The NotPetya attacks detailed in Part B News’ current cybersecurity story differs from the usual ransomware attacks in that the data was not ransomed but destroyed. We asked security experts: Are hackers moving from ransomware to destructive exploits?
Dennis Chow, chief information security officer at SCIS Security, Houston: Destructive attacks aren't new. We're just seeing more commodity versions of them due to increased automated tools for sale on the cheap in black markets. There's also non-code-based exploitation that's equally destructive that malware could perform. During my penetration testing of various health care entities, using very trivial methods, I was able to not only capture PHI [protected health information], but also modify it on the fly -- potentially changing methods of treatment, diagnosis, etc.
Mike Hamilton, founder and President of Critical Informatics, Seattle: Health care is known to be particularly monetizable by organized crime in that the sector cannot afford to have critical services disrupted, will pay the ransom, making it low-hanging fruit for extortion -- ransomware is a form of extortion. Additionally, theft of records to sell on dark markets is still problematic, but the number of health records available now has resulted in a bit of a glut, resulting in declining value per record. Extortion is much simpler and produces a better “return on investment” than records theft.
As global actors become more emboldened after this example, the health sector in particular is a key resource that, if specifically targeted for disruption, would very quickly result in the loss of trust in our government to “secure our logical borders,” and this is the aim of those actors – fomenting mistrust and dissatisfaction by the populace.
Greg Scott, author, Bullseye Breach (“a cybersecurity educational book disguised as a thriller”): I don’t buy it. First, ransomware is not the only way to steal money over the internet, just the most publicized. K-Mart recently suffered an old-fashioned credit card breach, for example. B&B Theaters had credit-card theft software in their system for two years. Avanti Markets recently revealed a massive attack against their kiosks. The money-stealing attacks are as strong as ever and even getting stronger.
Christopher Ensey, COO of Dunbar Security Solutions, Hunt Valley, Md.: It is becoming commonly accepted that malware is becoming more prevalent, especially as less people are paying out ransom.The destructive objectives are still unclear, but it has to be acknowledged that multi-vector attacks are becoming common. In the case of Petya/NotPetya, researchers have seen credential-stealing in addition to destructive behaviors. This is a sign that malware authors are working hard to monetize their work using multiple tactics.
Jonathan Jaquez, CEO of Mageni Security LLC, White Plains, N.Y.: It is worth noting that NotPetya could mean the start of a new generation of ransomwares that could cost human lives; according to news reports, for example, after the NotPetya attacks, Heritage Valley Health had to postpone a surgery.