Combating Ransomware Attacks: The Reasons for Their Rise and the Ways We Can Prevent Them

As has been widely reported, a new wave of cyberattacks has hit Europe, possibly a reprise of the widespread ransomware assault in May that affected 150 countries.

Ransomware, typically delivered via malicious email or infected third-party websites, is a family of malware that either blocks access to a PC, server, or mobile device or encrypts all the data stored on that machine. Similar to a kidnapping or hijacking with a ransom demanded in return for release, the perpetrator of a ransomware attack takes possession of valuable data or files belonging to individuals or businesses and then demands payment in the form of electronic currency called “Bitcoin” for their return.

According to a report earlier this year by NBC News writer Herb Weisbaum, citing the FBI, ransomware payments for 2016 are expected to hit a billion dollars compared to the $24 million paid in 2015. And that figure is expected to rise, with more victims and more money lost. Why the dramatic rise?

  1. Easier access to technology. Criminals have increased access to sophisticated technology to conduct these attacks. Even highly sophisticated tools developed by NSA and other similar advanced tools are now in the hands of criminals. Also, criminals are making continuous improvements to such technology, and have banded together to turn this type of crime into an organized business.
  2. Increased profitability. The business of ransomware has become highly profitable. Therefore, highly talented programmers are choosing to make this their profession— and they are making a lot of money in this way.
  3. Organizations are lagging in innovation. Arguably, the most important reason is that individuals and organizations are not paying attention to continuous improvement or innovation in the technology they use or the protection systems they have in place. Without innovation, such individuals become sitting ducks. Without innovation, regardless of how good your technology is, hackers will eventually get in. Because the probability of a higher payout with organizations is greater, criminals are targeting organizations at a higher rate. However, everyday computer users are also being targeted.

Shegoftah Nasreen Queen (SNQ), Bangla Service, Voice of America, recently interviewed Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School at the University of Maryland University College, to learn more about the reasons for the rise and solutions for combating this pervasive cyber threat. Read the full interview.

The Internet of Things Is Changing the Way We Live—Should We Be Worried?

The Internet of Things (IoT) is on the rise, and so are the threats associated with the interconnectedness of our devices. Eighty four percent of organizations that have adopted IoT report experiencing at least one IoT-related security breach—and 93 percent of executives expect IoT security breaches to occur in the future—according to a February 2017 Aruba Networks study. Malware, spyware, and human error are the most common problems the study also reported.

It’s widely accepted that the number of IoT security breaches will only grow in the near future. To quote a 2016 Forrester Research report: “When smart thermostats alone exceed one million devices, it’s not hard to imagine a vulnerability that can easily exceed the scale of other common web vulnerabilities, especially if multiple IoT solutions include the same open source component.”

IoT affects everyone, not just large corporations with industrial equipment. From smart thermostats to smart refrigerators, dishwashers, and washers and dryers, we’re all part of the landscape and vulnerable to threats.

What are we to make of the proliferation of the IoT and how concerned should we be?

For answers, read the white paper by Balakrishnan Dasarathy, UMUC collegiate professor and program chair for information assurance, The Graduate School.

Cyber Awareness Month Recap and Launch of Guide to Cyber Experts

We’re kicking off November with a recap of our National Cyber Security Awareness Month postings and an announcement. On Nov. 4 we launched our Guide to Cyber Experts.

First, a little about the guide, which serves as the go-to resource for members of the media covering all facets of cybersecurity. It contains biographies of UMUC faculty experts and their specialized areas of interest. Guide users can find an expert on a wide array of cybersecurity-related topics, view more detailed information about each expert and schedule interviews.

UMUC experts featured in the guide focus on a range of areas, including:

  • Cybersecurity in healthcare and education
  • Legal and policy aspects of cybersecurity
  • Cybersecurity job landscape and careers
  • Cybersecurity and critical infrastructure
  • Computer hacking
  • Internet of Things (IoT)
  • Computer and network forensics
  • Secure software engineering
  • Current threatscape
  • Cybersecurity innovation, governance and digital strategy

And, in case you missed them, each week during the month of October we shared tips, best practices and information to help you protect your data and personal information and become more aware of cybersecurity issues in our daily lives.

  • Week 1: We launched the month with “Hack” to School, a series of tips for middle and high school students―and parents―to help them protect their identity when using smart phones, computers and social media. Check out our top-8 list of security tips and best practices from University of Maryland University College (UMUC) cybersecurity faculty.
  • Week 2: We shared our Five Proverbs to Live By. Remember those sayings you learned growing up? Valorie King, UMUC’s program chair and collegiate associate professor for cybersecurity management and policy (CSIA) advised us that those same proverbs apply to staying safe in cyberspace as well. Find out how the sayings we use to guide our children in the real world also can be applied to helping us steer away from trouble on the Internet.
  • Week 3: We shifted our focus to the professional world by offering 5 Action Items to Secure the Workplace. Cyber threats are increasing in number and sophistication. Balakrishnan Dasarathy, UMUC professor and program chair, cybersecurity and information assurance, discusses the five specific areas where organizations can minimize their vulnerabilities and exposure to threats.
  • Week 4: Finally, as a run-up to the 2016 Presidential Election, Balakrishnan Dasarathy returned to address the question: “Can Our Elections Systems Be Hacked?” What you’ll discover is that a closer examination of our election system gives us a more complete picture of the prospect of a hack and any related trust issues.

To contribute to Cyber Connections, please contact Alex Kasten at alex.kasten@umuc.edu.

Embracing Cybersecurity Awareness

We’re about halfway through National Cyber Security Awareness Month. I wanted to talk about the importance of securing your perimeter of online and network usage. Users tend to assume that security is an on-off switch that can be controlled or activated when and as often as needed. Experts in the cybersecurity industry are aware of this misconception. It is not sufficient to activate anti-malware and anti-virus software updates; it is also eminent to update the underlying operating system — especially when working with cloud and big data-based enterprises, both private and public.

Additional awareness should be embraced and adopted not only on wired but also wireless infrastructure. It is not as easy, but care must be exercised when accessing sites which do not begin with “https” on their URL.

The most important element is self-discipline and caution when browsing sites, downloading files, and accessing unknown or unsure sources of email. Also, training and education should be routinely and continuously conducted to educate users, managers, and IT and system administrators to follow certain password guidelines and schemes.

System recovery, backup, and updates must be routinely performed. Also, additional security algorithms must be used and devised always to combat, lessen, or deter attacks. Users must be aware of pop ups, ads, adware, malware, spyware, social engineering, and shoulder surfing, a way in which people can look over a user’s shoulder to obtain passwords or information they are inputting on their devices.

Always be leery of where you are sending and downloading your private data, especially when using the cloud. As a cloud security expert, I promote awareness of using the cloud as a convenience– but always exercise care and be alert. It is the price we pay for technological civilization. A byproduct of technological civilization and advancement is cybercrime. As we advance our technologies, we must also be prepared to secure these technologies. As such, we must also be prepared to sacrifice convenience. This is a fact.

unnamedDr. Ihssan Alkadi is an adjunct professor at UMUC and is on the faculty at Southeastern Louisiana University in the Computer Science Department. Dr. Alkadi received his B.S. in Computer Science at SLU and went on to earn his M.S. in Systems Science and his Doctoral degree in Computer Science from Louisiana State University (LSU). His areas of expertise include software engineering, and Internet, HTML, and operating systems testing. His research interests include testing in object oriented systems, systems validation, and system verification. His current research is in cloud computing security and cybersecurity.

Cyber Catch Up 10/5/15

Here’s what you missed last week…

It’s bad enough to have to worry about your data getting stolen. Now officials are concerned about the next front in malicious cyber activity: efforts to deliberately manipulate data. As data theft continues, banks are now looking to retailers to bear the losses. News of the VW scandal continues, and one story indicates that “the faster we upgrade our roads and autos with better capabilities to detect and analyze what’s going on in the transportation system, the better we’ll be able to find hackers, cheaters and others looking to create havoc on the highways.”

Microsoft reported that the highly suspicious Windows update that was “delivered to customers around the world was the result of a test that wasn’t correctly implemented”– but this isn’t the first time a Windows update has been compromised. As cybercriminals move from online banking to the industrial supply chain, they find the Dyreza computer trojan a useful tool. On Thursday, T-Mobile announced that about 15 million of its U.S. customers may have been exposed in a data breach at one of its vendors. Also on Thursday, it was reported that newly discovered vulnerabilities in Android’s media file processing may lead attackers to compromise devices by tricking users into visiting maliciously crafted Web pages.

Apple’s new privacy policy was announced and has been given kudos in its design and simplicity, promising personalization without sacrificing privacy. In the meantime, privacy advocates increase efforts to beat back cybersecurity information-sharing legislation. Recently, Edward Snowden and a number of his supporters put forward a proposal to curb mass state surveillance. Could this be doomed?

With National Cyber Security Awareness Month in full swing, it’s time for millennials to step up their slacking security habits— according to a recent survey, they are least likely to protect their data, despite being the most concerned with cybersecurity. According to another survey, even though IT professionals often warn their superiors about pending IT security disasters, almost half of respondents report that executive management fails to take action.

Researchers have created an AI system to detect malware in shortened Twitter links, exposing a security flaw in Twitter’s site. Speaking of malware, are you searching for celebs in your spare time? Be careful who you search for– a study shows that celebrity searches are loaded with malware. Steer clear of getting the scoop on Kelly Brook, Nick Grimshaw, Kate Middleton, Idris Elba, Frank Lampard, Jeremy Clarkson and Tom Hardy, among others.

Screen Shot 2015-09-30 at 12.36.23 PMRebecca Foss is the Director of Social Media at the University of Maryland University College (UMUC). In her current role, she is working with stakeholders across the university to develop the overall strategic approach in using social media platforms and tools globally for UMUC. She has over 15 years of marketing and communications experience and has been involved with championing social media initiatives since the early stages of the medium’s existence in 2007. Rebecca specializes in content management, creation, and curation and serves as co-editor of the Cyber Connections blog. 

October is National Cyber Security Awareness Month

We live in a digital era and are more connected than ever before. The increased reliance on the use of Internet in our daily lives comes with increased cybersecurity risks. Today, no one is immune to the cyber risks. As a nation, we face rapidly evolving cyber threats against our cyberspace, a critical domain of our national security. As individuals, our finances, identity, and privacy can be threatened by online theft, fraud and abuse.

Recognizing the importance of cybersecurity to our nation, President Obama designated October as National Cyber Security Awareness Month. The purpose of National Cyber Security Awareness Month is to enhance cybsercurity awareness among organizations and individuals of all ages and segments of the community.

UMUC has joined with the Department of Homeland Security in the promotion of Stop.Think.Connect, a national public awareness effort aimed at enhancing cybersecurtiy awareness and empowering Americans to be safer and more secure online. As part of the Stop.Think.Connect Campaign, UMUC offers a variety of cybersecurity awareness and educational activities during the month of October to its community – students, alumni, faculty, staff and beyond. We encourage you to actively participate in these activities as cybersecurity is a shared responsibility and we each have a role to play in promoting and protecting the cyberspace.

Thank you for all your efforts in promoting cybersecurity awareness during October and beyond. Together we can meet the cybersecurity challenges of today and tomorrow.

Dr. Amjad Ali serves as associate vice president and cybersecurity advisor to the president of University of Maryland University College (UMUC). In addition, he is professor of cybersecurity at the Graduate School. He made significant contributions to the development and launch of UMUC’s cybersecurity programs and initiatives, and has served as director of the UMUC’s Center for Security Studies of the Cybersecurity. Before joining UMUC, Amjad worked as manager of Continuing Education at the American Council of Engineering Companies in Washington, DC.  He has also served as the Dean of Keller Graduate School of Management-New York Region. Amjad has presented at major conferences and seminars on cutting-edge topics in cybersecurity, and he has a strong portfolio of scholarly publications. He holds a doctorate in Engineering Management from the George Washington University. He is UMUC’s staff to the Maryland Cybersecurity Council and serves on the advisory board of the Center for Strategic Cyberspace & Security Science and AFCEA International Cyber Committee.

 

Cyber Catch Up

Here’s a recap of what you missed last week in cyber.

The charge that Beijing was behind the theft of the personal data of more than 20 million federal workers could become a primary topic for an important visit from China’s President Xi with hacking to shadow the China summit. At the start of President Xi’s visit, he sought to reassure American companies that his government was committed to protecting the interests of foreign companies and fighting cybercrime. But was it all double talk? Speaking of stolen personal data, it is reported that OPM underestimated the number of fingerprints stolen by approximately 4 million. The government now estimates this number to be 5.6 million.

Big news this week was Apple’s confirmation of the the discovery of malicious code in some App Store products. The Washington Post reported that the Obama administration has been exploring ways to bypass smartphone encryption to allow access to law enforcement. Also this week, a campaign was launched by a group of privacy advocates including former NSA whistleblower Edward Snowden for a new global treaty against government mass surveillance. Business advisory firm Grant Thornton International, released a report that indicates that global cybercrime has cost $315 billion over the past 12 months.

In policy news, cyber crime laws are showing their age and some are badly outdated, including the Computer Fraud and Abuse Act (CFAA) of 1986. Senator Ron Wyden of Oregon announced this week that the Section 603 provision on terrorist activity was removed from the 2016 Intelligence Authorization Act. Finally, a federal judge ruled this week that forcing suspects to give up their cell phone passwords is a violation of the constitutional right against self-incrimination.

Screen Shot 2015-09-30 at 12.36.23 PMRebecca Foss is the Director of Social Media at the University of Maryland University College (UMUC). In her current role, she is working with stakeholders across the university to develop the overall strategic approach in using social media platforms and tools globally for UMUC. She has over 15 years of marketing and communications experience and has been involved with championing social media initiatives since the early stages of the medium’s existence in 2007. Rebecca specializes in content management, creation, and curation and serves as co-editor of the Cyber Connections blog.