Report: Ransomware, Botnets On The Rise


One of the biggest threats this month was the emergence of an SMS-based ransomware attack, according to the Fortinet Threatscape report. The attack, dubbed DigiPog, is an SMS blocker that locks out a system and kills off popular applications such as IE and FireFox. To unblock the system, a user will be required to enter a code into a provided field, obtained by sending an SMS message to a provided premium number. In exchange, the attackers grant the victim the code needed to unlock and use their system, experts said.

"Your system is completely locked out," said Derek Manky, cybersecurity and threat researcher at Fortinet's FortiGuard Labs. "It's all about monetization with the more dominant ransomware."

In this particular attack, the hackers reap the monetary rewards when users send an SMS message to the provided number, Manky said. However, it will just be a matter of time before these kinds of ransomware attacks evolve into targeted attacks aimed at obtaining specific classified information, such as intellectual property or military blueprints, he added.

Meanwhile, the upwards spike in ransomware is in part powered by an influx of botnet activity, according to the report. Researchers identified both the Bredolab and Pushdo botnets behind the ransomware attacks. In addition, researchers identified a new botnet loader, Sasfis, which Manky said began appearing about six month ago. Over the last few months, security researchers have seen Sasfis significantly expand, landing the botnet in fifth place on Fortinet's Top 100 attack list.

Sponsored post

"If (attackers) can grow a botnet and rent it out as a service, there are more affected endpoints, and they have more power," Manky said. "That's what we've seen with Sasfis."

Finally, the Fortinet report found a sharp rise in attacks resulting from a critical vulnerability in Microsoft's Internet Explorer. Microsoft issued an emergency out-of-band patch repairing the flaw on Tuesday, but not before attackers exploited the vulnerability by launching malicious attacks delivered by drive-by downloads. The attacks, which exploited holes in IE 6 and IE 7, accounted for one-fourth of the malicious activity seen in March, researchers said.

"Typically when we see an out-of-band patch, it's usually a very serious issue," Manky said.

And Manky said that the attacks exploiting the critical IE flaw will continue to increase, spreading on users' unpatched PCs. Manky compared this round of IE attacks to the infamous Internet worm Conficker, which flourished and ultimately infected more than a million computers worldwide, even after Microsoft released an emergency patch fixing the flaw.

"There is definitely an issue with patch management there," he said. "Even a month down the road, we will still see successful attacks (exploiting the IE flaw)."

Manky added that the rise in IE attacks underscored the necessity for users to keep on top of patch management.

"The patches are there and available, but not noticed. That really is the one place where we obviously educate and focus on in terms of highlighting how important it is," he said. "You look at these threats like Conficker and Gumblar, they're very, very dangerous. That's the biggest thing—to have the patch management in place."