CEO Fraud Attacks Were Far More Lucrative Than Ransomware Over the Past 3 Years

Cisco's midyear report released this week showed that CEO fraud netted cybercrime five times more money than ransomware over the last three years.

The surprising highlight of Cisco's ninety-page report was that cybercrime made 5.3 billion from CEO fraud attacks--called business email compromise (BEC) by the FBI--compared with a "mere" 1 billion for ransomware over a three-year stretch.

Ransomware takes time to develop and extensively test before any Bitcoin comes into the wallet, compared to doing a quick bit of research on LinkedIn and crafting a spoofed spear-phishing attack. CEO fraud simply is faster to pull off. Moreover, your run-of-the-mill spray-and-pray ransomware attacks are often lower-dollar numbers.

Schooling Users on CEO Fraud and Ransomware

Cisco says targeted cybersecurity education for employees can help prevent users from falling for CEO fraud and ransomware attacks. The finance department could especially benefit from security training on phishing campaigns, so when the bogus email comes across the transit of the CEO asking for a funds transfer it can be detected.

Regular software patching also is crucial. When spam laden malware hits or ransomware attacks like WannaCry surfaces, the impact can be minimised. "People focus on new technology, but forget about patching and maintaining the infrastructure."

A balanced defensive and offensive posture is required, not just with firewalls and antivirus, but also including measures to hunt down possible attacks through data collection and analysis.

Spyware Makes a Comeback

Cisco found that in the first half of this year, attackers altered their methods of delivering, hiding, and evading their malicious packages and techniques.

File-less malware is popping up, which lives in memory and disappears when a device reboots, according to the report. As a result, it makes detection and the ability to investigate it more difficult.

Additionally, attackers are also making use of anonymised and decentralised infrastructures, to hide command and control activities.

Meanwhile, three families of spyware ran rampant, affecting more than 20% of the 300 companies in the report sample.

Ironically, many organisations underestimate or virtually dismiss spyware. "Spyware is being disguised as adware and adware, unlike spyware, does not create damages for a company," says Cisco. He adds that attackers are injecting spyware and other forms of malware into adware, since adware is a low priority for security teams.

‘Destruction of Service’ Attack Threat

The report also highlights the dangers of Destruction of Service (DeOS) attacks, epitomised by the likes of WannaCry and NotPetya which were both much more destructive than traditional ransomware. According to Cisco, these types of attacks have the strength to eliminate organisations’ data backups and leave them unable to recover.

Cost of Downtime Not Calculated

The one thing related to ransomware that was not considered was the amount of damage caused by downtime, having workstations and servers not up & running. If you calculate that in, ransomware is probably as damaging as CEO fraud, or even more.