Cybercrime is typically driven by three main factors:
- Criminal profit incentives ($, £, €, bounty, rewards, fame, etc.)
- Malice or political incentives
- Geopolitics or espionage opportunities.
And to achieve these aims, cybercriminals undertake a range of different scams and attacks on UK enterprises. So what are the typical attacks that form the threat landscape for UK businesses? Here I’ll assess three of the most common forms of cyberattacks that you should be alert against and protect your business from as we enter 2017.
Ransomware is a relatively new type of malware which prevents or limits users from using their system. Ransomware attacks are primarily carried out for money - it’s called ransomware because it effectively holds your computer hostage until you pay the attacker a certain amount of money. You usually have to make the payment through a certain online payment platforms and within a limited time period. Once you make the payment, you are again free to use your own system or to get your data back.
SMEs (as well as big corporates) are more and more often getting specifically targeted by ransomware type malware, including as Cryptolocker, CoinVault or CTB-Locker. There are several ways it can infect your system. Most commonly it can be downloaded by users, usually through visiting a compromised websites. Ransomware can also be downloaded in conjunction with another file – either dropped into your system by another malware or sent as an attachment in a spam email for example.
The impact of these attacks can be dramatic and crippling, as this malware will encrypt all your data, making everything completely unusable unless you have the key. Paying the ransom to the hacker is supposed to be the only way to solve the problem and often is sometimes seen as the lesser price to pay than the cost of recovering your systems by other means. However, as with ransom demands in the movies, there is no guarantee.
2. Denial-of-service attacks
Denial-of-service attacks give criminals another way to target individual organisations. By overloading critical systems, such as websites or email, with Internet traffic as a way of blocking access, denial-of-service attacks can wreak financial havoc and disrupt normal operations.
Distributed denial-of-service (DDoS) attacks are not a new development, but sadly they are growing in intensity and frequency. We had a live example quite recently with the 1Tbps+ DDoS attack faced by DNS provider Dyn which was likely the largest ever seen. In this example, attackers used the Mirai IoT botnet composed of compromised CCTV cameras, among others. Dyn’s official report on the incident said it had seen traffic from “tens of millions of IP addresses.”
In 2017, we will see an increase in the use of DDoS attacks being used as a smokescreen to distract IT teams while other incursions infiltrate networks to steal sensitive data (aka ransomware). My prediction is that ransom demands associated with DDoS attacks will increase exponentially in 2017, fuelled by the increased automation of DDoS attacks and the ability to buy them off the shelf. The ‘Lizard Squad’ are one example of a group of hackers who sell DDoS attacks-as-a-service for as little as $6 a month.
To protect themselves, companies should deploy a combination of on-premises and cloud-based solutions to handle attacks of varying types and sizes - effectively a multi-layered network security approach.
3. Healthcare Threats
The healthcare industry is going through a major evolution as patient medical records go online and medical professionals realise the benefits of advancements in smart medical devices.
Similarly, patient medical records, which are now all online, are a prime target for hackers due to the breadth of sensitive information they contain. According to a poll by Health IT News and HIMSS, 75% of hospitals surveyed have been hit by a ransomware attack over the past year. With hospitals and medical facilities still adapting to the recent digitalisation of patient medical records, hackers are capitalising and exploiting the many vulnerabilities in these organisations’ security layers. Breaches within the healthcare industry will likely continue in 2017 until the industry is able to get a better grasp on the mass amount of digital patient data now under its control.
4. Mobile Malware
One of the key contributors to the threat from mobile malware is the proliferation of applications that conduct real business using access-sensitive and confidential information. Typical users may have banking, credit card, hotel, airline and corporate applications installed on their mobile devices. This access is secured, at minimum, with username and password controls.
Cybercriminals are practical actors; they follow the money. They are turning their focus and attention to the mobile platform because of the growth in mobile devices coupled with the opportunity to harvest a wealth of information from each device. Unlike work desktops and laptops, which typically contain only job-related information, mobile devices often combine work and personal information and applications.
5. Advanced Persistent Threats - highly targeted attacks
Targeted attacks have evolved from early novice intrusion attempts to become an essential tool in the cyber-espionage field. Industrial control systems (ICS) are prime targets for attackers whose motives for executing these attacks are typically a matter of national security.
In view of the growing sophistication of these attacks, good IT security is essential and broad cybersecurity practices should be the norm. Well-funded state operations are not the only threat. Patriotic hackers (the self-titled ‘hacktivists’), criminal extortionists, data thieves and other attackers may also use similar techniques - but with fewer resources and less sophistication.
In 2017 I believe email-based attacks will continue much as before and web-based attacks will grow increasingly sophisticated. Espionage based attacks will use more exploit kits, which involve bundling together exploits rather than using just one attack. Exploit kits have been used in e-crime for many years, but cyber-espionage attackers have now adopted them too.
Protecting your business
There are a number of steps you should take to help ensure your organisation can remain secure against these types of attacks.
Here are the top 10 practical information security measures that should be on your security agenda:
- Regularly review the personal data you hold and encrypt, encrypt, encrypt
- Build a managed security ecosystem around you
- Create access management policies
- Adopt patch management and malware approach
- Backup and minimise your data
- Review logs regularly
- Stay informed of the latest vulnerabilities
- Train your staff
- Understand your cloud service provider security model
- Choose your service providers amongst those who are ISO27001 or CyberEssentials accredited
If you want further advice or expert guidance on your network security, get in touch with Maintel or call (0)344 871 1122.