Posted by Kevin on December 30, 2014.
I don’t usually like annual summaries and predictions – they’re usually just last year’s with the dates changed. But this year it’s different; I fear that 2014 will be known as the year that hacking got nasty.
Until now hacking has been part of the natural order of things. Governments exploit us through false promises; salesmen exploit us through persuasion; hackers exploit us through our weaknesses.
Where we normally draw the line is rubber hose exploitation: gangs of thugs at the polling stations and salesmen with baseball bats. But that’s what happened with hacking in 2014.
It started earlier with ransomware. Rather than steal our data and go to the trouble of monetizing it, hackers have started to ‘destroy’ our data, unless we give them money directly. This is extortion at the bottom of the pyramid, where it must be done hundreds or thousands of times for small amounts to make a lot of money.
2014 was the year that hackers started to climb the pyramid. The argument is simple economics: why extort thousands of small targets when you can extort a single large company for the same amount? It’s a cyber protection racket: pay us for our protection or your business will suffer a serious accident – like the sudden and irretrievable loss of all your hard disc data and MBRs.
I don’t know how often this already happens with companies simply paying up quietly. But I can think of three examples this year when they didn’t: Code Spaces (went out of business); Sony (suffered serious disruption) and an unnamed German steelworks (lost control of its furnaces).
The problem with protection rackets is that the perpetrators need to be taken seriously. If someone doesn’t pay up, the predicted accident must happen – otherwise no-one will pay up.
In 2015 there will be examples of companies that don’t or won’t pay up. In 2015 there will be companies wiped out by hackers. 2014 was the turning point when hacking got nasty.Submitted in: Expert Views, Kevin Townsend's opinions |