|
Cybercrime is typically
driven by three main factors:
-Criminal profit incentives ($, �, �, bounty, rewards, fame, etc.)
-Malice or political incentives
-Geopolitics or espionage opportunities.
And to achieve these aims, cybercriminals undertake a range of
different scams and attacks on UK enterprises. So what are the typical
attacks that form the threat landscape for UK businesses? Here I�ll
assess three of the most common forms of cyberattacks that you should
be alert against and protect your business from as we enter 2017.
Ransomware
Ransomware is a relatively
new type of malware which prevents or limits users from using their
system. Ransomware attacks are primarily carried out for money � it�s
called ransomware because it effectively holds your computer hostage
until you pay the attacker a certain amount of money. You usually have
to make the payment through a certain online payment platforms and
within a limited time period. Once you make the payment, you are again
free to use your own system or to get your data back.
SMEs (as well as big corporates) are more and more often getting
specifically targeted by ransomware type malware, including as
Cryptolocker, CoinVault or CTB-Locker. There are several ways it can
infect your system. Most commonly it can be downloaded by users,
usually through visiting a compromised website. Ransomware can also be
downloaded in conjunction with another file � either dropped into your
system by another malware or sent as an attachment in a spam email for
example.
The impact of these attacks can be dramatic and crippling, as this
malware will encrypt all your data, making everything completely
unusable unless you have the key. Paying the ransom to the hacker is
supposed to be the only way to solve the problem and often is
sometimes seen as the lesser price to pay than the cost of recovering
your systems by other means. However, as with ransom demands in the
movies, there is no guarantee.
Denial-of-service
attacks
Denial-of-service attacks give criminals another way to target
individual organisations. By overloading critical systems, such as
websites or email, with Internet traffic as a way of blocking access,
denial-of-service attacks can wreak financial havoc and disrupt normal
operations.
Distributed denial-of-service (DDoS) attacks are not a new
development, but sadly they are growing in intensity and frequency. We
had a live example quite recently with the 1Tbps+ DDoS attack faced by
DNS provider Dyn which was likely the largest ever seen. In this
example, attackers used the Mirai IoT botnet composed of compromised
CCTV cameras, among others. Dyn�s official report on the incident said
it had seen traffic from �tens of millions of IP addresses.�
In 2017, we will see an increase in the use of DDoS attacks being used
as a smokescreen to distract IT teams while other incursions
infiltrate networks to steal sensitive data (aka ransomware). My
prediction is that ransom demands associated with DDoS attacks will
increase exponentially in 2017, fuelled by the increased automation of
DDoS attacks and the ability to buy them off the shelf. The �Lizard
Squad� are one example of a group of hackers who sell DDoS
attacks-as-a-service for as little as $6 a month.
To protect themselves, companies should deploy a combination of
on-premises and cloud-based solutions to handle attacks of varying
types and sizes � effectively a multi-layered network security
approach
Healthcare Threats
The healthcare industry is
going through a major evolution as patient medical records go online
and medical professionals realise the benefits of advancements in
smart medical devices.
Similarly, patient medical records, which are now all online, are a
prime target for hackers due to the breadth of sensitive information
they contain. According to a poll by Health IT News and HIMSS, 75% of
hospitals surveyed have been hit by a ransomware attack over the past
year. With hospitals and medical facilities still adapting to the
recent digitalisation of patient medical records, hackers are
capitalising and exploiting the many vulnerabilities in these
organisations� security layers. Breaches within the healthcare
industry will likely continue in 2017 until the industry is able to
get a better grasp on the mass amount of digital patient data now
under its control.
Mobile Malware
One of the key contributors to the threat from mobile malware is the
proliferation of applications that conduct real business using
access-sensitive and confidential information. Typical users may have
banking, credit card, hotel, airline and corporate applications
installed on their mobile devices. This access is secured, at minimum,
with username and password controls.
Cybercriminals are practical actors; they follow the money. They are
turning their focus and attention to the mobile platform because of
the growth in mobile devices coupled with the opportunity to harvest a
wealth of information from each device. Unlike work desktops and
laptops, which typically contain only job-related information, mobile
devices often combine work and personal information and applications.
Advanced Persistent
Threats � highly targeted attacks
Targeted attacks have
evolved from early novice intrusion attempts to become an essential
tool in the cyber-espionage field. Industrial control systems (ICS)
are prime targets for attackers whose motives for executing these
attacks are typically a matter of national security.
In view of the growing sophistication of these attacks, good IT
security is essential and broad cybersecurity practices should be the
norm. Well-funded state operations are not the only threat. Patriotic
hackers (the self-titled �hacktivists�), criminal extortionists, data
thieves and other attackers may also use similar techniques � but with
fewer resources and less sophistication.
In 2017 I believe email-based attacks will continue much as before and
web-based attacks will grow increasingly sophisticated. Espionage
based attacks will use more exploit kits, which involve bundling
together exploits rather than using just one attack. Exploit kits have
been used in e-crime for many years, but cyber-espionage attackers
have now adopted them too.
Protecting your
business
There are a number of
steps you should take to help ensure your organisation can remain
secure against these types of attacks.
Here are the top 10 practical information security measures that
should be on your security agenda:
1. Regularly review the personal data you hold and encrypt, encrypt,
encrypt
2. Build a managed security ecosystem around you
3. Create access management policies
4. Adopt patch management and malware approach
5. Backup and minimize your data
6. Review logs regularly
7. Stay informed of the latest vulnerabilities
8. Train your staff
9. Understand your cloud service provider security model
10. Choose your service providers amongst those who are ISO27001 or
CyberEssentials accredited
This article was first
published in:http://www.informationsecuritybuzz.com/articles/lies-ahead-top-security-trends-2017/
| |
.jpg)
