Security firm FireEye is said to be laying off hundreds of staff as a result of what is perceived to be a tactical shift among the global cyber-criminal community.
With the firm's software aligned towards protection for larger-scale compromises, the suggestion is that smaller-scale ransomware attacks are essentially easier to clean up without recourse to the scale of technology provided by FireEye.
Good news for business?
At its most primary level, ransomware might more typically attack a single machine or defined small group of users' computers. Threat protection and security response firms like FireEye essentially provide a wider type of vulnerability fortification technology that spans system-wide resources.
The sum result could arguably be said to be almost ‘good news' for businesses and ransomware cyber-criminals alike, but bad news for security platform providers.
FireEye has just announced a shortfall in earnings in line with analysts' expectations. Company CEO Kevin Mandia is quoted as saying that while his firm's services personnel are responding to more attacks this year than prior years, the scope and scale of these attacks is simply different.
"The scale and scope went from hundreds of compromised machines, by attackers who wanted to maintain and keep access, to more of the ransomware-type attacks and extortion attack that are simply easier to remediate at times," said Mandia.
Strategic delivery refocus?
While it is unclear at this stage how many other security providers might feel the same reverberating effects upon their businesses, FireEye has openly said that it will be moving toward a more cloud-based delivery mechanism for its services. This could presumably see the firm provide its detection and remediation technology in smaller, more modular chunks that can be more quickly attuned to each customer's needs – as per the central tenet of cloud computing.
Raj Samani, CTO for EMEA at Intel Security, spoke to SC Magazine UK in line with this story to confirm his view that ransomware is rising “at an alarming rate” and “shows no signs of stopping”. Samani says that his team saw a 24 percent increase in new ransomware samples in Q1 2016.
“[A key factor here is] open source ransomware code (for example, Hidden Tear, EDA2) and ransomware-as-a-service (Ransom32, Encryptor) make it simpler to create successful attacks. Such ransomware services are easy to find online at very low cost, enabling even the most amateur criminals to attack both businesses and individuals,” he said.
Samani explains that the problem is compounded because ransomware criminals often blackmail victims with their most private and sensitive details, so such acts regularly go unreported – meaning ransomware attacks also come with lower chance of arrest.
The way forward: cloud ‘scrubbing centres'
Also following this story is Junade Ali. Holding down a security focused research post at the University of Bedfordshire, Ali also works as community manager at CloudFlare Inc. He is of the opinion that, “Whilst it is plausible that this [story and scenario] may have some affect on revenue, it appears that FireEye's inability to fully embrace cloud solutions is holding it down.”
Ali contends that increasingly, companies are utilising Security-as-a-Service solutions whereby their data is passed through cloud ‘scrubbing centres' in order to protect them from a range of attacks such as attempting to overwhelm their networks through DDOS attacks or attempts to infect their applications (eg, SQL injection and cross-site scripting).
“These security-as-a-service solutions often allow for faster customer onboarding, threat detection from a larger dataset and indeed can improve the performance of applications they protect by acting as a content delivery network. Furthermore, the increasing use of software-as-a-service in commercial applications has led companies to outsource security of their infrastructure to their same company providing them the software,” he said.
Ali concludes by saying that due to the emergence of cloud security offerings, traditional hardware and software offerings are being replaced within the industry. A modern startup has no need to buy security appliances for its servers when it is far more likely to provision its infrastructure within the cloud.