535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

June 16, 2016

This Cyberextortion Tactic Is Even Scarier Than Ransomware

Over the past few months, we have been harping about the perils of a new type of malware called ransomware, which allows hackers to break into private computers and lock up sensitive data.

The chilling part about ransomware is that it represents a quantum leap in the evolution of cybercrime. Hackers are becoming increasingly aggressive—and confident—in their attempts to steal sensitive data, and are now relying on cyberextortion to coerce victims into complying with their demands.

While ransomware has been around since 2012, we have seen a massive uptick in deployments over the past few months and expect this trend to continue at the same pace throughout the summer and beyond.

Now, for the really bad news: In addition to ransomware, there is yet another cyberextortion tactic that hackers are using against businesses: bug poaching.

In a bug poaching attack, a hacker breaks into a corporate network and creates a detailed analysis of the network’s private information. Then, the hacker sends a letter to the corporation providing evidence of the breach--without showing how it was done—and demands a ransom of several thousand dollars to expose the network vulnerability used to break in.

How much money are we talking? According to IBM, this figure may be as high as $30,000.

While many businesses offer bug bounty programs—rewards for hackers who find and report system vulnerabilities—it’s important to realize that bug poaching is much different. In a bug bounty program, the intention is to strengthen the network by discovering its weaknesses. In a bug poaching program, the goal is to strike fear into network operations managers for personal financial gain.

What makes cyberextortion so unsettling is the fact that someone—anyone—could potentially have more information about your network than you do. Hackers could be inside your network right now, spying on your business, compiling a report and preparing to take action against your organization.

These hackers come from a mix of state-sponsored and rogue groups. These groups are, in many cases, well-funded, sophisticated and unpredictable.

China, for instance, is using cyberespionage to amass large volumes of information about U.S. businesses—particularly in the technology sector. Experts claim that Chinese cyberespionage and intelligence activities are at an all-time high.

“The Chinese now have a detailed roster of most if not all American contractors and government employees who have access to classified information, plus a roster of their friends, colleagues or co-workers who may be useful conduits or potential assets in their own right,” explained former National Counterintelligence Executive Michele Van Cleave in a recent Asia Times article. “They also have a treasure trove of data that can be used to coerce, blackmail or recruit U.S. sources or simply enable personalized phishing schemes.”

While the task of protecting your network may seem daunting, it’s not impossible. Apex Technology Services can conduct a thorough network assessment for your business to identify weak points, and perform continual monitoring and maintenance. With the help of Apex, you will gain a powerful ally in the fight to keep your critical data out of the hands of criminals.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York CityWhite Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

In addition, our new Cybersecurity Compliance Certification for law firms will help keep your legal practice from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all law firms.







Related Articles