4 Trends in Ransomware Attacks

With the Wannacry attack, ransomware exploded in mainstream news, but most techies recognize that this is only the latest incident in a rising trend. Over the last several years, ransomware moved to the forefront of the information security profile. Moreover, as more people use technology, those data assets become more valuable.

With the Wannacry attack, ransomware exploded in mainstream news, but most techies recognize that this is only the latest incident in a rising trend. Over the last several years, ransomware moved to the forefront of the information security profile. Moreover, as more people use technology, those data assets become more valuable. Locking an enterprise’s data means disrupting business (not in the positive sense though). With most businesses will seek to restore functionality as soon as possible, ransomware is more lucrative than ever.

Ransomware Attacks Are Rising

Although this seems obvious, the statistics underscoring the statement are frightening. According to the Federal Bureau of Investigation, on average more than 4,000 ransomware attacks have occurred daily since January 1, 2016. During 2015, that number was 1,000 attacks per day. This is a 300% increase in the number of attacks in just one year.  If a number of ransomware attacks continue to grow at the same rate, that leads to at least 12,000 per day in 2017 alone.

Costs of Ransomware Attacks Are Rising

Hackers have learned that people love their information. Increased cloud storage use means that people put more information in potentially unprotected places. This makes holding that information hostage more lucrative. Annual costs of general cybercrime in the US in 2015 showed an annualized loss of $16.45 million to the technology sector. By 2016, most data breaches were in the medical and healthcare sector.  Globally, ransomware attackers have increased their average per victim intake from $372 in 2014 to $679 in 2016. Extrapolating that information using the number of attacks in 2016 per day, this means that ransomware attackers are making approximately $2.716 million every day.

Costs of Liability for Ransomware Attacks are Rising

Lawsuits cost money. In 2014, New York and Presbyterian Hospital paid $3.3 million to settle a data breach violation.  In 2015, Target paid $10 million to settle a data breach lawsuit.  In 2016, Home Depot paid $19.5 million to settle a data breach settlement. According to legal experts SteinPag, “the rising numbers of attacks and the rising costs of the attacks are not just limited to reputation. Companies need to think about how their data breaches can lead to legal liability. Those legal liabilities will continue to increase as data becomes a currency and breach of that data causes more significant damages.

Email Is the Leading Cause of Ransomware Attacks

Between 2016 and 2017, information regarding how ransomware attackers found the email to be the most significant entry point. Ransomware emails were up 6,000% during this time. 40 % of all spam had email ransomware. 59% of infections came from email. These numbers mean that the average user still doesn’t understand the dangers associated with phishing emails. Since attackers have had such great success with email, 2017 looks to see a rise in the use of email as an attack point.

The trends regarding ransomware are frightening. As the Wannacry incident shows, people are not prepared for a large-scale attack. Going forward, the number and size of these attacks will only increase making them something that should be a priority for all technology users.



Growth Of Social Media Spam Statistics

Despite the advances in web technology over the past few decades, one of the challenges that users continue to face is spam. A research report published by Microsoft Research back in 2004 showed that the presence of webspam on the internet can be identified through statistical analysis. While studies as this have played an important role in identifying and filtering spam, the growth of such websites and pages continue unabated. Experts like GW attribute this growth to the deficiency in technology that govern the identification and filtering out of such pages. Cheap link building tactics aimed at sprucing up the PageRank of a website are often a major cause for link spam online.

Over the past year, Google has deployed a couple of major algorithmic updates aimed at curtailing this practice. Dubbed the ‘Penguin’, the update was aimed at spammy link and content marketing tactics that has been seen as a major reason for webspam. Given these important changes, the spate of link spam was expected to come down. However, according to Social Media security firm NexGate, the overall level of spam on the internet has continued to rise thanks to its increase in other platforms like social media. In a first of its kind report on social media spam, NexGate reports a 355% increase in what they call ‘social spam’ during the first half of this year. Here are some really interesting takeaways from their report:

Description Data
Social media apps that are spammy 5%
Spammy social media apps that are brand-owned 20% (that is 1% overall)
Average number of social profiles contacted by a spamming account 23
Number of new spam accounts created 5 out of every 7 new accounts
Most popular social platforms for spammers Facebook & YouTube
Percentage of spam posts that contain a URL 15%
Overall number of spammy social media messages 1 out of every 200

As anybody who frequents websites like Facebook and YouTube may know, the spam on these websites are extremely higher than what may be noticed on other social media websites. NexGate estimates this number to be 100 times more than other social networks. Consequent to this, the number of phishing attacks on Facebook are also higher than any other network – by a factor of 4. Given that a huge percentage of spam are scams aimed at fooling people into divulging their confidential information, the financial repercussions of social media spam are huge. Some estimates point at a revenue loss of close to $200 million just from Facebook.

Given the rise in prominence of social networks like Instagram and Pinterest, it is to be seen how these various companies huddle up with the likes of Facebook to find a way to root out spam from the social media space.

The Internet of Things: Breaking Down Hacks and Security

An unassuming, internet-connected toaster is sitting on a kitchen counter when it is assaulted, over and over, with “root” and “xc3511” login credentials. The toaster, however, isn’t real – it’s a honeypot living on a virtual server hosted by Amazon, tracking each attempt to hack it.

The experiment was set up by The Atlantic’s Andrew McGill, which saw the first attack just 41 minutes after going live, and more than 300 IP addresses tried to gain access by the end of the day – which works out to about 27 attacks per hour. The attacks were likely made automatically by Mirai, the malware that was at the heart of the mid-October distributed denial of service attack on Dyn, targeting DNS servers – the “phone book” of the internet translating text URLs to IP addresses – and slowing or blocking access to major websites including Paypal, Twitter, Spotify, Reddit, and Netflix. The open-source malware can be set to automatically scan the internet, specifically for Internet of Things devices, to hack. With estimates of 28 to 30 billion connected devices by 2020, the danger will only increase.


Before getting into what hackers could use exploited IoT devices for, it’s important to see how they were hacked. The October DDoS attack was the first major, widespread attack to utilize IoT devices, and many were webcams and CCTV cameras. The connection is the chip set used in the cameras, made by Chinese manufacturer Hangzhou Xiongmai Technology Co., or XM. These are sold to camera manufacturers. In the aftermath of the attack, the company is recalling millions of devices, but suspects only about 10,000 are vulnerable.

The cameras were made up to 2014. Those with firmware from 2015 and beyond should not be affected by Mirai. The recall only affects a fraction of the 17.6 billion devices currently in use, but consider only about 0.000026 percent of IoT devices were used in the October hack.

The problem, security analyst Brian Krebs noted, was that the password, “xc3511,”  that all the XM devices use by default, is hardcoded into the firmware. Even if the user changes the password, the default password will still work.

Security analyst Ben Dickson wrote that “one of the fundamental problems with IoT security is that the developers often come from an unconnected background, such as embedded systems, which means they have the knowhow to provide functionality but aren’t versed in the principles to write secure code for connected environments.” He also noted that security is neglected in the face of costs and deadlines.


Much like the poor virtual toaster, that’s how some 460,000 IoT devices were used in the DDoS attack. But it wasn’t just cameras – devices ranging from thermostats to DVRs were used in the massive attack. It wasn’t the first attack using IoT cameras, either. In late September, about 150,000 cameras and digital recorders were used to attack OVH.com, French entrepreneur Octave Klaba’s website. He took to Twitter, noting that at one point, his site was hit with nearly 1 terabyte of information per second – at only a quarter of what was used against Dyn.

In 2013, it took a server just 44 minutes to scan every IP address on the internet. Now, Mirai users are only scanning IP addresses associated with IoT devices to create botnets for DDoS attacks – or other sinister deeds.


Stampado, a budget-friendly piece of ransomware at only $39, is being sold in the dark corners of the internet. The software locks files on a computer, giving the owner 96 hours to pay up. After the time limit is up, it deletes random files every 6 hours. For comparison, Locky, which shut down hospitals by locking out patient records, goes for about $3,000.

Imagine if a hacker, using cheap software, scanned the internet, found your IoT thermostat, turned the heat up to unbearable temperatures in the middle of summer, and demanded payment to unlock the device. Or worse, you are on vacation and the same scenario happens. Pay up, or be saddled with a high energy bill and melted personal items all over the house.

Not scary enough? Hackers have already proven they can remotely hack internet-enabled cars. What if the autopilot feature of a Tesla was hacked, the doors locked, and you are driven to the middle of the desert? While only 2 percent of cars were connected to the internet in 2012, and 10 percent the next year, Spanish company Telefonica estimated in 2013 that about 90 percent would be connected in 2020.


Hacking doesn’t happen in a vacuum. When exploits are found they are often closed. Tesla quickly closed an exploit after hackers released a how-to guide – probably preventing the above scenario from happening in the first place.

Meanwhile, Microsoft is adding Bitlocker and Secure Boot to Windows 10 IoT Core. The change is mostly aimed at DIYers and home hackers, with Windows 10 IoT offered as a bundle with a Raspberry Pi 2 microcomputer. Learning to code for the IoT can give you more control over your device, also increasing security. Securing your router will also turn away the vast majority of automated hacking attempts.

Finally, IBM is experimenting with blockchains to track important items. A current application is tracking where a diamond came from – suppliers can then deny the diamonds if they are from an area that uses forced labor to mine diamonds, or if the sales fund violence. This could be used by manufacturers to monitor where parts in devices come from, to identify potential weak spots in security – and prevent hacking even before the consumer buys the product. If a blockchain was in place, it could have been used to track the pre-2015 XM chipsets, to identify exactly which cameras they were used in, and aid the manufacturer in a recall. Or, a company could decide not to use the chipset, based on its point of origin. The technology is secure – it’s used to track bitcoins – and extremely hard to alter or delete information after it is added by a trusted source.

The IoT is growing fast, and security is trying to catch up. According to Maryville University, cyber attacks cost upwards of $400 billion each year. There is potential for great harm through ransomware, or even shutting down the internet for a wide swath of users. There are bound to be more attacks before security catches up – but securing your network will go a long way to protecting your toaster.

The Growth Of E-Signature Market

E-Signatures are a way to speed up legal paperwork by replacing physical contract documents with electronic alternatives. In this case, the signatures are made electronically by the parties involved in a safe and secure manner. Besides this, e-signatures are also seen to be massively cheaper than physical paperwork. In a study on the benefits on e-signatures, Ombud Research came up with the following numbers:

Parameter Average Change
Turnaround time 80% savings
Cost $20 per document less
Customer Loyalty 5x increase

According to a report on Celent, the e-signature industry has grown multifold in the past five years. The usage by life insurance companies has increased from 47% in 2007 to 74% in 2013. Even the US army today has deployed an esignature solution from Silanis for their over 1 million personnel. Here is how the various e-signature approaches have grown.

E-signature type 2007 2013
Signature pad at POS 34% 36%
PKI 34%
Voice signature 30%
Clickwrap 34% 70%
Handwritten mouse signature 15%
Username & pin 45%
Shared secrets 15%

Research firm, G2 Crowd reviewed the market share held by various e-signature providers among small business (1-50 employees), medium (51-1000 employees) and Enterprise (>1000 employees) which showed the following results

Provider Small Medium Enterprise
Echosign 34% 43% 23%
DocuSign 41% 33% 26%
Silanis 34% 33% 33%
AssureSign 21% 43% 36%
Right Signature 53% 27% 20%
Sertifi 31% 31% 38%

In terms of deployment method (cloud vs. on-premise), this is how it worked out:

Provider Cloud On-premise
Echosign 77% 23%
Docusign 77% 23%
Silanis 79% 21%
AssureSign 100% 0%
Right Signature 75% 25%
Sertifi 85% 15%
Average 85% 15%

In terms of user ratings and recommendations, the G2 Crowd found the following

Rank, Provider, % customers likely to recommend
1, Silanis, 95%
2, AssureSign, 88%
3, Sertifi, 87%
4, Right Signature, 86%
5, Docusign, 81%
6, Echosign, 76%

Email Based Malware Attacks Statistics

China, Romania and United States make up for more than two-thirds of malware-laden spam emails sent in March. According to a report by Symantec’s MessageLabs Intelligence, close to 14.9% of malware intercepted in March were new and did not have a precedence. The report studies the percentage of email that is spam, contain virus or are phishing attempts.

Spam : 1 in 1.10 emails (90.7%)
Virus : 1 in 358.3 emails (0.28%)
Phishing : 1 in 513.7 emails (0.19%)

Internet Security News writes,

“Analysis of web security activity found 14.9 percent of all online malware intercepted was new in March, an increase of 1.6 percentage points since February. MessageLabs Intelligence also identified an average of 1,919 new websites per day hosting malware and other potentially unwanted programs such as spyware and adware, a decrease of 61.6 percent since February. “

Why Users Click On Spam Mails?

Have you ever opened a spam email? According to a study by Messaging Anti-Abuse Working Group, people not only click on spam, but are also likely to forward them. Men and women under 35 are most likely to do so.

50% of users under 35 years have clicked open a spam email
13% of these users have also clicked on a link in the spam

38% of users over 35 years have clicked on a spam email
10% of these users have clicked on the links in spam

Why Users Click On Spam
Intentionally : 46%
To Unsubscribe/Complain : 25%
To see what happens : 18%
Interested in the product : 15%

Top Spam Producing Countries

China and USA are among the countries with the most number of zombie computers. So where do all spam actually originate from? Here are the top ten spam producing nations (as of Q4 ’09) according to a study conducted by McAfee and the share of total spam

1. USA : 15.6%
2. Brazil : 11.2%
3. India : 5.6%
4. Venezuela : 4.4%
5. Rep. of Korea : 3.8%
6. Ukraine : 3.7%
7. Poland : 3.6%
8. Romania : 3.3%
9. Germany : 2.9%
10. Russia : 2.4%

Countries With The Most Number Of Hacked Computers

China has taken over from United States as the country that has the most number of hacked computers – machines that are made to act like zombies to send out spam email or attack websites. Here is the list of the top ten countries in terms of the number of hacked computers (as of Q4 ’09) and the worldwide share they constitute

1. China : 12.0%
2. USA : 9.5%
3. Brazil : 8.5%
4. Russia : 7.0%
5. Germany : 6.0%
6. Rep. of Korea : 5.0%
7. Italy : 3.5%
8. UK : 3.2%
9. Taiwan : 3.0%
10. Spain : 2.6%

Security Software Sales In Asia Pacific

Enterprise customers in Asia-Pacific are soon realizing the importance of security on their infrastructure and the sale of security software is expected to grow in double digits through 2010. Here are some numbers predicted by market research firm, IDC

Sale of Secure content and threat management applications (SCTM) in 2010 : $1.13 billion (18.4% growth)

Identity and access management (IAM) software : $326 million (15.2% growth)

Security and Vulnerability Management (SVM) : 19% growth