Governance & Risk Management , Next-Generation Technologies & Secure Development

The Evolution of Ransomware

James Lyne of Sophos on Why Social Engineering and Extortion Are More Successful Than Ever
The Evolution of Ransomware

Neither ransomware nor social engineering is new, but both are more advanced and effective than ever. How can organizations improve how they detect and respond to the latest threats? James Lyne of Sophos shares insight and advice.

Lyne, global head of security research at Sophos, is fascinated by how the threat landscape and threat actors have shifted this year.

"The major trend here is really around more creative ways to make money from your data," Lyne says, and ransomware is the prime example. "Ransomware and holding your data for ransom on your own system is a pretty clever use of cryptography."

The other significant trend is what Lyne sees as a more sophisticated form of social engineering. Fraudsters aren't necessarily launching attacks through malware triggered by bogus links or watering hole attacks. Rather, they are frequently embedding exploits in innocent-looking word documents like billing invoices.

"Many of [the fraudsters] are using Word macros or Excel macros, which of course have somewhat of a use in legitimate business," Lyne says. "And they're entirely depending on the user to click this little 'enable content' button. It's almost 'Yes, please, I'd like to deploy malware.'"

In a discussion about the shifting threat landscape, Lyne talks about:

  • Today's most successful cybercrime campaigns;
  • How criminals have refined their approach to social engineering;
  • How ransomware has matured and is evolving.

Lyne is global head of security research at the security firm Sophos. A self-professed 'massive geek,' he has technical expertise spanning a variety of the security domains from forensics to offensive security. He has worked with many organizations on security strategy, handled a number of severe incidents and is a frequent industry advisor. He is a certified instructor at the SANS institute and often a headline presenter at industry conferences.

Lyne has given multiple TED talks, including at the main TED event. He's also appeared on a long list of national TV programs to educate the public including CNN, NBC, BBC News and Bill Maher. As a spokesperson for the industry, James is passionate about talent development, regularly participating in initiatives to identify and develop new talent for the industry.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.