Lately, there have been a lot of articles in the nerd news services about various problems and vulnerabilities looming on the horizon or happening right now.  Usually, there are one or two in a normal week or so that really get our attention.  The last few weeks though it seems a bit different.  Maybe it is just noise or paranoia created to drive traffic to sites.  But, sometimes it becomes overwhelming enough to take time to step back and look at the details as a whole and determine what you really are seeing here.  So, today we discuss:  is there a cyber storm brewing on the horizon.

HIPAA For MSPs by J. David Sims Is There A Cyber Storm Brewing On The Horizon?
00:00:00 00:00:00


Carbon Black report on the Ransomware Economy.  

Get the Carbon Black Ransomware Economy Report.

cyber storm

Demand for ransomware is up 2,500% over 2016 is the number one thing you get from this report.  That is a number we can’t possibly comprehend when we realize 2016 was the year ransomware really hit us hard for the first time.

The criminals have a whole distribution system with middlemen and everything now.  There is a syndicate of criminals that spans the world and communicates in seconds.  If that detail alone doesn’t make you wonder about a cyber storm is possible, we have more.  But, if you are like us, the thought of millions of dollars being paid by criminals to criminals so they can make more money screams look out!  That has potential cyber storm written all over it.

Add the increasing demand of 2,500% information with other studies details like the ones below :

  • This year along the average monthly amount of spam in all the email traffic is between 53% and 58% each month.
  • Studies and estimates show that roughly 90% of spam has malware payloads.

Those are huge numbers showing the investment being made in these attacks.  It means there will be some sort of cyber disruption building now to turn on us soon.  Yep, cyber storm.

CSOOnline cybersecurity business report

Top 5 cybersecurity facts, figures and statistics for 2017 hit some very important points.  Here are the statements in each prediction that got our attention the most:

  1. Cyber crime damage costs to hit $6 trillion annually by 2021.
    1. The cybersecurity community and major media have largely concurred on the prediction that cyber crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.
  2. Cybersecurity spending to exceed $1 trillion from 2017 to 2021.
  3. Cyber crime will more than triple the number of unfilled cybersecurity jobs, which is predicted to reach 3.5 million by 2021.
    1. Every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure and people.
    2. The cybersecurity workforce shortage is even worse than what the jobs numbers suggest. As a result, the cybersecurity unemployment rate has dropped to zero percent.
  4. Human attack surface to reach 6 billion people by 2022.
    1. As the world goes digital, humans have moved ahead of machines as the top target for cyber criminals.
    2. The hackers smell blood now, not silicon.
  5. Global ransomware damage costs are predicted to exceed $5 billion in 2017.
    1. A 15X increase in two years, and expected to worsen.
    2. Ransomware attacks on healthcare organizations—the No. 1 cyber-attacked industry—will quadruple by 2020.
    3. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019.

KRACK WiFi Vulnerability

Krack Explained Like You’re A Five Year Old

Krack WiFi IoT Security Broken

Almost all WiFi devices have a potential to suffer from this vulnerability.  Encrypted traffic may not really be encrypted on wifi networks is basically the problem.  No big deal unless you use wifi and want it to be secure.

The problem exists in the WPA2 standard which is what we all rely on now.  When you connect to a network and enter a key to secure your connection,  this vulnerability means someone nearby can still hack into your traffic.

Vendors are putting out patches now but how many people won’t load them?  Ransomware attacks the shut down much of the world’s networks just recently, WannaCry and NotPetya, both spread using an unpatched Windows security vulnerability.  Windows patches weren’t there 3 months after they were released.  That is very concerning since Windows is EASY to patch.  All of these wifi issues are not easy to patch.

Devices all need patches.  IoT devices, router, access points, printers, mobile devices, etc are so ubiquitous it may take several years to get everything updated or phased out.  What happens until then?

Dark web vendors are selling remote access to corporate PCs for as little as $3 each

This article just adds to your question mark about a cyber storm.  Just how many computers would it take to create a cyber storm?  At the rate we are going in this list there will an ample number to work with but this makes it even scarier.  Running short a few computers in your army?  No problem, go buy a copy from some company somewhere!

Using weak passwords and brute force attacks to get into RDP connections open to the public.

RDP access credentials are increasingly being sold on the Dark Web and underground forums, where merchants offer access to tens of thousands of computers for as little as $3 for a Windows XP system to $9 for Windows 10.

But one thing is clear: there’s an active market for compromised RDP credentials, which are being actively exploited by hackers.

The remote nature of the login means attackers can quietly and anonymously monitor the compromised network, enabling access to documents and other files, and providing systems on which to install malicious software.

In order to protect against exploitation of RDP, organisations should regularly review their systems and security, and put in place strong passwords to prevent brute force access to corporate environments.

In the meantime, researcher say this form of attack will grow in popularity as more cyber criminals realise that credentials are on sale at such a low price.

New malware types

Fileless malware and Macro-less Office Malware among others may sound minimal compared to some of these other things but they can mean we have to adapt to new ways to combat infections.

Antimalware tools work because they expect files the launch malware and scripts in macros that run it.  When neither exist the vendors must find new ways to detect them.  Then, figure out how to prevent them.  Detect and Respond – oh, and Recover – all while finding tools that can do it because your current ones may not cut it.

Bad Rabbit Spreading

The news started in a similar manner to those horrible ransomware outbreaks earlier this year:  Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack

Next, it gets a new name because it is moving so quickly it is reproducing like digital rabbits!

A new ransomware strain has been spreading in Europe the last few days.  It hasn’t made it to the US that much, yet.  Whew!  But, how long before it morphs or a new one breaks out like we have seen with WannaCry?  This one may have been shut down, for now, but we know how much demand there is for these tools, aren’t we are living on borrowed time until another major one hits.

IoT botnets rapidly growing

The name varies based on who is reporting on it:  IoT_reaper, IoTroop or Reaper.  No matter what you call it, this thing is growing and no one knows for sure who controls an army of hacked IoT devices.

Possibly the scariest of all is this one if it really turns out be as bad as it could possibly be based on the reports.  It is a worm that is spreading, on it’s own, building a botnet using security vulnerabilities in nearly one dozen different devices.  Checkpoint announced they had detected it in September and since then it is growing at a rapid pace.

Some of the Reaper headlines read:

IOTroop Botnet Hits Over a Million Organizations in Under 30 Days

IoTroop/Reaper: A Massive Botnet Cyberstorm Is Coming To Take Down The Internet

A Massive New Internet of Things Bot Is Growing, and No One Knows What It Will Do

Reaper: Calm Before the IoT Security Storm?

The biggest issue with this potential cyber storm is that no one knows what the commander of the botnet motives may be once they decide to use it.  The people behind Mirai that brought down the internet last year may have recently been arrested but it is doubtful that all of them are in the clink.

That is just a few of the big stories that caught our attention.  There are some others out there that just get to techie to attempt to review.  However, these are enough for us to wonder when will some of this blow up in our faces or in our networks.  What is to come of this – if anything – requires a waiting game.   The truth that is hardest to face is each of these stories we covered could be the source of a really overwhelming cyber storm.  What if several of them are used together.  Put up those defenses folks!