Business warned of massive ransomware campaign

Cyber security researchers are urging businesses to prepare for ransomware attacks after the discovery of a massive cyber attack campaign

Cyber security researchers are urging businesses to prepare for ransomware attacks after the discovery of a massive cyber attack campaign

Businesses should ensure employees are aware of the dangers of email attachments in the light of evidence of large scale ransomware distribution campaigns.

On 28 August, more than 23 million email messages were sent in just 24 hours with malicious attachments containing variants of the Locky ransomware, according to researchers at AppRiver.

As a first line of defence, businesses are urged to inform employees of the ransomware risks associated with email attachments.

Businesses are advised to pay particular attention to raising awareness among employees who have access to sensitive data with high business impact.

In the second quarter of 2017, ransomware was the most popular form of malware, with 68% of all malicious email messages bearing some variant of ransomware, according to security firm Proofpoint.

In particular, email recipients should be wary of any attachments to email with the subject such as: please print, documents, photo, images, scans, pictures, and payment.

Some of the latest Locky campaings send emails appearing to be from the targeted organisationís scanner, printer or other legitimate source, warns Comodo Threat Intelligence Lab.

The latest versions of the Locky ransomware are typically downloaded by a Visual Basic Script file in a ZIP file nested in another ZIP file as soon as the attachment is clicked.

Locky then encrypts all files on the system before instructing the victim to install the TOR browser and visit a .onion (Darkweb) site to process payment of .5 Bitcoins worth around $2,150.

Once the ransom payment is made the attackers promise a redirect to the decryption service, but the consensus among law enforcement and security industry representatives is to advise against payment because there is no guarantee the files will be decrypted or that the attackers will not strike again.

As there are currently no publicly shared methods to reverse the latest Locky variants, security researchers say employee awareness is paramount.

As a second line of defence, businesses are advised to ensure they have systems in place that can block spoofed emails and detect new variants of malware such as advanced analysis at the email gateway.

However, with each resurgence of Locky, the ransomware has continued to evolve to evade enterprise security defences, making it notoriously difficult to detect.

In the latest round of Locky ransomware campaigns that started around 9 August 2017, some Locky variants include sandbox evasion capabilities, according to security researchers at Malwarebytes Labs.

Malware authors have used booby trapped Office documents containing macros to retrieve their payloads for some time, but ordinarily, the code executes as soon as the user clicks the ìEnable Contentî button.

Sandboxes will not help the cyber security risks

For analysis purposes, many sandboxes lower the security settings of various applications and enable macros by default, which allows for the automated capture of the malicious payload.

However, Malwarebytes researcher Marcelo Rivero discovered that some of the latest versions of Locky do not simply trigger by running the macro itself, but wait until the fake Word document is closed by the user before it starts to invoke a set of command to download the ransomware and issue the ransom demand.

‘While not a sophisticated technique, it nonetheless illustrates the constant cat and mouse battle between attackers and defenders. We ascertain that in their current form, the malicious documents are likely to exhibit a harmless behavior in many sandboxes while still infecting end users that would logically close the file when they realise there is nothing to be seen,’ Rivero and colleague JÈrÙme Segura wrote in a blog post.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Business confidence in managing cyber security threats low

Business digital transformation and cyber security threats have outpaced enterprise security capacity, a survey has revealed

Business digital transformation and cyber security threats have outpaced enterprise security capacity, a survey has revealed

An average of 40% of organisations experienced five or more significant security incidents in the past 12 months, according to the survey report by digital threat management firm RiskIQ.

The most cited external threats included malware, ransomware, phishing, domain and brand abuse, online scams, rogue mobile apps, and social impersonation.

In the face of these threats, 70% of respondents said they had little or no confidence in reducing their digital attack surface, expressing the least confidence in threats against web, brand and ecosystem assessment.

The majority of those surveyed are aware some of their digital security measures are immature or ineffective, with only 31% expressing high confidence in the likelihood their organisations can mitigate or prevent digital threats despite all respondents increasing their near-term digital security spend.

More than half of survey respondents expect their near term digital defence investment to increase between 15% to 25% or more.

Correspondingly, nearly half of respondents view cyber threat intelligence as ‘very important’, and all respondents saw cyber threat intelligence tools as being ‘very important’or ‘somewhat important’- especially in fortifying research and reducing time to respond to external threats.

However, confidence in capacity to address digital threats appears to be higher in the UK, with UK respondents seeing more value than US counterparts in the ability for cyber threat intelligence and digital threat management tools in reducing time to remediate threats.

In terms of industry sectors, the survey shows digital threat management appears more progressive among organisations in financial services, manufacturing and consumer goods in terms of overall expenditure.

Larger companies felt they were better able to update control systems and collaborate across departments perhaps showing the benefits of scale and smaller companies felt best able to inform others about the status of external attacks, perhaps reflecting the benefits of having a smaller base to worry about.

Nearly a quarter of healthcare and pharmaceutical respondents felt little to no confidence in their ability to assess digital risk.

Outsourcing the cyber security risks

In an attempt to mitigate the cyber security risks organisations are outsourcing a third of digital threat management tasks to managed security service providers (MSSPs), and outsourcing looks set to grow by nearly 13% in compound annual growth rate by 2019.

The survey shows the UK is growing faster in its plans to outsource digital threat management tasks to MSSPs, with an expected year-on-year growth rate for the UK of 17% compared with just 11% in US.

‘The independent research provides a useful litmus test for the level of exposure, controls and investment regarding external web, social and mobile threats among global industries,’ said Scott Gordon, chief marketing officer at RiskIQ.

‘The findings validate the need for enterprises to leverage cross-channel intelligence, automation and resource optimisation as they build out digital defences to reduce operational and reputational risk.’

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

No one system is a complete cyber security solution

Whilst it may be simple to claim a complete cyber security solution- the reality is somewhat different.

Whilst it may be simple to claim a complete cyber security solution- the reality is somewhat different.

There are no shortage of companies out there making claims that there is a universal solution to security- after all it makes for a good marketing message, but unfortunately, in practice there is no one complete cyber security solution.

What key things should organisations be doing in terms of cyber defences to ensure they are robust and resilient?

Determining which practices, controls and countermeasures will work best in a given organisation is based on that organisation’s own needs: what works for it culturally, the level of risk that its business is subject to, and so on.

For example, the security techniques and methods that work best for a large hospital might be very different from what would work best for a corner shop retailer ñ and more different still from a government agency or large financial institution. So, answering the question what should organisations do? is a bit more nuanced than it might seem on the surface.

In Cyber 139’s opinion, there are two things every organisation should be doing: risk management and intelligence gathering.

Risk management is the process of figuring out which risks the organisation needs to address, and putting measures in place to find them, track them, mitigate them, and make sure they stay mitigated going forward.

Likewise, intelligence gathering, particularly of the threat environment -what the bad guys might be interested in and how they might attack -informs the risk management process directly.

Both of these areas are systematic processes rather than solutions that can be bought off the shelf, so the good news is that no special equipment is required to accomplish this.

However, doing these things well and comprehensively takes discipline, planning and preparation.

For ransomware specifically, one very helpful measure is to conduct a pre-planning tabletop exercise to ensure that individuals in the organisation are prepared for a ransomware event.

For example, think through your response and discuss specific decision points ahead of time rather than when the heat is on during an actual incident.

The normative position of law enforcement (and most security practitioners) is not to pay the ransom -it can cause a criminal to ‘retarget’ the organisation down the road, and only sometimes will the attacker actually make good if the ransom is paid.

However, this can be a more difficult stance to take in the heat of an incident: the dollar amount can seem small compared with the impact of the ransomware. Decisions like this are best thought through in advance.

In terms of limiting the impact of cyber attacks in general and recovering quickly, tabletop and planning exercises are again a good idea, as is a systematic risk management process.

Beyond these, helpful practices can include building capabilities to understand and react to the threat environment -in particular, keeping tabs on big ticket events such as ongoing malware or ransomware attacks – as well as testing the organisationís defensive posture through vulnerability assessment, penetration testing and other techniques that allow an organisation to systematically measure its defences.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Wannacry cyber security money laundering attempt thwarted

The Wannacry cyber security ransomware hackers have tried to conceal who they are by using a virtual currency that is more anonymous than Bitcoin.

Wannacry cyber security money laundering attempt thwarted

Victims paid more than £107,000 in bitcoins to recover files scrambled by Wannacry.

Earlier this week the gang behind the attack started to move the bitcoins out of the wallets they were paid into.

But the operators of the exchange they used to swap the bitcoins have now frozen the accounts they used.

Wannacry caught out thousands of firms around the world when it infected computers on corporate networks and encrypted their files, making them useless.

Victims were told to pay between £229 and £458 in bitcoins to have their files unscrambled and return computers to a working state.

Many security experts believed the money paid into three bitcoin wallets set up by the Wannacry creators would never be moved, because there was so much attention focused on who was behind the attack.

Moving the cash might expose key details about the attackers that could be used to track them down.

Whilst no one knows who owns the 3 accounts- the details of the acounts are known to the blockchain community as they can track the specific accounts.

But the bitcoins were moved earlier this week and some were piped to an exchange network called Shapeshift.io in an attempt to convert them to another virtual currency called Monero.

The Monero crypto-currency was set up to be more anonymous than Bitcoin and seeks to hide as much information as possible about every transaction.

The Wannacry gang is believed to have chosen Shapeshift.io for the digital cash transfer because the service can be used without signing up for an account.

However, the attempt to launder the cash via the platform seems to have been thwarted soon after Shapeshift was told what was happening.

Shapeshift said it would block any further attempts to change the Wannacry bitcoins into Monero or any other crypto-currency.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

UK calls for smart car cyber protection

Internet connected cars will have to be better protected from cyber attackers

Internet connected cars will have to be better protected from cyber attackers

The Department for Transport (DOT), has issued guidance that includes eight principles for future UK use.

The DOT in conjunction with Centre for the Protection of National Infrastructure (CPNI), wants eight principles for use throughout the automotive sector for connected and autonomous vehicles, intelligent transport systems, and their supply chains.

‘While smart cars and vans offer new services for drivers, it is feared potential hackers could target them to access personal data, steal cars that use keyless entry, or even take control of technology for malicious reasons,’ the guidelines state.

The eight principles set out how vehicle manufacturers can make sure cyber security is properly considered at every level, from designers and engineers, through to suppliers and senior-level executives.

The measures are aimed at ensuring engineers developing smart vehicles toughen up cyber protections and design out cyber security risks.

In announcing the guidelines, the government highlighted the ìbroader programme of workî announced in the Queenís speech in June 2017 under the Autonomous and Electric Vehicles Bill that aims to create a new framework for self-driving vehicle insurance.

The legislation, the government said, will put the UK at the centre of the new technological developments in smart and autonomous vehicles, while ensuring safety and consumer protection remain at the heart of the emerging industry.

The measures to be put before Parliament, the government said, mean that insuring modern vehicles will provide protection for consumers if technologies fail.

The government said measures, alongside the guidelines for manufacturers to make smart cars cyber secure, are aimed at making the UK a world-leading location for research and development for the next generation of vehicles. This forms part of the governmentís drive to ensure the UK harnesses the economic and job-creating potential of new tech industries.

Eight principles of vehicle cyber security

Organisational security is owned, governed and promoted at board level.
Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain.
Organisations need product aftercare and incident response to ensure systems are secure over their lifetime.
All organisations, including sub-contractors, suppliers and potential third parties, work together to enhance the security of the system.
Systems are designed using a defence-in-depth approach.
The security of all software is managed throughout its lifetime.
The storage and transmission of data is secure and can be controlled.
The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail.

Transport minister Martin Callanan said it is important that smarter and self-driving technologies are protected against cyber attacks.

‘That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations,’ he said.

Mike Hawes, chief executive of the Society of Motor Manufacturers and Traders, welcomed the government initiative: ìWeíre pleased that government is taking action now to ensure a seamless transition to fully connected and autonomous cars in the future and, given this shift will take place globally, that it is championing cyber security and shared best practice at an international level.î

Hawes said autonomous vehicles promise to reduce road accidents dramatically and save thousands of lives. ìA consistent set of guidelines is an important step towards ensuring the UK can be among the first ñ and safest ñ of international markets to grasp the benefits of this exciting new technology,î he said.

In July 2015, the government announced a £20 million fund to research and develop driverless car technology in the UK, launched a joint policy team to co-ordinate cross-departmental work, and established a non-statutory code of practice to help ensure public safety.

 

SMEs failing to address cyber security threats despite risks

Small to medium enterprises (SMEs) are failing to prepare adequately to address cyber security threats – despite the growing risks.

SMEs failing to address cyber security threats despite risks

Despite the WannaCry and Petya global cyber attacks, only 42% of SME IT decision makers polled in the UK, US and Australia are concerned about ransomware.

In fact, ransomware ranked lowest among concerns, with new of malware infections topping the list, followed by mobile and phishing attacks, according to a survey commissioned by security firm Webroot.

However, Webroot’s threat research from June 2017, which is based on data from a variety of businesses, reveals that more than 60% of companies have already been affected by ransomware, with the financial and retail sectors being hit the hardest.

In the UK, the research highlighted a false sense of security among IT decision makers. Even though 72% of UK respondents admit their businesses are not prepared to address external threats, 87% are confident their staff would be able fully address or eliminate an issue.

According to the survey report, when a business suffers a cyberattack, the consequences are felt both internally and externally.

Almost 58% of UK respondents, compared with 65% globally, believe it would be more difficult to restore the company’s public image than to restore employee trust and morale.

Underscoring the need for proactive security solutions, respondents estimate a cyber attack on their business where customer records or critical business data were lost would cost an average of £737,677 in the UK compared with an overall average of £773,483.

SMEs typically face the same threats as bigger organisations, but lack the same level of expertise and other security resources.

Addressing the growing threat, nearly all respondents plan to increase their annual IT security budget in 2017 compared to 2016, according to the report.

SME with 100 to 500 employees currently manage IT security in various ways, the survey revealed. In the UK, 22% of SMEs have in-house employees who handle IT security along with other responsibilities, compared with the average of 20%.

A third of UK SMEs use a mix of in-house and outsourced IT security support, compared with an average of 37%, while 25% have a dedicated in-house IT security professional or team, compared with 23% on average.

In the UK, 92% of respondents believe outsourcing IT solutions would protect their organisation against threats and increase their bandwidth to address other areas of their business, compared with an average of 90%.

Using a third party cyber security provider

Among businesses that do not currently outsource IT security, 82% of UK SMEs will likely use a third-party cyber security provider in 2017, compared with an average of 80%, which represents a big opportunity for managed security service providers (MSSPs), the report said.

The lack of planned investment in cyber defences is surprising in the face of increased attacks, the costs associated with those attacks, and the fact strong cyber security has the potential to give SMEs an opportunity to stand out from competitors, with as many as one in 20 claiming to have gained an advantage over a competitor because of stronger cyber security credentials.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Half of UK SMEs spend less than £1,000 on cyber security

Almost 50% of UK small to medium enterprises plan to spend £1,000 or less on cyber security in the next year and 22% do not know how much they will spend, insurance firm Zurich has found.

Almost 50% of UK small to medium enterprises plan to spend £1,000 or less on cyber security in the next yearAs many as 875,000 small and medium-sized enterprises (SMEs) in the UK – 16% of the total – have been hit by a cyber attack in the past 12 months, according to the latest Zurich SME Risk Index.

Businesses in London are the worst affected, with almost a quarter (23%) reporting suffering a breach within this period.

Of businesses that were affected, more than one fifth (21%) said it cost them more than £10,000 and one in 10 (11%) said it cost more than £50,000.

Yet despite the volume of attacks and potential losses, the survey of more than 1,000 UK SMEs showed that business leaders are not committing to investing significantly in cyber security in the year ahead.

The survey, by YouGov on behalf of Zurich, found that 49% of SMEs admitted they plan to spend £1,000 or less on their cyber defences in the next 12 months, and almost a quarter (22%) do not know how much they will spend.

The lack of planned investment in cyber defences is also surprising in the light of the fact that business leaders report that strong cyber security is giving them an opportunity to stand out from competitors, with as many as one in 20 claiming to have gained an advantage over a competitor because of stronger cyber security credentials.

This trend is confirmed by a separate survey of SMEs by security e-learning firm CybSafe, which showed that half of SMEs polled have had cyber security conditions included in contracts with enterprise customers in the past five years, and one-third of respondents said they have had their cyber security measures questioned as part of winning contracts in the past year.

Also, 44% said they have been required to hold a recognised cyber security standard, such as ISO 27001, by their enterprise customers in the past five years and 28% in the past year alone, demonstrating a clear trend in enterprise approach to supplier information security.

“While recent cyber attacks have highlighted the importance of cyber security for some of the world’s biggest companies, it is important to remember that small and medium-sized businesses need to protect themselves too,” said Paul Tombs, head of SME proposition at Zurich.

“The survey results suggest that SMEs are not yet heeding the warnings provided by large attacks on global businesses.”

However, Tombs said that although the rate of attacks on SMEs is troubling, it also shows there is an opportunity for businesses with the correct safeguards and procedures in place to use this as a strength and gain an advantage.

In September 2016, a report by Juniper Research revealed that 74% of UK SMEs believed they were safe from cyber attack, despite half of them admitting having suffered a data breach.

The report showed that 86% of the SMEs surveyed thought they were doing enough to counter the effects of cyber attacks, and 27% believed they were safe from attack because they were small and of no interest to cyber criminals.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Defence minister opens £3m cyber security centre in

UK minister for defence procurement has opened a new cyber security centre aimed at boosting UK cyber defence capability and skills.

UK minister for defence procurement has opened a new cyber security centre aimed at boosting UK cyber defence capability and skills.

The Cyber Works centre, which employs 90 people, will enable Lockheed Martin to work more closely with UK partners to share knowledge and best practice, undertake research and develop new cyber defence capabilities.

In February 2017, Lockheed Martin announced that it would support the UK government’s CyberFirst scheme to inspire and support young people considering roles in cyber security.

The Cyber Works centre is designed to deliver cyber capabilities to UK government as well as support the development of skills and careers in cyber security and intelligence.

Harriett Baldwin, UK minister for defence procurement, said that with its £1.9 billion National Cyber Security Strategy, the country is a world leader in the field.

“The opening of today’s cutting-edge centre is a great example of how partnerships with industry are at the heart of that strategy,” she said. “Together, we are developing solutions to national security risks.”

A key part of the Cyber Security Strategy is partnerships with industry, with £10 million being invested in a new Cyber Innovation Fund to give startups the boost and partners they need

Baldwin said the UK is already leading Nato in its support for offensive and defensive operations in the fight against Islamic State (IS) and complex cyber threats. “This centre will further boost the UK’s cyber capabilities,” she said.

Lockheed Martin is the world’s largest aerospace and defence company and a longstanding leader in the fields of cyber security and intelligence.

The company pioneered the development of the cyber kill chain, an analysis method for cyber network defence that has been broadly adopted across industries and sectors.

Lockheed Martin is also a top provider of capabilities to defence and intelligence communities around the world and operates facilities to defend its own networks across 70 countries.

As well as investing in the new facility, Lockheed Martin plans to take part in the National Cyber Security Centre’s £6.5 million CyberInvest scheme to support cutting-edge cyber security research in the UK.

With National Offensive Cyber Planning allowing the UK to integrate cyber into all of its military operations, defence plays a key role in the country’s cyber security strategy, according to the Ministry of Defence (MoD).

Offensive cyber is being routinely used in the war against IS, not only in Iraq but also in the campaign to liberate Raqqa and other towns on the Euphrates, the MoD said.

In defence, the MoD said the £800m Innovation Initiative has already boosted investment in UK research and business, with multimillion-pound competitions to develop artificial intelligence and automated systems.

In January next year, the ministry will open a dedicated state-of-the-art Defence Cyber School at Shrivenham, bringing together all military joint cyber training into one place.

The MoD also has a key role to play in contributing to a culture of resilience, which is why the Defence Cyber Partnership Programme was set up to ensure its industrial partners protect themselves and meet robust cyber security standards, the ministry said.

 

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

 

UK firms still relying on perimeter defences for cyber security

Despite the increasing number of data breaches, many companies are still relying on perimeter defences and are underinvesting in technologies to keep data safe.

Despite the increasing number of data breaches, many companies are still relying on perimeter defences and are underinvesting in technologies to keep data safe.

Some 96% of UK businesses feel as though their network perimeter security is effective at keeping unauthorised users out of their network, according to the fourth-annual Gemalto Data Security Confidence Index.

The global ransomware attack in May 2017 affected more than 200,000 computers in over 150 countries, including in the UK where the NHS was forced to restrict operations and turn away patients.

Across the 10 global regions surveyed, 94% of the more than 1,000 IT professionals said perimeter security is effective, but only 35% said they were extremely confident their data would be secure if perimeter defences were breached.

However, the survey also revealed that 46% of UK businesses are only protecting their customers’ data with passwords, and when considering their latest data breaches, 75% of the data stolen from businesses on average was not encrypted, with 11% of businesses not encrypting any of their data.

“As a security professional, it feels like I’ve been saying forever that basic perimeter security measures are no longer enough,” said Joe Pindar, director of data protection product strategy at Gemalto.

“So it’s worrying to see the UK is continuing to place ultimate faith in these systems, without thinking about what attackers actually want – their data,” he said.

Without a switch in mentality, and starting to protect the data at its source with robust encryption and two-factor authentication, the UK is like one of the three little pigs.

“Unfortunately, the one sitting in the straw house – not realising that when the time comes, passwords and perimeter security alone will not stand up to attackers,” he said.

The Gemalto report notes that many businesses are continuing to prioritise perimeter security without realising it is largely ineffective against sophisticated cyber attacks.

According to the research findings, 76% of global respondents said their organisation had increased investment in perimeter security technologies such as firewalls, intrusion detection and prevention, antivirus, content filtering, and anomaly detection to protect against external attackers.

Despite this investment, 68% believe unauthorised users could access their network, rendering their perimeter security ineffective.

These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28%) of organisations polled have suffered perimeter security breaches in the past 12 months. The reality of the situation worsens when considering that, on average, only 8% of data breached was encrypted.

Businesses’ confidence is further undermined by over half of respondents (55%) not knowing where their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (32%) or customer (35%) data.

According to the Gemalto report, this means that, should the data be stolen, a hacker would have full access to this information, and could use it for crimes including identify theft, financial fraud or ransomware.

“It is clear there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, vice-president and chief technology officer for data protection at Gemalto.

“By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect their data, which is a company’s most valuable asset,” he said, adding that it is important to focus on protecting this resource. “Otherwise, reality will inevitably bite those that fail to do so.”

 

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Major cyber incidents accelerating, says NCSC

The UK is seeing an acceleration in major cyber security incidents, according to the country’s cyber security protection agency.

The UK is seeing an acceleration in major cyber security incidents, according to the country’s cyber security protection agency

In the eight months since inception, the UK’s National Cyber Security Centre (NCSC) has recorded 480 major cyber incidents requiring its attention.

However, there has been big rise in these types of incidents in the past few months, in part due to an improved ability to spot them and a greater willingness to report them, according to John Noble, director of incident management at the NCSC.

“This increase in major attacks is mainly being driven by the fact that cyber attack tools are becoming more readily available, in combination with a growing willingness to use them,” he told The Cyber Security Summit in London.

Although the WannaCry ransomware attacks in May 2017 came very close, Noble said there had been no C1-level national cyber security incidents to date.

The majority of the major incidents the NCSC has dealt with were C3-level attacks, typically confined to single organisations. These account for 451 incidents to date.

The remaining 29 major incidents were C2-level attacks, significant attacks that typically require a cross-government response.

Across these nearly 500 incidents, Noble said there were five common themes or lessons to be learned.

1. There is still a need for organisations to get the basics right

“We are still seeing organisations that are not getting the basics right, like software security patching, antivirus updating and putting in basic protections and controls for system administrators, who are typically big targets for attackers to steal their credentials,” said Noble.

2. Failure to get the balance right between usability and security

“In the vast majority of incidents we see, victim organisations have got this balance wrong, leaning too far in the direction of convenience and usability leading to things like logging being turned off to optimise performance,” said Noble.

“The decision-making around where to strike that balance is typically confused because of the complexity of the enterprises being defended, and because of a lack of understanding about what they are trying to prevent and which data really matters,” he said.

3. Legacy systems and equipment

The existence of legacy systems and equipment in the enterprise presents opportunities to attackers, said Noble. “Often, when we investigate incidents, we find it is in the legacy systems that the compromise has begun,” he said.

4. Outsourcing

“In early 2017, we reported on a major compromise of managed service providers, which provide a tremendous opportunity for bad actors,” said Noble, alluding to Operation Cloud Hopper that was uncovered in April.

“MSPs enable attackers to obtain security credentials in one country, traverse across their network, and then compromise a company or series of companies in another country, and exfiltrate the data through a third country,” he said.

In response, Noble said the NCSC had published a list of questions organisations should ask their MSPs in terms of security.

“Similarly, organisations need to understand the security implications of their supply chains, who they are connecting up to, and what risks are involved,” he said.

5. Mergers and acquisitions

In mergers and acquisition, cyber security is often overlooked in the due diligence process, said Noble. “As a result, the cyber risk is not understood and not addressed effectively,” he said.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139