A Forward-looking View on Digital Extortion

By Goh Chee Hoh, Managing Director, Trend Micro Malaysia

In 2017, digital extortion was cybercriminals’ first and foremost money-making modus operandi. This can be seen in the biggest digital extortion cases last year – WannaCry, EREBUS and PETYA outbreaks. Even locally, nearly 20 Malaysian firms, ranging from government-linked corporations to financial investment firms were hit by WannaCry[1].

A report by A.T. Kearney highlighted that in recent years, with increased connectivity and technological innovation, the Southeast Asian region has been a prime target for cyberattacks. Without the right measures in place to tackle digital threats, the region’s top 1,000 companies is estimated to lose about $750 billion in market capitalization from data breaches[2].

As cybercriminals find online blackmail and extortion lucrative, we at Trend Micro believe that the future of digital extortion presents a risk-filled outlook, especially for enterprises and organizations. Cybercriminals will continue to go after big targets by making ransomware designed to exponentially wreak havoc, especially in office settings.

We predict that it’s not just ransomware that will be used for digital extortion. In addition to attacking the company’s business-critical documents, manufacturing plants and assembly-line robots will also be compromised. Malaysia manufacturers with their legacy systems and diverse hardware would face challenges to upgrade or patch in a timely manner, making them prime targets for attacks that exploit old vulnerabilities. In these industries, attacks can force production to halt resulting in losses as seen in the previous Petya attacks where organizations such as Reckitt Benckiser estimated losses of up to GBP100 million[3]

We also see attackers using digital smear campaigns against celebrities and companies, especially those attempting to promote an upcoming product or movie. In this day and age where customer feedback and social media reception are key to success, attackers may resort to sharing fake news to tarnish the reputation of companies of celebrities and companies — and to stop only when the victims pay a set ransom.
Finally, we believe that digital extortion will continue to feature phishing attacks and social engineering techniques to infect the computers and systems of unsuspecting company officers and executives with ransomware, or to establish a backdoor for data theft.

[1] “Company boards listen up! Cyber security is your issue too”. (2017, Oct 24). Retrieved from https://themalaysianreserve.com/2017/10/24/company-boards-listen-cyber-security-issue/
[2] “Cybersecurity in ASEAN: An Urgent Call to Action”. (2018, Jan). Retrieved from http://www.southeast-asia.atkearney.com/paper/-/asset_publisher/dVxv4Hz2h8bS/content/cybersecurity-in-asean-an-urgent-call-to-action
[3] “Petya ransomware: Companies count the cost of massive cyber attack”. (2017, July 6). Retrieved from http://www.zdnet.com/article/petya-ransomware-companies-count-the-cost-of-massive-cyber-attack/

share us your thought

0 Comment Log in or register to post comments