Given that history tends to repeat itself it’s probably now only a matter of time before ransomware attacks lead to a response that will brink at least one or more nations to the brink of war in the coming year. A report, provocatively titled The New Mafia: Gangs and Vigilantes – A Guide to Cybercrime for CEOs, released this week by Malwarebytes, a provider of software for removing malware from endpoints, finds that the average volume of cyberattacks being launched every month has increased 23 percent in the last year.
The report also notes ransomware attacks in 2017 through October have already surpassed total figures for 2016 by 62 percent. Since 2015 there was an almost 2,000 percent increase in ransomware detections since 2015 involving hundreds of thousands of detections in September 2017. In fact, Malwarebytes reports ransomware detections increased more than three-fold from 90,351 in January to 333,871 in October.
The report suggests that ransomware attacks are the digital version of a classic shakedown. Instead of threatening to burn down a store should a merchant fail to pay for protection, modern criminal gangs are employing ransomware to extort money from businesses. The difference between classic shakedowns and modern malware attacks, however, is that a lot of these attacks are being launched across international borders. Cyberattacks these days are more akin to pirates hold up in a port sallying forth to sack a town. It won’t be too long before one country concludes that the countries providing safe harbor to those pirates are in effect committing an act of war. There’s even precedence for coming to that conclusion. U.S. president Thomas Jefferson dispatched the Marines to hunt down the Barbary Pirates operating out several ports in North Africa. That where the “to the shores of Tripoli” reference comes from in Marine Corp’s “The Halls of Montezuma” battle hymn.The difference between classic shakedowns and modern malware attacks, however, is that a lot of these attacks are being launched across international bordersClick To Tweet
We’re not quite at the point where the U.S. government is going to send in troops. But it’s easy to see how the U.S. might pressure countries to more aggressively arrest cybercriminals, and if not heeded, could lead to further escalation. You might see, for example, sanction being applied or, a less tolerant government employing cyber espionage to disrupt the economy of a country known to be harboring cybercriminals.
Naturally, diplomats will urge caution. It’s difficult to know for certain from which country an attack was launched from what country because cybercriminals are good at covering their tracks. Some nation-states would like to nothing better than conflict between countries erupting because of cyberattacks they launched.
The real problem is that all the combustible materials required to create a conflict are already in place. Without some concerted action either by The United Nations or some other international body to coordinate a response to cyberattacks launched across borders it’s only a matter of time before the leadership of one country determines that another country is encouraging criminal behavior. Economic sanctions are usually the first response. But given how ineffective sanctions have already proven to be it is probable those sanctions would have to be backed up with some display of force. In fact, given much of the hyperbole emanating out of Washington these days, escalating the war on cybercrime might prove to be a convenient distraction.
The war on cybercrime currently resembles the intrigue that used to occur between capitalist and communist countries during the cold war. Today, however, there are a lot more players and ideologies involved. But it’s easy to see how given the current rate of growth in cybercrime could result in what is mainly a cold war in 2017 suddenly turning very hot in 2018.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.