In the first installment of Cyber Bytes in 2023, Tracy Ross and Dr. Michael Ramage, the director of Murray State's Cyber Education and Research Center, discuss what cyber security might look like in 2023 and how to equip yourself against ransomware, phishing, and other cyber security threats in the new year.
Ramage begins by explaining that while ransomware is still incredibly prevalent worldwide, it seems to be plateauing. "That's in part that people are listening and getting their back-ups and doing what they're supposed to do," Ramage says. "Part of it is states like North Carolina have laws now on the books that it's illegal for you as a company to pay ransomware. Florida has one now. The number actually being paid is going up, but the overall incident rate of ransomware is either downs lightly or plateauing."
"I also think that if you think about a business, and I have a product, and something comes out in the marketplace that causes my sales to decline, we bring that product back. We research it, try to do some R&D, and we come out with enhancements that can cause our sales to go back up. As horrible as it is, that's the same thing that these ransomware folks are doing."
"They're looking at 'how can we change our business model to help ourselves go back up?'" Ramage continues. He explains that in many ransomware cases, decrypted files were corrupted during the decryption process. To avoid this problem, cyber attackers started stealing and deleting files instead of encrypting them. "I think that the people are starting to take precautions that they need to. The other part of it is that there may be other avenues that are easier to attack you than just ransomware."
These other avenues, Ramage says, could look like the now-ubiquitous QR code. QR codes gained slight popularity around ten years ago, he says, but the small URL icons didn't really take off until they offered a hands-free option for menus, flyers, and payments during COVID-19. "But what a QR code is at its core is an image, dots, that represent a URL."
"So, on [Cyber Bytes], we've talked about it before. If there's a link in your email, you don't click it. If you're using a QR code, you're essentially clicking a URL that you don't know about in your email. So, I can give you a QR code to a link, and you're just trusting that my QR code is not malicious—that it's trustworthy; it's without malware. For me, that might be true, but that is not true of all QR codes."
"You can embed a lot of stuff in a URL," Ramage continues. "You can click on a URL and automatically install malware on your device. If you go to a bad website and you click a link, it has the potential to automatically install something, depending on your settings, on your phone, tablet, or computer. Your network can be as secure as it possibly can, but because you initiated it, then most networks' firewalls will allow something back in because something from the inside initiated it. That tunnel gets created, and malware is there."
Ramage says that while most QR codes you see in restaurants and other businesses are likely legit, there's always a possibility of a potential cyber attack. "Just be very careful about what you trust. And that really goes for every aspect of life."
For more information on the Murray State Cyber Education and Research Center, visit its website. You can also view other installments of the Cyber Bytes series here.
