acm-header
Sign In

Communications of the ACM

ACM News

The Hacker Gold Rush That's Poised to Eclipse Ransomware


View as: Print Mobile App Share:

In business email compromise, attackers infiltrate a legitimate corporate email account and use the access to send phony invoices or initiate contract payments that trick businesses into wiring money to criminals when they think they’re just paying

Credit: Javier Zayas/Getty Images

Ransomware attacks, including those of the massively disruptive and dangerous variety, have proved difficult to combat comprehensively. Hospitals, government agencies, schools, and even critical infrastructure companies continue to face debilitating attacks and large ransom demands from hackers. But as governments around the world and law enforcement in the United States have grown serious about cracking down on ransomware and have started to make some progress, researchers are trying to stay a step ahead of attackers and anticipate where ransomware gangs may turn next if their main hustle becomes impractical.

At the RSA security conference in San Francisco on Monday, longtime digital scams researcher Crane Hassold will present findings that warn it would be logical for ransomware actors to eventually convert their operations to business email compromise (BEC) attacks as ransomware becomes less profitable or carries a higher risk for attackers. In the US, the Federal Bureau of Investigation has repeatedly found that total money stolen in BEC scams far exceeds that pilfered in ransomware attacks—though ransomware attacks can be more visible and cause more disruption and associated losses. 

In business email compromise, attackers infiltrate a legitimate corporate email account and use the access to send phony invoices or initiate contract payments that trick businesses into wiring money to criminals when they think they're just paying their bills.

From Wired
View Full Article

 


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account