VIEW 19
Parasitic symbiosis
Symbiosis—from the Greek for “living together”—describes a close and long-term biological interaction between two different organisms. This relationship can be mutually beneficial, for example the wrasse fish that cleans a shark’s teeth or the bacteria that live in a cow’s gut to help them digest grass. But it can also benefit only one side, in which case it is a parasitic relationship: the parasite benefits while the host is harmed. Parasites are sometimes characterized as “predators that eat prey in units of less than one.” 9
Parasites are common and extremely successful. It is estimated that 40% of all animal species are parasites and that the average mammal species is host to at least six different types of parasitic worm10.
Take a tapeworm (Taenia solium) as a good example. A tapeworm consists of a head, neck, and a chain of egg sacs, which can grow up to 30 feet in length. The head sticks to the wall of the intestines, while the egg sacs continuously shed eggs to infect other organisms.
The tapeworm extracts enough nutrients from its host to replicate, but not enough to cause death. It is a strategy of gentle background milking of resources while trying to avoid being the focus of attention. Many people with intestinal tapeworm infections don’t have any symptoms. In fact, in the 1920s, pills containing tapeworm eggs were sold as slimming aids and were only banned afterwards because of the failure to list Taenia solium as an ingredient.
Looking to the future, the relationship between cyber criminals and the corporate sector could well develop into one that is like parasitic symbiosis.
The ransomware epidemic has made headlines in recent years, with large organizations targeted with alarmingly high ransom demands. But it is probably in the interests of these threat actors to avoid the limelight, focus on less newsworthy targets, and avoid creating too much damage. This could be termed a tapeworm strategy: don’t kill victims, just quietly exploit them.
The Colonial Pipeline attack offered support for this concept. In May 2021, the Russia-based DarkSide group attacked a critical piece of US infrastructure—the Colonial Pipeline that was responsible for almost half the gasoline supply to the East Coast. A ransom of $4 million in bitcoin was paid but the pipeline was shut for a week, causing fuel shortages in airports and gas stations. President Biden declared a state of emergency, and the DarkSide group, recognizing it had gone too far this time, issued a public apology.
They had roused a sleeping giant. The full force of the US security establishment was turned on the criminals, and within a month the Justice Department announced that it had recovered 90% of the bitcoin ransom payment from DarkSide’s servers. This illustrates the risk of being too high profile in ransom attacks. Over time the ransomware industry could well evolve into some sort of low-level parasitic symbiotic relationship with its victims.
