Nearly half of UK firms hit by cyber phishing attacks

Nearly  half of UK businesses have been compromised in the past two years using phishing attacks, despite high levels of cyber awareness and training.

Nearly  half of UK businesses have been compromised in the past two years using phishing attacks, despite high levels of cyber awareness and training.

Phishing attacks aimed at stealing legitimate user credentials have been used in the past 24 months to compromise 45% of UK organisations, according to research on behalf of cyber security firm Sophos.

Just over half (54%) of more than 900 IT directors polled in Western Europe said they had identified instances of employees replying to unsolicited emails or clicking on links contained within them, revealed a poll conducted by Sapio Research.

The study revealed that larger businesses are most likely to have been compromised by phishing attacks, despite also being most likely to conduct phishing and cyber threat awareness training.

Although businesses in the UK fell victim to phishing attacks at a similar rate to those in France (49%) and the Netherlands (44%), those in Ireland performed significantly better. Just 25% of Irish respondents said they had fallen victim to phishing in the past two years.

Across all respondents, 56% of companies employing between 500 and 750 people were identified as phishing victims in the past two years, while two-thirds (65%) had identified instances of employees replying to unsolicited emails or clicking on links contained within them.

By comparison, just 25% firms with fewer than 250 people and 36% of organisations with between 250 and 499 employees had been compromised by phishing in the same period.

Half of firms with fewer than 250 people offered training to help employees spot attacks, compared with 78% of those with between 500 and 1,000 people. And 79% of UK companies conduct regular cyber threat awareness training already, while 18% said they plan to offer it in the future.

Adam Bradley, UK managing director at Sophos, said criminals are adept at using social engineering to exploit human weakness, so while well-trained employees are an excellent deterrent, even the best user can slip up.

According to Bradley, phishing is one of the most common routes of entry for cyber criminals. As organisations grow, their risk of becoming a victim also increases as they become more lucrative targets and provide hackers with more potential points of failure.

Given the frequency of these attacks, organisations that don’t have basic infrastructure in place to spot people engaging with potentially harmful emails and whether their systems are compromised are likely to encounter some really significant problems.

Organisations should block malicious links, attachments and imposters before they reach users’ inboxes, said Bradley, and use the latest cyber security tools to stop ransomware and other advanced threats from running on devices even if a user clicks a malicious link or opens an infected attachment.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 03333 393 139 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Businesses warned to prepare for cyber security extortion campaigns

Directors, lawyers and doctors are the top extortion targets of cyber criminals, researchers tracking  sextortion attempts reveals.

Directors, lawyers and doctors are the top extortion targets of cyber criminals, researchers tracking  sextortion attempts reveals.

Cyber criminal groups are promising rewards of £276,300 a year on average to accomplices who help them target high-worth individuals with extortion scams research reports.

The reward promises are even higher for accomplices with network management, penetration testing and programming skills, according to researchers at risk protection firm Digital Shadows.

One threat actor, the report said, was offering £600,000 a year, with add-ons and a final salary after the second year of £840,000.

The main method of cyber security extortion where criminals deem potential victims to be particularly vulnerable is so-called “sextortion”.

Digital Shadows tracked a sample of sextortion campaigns and found that from July 2018 to February 2019 over 89,000 unique recipients faced around 792,000 extortion attempts.

An analysis of bitcoin wallets associated with these scams found that sextortionists could be reaping an average of £414 per victim.

The campaigns follow a similar pattern, the researcher found, in which the extortionist provides the target with a known password as “proof” of compromise, then claims to have video footage of the victim watching adult content online, and finally urges them to pay a ransom to a specified bitcoin address.

However, the researchers said other campaigns can be even more sinister, with one spam campaign from December 2018 claiming that recipients will be “killed” if they did not pay.

Extortion is in part being fuelled by the number of ready made extortion materials readily available on criminal forums, the researchers said, adding that these are lowering the barriers to entry for wannabe criminals with sensitive corporate documents, intellectual property and extortion manuals being sold on by more experienced criminals to service aspiring extortionists for less than £10.

In one example, seen by Digital Shadows, the guide specifically focuses on a sextortion tactic whereby the threat actor begins an online relationship with a married man and then threatens to reveal details of the affair to his partner unless a ransom is paid.

The guide claims this extortion method is the easiest for “novice”’ threat actors to start with, suggesting they could earn between £230 and £380 per extortion attempt. Dedicated subsections exist on criminal forums for this type of dating scam.

Even greater levels of sophistication could be around the corner, the researchers warn, if so-called “crowd-funding” schemes take off.

In April 2018, threat actor “thedarkoverlord” stole documents belonging to the insurance provider, Hiscox, including files related to the 9/11 attacks in the US. The threat actor hoped to play on the public’s appetite for 9/11-related controversy and encourages people to raise funds to view the documents. Currently this campaign has amassed around £8,904.

Crowdfunding models such as this, the researchers said, allow extortionists to raise funds from the general public rather than relying on victims giving in to ransom demands. Organisations dealing with inflammatory or sensational information should therefore consider how they would respond if an attacker opts for this course of action, they said.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

GCHQ warns of cyber security scams on Black Friday

GCHQ has issued an warning of cyber security scams on Black Friday.

GCHQ has issued an warning of cyber security scams on Black Friday.

Black Friday sales could be targeted as easy pickings for cyber-crime, according to Cheltenham-based GCHQ.

The National Cyber Security Centre, part of GCHQ, is advising shoppers of the risk of online threats. It is the first such official cyber security warning in the run up to Christmas.

GCHQ wants to start a “national cyber-chat” today (Black Friday), when billions are spent online. Known for working in secret, the agency wants to be open and engage with the public over the seriousness of the threat.

The National Cyber Security Centre has tackled more than 550 significant cyber incidents over the past year, and has taken down almost 140,000 “phishing” websites.

The National Cyber Security Centre (NCSC) is giving tips for shoppers to avoid cyber-crime – and for the first time it will be publishing answers to questions from the public on Twitter.

The agency recently warned of a serious and sustained threat from elite hackers in other countries, which could include the theft of millions from retailers and attacks on the financial networks the shops depend on.

The British Retail Consortium is backing the calls for better cyber security during the Christmas shopping season, and retailers continue to invest heavily in protecting themselves against cyber-threats.

The National Cyber Security Centre’s advice to reduce the risk of cyber crime is:

  • Install the latest software and app updates
  • Type in a shop’s website address rather than clicking on links in emails
  • Choose strong and separate passwords for accounts
  • Keep an eye on bank accounts for unrecognised payments
  • Avoid over-sharing unnecessary information with shops, even if they ask
  • Make sure all your home gadgets are secure

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Cyber security criminals outspend businesses in security battles

Cyber security criminals are spending 10 times more money finding weaknesses in the cyber defences of organisations than the organisations they target are spending on protecting against attack.

Cyber security criminals are spending 10 times more money finding weaknesses in the cyber defences of organisations than the organisations they target are spending on protecting against attack.

Research from Carbon Black carried out in August also asked 250 UK-based CIOs, CTOs and CISOs about the attacks they faced over the past 12 months.

In total, 92% of UK businesses have had cyber security breaches in the past year and nearly half off those reported falling victim to multiple breaches (three to five times in the past year).

A total of 82% of respondents said they have experienced more attacks this year than last year. In the financial services sector, 89% said this is the case, while 83% of government organisations and 84% of retailers had also experienced an increase in the number of attacks.

Malware was the most common attack on the UK organisations surveyed, with about 28% experiencing at least one such attempted breach. Ransomware was the next most common, with 17.4% reporting at least one attack.

“Following a global trend, cyber attacks in the UK are becoming more frequent and more sophisticated, as nation state actors and crime syndicates continue to leverage fileless attacks, lateral movement, island hopping and counter incident response in an effort to remain undetected,” said the report. “This issue is compounded by resources and budgeting. Not only is there a major talent deficit in cyber security, there is also a major spending delta.”

The report found that IT leaders believe Russia and China to be the source of the vast majority of cyber attacks, but it identified North America as the starting point for more attacks than Iran and North Korea combined.

If you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

LORCA identifies top priorities for cyber security innovation

The top priorities for cyber security innovation are identity management, patch management and configuration management.

The top priorities for cyber security innovation are identity management, patch management and configuration management.

“These are basic components of cyber security, but failure to do them well is still responsible for the bulk of cyber attacks that we are seeing.”said the new LORCA CEO  Hannigan

Identity is one area where the UK is particularly strong, with some great companies focused on it, he said, particularly in the academic “pre-company” sector, where universities are doing some “really innovative things” around identity management and authentication.

“Identity is key to cyber security, and if we can get a product out there that beats others, the sky is the limit, especially for the export market, and it will be about who gets there first with a viable solution,” he said.

Hannigan believes the internet of things (IoT) and cloud computing are two more areas where cyber security entrepreneurs should be focusing their efforts.

He said cloud computing is “problematic” because it makes it harder for companies to understand what the perimeters of their networks are.

“Even for those companies that have worked out what their cyber security policy is and managed the risks, suddenly to do all their processing and storage in the cloud complicates that,” said Hannigan. “It is not terminal, but it means they need to rethink their risks and mitigations.”

He advised organisations to look at the guidance on security in the cloud from the National Cyber Security Centre (NCSC).

IoT is ripe for innovation

The IoT is “ripe for innovation”, said Hannigan, because it is unlikely that regulation or government guidelines will address the immediate risks.

“It is going to be a long time before security by default is achieved, so in the meantime we need to find ways to mitigate potential disasters, with billions of devices connecting to the internet,” he said.

In terms of going to market, Hannigan advises cyber security entrepreneurs to spend some time considering things from the customer’s perspective.

“In the UK, companies are more likely to be conservative in their cyber security investments and stick with well-established suppliers than countries like the US and Israel, so startups need to take that into consideration,” he said.

Hannigan believes Lorca has a role to play here in helping startups to think through how their technology will integrate with existing IT environments, making it as easy as possible with minimal disruption.

Time and skills required by businesses

Although businesses do not necessarily need to spend a fortune on cyber security, it does require some time and sometimes skills that may be lacking in-house, said Hannigan.

“I do have sympathy for small businesses, but many are doing more than they used to in the past and are using things like Cyber Essentials and the small business guide because they are seeing how cyber attacks are affecting companies or because their insurance companies have told them to,” he said.

Hannigan believes there is a need for effective managed security services for small and medium-sized businesses. “A regular complaint I get is that managed security services suppliers are not really appropriate for small businesses and aren’t necessarily that effective, so there is a challenge there to the industry to come up with managed security services that really work and that don’t just dump the problem back onto the client, but actually do something about it,” he said.

LORCA to help drive UK cyber exports

LORCA – the new London cyber security innovation centre will help to boost exports of UK cyber security expertise.

LORCA - the new London cyber security innovation centre will help to boost exports of UK cyber security expertise.

A key part of the ambition for London’s £13.5m government-funded cyber innovation centre is that it will help drive UK exports, according to Robert Hannigan, former head of GCHQ.

“We hope that companies founded and given a boost and support in going to market will also go to market overseas,” he said at the official opening of the centre – to be known as the London Office for Rapid Cybersecurity Advancement (Lorca).

“The government’s ambition is very clearly to make the UK a leader in cyber security exports, and I see massive potential out there in countries around the world that need a variety of different solutions,” said Hannigan, who will lead Lorca’s industry advisory board.

“We know we have great talent, potential and possibilities, and bringing it all together was the challenge for government and what has led to this [cyber security innovation] centre,” he said.

The centre will play an important role in bringing together the many good innovators and incubators across the UK and provide a focal point for interacting with government, said Hannigan.

Lorca will also bring together cyber security innovators with academics in the field, with various industry sectors – starting with the cyber security-leading finance sector, with other technical and non-technical disciplines, and with international partners.

“This centre has links to the US, Israel and Singapore, and convening the three most prominent cyber security industry centres in the world is going to be very powerful in magnifying the value of this centre,” said Hannigan.

Commenting further on the potential for cyber security exports, Hannigan said there is a “massive market” out there because there are many economies that are some way behind the cyber security technology front-runners that are looking for solutions.

“There is massive potential, we have got some great companies, the UK has a good reputation and we should capitalise on that because if we put all that together and get it right, we will have a booming cyber security export industry,” he said.

“There is a lot of private sector capital looking to invest in cyber. So there is no shortage of capital, it is all about finding the right vehicle, and Lorca will help with that. But there is no reason why, in the future, there shouldn’t be more initiatives along the same lines.”

For this reason, Hannigan believes there is room for many more initiatives aimed at supporting cyber security entrepreneurs.

“There is no competition between incubators and accelerators within the UK – the more the merrier,” he said, explaining that each has something different to offer, with Lorca being more industry-focused with international links, for example, and the GCHQ accelerator and innovation centre in Cheltenham being more focused on national cyber security.

The government funding for Lorca will also promote its role as a convening body for other accelerators and incubators as a “useful way of amplifying the UK’s overall cyber security offering, particularly overseas, said Hannigan.

UK small business cyber security spend low despite breaches

The UK is the most breached country in Europe, but business’ IT cyber security spend remains low compared with other countries in the region, a report reveals

UK small business cyber security spend low despite breaches

More than a third of UK businesses reported cyber security attacks in the past year, which was higher than any other country in Europe, according to the European edition of the 2018 Thales data threat report.

However, despite a 24% increase in the number of attacks compared with the previous year, UK firms claimed to feel less vulnerable to data threats, compared with those across Germany, Sweden and the Netherlands, and consequently invested less in cyber security.

While more organisations across Sweden (78%) and the Netherlands (74%) admitted to being breached in the past, compared with just 67% of organisations in the UK, the report said it was a different story in the past 12 months.

Thales data shows that while 37% of businesses across the UK were breached, the figures were lower for Germany (33%), Sweden (30%) and the Netherlands (27%).

Despite the rise in attacks, just 31% of UK organisations said they feel “very” or “extremely” vulnerable to data threats, leaving the majority (69%) feeling “somewhat” or “not at all” vulnerable. Businesses across Sweden claimed to feel the most vulnerable (49%), followed by the Netherlands (47%) and Germany (36%).

Although 69% of UK organisations reported an overall increase in their IT security spending, with 15% saying it was much higher’ than the previous year, the report said the increase is still less than spend in Sweden, where 75% of businesses have upped their budgets to offset threats, and Germany where 76% have increased their IT security budgets.

While 72% of organisations polled have dedicated more money to IT security, UK businesses appeared to still fall short compared with their European counterparts, with 39% of Swedish respondents saying their budget was “much higher” than the previous year and an additional 36% claiming it was ‘somewhat higher’, and spending said to be “a lot more” by 29% of firms in the Netherlands and 24% in France.

The report also reveals that despite the two year bedding in period allowed for compliance with the EU’s General Data Protection Regulation (GDPR), 49% of companies in Sweden failed data security audits in the past year, followed by the Netherlands (38%), Germany (33%) and the UK (19%).

Aside from the UK, all other European countries showed decline in their efforts to meet compliance, which the report said was “worrying” in the light of the fact that there are so many changes to standards and regulations. Despite this drop, respondents across the board all cited compliance as being effective when it comes to preventing data breaches.

So if you want to save yourself stress, money and a damaged reputation from a phising data cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Skills shortage a major cyber security risk for small businesses

Cyber security skill shortages remain a major risk to small businesses who are still struggling to defend against cyber breaches, an new survey shows.

Cyber security skill shortages remain a major risk to small businesses who are still struggling to defend against cyber breaches, an new survey shows.

The proportion of information security professionals who feel organisations are getting worse at defending against major cyber security breaches has leapt from 9% to 18% in the past three years, the survey by not-for-profit industry body, the Institute of Information Security Professionals (IISP) has revealled.

Security industry leaders are increasingly putting emphasis on cyber resilience based on good detection and response capabilities, rather than relying mainly on defence technologies and controls.

“These results reflect the difficulty in defending against increasingly sophisticated attacks and the realisation breaches are inevitable – it’s just a case of when and not if,” said Piers Wilson, director at the IISP.

“Security teams are now putting increasing focus on systems and processes to respond to problems when they arise, as well as learning from the experiences of others.”

When it comes to investment, the survey suggests that for many organisations, the threats are outstripping budgets in terms of growth. The number of businesses reporting increased budgets dropped from 70% to 64% and businesses with falling budgets increased from 7% up to 12%.

According to the IISP, economic pressures and uncertainty in the UK market are likely to be restraining factors on security budgets, while the demands of the General Data Protection Regulation (GDPR) and other regulations such as Payment Services Directive (PSD2) and Networks and Information Systems Directive (NISD) are undoubtedly putting more pressure on limited resources.

The survey report highlights the problem of skills shortages with the proportion of respondents reporting a dearth of skills as a challenge growing to 18%, up from just 8% in 2015.

While acting as a potential brake on capability, the skills shortage is also driving job prospects year-on-year, reflected in a growth of respondents in all the higher salary bands and in those reporting good job and career prospects.

“This year’s survey further highlights the continued need for industry, government, academia and professional bodies like the IISP to continue to work to resolve these shortages in skills across all levels and disciplines,” said Amanda Finch, general manager at the IISP.

“We have seen AI and machine learning used in defensive security systems for some time and this is now starting to become part of a wider automation approach,” said Wilson. “But like the IoT, AI can also be exploited by cyber criminals, so we need to have the people and technologies to respond and mitigate these emerging risks.”

The IISP represents more than 8,000 individuals across private and government sectors, 41 corporate member organisations and 22 academic partners.

As well as surveying its members, the IISP opened the survey up to non-member security professionals, representing a wide range of ages, experience and industry sectors.

So if you want to save yourself stress, money and a damaged reputation from a phising data cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Top cyber security criminals earn up to £1.5m a year study shows

Academic study reveals just how lucrative cyber security crime can be, with top level cyber criminals out earning government leaders.
Academic study reveals just how lucrative cyber security crime can be, with top level cyber criminals out earning government leaders.

Cyber security criminals are acquiring, laundering, spending and reinvesting about £1.1 trillion in profits a year, research has revealed.

The highest earning cyber criminals are making up to £1.5m a year, almost as much as a FTSE250 CEO, according to a study commissioned by Bromium.

Mid level cyber criminals make up to £639,000, which is more than double the US president’s salary, while entry level cyber criminals make about £30,000, which is significantly more than the average UK graduate, the research noted.

The findings on how much cyber criminals earn from their illegal activities and what they spend their profits on are part of an 11-month study into the macro economics of cyber crime and how the various elements link together. It has been led by Michael McGuire, senior lecturer in criminology at Surrey University.

The report highlights how cyber crime has become a booming economy, and reveals cyber criminal links to drug production, human trafficking and even terrorism.

The use of ransomware, crime-as-a-service, data theft, illicit online marketplaces and trade secret/IP theft are helping cyber criminals generate huge revenues with relative ease, the report said.

According to the research the cyber security industry, business and law enforcement agencies need to come together to disrupt cyber criminals and cut off their revenue streams. By focusing on new methods of cyber security that protect rather than detect, we believe we can make cyber crime a lot harder.

Data gathered by the research team through first-hand interviews with 100 convicted or currently engaged cyber criminals, law enforcement agencies and financial institutions, combined with dark web investigations, reveals that 15% of cyber criminals spend most of their money on immediate needs, such as paying bills.

One fifth of cyber criminals focus their spending on drugs and prostitution, 15% spend to attain status or impress, but 30% convert some of their revenue into investments. Some 20% spend at least some of their revenue on reinvestments in further criminal activities, such as buying IT equipment.

The proceeds of cyber crime fuel other crimes, such as terrorism and human trafficking, the report said, much like a legitimate business reinvests profits to expand while also contributing towards core philanthropic values.

The research showed that cyber criminals are reinvesting their money to grow their own business, but also to promote other types of crime. Terrorism, human trafficking, drugs manufacturing and firearms trading have all been beneficiaries of cyber crime.

A lot of cyber criminals spend their money on increasing their status, whether that be with peers or romantic interests.

One individual in the UK, who made around £1.2 million per year, spent huge amounts of money on a trip to Las Vegas, where he claimed to have gambled $40,000 and spent $6,000 hiring sports cars so that they could ‘arrive in style’ at casinos and hotels.

Another UK cyber criminal funnelled his proceeds into gold, drugs, expensive watches and spent £2,000 a week on prostitutes. It’s alarming how easily cyber criminals are able to spend their illicit gains. There is an ever-growing market that is almost tailor-made for cyber criminals to make these ostentatious purchases with little to no regulation or oversight.

So if you want to avoid funding these criminals and save yourself stress, money and a damaged reputation from a phising data cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139