Cybersecurity chief warns ‘ransomware as a service’ scam

It would seem that cybercriminals are now as prevalent as shoplifters or pickpockets

Lindy Cameron speaking at an Institute of International and European Affairs cybercrime event on Friday, where she praised the Government for refusing to pay ransom over HSE cyberattack. Photograph: IIEA/PA

Lindy Cameron speaking at an Institute of International and European Affairs cybercrime event on Friday, where she praised the Government for refusing to pay ransom over HSE cyberattack. Photograph: IIEA/PA

 

The online security crowd don’t tend to downplay risk but a presentation by Lindy Cameron, chief of the UK national cybersecurity centre, was sobering nonetheless. The organisation has dealt with more than 2,000 significant incidents since 2016. In the last year it took down more than 700,000 online scams. That’s quite a lot of scammers and a great many scammed, you’d think, even if 80,000 people reported suspicious emails.

These are mind-numbing figures. They seem to suggest that cyberthreats are as prevalent these days as the shoplifter or the pickpocket. Indeed, one of Ms Cameron’s mantras is that cybercrime does not limit itself to big business and its customers. “We say that we worry about the security of hairdressers as much as we worry about the FTSE 100 businesses,” she told an online forum on Friday at the Institute of International and European Affairs in Dublin.

Ms Cameron warned of “ransomware as a service” where unsavoury types offer ransomware variants and commodity listings – such as lists of credentials – for a once-off payment or a share of profits. This off-the-shelf fraud appears to have no limits, paving the way for non-tech gangsters to get in on the greed. “Users buy from developers without the costs and risks of developing it themselves, and that enables actors less experienced in ransomware to acquire tools to conduct their own attacks.”

More sophisticated criminals spend time conducting in-depth reconnaissance on victims, she added. “They will identify your cybersecurity weaknesses that they can exploit. They will use spoofing and spearphishing to masquerade as internal employees to get access to all of the networks they need. They will look for the business-critical files to encrypt and hold hostage. They may identify embarrassing or business sensitive material that they can threaten to leak or sell to others. And they may even research your cyberinsurance policy to see if you are covered to pay ransoms.”

Whatever happened the ordinary decent hacker?

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.