Malware has been a concern since the 1980’s. It’s an awareness topic we update and refresh every March, and yet we never fail to find something new to discuss.
Last year, we focused on ransomware, a ‘real and present
danger’ at the time with several high-profile organizations (such as the UK
National Health Service) suffering disruptive and very costly incidents.
This year, surprisingly, the ransomware risk appears to have declined according to
some reports, only to be replaced it seems by the next wave: cryptocurrency mining
Trojans.
Meanwhile, we suspect reports
of the demise of ransomware are premature. Compared to slowly milking a few Bitcoins from a large botnet of cryptominers,
holding organizations’ or indeed individuals’ data to ransom for a few hundred
dollars or more per hit seems much more lucrative – but also riskier for the
criminals behind the scams.
Perhaps what's really behind this is the criminals’ risk-reward
tradeoff.
Then again, maybe it's just that the analysis is flawed. Perhaps ransomware was not quite as bad as it
seemed last March, and remains at much the same level
today.
One of the perennial issues we
face in researching the malware topic is that the most readily available information
is published by antivirus companies, with an obvious commercial agenda to make
the malware issue appear worse than
it really is. Sifting through the stream of "surveys" and "reports" to find the few of any note and credibility is a tedious task, making this one of those areas where our security awareness service goes beyond the bare minimum. Rather than regurgitating the same old stuff and scaremongering, we're adding value by researching information risks and challenging the conventional wisdom. Innovating, you could say, or being unconventionally wise.
