• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Surprise surprise, cyber criminals aren’t honest

Surprise surprise, cyber criminals aren’t honest

  • Posted on:September 6, 2016
  • Posted in:Industry News, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0
You can't take a hacker's word at face value.

Cyber crime is a major concern, both for consumers and enterprises alike. The connectivity of the internet has allowed for some pretty incredible innovations, but it's also allowing criminals an avenue for exploiting a wide array of victims. Although the notoriety of hacking has certainly highlighted the importance of constant vigilance while online, some people sadly still fall victim to these kinds of nefarious schemes. 

These kinds of incidents sometimes involve the affected person getting into contact with the hacker, often to discuss some sort of payment. The major mistake a lot of people make here is thinking that they can reason with the cyber criminal. On a similar note, many users that utilize the Dark Web for activities such as gambling also expect the operators of these services to play fair. 

Both of these expectations come from an inaccurate read of who cyber criminals are. These individuals are, by nature, malicious. They don't care about you, your life or how hard you've worked to obtain your money. Quite literally the only thing they concern themselves with is personal gain, and thinking of them in any other fashion can be extremely dangerous. 

Possible Dark Web gambling scam

To begin, let's take a look at an issue observed by Trend Micro researchers that's affecting an illegal online gambling community. The French Dark Bets gambling system, which is run by an organization that goes by the French Dark Net, went offline recently for a few days following what the site's owners said was a cyber attack. When the smoke cleared, every single bitcoin within the system had been pilfered. 

Although the operators of this gambling service claim this theft was the result of an outside hacker gaining access to the site's bitcoin wallet, their claim seems a little dubious. To begin, the French Dark Net posted a video on YouTube shortly before the attack in an attempt to recruit new users. While this in and of itself certainly isn't suspicious, it would make sense that administrators looking to defraud users would want to increase their victim base. 

Outside of this, the explanation of the hack given by the site's operators was extremely short and didn't really go into details about how the hack was perpetrated. This is incredibly suspicious, considering the fact that most people on the Dark Web generally have computer skills well beyond the average citizen. Not only would this group be able to understand a technical explanation, but many would have even been able to start looking for the perpetrators in order to make them pay for their crimes. 

Finally, and perhaps most important, is the changes to the site that were made after the hacking incident. The major alteration here was the fact that users are no longer able to exchange messages with other members on the site. This is quite possibly the worst way to deal with a real hack, as it discludes any sort of discussion that could help people avoid similar situations in the future. What this does do, however, is limit the amount of conversation about possible fraud on the part of the French Dark Net. 

On top of this, all messages between admins and certain important individuals have since been deleted, a function that should not have been affected by a bitcoin wallet raid. Taking any one of these points doesn't exactly implicate the French Dark Net, but putting them all together reveals that something isn't being said here. 

What's more, it's important to remember that the people running this site are criminals. They are running an illegal gambling operation, and are therefore already facing jail time if caught. Does tacking on yet another crime really seem that unlikely? 

If there was ever plain evidence that you shouldn't trust Dark Web sites with your money, this is it. Either a hacker has targeted an illegal service that you use, which means you can't go to the cops, or the operators of that service stole your money, which means you can't go to the cops. It's a catch-22 that you should endeavor to avoid altogether. 

Hospital pays the price of trusting a cyber criminal

However, people breaking the law aren't the only ones to fall victim to a cyber criminal's dishonesty. In fact, it's generally law-abiding citizens that are the one's to get caught up in a hacker's schemes. This is especially true of ransomware, a particular form of malware that encrypts a user's files and forces them to pay in order to access them. This kind of attack basically cripples an organization's IT infrastructure, which makes it perfect for holding data in the health care industry hostage. 

Due to the fact that lives quite literally depend on accurate information within a hospital, many institutions are quick to do anything in their power to regain access to mission-critical patient files. This urgency is exactly what was behind the Kansas Heart Hospital fiasco that happened occurred earlier this year. The institution was hit by a ransomware attack, and decided that the best way to ensure continued patient care was to simply pay the hackers responsible for the infection. 

Sadly, hackers simply aren't an honest bunch. The individual behind this attack received the payment, and instead of decrypting the hospital's data simply demanded more money. Thankfully, the organization's administration decided they had had enough and refused to pay this second ransom. While it's impossible to blame the hospital for wanting to regain access to important information, there's certainly a lesson to be learned here. 

FBI has some advice for victims of ransomware

If this nasty incident at Kansas Heart Hospital has any sort of silver lining, it's that it's a perfect example of why you shouldn't ever pay a hacker behind a ransomware attack. There are a laundry list of reasons behind why you shouldn't do this, and FBI Cyber Division assistant director James Trainor articulated the most important ones on the agency's website. 

"Paying a ransom doesn't guarantee an organization that it will get its data back—we've seen cases where organizations never got a decryption key after having paid the ransom," Trainor said. "Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals."

This isn't some random internet commentator or armchair security analyst saying this – this is a major player in the FBI's cyber crime division. Paying the criminal not only gives you no assurance that you'll be able to access your files, you'll actually be encouraging the person to commit future crimes. 

Skip negotiations by preparing

Clearly, negotiating with a hacker who has encrypted your information is a bad idea. Furthermore, discussing payment with any hacker is only going to encourage their behavior, and that's only going to lead to more nefarious behavior that could even come back to bite you in the future. Therefore, any company that finds itself at the mercy of a cyber criminal should do what they can to section off the affected machines and request help from trained experts. 

Of course, there is a much simpler way to go about dealing with hackers: avoiding them altogether. The best way to do this is by informing employees about the risks that they face. A lot of people have a mystical image in their head about what a cyber criminal actually is, equating them to a digital wizard. While these people are highly talented, one of the most common attack vectors for a ransomware campaign is email. 

Hackers will send out messages claiming that they are someone in the company or an employee at a partner organization, and will direct your workers to click on an attachment in the email. Those who do decide to click this link will download malware that will at best infect their computers and at worst infect the entire network. 

Although the fact that such a massively disruptive attack can come from such an innocent mistake, this point means that your employees have the power to ward off an infection that could cripple your IT infrastructure. Something as easy as a monthly newsletter about cyber security best practices could help educate your workers while also reminding them of the kinds of threats that they face. Small steps such as these can help ensure that your company doesn't ever have to negotiate terms with a hacker. 

Related posts:

  1. Drawing the line: How cyber criminals’ online tactics differ from terrorists’
  2. Cyber criminals: Big paydays, few consequences
  3. Small Business: A Target for Cyber Criminals
  4. Shopping online at work can expose your company to cyber criminals

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.