DDoS-based ransom tipped to be future of cybercrime

Malwarebytes CEO Marcin Kleczynski talks AV disruption and holding revenue to ransom with DDoS threats.

Antivirus is one of the oldest segments of the security industry. But it’s also becoming increasingly up for debate. With ever-evolving malware – whether the customisable off-the-shelf or the advanced automated polymorphic variety – detection rates for traditional signature-based AV are dropping at an alarming rate. Which means the industry is ripe for change.

Malwarebytes may not be as big as say McAfee or Symantec, but you rarely hear anyone berating the company Marcin Kleczynski founded in 2008 in the same way.

“They do have a pretty horrendous reputation, don't they?” says the CEO. “Nobody wakes up every morning and says, 'wow, Symantec helped today, or McAfee really helped today'.

Experts believe the next WannaCry may go up for sale this summer. Three security experts talk WannaCry, the future of ransomware, and what to expect from the Shadow Brokers’ next leak.

“They're the de facto standard, but that doesn't mean that they're not due for disruption. If you look at Cylance, Carbon Black, Malwarebytes etc. we're each trying to disrupt that traditional antivirus, using signatures, not innovating industry.”

But, as with new any technology, there’s plenty of smoke and mirror skulduggery going on. Just as we had Cloudwashing and Big Data buzz, AI-based Snake Oil is rife within the security industry at the minute.

“I think AV and security is going through this transformation as well, and customers are confused as all hell. Do you really know the difference between any of these vendors? I hardly do.

“The messaging is so different and so broad. Machine Learning and Artificial Intelligence, it's very confusing to the end user, and I don't envy journalists, end users, bankers, investors who are putting money into this stuff, not really knowing what they're getting.”

Kleczynski predicts that the industry will naturally undergo some consolidation, and wouldn’t be surprised if some companies – both big and small – go out of business.

How will AI change the role of cyber-pros and their businesses? We talk to IBM, Deloitte, Darktrace and more.

“At the end I think efficacy will win, not the marketing and the sales that many of these companies are investing their money in to.”

Unsurprisingly, Malwarebytes isn’t one of the company’s he predicts will go out of business, and he puts that down to the 600 employees he calls ‘superheroes’.

“Bottom line, we're a research organisation first, and then we're a sales and marketing company.”


Simplification and consolidation

“[Security professionals] have to focus on governance, and endpoint, and network, and online backup, and asset management, they have to have such breadth that they don't really have depth.

“Making security simple in each of those categories is key. Companies like Okta, are very successful because they simplified cloud identity, and I think we need to do that at endpoint, we need to do that at network, we need to do that everywhere else.

“That's what we're trying to do at the endpoint.”

To enable that simplification, Malwarebytes recently announced it was consolidating its product line. Incident Response and Endpoint Protection are now available in a single Cloud-based product with one management console. 

“We’ve brought everything under one roof, one management console,” says Kleczynski. “You as an individual can go into this console and put malware bytes onto your family's computers and manage them as the IT person in the family.”

“You can actually see what our computers are doing – are they protected, can I run a scan, what software's installed, you can do asset management, and it translates all the way up to the biggest companies in the world. Accenture, Deloitte can do the exact same thing with our console.”


The future of ransomware

Kleczynski has already outlined his thoughts on both WannaCry and the Shadow Brokers in a different Connect article. But even outside NSA and nation-state level exploits, he predicts a potentially difficult future ahead for businesses.

“What's the [material] difference between a power outage [i.e. like what happened to British Airways recently] and a DDoS attack that takes out their ticketing website or their operations?” he asks.

“If I were to make a prediction, using something like Mirai - which we will see again because there's a billion damn devices connected to the internet with default credentials - pointed at something that's not necessarily critical infrastructure but a high revenue generating product, and demanding a ransom of 1% of that revenue, I think it's going to be the future.”

He imagines a scenario where a Mirai-like botnet is pointed at a ticketing website of a company such as an airline, and the attackers demand the company pay 1% of what they would lose in revenue over a certain period or the entire site will be taken out by a DDoS attack.

“DDoS ransom, where you're holding the ability to generate revenue hostage, that's going to impact everybody.

“I think we live in a grim world already, and if I look back 10 years ago, it was a lot simpler.”

So, what does that mean 10 years from now?

“I don't know if we can keep up with some of the sophistication, and that's my concern. Especially if everything is still running Windows XP!”


Also read:
Escaping the security equivalent of Groundhog Day