
Dr Wesley McGrew

Dr Wesley McGrew is an ethical hacker who specializes in the reverse engineering of ransomware variants. He told IBTimes Singapore that this profession of offence-oriented security is maturing.

"Offense-oriented testing, like penetration testing, adversary simulation, and red teaming can find vulnerabilities and other security issues on networks that are difficult to find in any other kind of engagement."

In recent years, when it comes to cyber-attacks, ransomware is the current favourite technique, adopted by hackers, to steal data.

McGrew, who has spoken at major conferences like DEF CON and Black Hat, mentioned that the ransomware is evolving in such a manner that it first "infects hosts, in the ways that it spreads and ransoms themselves are increasing in price."

"In the development of our Threat Runner ransomware simulation product, we reverse engineer popular variants of ransomware in order to simulate them in non-destructive modules."

Earlier, cybersecurity experts from Malwarebytes and Carbon Black have clarified that the reason why the attackers ask for bitcoins as ransom is that the method is fast and mostly anonymous.

"Today cryptocurrency indeed represents one of the most confidential methods to transfer money, with the transactions being extremely hard to track down. However, it should be noted that bitcoin offers far less secrecy than other cryptocurrencies and cybercriminals know it and rely on less "mainstream" cryptocurrencies like Monero," said Group-IB CEO Ilya Sachkov.

Supporting this comment, McGrew also mentioned that receiving ransom through cryptocurrency is easier than funds through traditional payment mechanisms.

"Transactions occur through the individual cryptocurrencies' blockchains, where transactions are not tied to identities.

"It is difficult to identify the recipients of funds unless they make some operational security mistake in how they transfer or spend the funds after a ransomware campaign," he added.

In recent years mostly local, city, state and tribal governments are facing ransomware attacks due to the lack of IT staff and resources dedicated to security.

McGrew advised that it is important that valuable data should be backed up frequently, in such a way that it doesn't leave the backups exposed to the future ransomware infection.

In addition, he also said that "Organizations should engage in services and products, like Threat Runner, that simulates the spread of ransomware across a network, in order to identify which systems and data would be impacted and what systems need to be patched or reconfigured to limit the spread of ransomware."

But why the schools and universities are facing a massive amount of cyber threat, mostly the ransomware attacks in recent days?

In this case, McGrew mentioned that schools and universities, all around that world typically are more open and permissive in their network architecture and "often have not allocated enough resources towards security and preparation for ransomware attacks."

Earlier it was revealed by many experts that the schools have drawn the eye of hackers because of their wealth of data and a limited budget for cybersecurity staff and training.

So actually it looks like in one hand we are embracing high and advanced technology but on the other hand, hackers are becoming smarter and launching sophisticated cyber attack campaigns against organizations and institutions.

This article was first published on September 8, 2019