UK organisations are still not taking ransomware seriously enough

UK organisations are still not taking ransomware seriously enough, and continue to fall prey to this method of low cost, low risk cyber extortion.

UK organisations are still not taking ransomware seriously enough

Businesses still get caught by ransomware, even though straightforward avoidance methods exist.The CryptoLocker ransomware caught many enterprises off guard, but there is a defence strategy that works.

Another factor promoting the popularity of ransomware among attackers, is that unlike many other forms of malware, ransomware does not require any special user rights.

“If your system gets infected by a keylogger, it has to escalate privileges to become an administrator on the system so it can survive a reboot, but all ransomware needs is access to the files the infected user can access,” said chief research officer at F-Secure Mikko Hypponen.

“This makes them a unique problem because you can’t fight ransomware by locking down systems, restricting user access or removing administrator privileges from users.

“I fully support this approach to security. Only give users access to what they need, take away admin privileges, but none of these things will protect against ransomware.”

The most effective way to counter ransomware, said Hypponen, is to backup all critical data, but many organisations are failing in this.

“They may be backing up data, but they are typically not doing it often enough. They are not backing up all the information they really need because files are not being saved to the right folders, and they are not testing their backups regularly. Even if they have backed up the information, they are often unable to restore it to a usable form,” he said.

“In addition to regularly tested backups, organisations should also ensure they would be able to detect and respond to a live ransomware Trojan on their network before it has succeeded in locking up all the data,” said Hypponen.

One way of approaching this is to plant dummy “canary” files throughout the network. These should never be touched by legitimate users and act as alarms. If these files are touched, it points to malicious activity on the network.

Ransomware is also popular, he said, because its developers are able to outsource the risk to partners whose role is infect computers in return for a share in the money extorted from victims.

In addition to ransomware, another new business model for cyber criminals is circumventing the fingerprint locks on iPhones.

“Once fingerprint readers were added to iPhones, users were able to lock and unlock them quickly and easily. This meant that if the phone was stolen, it was useless and could be only sold for spares, which did not yield very much,” said Hypponen.

But researchers are now starting to see criminal organisations that are able to trick victims of mobile phone theft into revealing their iCloud credentials.

“Victims typically receive an email message a few days after their phone is stolen to say it has been located using the ‘track my iPhone’ facility, telling them to click the link embedded in the message,” said Hypponen.

“But the link takes them to a phishing site that asks them to log into their iCloud account, and once they have done that, the criminals have the information to reset the stolen phone and sell it as a fully working device.”

The second lesson learned in 25 years of cyber security, said Hypponen, is that people will never learn, and that user education is a waste of time.

“It doesn’t matter how many times you tell them, they will always double click on every executable. They will always follow every link, they will always type their password and credit card number into any online form that asks for that information, and they will always post their credit card picture and even CVV numbers on Twitter,” he said.

Admitting this may be overly pessimistic, Hypponen said that instead of trying to “patch” people by educating them, the responsibility should be shifted to those better equipped to handle it.

“We should be thinking about where we really want the responsibility to be,” he added. “Do we really want people to be responsible for security when most of them can’t handle it, or should we be thinking about taking the responsibility away from the user and giving it to operating system developers, security companies, and internet service providers and mobile operating firms that provide the connectivity that causes the problems in the first place?”

No final fix for cyber security

There really is no final fix solution endgame when it comes to cyber security.

There really is no final fix solution endgame when it comes to cyber security, according to security industry veteran and chief research officer at F-Secure Mikko Hypponen.The claim was made by security industry veteran and chief research officer at F-Secure Mikko Hypponen and two of the most valuable lessons in cyber security are to know your enemy and not to rely on users to be secure.

“We will always have cyber security problems because we will always have bad people, which means job security in security is likely to continue for ever,” he told the Wired Security conference in London.

Cyber attackers are continually evolving their techniques and capabilities to steal and monetise data in new ways, which means the goalposts are continually moving.

“If we were still fighting the enemy of 10 years ago, we would be in great shape,” he said, alluding to the security tools that have been developed since then, as well as the security improvements in software.

“Attackers will always have the upper hand because they have the luxury of time to study our defences, while defenders do not have that luxury, so it is an unfair contest – a never-ending race.”

Reflecting on lessons learned over his 25 year career in information security, Hypponen said the most important thing is to understand the adversary.

However, he said the days of being able to do that easily are long gone, with most organisations finding themselves faced with a whole range of attackers.

They are all looking to gain something, said Hypponen, whether they are hacktivists supporting a cause, nation state actors or criminals.

“But for most organisations, criminals are the most likely to be attacking them,” he said, noting that of the 350,000 to 450,000 new malware samples that F-Secure sees on a daily basis, 95% comes from organised cyber crime groups.

“It is different when you get targeted by foreign intelligence agencies, because they are really bad, but most organisations are not targeted by foreign spies because most organisations are of no interest to them,” he said.

Although these cyber criminals like to portray themselves as Mafiosi, Hypponen said most are just “geeks” looking to make money from selling things such as hacked PayPal accounts and credit card details along with step-by-step guides on how to use them to make money.

Ransomware most popular form of cyber crime

Ransomware that encrypts victims’ data and demands payment in return for restoring it is fast becoming the most popular way for cyber criminals to make money.

“This is a simple business model based on the principle of selling data to the highest bidder, which is often the person or organisation that owns the data in the first place,” said Hypponen.

F-Security is currently tracking more than 110 different ransomware groups operating around the world and competing for market share.

“Ransomware has become very competitive, with the result of some groups seeking to expand into new markets by translating ransomware campaigns into 26 different languages,” said Hypponen.

Another evolution of ransomware attacks is the shift away from consumers to target enterprises.

“As soon as an infected computer is connected to the corporate network, the attackers enumerate and mount all the file shares the user can access and dynamically set the ransom based on how many files they manage to encrypt on the network,” said Hypponen.

The biggest concern about ransomware for enterprises is that it will stop business operations. With continuity in mind, some enterprises are even setting up bitcoin wallets to be able to pay ransoms quickly and minimise the impact on business continuity.

“This idea of continuity is really backwards, because it does not address the problem,” said Hypponen. “The more enterprises pay these ransoms, the greater and more entrenched this problem will become.”

Yahoo hack effects Sky and BT emails as well

The world’s largest hacking of Yahoo also effects BT and Sky email users.

The world's largest hacking of Yahoo also effects BT and Sky email users.Yahoo wasn’t the tech giant in Silicon Valley that it used to be, but the news that half a billion user details were stolen from it over two years ago in 2014 should still concern everyone.

It now transpires that both BT and Sky used Yahoo’s email system and labelled it as their own.  Which is particularly ironic given that Sky’s parent company Fox has had to pay out hundreds of millions to people it had itself hacked it’s customers.

What is even more worrying is customer inertia- that’s because stubborn user behavior and the economics of darknet markets mean the chances of a serious breach at another major internet service increase dramatically with each hack.

The user behavior part is that people like to reuse their passwords—a lot.

One estimate, from Cambridge University’s Security Group, puts password reuse as high as 49%.

That is, we use the same password for every two accounts that require a log-in.

When a big cache of hacked passwords ends up traded on darknet markets, it often gets added to password databases. These databases can be used by corporations to ensure their users don’t use previously published, insecure passwords—or more maliciously by hackers, who will try to find passwords reused on other services.

It’s the equivalent of trying millions of different keys on a particular door, except it’s all automated and can be done in days, as the password cracker Jeremi Gosney has detailed for Ars Technica.

Password reuse and marketplaces for stolen data mean that password databases grow larger and more robust with each major breach. For example, LinkedIn was hacked in 2012 for more than 100 million user accounts. Parts of those stolen credentials wound up in darknet data dumps.

One of those log-ins belonged to a Dropbox employee, who apparently reused a password, allowing a hacker to enter the file-sharing platform’s corporate network. This led to the theft of 70 million Dropbox user passwords, which the company confirmed in August. One massive hack leads to another, forming a daisy-chain of insecurity.

The Yahoo breach is five times the size of the LinkedIn theft. That’s a lot more data to add to password-cracking lists.

The only thing we internet users have going for us now is to hope the “state-sponsored actor” that Yahoo says is behind the hack doesn’t dump the data in public, or sell it for profit. When that happens, we’re due for a password reset.

You can check if your email has been hacked and touted online at: https://haveibeenpwned.com/

Know your cyber attacker to defend yourself

Plus ca change- the Chinese general Sun Tzu said “know your enemy” 2,500 years ago- and the advice is as pertinent today as then when it comes to cyber security.

Plus ca change- the Chinese general Sun Tzu said Organisations can build better cyber defences by understanding which criminal underground is likely to target them, according to Robert McArdle, threat research team manager at Trend Micro.

There are several distinct types of cyber criminal undergrounds divided along language lines, each with their own particular characteristics, he told the Cloudsec 2016 conference in London.

The biggest and most mature are the Russian, English, German and Chinese cyber criminal undergrounds, but there also significant operations in Portuguese (Brazil) and Japanese.

“The all operate slightly differently and focus on different activities, so it depends on your business which of these undergrounds are the most likely to target your organisation,” said McArdle.

The Russian criminal underground is the longest-running, most mature criminal underground and was the first to introduce that as-as-service model, which has since been copied by most of the others.

The Russian cyber criminal underground is highly competitive, with most operations run along strict business principles, with some boasting dedicated sales departments and 24-hour support services.

The Trend Micro research team has identified several trends in the Russian underground, such as the fact that fierce competition is forcing prices lower, providing easier access to tools and services.

There has been a rapid increase in the number of tools and services targeting mobile devices and platforms in line with the growing popularity of mobile devices.

Another rapidly growing area is the trade in information about compromised sites that can be used in various cyber criminal campaigns.

Trade in credit card details continues to be strong on the Russian underground, with several sites dedicated to buying and selling this data.

“Some even have clickable maps that enable cyber criminals to view what credit cards are available in particular countries, cities and particular companies,” said McArdle.

“We have also seen the emergence of star-rating systems and the introduction of validation services that allows customers to try before they buy,” he said.

The Chinese underground is interesting, said McArdle, because although China is strongly associated with cyber espionage in the West, it is responsible for relatively little of run-of-the-mill cyber crime.

“Because of the language differences, the Chinese underground tends to build its own malware, does not rely on outside sources and mainly targets companies and individuals in China,” he said.

Although there is a fair amount of cyber crime hardware produced in China, such as card skimming devices, this tends to be sold through the cyber criminal markets based in South America.

The English cyber criminal underground is characterised by a much greater focus on physical goods, such as recreational drugs and fake identity documents, in addition to malware and killers for hire.

Distributed denial of service (DDoS) tools and services are very common in the English underground because they started out as tools developed by rival English-speaking gaming groups before migrating into extortion tools used by cyber criminals.

“We see a lot of tools and services for identity theft on the English underground, such as fake IDs, particularly in the US, where a stolen social security number can be used to impersonate someone to commit fraud by taking out loans, for example,” said McArdle.

Although the Portuguese cyber criminal underground based in Brazil is still relatively immature, he said it is growing and developing rapidly, driven by excellent online tutorials.

“Our researchers came across a three month tutorial programme for just £75 that is practically a masters level course on every aspect of conducting carding operations, including practical assignments with feedback on performance,” said McArdle.

The Portuguese underground is heavily focused on attacks on online banking, with 40% of Brazilians interacting with banks online. Consequently, most new attack methods aimed at online banking emerge in this region, providing a good indicator of what is likely to emerge in other parts of the world.

The Japanese underground is one of the least mature cyber criminal undergrounds, said McArdle, and, like the Chinese, it tends to focus on Japanese speaking customers and targets.

Although there is relatively little malware available because of the strict anti-malware legislation in Japan, he said there is a strong focus on Trojan malware and malware for webcams.

The Japanese underground is also characterised by gated communities, the use of coded language to refer to goods and services, and free porn websites pop-ups that demand payment for allegedly accessing member-only content.

“Strangely enough, around 10% of those targeted by these pop-ups pay the money demanded, even though the claims are false and no malware is involved,” said McArdle.

The German cyber criminal underground is the most mature in Europe and is not far behind the Russian underground.

“There are a lot of overlaps with the Russian underground, especially in terms of fake identity goods and services driven by demand from the growing Syrian refugee population in Germany,” said McArdle.

An understanding of nature of these undergrounds, he said, means that the banking sector should concentrate on the Russian and Portuguese undergrounds, for example, while those tasked with defending government or military networks would do well to concentrate on the Chinese underground.

“Understanding attackers is key to understanding what you need to defend against and building a strategy for doing so,” said McArdle.

Cyber crime included in official statistics

Cyber Security Force welcomes the inclusion of cyber crime in the latest crime survey for England and Wales by the Office for National Statistics (ONS).

Cyber Security Force welcomes the inclusion of cyber crime in the latest crime survey for England and Wales by the Office for National Statistics (ONS).

According to the latest report, there were 5.8 million incidents of cyber crime and fraud in the 12 months up to March 2016, affecting one in 10 people in England and Wales.

Just over half of the fraud incidents were cyber related, with 28% of these being non-investment fraud relating to online shopping or computer service calls. Some 68% of computer misuse crimes were related to malware and 32% were from unauthorised access to personal information including hacking.

However, the ONS cyber crime and fraud figures are an estimate, as specific questions relating to cyber crime were only added to the survey in October 2015 following a field trial.

“Headline estimates will include these offences for the first time in January 2017 once the questions have been asked for a full 12 months,” the report said.

According to the report, there were 4.5 million crimes reported in the period, excluding the 3.8 million cyber-related fraud incidents and 2 million compute misuse offences.

But the ONS said it would be incorrect to assume that once the figures are combined in the next report that the overall crime figure will double.

“This is the first time we have published official estimates of fraud and computer misuse from our victimisation survey, and ONS is leading the world in doing this. Together, these offences are similar in magnitude to the existing headline figures covering all other crime survey offences,” the ONS said.

“However, it would be wrong to conclude that actual crime levels have doubled, since the survey previously did not cover these offences. These improvements to the crime survey will help to measure the scale of the threat from these crimes, and help shape the response.”
Security should be top of board’s agenda

According to the ONS, cyber crime now makes up 40% of all recorded criminal incidents.

The technical capabilities of cyber criminals continue to outpace the UK’s ability to deal with cyber threats.

For the majority of organisations, the main two lessons to take from these statistics are the rapid evolution of cyber crime, and the number of threats that any individual or organisation will face.

As a result investment tends to flow into areas where it will be most productive, and crime is no different.

While there are government initiatives underway to tackle fraud, it is largely down to organisations to take care of themselves and the people they service.  The basics still apply:

  • Using strong passwords,
  • applying caution when using public Wi-Fi networks,
  • not revealing too much information about ourselves online and
  • regularly backing up personal data.

Experian’s Annual Fraud Indicator 2016 said fraud could be costing the UK economy up to £193 billion a year, with phishing attacks up by 21% in 2015 and were estimated to cost the UK more than £280 million.

Police ask for early contact of cyber crime

Businesses should contact the Police as early as possible about cyber crime- even before they are targeted.

Businesses should contact the Police as early as possible about cyber crime- even before they are targeted“The sooner we can become involved the better,” said Garry Lilburn, detective inspector, cyber crime unit, Metropolitan Police.

Current reporting mechanisms are “clunky” and there plans to replace them, he said, but in the meantime, businesses can make direct contact with the cyber divisions of the National Crime Agency (0370 496 7622) UK-wide or the Met Police for cyber crime in London (0207 230 8129) or 01452 752644 in Gloucestershire.

“Businesses can call us to discuss what is happening and get advice without having to officially report a crime and without fear of it leaking to the media or regulators,” said Lilburn, adding that some of the biggest cyber crime cases his unit has worked on have never been reported in public.

“If businesses contact us about cyber crime in action, we can advise them on how to mitigate the attack, preserve evidence, and how to communicate with cyber extortion gangs and even the media if necessary in the case of high-profile attacks,” he said.

However, Lilburn said businesses should engage with police even before they are targeted by cyber criminals.

“We offer a service of conducting table-top exercises with businesses so they can experience what it is like to work with the police in the event of an attack by cyber criminals and learn what kind of information we will need and the kind of questions we will ask,” he said.

Businesses should also develop plans for engaging with law enforcement before they are targeted by cyber criminals, and practice those plans in the same way they do fire drills, said Kurt Pipal, assistant legal attaché, office of the legal attaché at the FBI.

“Businesses should ensure they understand what law enforcement can do for them, what investigators are likely to ask for, and what they can do to help any investigation,” he said, adding that they should get their legal counsel involved because they are going to be one of the first points of contact with the police in the event of a cyber criminal attack.

“Many firms fear reputational damage and media exposure, but engaging early with law enforcement before anything happens often alleviates many of these types of concerns and makes them more comfortable in working with law enforcement when they are attacked,” said Pipal.
Police encourage information sharing

Cyber crime is almost always international in nature, but that should not put businesses off reporting cyber criminal activities, even if they appear to be coming from overseas or conducted through anonymising proxies, said Lilburn.

Many of the recent botnet takedowns involving the FBI have been the result of international law enforcement agencies working together, said Pipal.

“While cyber criminals may be based in countries where we cannot reach them, they also like to go on vacation, and often they go to countries where we do have the ability to make arrests, so businesses should talk to law enforcement about the cyber criminal activities they are seeing,” he said.

“Law enforcement should learn from this and also begin to find ways to collect information about bad actors that can be queried by law enforcement agencies around the world,” he said.

“Just because cyber criminals are located in other countries or appear to be anonymous, businesses should not assume we will not be interested or that we will not be able to take action against those responsible”

Many of these third parties are small and medium enterprises that work as suppliers or partners to larger organisations, but these businesses typically do not have the same level of security awareness or resources as their bigger partners, said Ferguson.

“While large organisations have the resources to understand and respond to threat intelligence gathered through industry forums and the government-sponsored cyber security information sharing partnership (Cisp) and the national computer emergency response team, Cert-UK, smaller businesses do not,” he said.

Indeed Cyber Security Force are part of theGloucestershire Safer Cyber Forum- which is founded and run by the Gloucestershire Constabulary.

Few organisations prepared for cyber attacks, says report

Only 23% of organisations are capable of responding effectively to critical security incidents, according to NTT Com Security’s latest threat report.

Only 23% of organisations are capable of responding effectively to critical security incidents, according to NTT Com Security's latest threat report.
Nearly 80% of organisations remain unprepared and without a formal plan to respond to cyber security incidents, a report has revealed.

There has been little improvement in preparedness in the past three years, according to the annual Global Threat Intelligence Report (GTIR) by NTT Com Security in The Global Threat Intelligence Report 2016.

Based on data from 24 security operations centres, seven R&D centres, 3.5 trillion logs and 6.2 billion attacks in 2015, the GTIR shows that on average, only 23% of organisations have the capability to respond effectively to critical security incidents.

The lack of improvement was further underlined by the finding that nearly 21% of vulnerabilities detected in client networks were more than three years old, while more than 12% were over 5 years old, and over 5% were more than 10 years old.

Results included vulnerabilities from as far back as 1999, making them over 16 years old.

“Prevention and planning for cyber security incidents seems to be stagnating,” said Garry Sidaway, vice-president of strategy and alliances at NTT Com Security.

“This is a real concern and could be due to a number of reasons, such as security fatigue caused by too many high profile security breaches, information overload and conflicting advice in combination with the sheer pace of technology change, lack of investment and increased regulation.

“Facing security challenges that didn’t exist last year, let alone a decade ago, and struggling with a shortfall in information security professionals, many organisations no longer have the necessary skills or resources to cope. Our mantra is prevention is better than cure and get the security basics right, including having a clear, well-communicated incident response plan.”

Although financial services was the leading sector for incident response in previous annual GTIR reports, the retail sector now takes the lead, with 22% of all response engagements, up from 12% the previous year. But retail – a popular target due to processing large volumes of personal information such as credit card details – also experienced the highest number of attacks, the report shows.

The report shows an increase in breach investigations to 28% in 2015 compared with 16% the previous year, with most incidents involving theft of data and intellectual property.

Internal threats jumped to 19% of overall investigations – from 2% in 2014 – with many of these the result of employees and contractors abusing information and computing assets.

Spear phishing attacks accounted for approximately 17% of incident response activities in 2015, up from 2% previously. Many of these attacks related to financial fraud targeting executives and finance personnel, with attackers using clever social engineering tactics, such as getting organisations to pay fake invoices.

Despite the rise in distributed denial of service (DDoS) hacking groups like DD4BC, the GTIR noted a drop in DDoS related activity compared with the previous two years. This is likely to be due to an investment in DDoS mitigation tools and services, the report said. However, the report also said extortion, based on payments by victims to avoid or stop DDoS attacks, had become more prevalent.

NTT Com Security made four recommendations for incident responses:

Prepare incident management processes and “run books”.
Many organisations have limited guidelines describing how to declare and classify incidents even though these are critical to ensure a response can be initiated. Depending on the type of attack, potential impact and other factors, response activities will be very different for each. Common practices for incident response also suggest organisations should develop “run books” to address how common incidents should be handled in their environment.

Evaluate your response effectiveness.
When incidents occur the last thing you want is to lack an understanding of standard incident response operating procedures. Evaluation of preparedness should include regular test scenarios. Consider post-mortem reviews to document and build upon response activities that worked well, as well as areas needing improvement.

Update escalation rosters.
As organisations grow and roles change, it is important to update documentation related to who is involved in incident response activities. Time is critical to incident response and not being able to quickly involve the correct people can hamper your effectiveness. Updating contact information for suppliers such as external incident response support and other providers is just as important.

Prepare technical documentation.
To make accurate decisions and identify impacted systems, organisations must have comprehensive and accurate details about their network.

90% of big UK businesses hacked by cyber attacks

There has been an increase in the number of both large and small organisations experiencing breaches according to the 2015 Information security breaches survey.

There has been an increase in the number of both large and small organisations experiencing breaches according to the 2015 Information security breaches survey

90% of large organisations reported that they had suffered a security breach, up from 81% in 2014. Small organisations recorded a similar picture, with nearly three-quarters reporting a security breach; this is an increase on the 2014 and 2013 figures.

59% of respondents expect there will be more security incidents in the next year than last.
The majority of UK businesses surveyed, regardless of size, expect that breaches will continue to increase in the next year. The survey found 59% of respondents expected to see more security incidents. Businesses need to ensure their defences keep pace with the threat.

The median number of breaches suffered in 2015 by large and small organisations has not moved significantly from 2014. 14 for large organisations and 4 for small businesses is the median number of breaches suffered in the last year.

Cost of breaches continue to soar

The average cost of the worst single breach suffered by organisations surveyed has gone up sharply for all sizes of business. For companies employing over 500 people, the ‘starting point’ for breach costs – which includes elements such as business disruption, lost sales, recovery of assets, and fines & compensation – now commences at £1.46 million, up from £600,000 the previous year.

The higher-end of the average range also more than doubles and is recorded as now costing £3.14 million (from £1.15 in 2014).

Small businesses do not fare much better – their lower end for security breach costs increase to £75,200 (from £65,000 in 2014) and the higher end has more than doubled this year to £310,800.

Organisations continue to suffer from external attacks

Whilst all sizes of organisations continue to experience external attack, there appears to have been a slow change in the character of these attacks amongst those surveyed. Large and small organisations appear to be subject to greater targeting by outsiders, with malicious software impacting nearly three-quarters of large organisations and three-fifths of small organisations.

There was a marked increase in small organisations suffering from malicious software, up 36% over last years’ figures.

69% of large organisations and 38% of small businesses were attacked by an unauthorised outsider in the last year, up from 55% a year ago and slightly up from 33% a year ago for SMEs.

Better news for business is that ‘Denial of service’ type attacks have dropped across the board, continuing the trend since 2013 and giving further evidence that outsiders are using more sophisticated methods to affect organisations.

You can find the research at: 2015 Information security breaches survey .

Ransomware increasingly dangerous cyber security threat

Ransomware attacks now account for around a quarter of cyber security threats targeting internet users in the UK- according to Eset.

Ransomware attacks now account for around a quarter of cyber security threats targeting internet users in the UK- according to Eset.Eset’s LiveGrid telemetry shows an increase in detections of the JS/Danger.ScriptAttachment malicious code, which tries to download and install various malware variants to the intended victims’ machines.

The majority of the code consists of crypto-ransomware, including some well known groupings, such as Teslacrypt.

The most recent wave of attacks has been focused on victims in the UK, where it accounted for roughly every fourth threat in the third week of April 2016, said the security firm.

“To reach as many potential victims as possible, attackers are spamming inboxes in various parts of the world,” said Ondrej Kubovič, security specialist at Eset. “Therefore, users should be very cautious about which messages they open.”

Meanwhile, the latest Verizon Data Breach Investigations Report (DBIR) also warns that ransomware attacks are steadily increasing.

Laurance Dine, managing principal of investigative response at Verizon Enterprise Solutions, said: “Ransomware is going crazy. It is everywhere. As an incident response team we are dealing with ransomware attacks all the time.”

Eset’s Kubovič recommends that companies should train their employees to report incidents to their internal security departments.

“Users should keep their operating systems and software up to date, as well as install a reliable security suite offering multiple layers of protection and regular updates,” he added.

“Last but not least, users need to back up all their important and valuable data, allowing for its recovery in case of ransomware infection,” he said.

While ransomware is becoming an increasing problem for businesses, a recent spate of attacks on hospitals in the past few months – mainly in the US, but also in Canada, Germany and New Zealand – has underlined the potentially life-threatening impact of ransomware, which works by encrypting data and demanding a ransom to be paid for its release.

The dangers of the IoT

A report by Institute for Critical Infrastructure Technology (ICIT) has also highlighted the fact that internet of things (IoT) devices offer a potential growth opportunity to any ransomware operation, given the devices are interconnected by design and many lack any form of security.

According to the report, while a lot of traditional malware will be too large to ever run on many IoT devices, ransomware (predominantly consisting of a few commands and an encryption algorithm) is much lighter.

Many medical devices, such as insulin pumps and other medication dispersion systems, are internet- or Bluetooth-enabled, the report pointed out, and warned that ransomware could used to open connections to infect the IoT device.

Part of the problem with the security of IoT communications is that the designers are more concerned by the ease of connectivity than the safety of their users.

New ransomware threat- with your address

A new email ransomware that quotes people’s postal addresses is a costly new cyber security threat.

A new email ransomware that quotes people's postal addresses is a costly new cyber security threatAndrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4’s You and Yours that discussed the phishing scam.

Mr Brandt discovered that the emails linked to ransomware called Maktub. The malware encrypts victims’ files and demands a ransom be paid before they can be unlocked.

The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link – but that leads to malware, as Mr Brandt explained.

Maktub doesn’t just demand a ransom, it increases the fee – which is to be paid in bitcoins – as time elapses.

A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately £400. This rises to 1.9 bitcoins, or £550, after the third day.

The phishing emails tell recipients that they owe money to British businesses and charities when they do not.

One remarkable feature of the scam emails was the fact that they included not just the victim’s name, but also their postal address.

Many have noted that the addresses are generally highly accurate.

According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it’s still not clear how scammers were able to gather people’s addresses and link them to names and emails.

The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source.

Several people contacted the You and Yours team to say that they were concerned data might have been taken from their eBay accounts, as their postal addresses had been stored there in the same format as they appeared in the phishing emails.

The UK’s national fraud and cybercrime reporting centre has been flooded with queries from people targeted by the scam.

“We have been inundated with this,” said deputy head Steve Proffitt. “At Action Fraud on Monday we received an additional 600 calls and from then onwards we’ve received 500 calls to our contact centre a day,” he added.

Mr Proffitt advised people who had received the phishing emails to under no circumstances click on the link, but instead delete the message from their system and inform Action Fraud.

Referring specifically to Maktub and the approach taken by the phishers, Dr Murdoch said he believed the scam was “significant” in more ways than one.

“It also appears to be quite widespread – I’ve heard about it from multiple sources so it seems like they were fairly successful getting a lot of these sent out,” he told the BBC.

He added that it was hard to know how to advise people who were unfortunate enough to have their files encrypted by ransomware.

For some individuals without backups, paying the ransom might be the only way to retrieve their data.

“However, every person that does that makes the business more valuable for the criminal and the world worse for everyone,” he said.

From:  http://www.bbc.co.uk/news/technology-35996408#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa