How are the coronavirus may impact cybersecurity and privacy risks in healthcare, the ongoing evolution of ransomware, and where the biggest VC funds are placing their cybersecurity bets? These stories and more, in this week's ISMG security report. Hello, I'm Nick Holland. A lot can change in a week.
We're now facing what is officially a global pandemic with the spread of COVID-19, and as an industry that's been discussing viruses in a few additional form in recent years, the impact of a biological one is truly our ending for world we live in. In this week's slice of cybersecurity, all your wisdom will have ISMG's executive editor, Richard Day, and you're at Matthew Schwartz discussing recent friends inside the crime he delved into through interview's RSA. We also have ISMG's SVP of editorial Tom Field discussing cyber security investment trends with Forge Points co-founder and managing director, Don Dixon. But first up, ISMG's executive editor of Health Care Info Security, Ryan Culversek-McGee recently interviewed Stanley Miosa of Keene University Indian and New Jersey, who is a digital health expert on cyber risk management.
The topic was cyber security and privacy risks involving the fast-evolving global coronavirus outbreak and potential concerns relating to the technology assessments during trial-all vaccine research. Here he is. Some of the top security and privacy concerns with regard to COVID-19 are the coronavirus, but I foresee, especially when it comes to global public health, surround several different segments. So the first I'll talk about is clinical trials.
In my experience over many years working in technology and cyber security in public health, there are activities that take place where one is required in the interest of security and monitoring to introduce something called a site monitor. A site monitor typically in clinical trials and research around issues such as COVID, ensure that a person or a team goes out to a site to ensure that standardized operating procedures when it comes to the technology or the trial itself are being followed. There are many, many subtasks that are included in this work. Technology as well as items related to security have to take place.
So with the emergence of coronavirus or COVID-19, it's possible here that there will be less site monitoring visits, which typically at a site take place in these trials, and those are performed to eliminate and evaluate proper cybersecurity and technology operations. This could lead to greater cybersecurity vulnerabilities being introduced, not being monitored. So I would say that right now we're talking about China, there's other countries as well. That is one concern that I would have around these visits that should take place during the site monitoring effort.
The second thing I would also say is there are drug makers today in the US who are involved in clinical trials, done that I'm familiar with, that I've worked with in partnership in other trials related to HIV prevention. They also work on other viral diseases such as Ebola, but they're now embarking on clinical trials to take place primarily in Asian countries and those countries that have high numbers of diagnosed cases. Now, the drug is being tested as we speak in Wuhan, China, the epicenter of the virus, and other companies are actually working on developing vaccines as well. But also from a cybersecurity concern, I would focus a little bit on the data collection in these trials, as I said earlier, around site monitoring and adherence to medication because while you're doing trials, one of the things that are critical is that the participants are adhering to the medication being managed.
And the other thing which regard to cyber and these trials, I would be a little bit concerned around maintaining confidentiality and integrity of the data collection. For example, is the data and knowledge that is being collected at the trial sites being provided to the drug makers unfettered. If we don't have folks traveling out from, let's say, an organization that's heading up to clinical trial based in the US and they're not going out, are we getting firsthand information? I think that would be a concern.
The third item is the source data. The source data is critical in trials and where is this source data being saved? Now, the source data could be the data around the trial itself. It could be biomedical data, it could be adherence and acceptability data, and this is all technical, right?
We're saving this. These are technology systems that save the information. How sure are we that the patient information is being kept private, which is crucial in such a delicate and sensitive issue? So when it comes to this idea around as it evolves, these are some of the current concerns.
You're listening to the ISNG Security Report on ISNG Radio, ISNG, your number one source for information security news. While our collective eyes and ears may be focused elsewhere with the coronavirus, it's worth noting that cyber criminals will not stop for anybody and that the avalanche of ransomware attacks that has been the bane of our industry for the last few years has not debated. At the ISNG Security Report, ISNG's executive editor, Richard Day and Europe, Matthew Schwartz, conducted a number of interviews on the theme of cybercrime and specifically ransomware. It is a report.
Last month's RSA conference in San Francisco was a great time to discuss one of my favorite topics, cybercrime. Cybercrime remains a hot topic and of course, one of the most damaging forms of it today is ransomware. The earlier days of ransomware featured shotgun style, prey and spray attacks, with criminals largely infecting any system their malware managed to touch. But the market has continued to evolve.
Now, many types of ransomware used by criminals operate on a subscription model, not unlike Netflix or Disney Plus. Ransomware has a service offerings, such as Soto-Nokibi, also known as Reevil, give users or affiliates the latest version of the crypto-locking malware, coded to their unique affiliate ID. When a victim pays, affiliates can receive up to 70% of the ransom, with the Soto-Nokibi operators typically taking a 30% cut. The operators have continued to add a host of new features, such as stealing data before crypto-locking systems.
So affiliates can leak the stolen data via a dedicated website to try and force more victims to pay. Soto-Nokibi allows criminals to focus on infecting systems rather than developing their own ransomware. And that's freed some attackers to become much more specialized at network intrusion. Ransomware is moving away slightly from the end users, like your mom and pop and the vacation photos being printed.
It still happens. That's John Foker, head of cyber investigations and red teaming for McAfee's advanced threat research group. Prior to joining McAfee, Foker worked at the Dutch National High-Tech Crime Unit, investigating advanced forms of cybercrime. He says many ransomware attackers have been hacking into larger and thus potentially more lucrative targets.
The news is dominated by larger corporations being breached, and what we see is that they charge a lot more money, so the ransom is much higher to demand, and that actually breeds a kind of an influx and a higher demand for targeted networks. But that will also have a higher demand for a macro-builder, for crypto-services, so all the adjacent services that form that whole chain to commit cybercrime, or to help facilitate for instance ransomware, they grow from this strength that's going on right now. Cybercrime has long functioned as a services economy. A few years ago, leading experts said they thought only about 200 different individuals were responsible for the vast majority of all of the tools and services being supplied to and tapped by criminals operating online.
There are now so many products and services and vendors out there that you can go from having nothing but a laptop and a desire to become a cyber criminal to being a cyber criminal just by buying these services that already exists. You don't even need to have a lot of your own know-how. That's Liv Rowley, a threat intelligence analyst at BlueLive, which is just released a new report on the cybercrime services economy. Rowley told me that cybercrime tools are continuing to become more powerful, as well as easy for any one of these cyber criminals to procure.
I would definitely say that we're seeing more and more tools out there. I mean, this has been around for a while, we talked about specialization of cyber criminals offering these tools for forever now, but it does seem like they're becoming more common and they're becoming quite cheap. One of the things we looked at was pricing of malware services, and I mean, you can buy some of the top-named information stealers right now for like $85, I think, one of them is going for, and that's one of the best ones out there. So it's definitely becoming a more accessible market.
As attackers gain easier and less expensive access to more powerful attack tools, the onus remains on defenders to keep their eyes peeled for these types of attacks, and, of course, to ensure they have the right defenses in place. For information security media group, I'd map you shorts. In a crowded cyber security marketplace, it's challenging for newcomers to not only get funding, but also to rise above the noise and get attention. This is where venture capital firms can help, says Don Dixon, co-founder and managing director of Forge Point Capital.
RSMG's SVP of editorial Tom Field had the opportunity to speak with Don at the RSMG Studio website. He's next to that conversation. Don, as you evaluate potential investments, what are some of the criteria that separate those you do invest in from those you walk from? Boy, it all gets down to simple rules of thumb.
How big and fast-growing is the market? How unique is the product or service? How good is the management team? What is their go-to-business strategy?
Go-to-market strategy? And then finally, what's the investment opportunity that I have to make in the company? You've got $450 million to spend, and you're burning to spend it. What are the technologies you're bullish on in 2020?
Well, what we hear from the CSOs has to do with the problem that big banks have 75 products. They have to integrate. Meteorize in small companies can't do that. We have to prepackage it.
We have to make it very elegant, and we're working on that. Chief Privacy Officer is saying, hey, look, if a consumer says, delete my account, that sounds like a simple request, but it's a huge technology problem in order to find where all their data is, and then assemble it, and then delete it. So, privacy engineering is a big part of what our go-forward strategy is going to be. So in the wake of GDPR, CCPA, that's privacy imperative, you're listening a lot more to Chief Privacy Officer.
Sounds easy. Very hard to implement. We have a lot of conversations with CSOs as well. Those aren't traditionally strong relationships.
We get our trusted CSOs together, and one of the things that we actually do is we pick up the phone, we know which CSOs have which problems, and then we will introduce the company into that CSO. Don, you're in a unique position, and you're a good broker for us as well. Thank you for helping us. Rise above the noise.
Okay. Appreciate your time and insight. Fist bomb. It's been a pleasure.
Thank you. That's it for this week's IS&G Security Report. Theme music is by Ethic Audio. I'm Nick Collins.
Catch you next time.