DNS attacks cost finance firms millions of pounds a year

The average cost of recovering from a single DNS attack is £711,069 – $924,390 for a large financial services company a new survey.

The costs of restoring services after a DNS (Domain Name System) attack are higher for financial services firms than for companies in any other sector.

According to a survey of 1,000 large financial services firms in Europe, North America and Asia Pacific, the average cost of recovering from a single DNS attack is $924,390 for a large financial services company.

The survey, carried out by network automation and security supplier EfficientIP, and its subsequent 2018 Global DNS threat report found that the average cost of recovery for such finance firms had increased by 57% compared with last year.

It also revealed that financial services firms suffered an average of seven attacks each last year, and 19% of them were attacked more than 10 times.

The survey found that finance firms took an average of seven hours to mitigate a DNS attack and 5% of them spent a total of 41 working days mitigating attacks in 2017. More than a quarter (26%) lost business because of the attacks.

The most common problems caused by DNS attacks are cloud service downtime, compromised websites and internal application downtime.

“The DNS threat landscape is continually evolving, impacting the financial sector in particular,” said David Williamson, CEO at EfficientIP. “This is because many financial organisations rely on security solutions that fail to combat specific DNS threats.

“Financial services increasingly operate online and rely on internet availability and the capacity to securely communicate information in real time. Therefore, network service continuity and security is a business imperative and a necessity.”

Types of DNS attack include:

Zero day attack – the attacker exploits a previously unknown vulnerability in the DNS protocol stack or DNS server software.
Cache poisoning – the attacker corrupts a DSN server by replacing a legitimate IP address in the server’s cache with that of another, rogue address in order to redirect traffic to a malicious website, collect information or initiate another attack. Cache poisoning may also be referred to as DNS poisoning.
Denial of service – an attack in which a malicious bot sends more traffic to a targeted IP address than the programmers who planned its data buffers anticipated someone might send. The target becomes unable to resolve legitimate requests.
Distributed denial of service – the attacker uses a botnet to generate huge amounts of resolution requests to a targeted IP address.
DNS amplification – the attacker takes advantage of a DNS server that permits recursive lookups and uses recursion to spread the attack to other DNS servers.
Fast-flux DNS – the attacker swaps DNS records in and out with extreme frequency in order redirect DNS requests and avoid detection.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 03333 393 139 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Most small businesses (SMEs) not prepared for GDPR

There is still much work to be done before small businesses (SMEs) are fully prepared for the EU’s General Data Protection Regulation (GDPR).

There is still much work to be done before small businesses (SMEs) are fully prepared for the EU’s General Data Protection Regulation (GDPR).

With the GDPR compliance deadline just over six months away, the UK’s small business community remains unsure about a number of related issues.

Small businesses are struggling to come to grips with what “personal data” really means, their customers’ new and extended rights, and whether the permissions they currently have to contact customers will meet the requirements of GDPR.

This is one of the key findings of the Close Brothers Business Barometer, a quarterly survey that questions more than 900 SME owners and senior management across a range of sectors and regions in the UK and Republic of Ireland.

“GDPR is intended to strengthen and unify data protection for individuals within the EU, but will also affect the UK regardless of Brexit,” said Neil Davies, CEO of Close Brothers Asset Finance.

“It will ensure that all personal data has to be managed in a safe and secure way, has to be gathered lawfully, is only used for the purposes for which it was collected, and must be accurate and up to date.

Poor understanding of GDPR compliance requirements

“The figures from the barometer tell us that uncertainty persists on a number of key compliance issues, and SMEs are concerned about the implications for their business.”

Less than a third (31%) of SMEs answered “yes” to the question, “Are you clear what ‘personal data’ means in a business context?”, with 50% responding “sort of” and the remaining 19% saying “no”.

“On a positive note, 73% of firm owners categorically stated that they do not share customers’ personal data with third parties,” said Neil. “There are, however, companies openly admitting to sharing customers’ details (8%), and a further 18% conceding they were unsure of whether they do or not.”

Less than half (48%) of respondents said they understand the new and extended rights that customers have when it comes to collecting and utilising their personal information.

Despite the lack of clear understanding of the extended rights customers will have, 58% of SMEs are confident that the permissions they currently have to contact customers will meet the requirements of GDPR.

“This still leaves more than 40% of firms which are unconvinced about their readiness ahead of 25 May 2018,” said Neil. “How it works is that companies must get prior consent from data subjects – opt in – and record that consent. What’s more, the consent must relate specifically to the purposes of why a company needs that data – companies cannot get consent for one purpose and then use the gathered personal data for another.

“On top of this, consumers must be able to revoke their consent as easily as it was originally given, because many consumers complain that it is easy to opt in to data gathering, but difficult to unsubscribe or opt out.”

Of those polled, 44% said they had a process in place to ensure their firm was collecting data in the correct manner, against 35% who were “unsure” and 21% admitting they had no existing process in place

“Businesses have to be seen to be compliant, and this includes ensuring these sorts of processes are in place to ensure customers are fairly treated,” said Neil.

So if you want to save yourself stress, money and a damaged reputation from a data incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

SMEs more vulnerable than ever to cyber security attacks

The overwhelming majority of cyber security attacks on small to medium sized enterprises (SMEs) result from poor password management, a study of 1,000 UK and US SMEs by the Ponemon Institute shows.

The overwhelming majority of cyber security attacks on small to medium sized enterprises (SMEs) result from poor password management, a study of 1,000 UK and US SMEs by the Ponemon Institute shows.

Despite this fact, SMEs are doing very little to boost visibility into the password practices of their employees, according to the study sponsored by password management firm Keeper Security.

The study report said employee negligence is the top root cause of successful data breaches.

“Survey respondents believe cyber attacks are becoming more targeted, more severe in terms of consequences, and more sophisticated,” said Larry Ponemon, chairman of the Ponemon Institute. “So you would think things would be getting better in terms of protecting themselves, but they are really trending to worsening.”

According to the survey – 61% of respondents reported a cyber security attack, up from 55% a year ago – while 54% reported a data breach, up from 50% a year earlier.

Ransomware attacks were reported by 52% of respondents, with 53% of those reporting they were hit by more than one ransomware attack.

The total costs associated with successful cyber attacks on SMEs now total well in excess of £1m, meaning a single attack could bring an SME to its knees financially.

Not only has the cost of data breaches risen to an average of just over £1.2m including all attack mitigation and business disruption costs from £717,909 a year ago, but the average number of records stolen has soared from just over 5,000 per attack last year to 9,350 this year – an 87% increase.

While 54% of respondents say the root cause of the attacks are negligent (not malicious) employees, a full third of the companies surveyed could not even determine the root cause.

An ongoing lack of attention to password usage underlies much of the cyber security woes at SMEs, the study said, referring to the latest Verizon Data Breach Investigations Report, which noted that 81% of all cyber attacks result from poor password management practices.

More information about SME cyber security risks

  • SMEs are failing to address cyber threats despite the risks.
  • SMEs typically face the same threats as bigger organisations, but lack the same level of expertise and other security resources.
  • The latest Ponemon research shows that 59% of respondents said they have no visibility into their employees’ password practices, which is unchanged from a year ago.

Among the bad practices cited are using the same passwords for access to multiple accounts and servers; sharing passwords in highly insecure ways; and failing to use strong passwords, settling instead for 123456 or other very easily compromised passwords.

Less than half – 43% – of SMEs surveyed have any sort of password policy in place. And of those that do have such a policy in place, 68% (up from 65% last year) said they either do not strictly enforce the policies or are unsure if they are enforced.

According to the study, SMEs need to implement greater data protection beyond the “traditional” protection tools, with two-thirds of respondents reporting cyber attacks that evaded the company’s intrusion protection defenses, up from 57% a year ago, and 81% reporting such attacks evading traditional antivirus defences, up from 76% last year.

The Ponemon study shows that the top barriers to adopting better cyber defences are a lack of trained security staff (73%) and inadequate budget (56%).

However, the report said given the enormous costs associated with a data breach, failing to protect against today’s dynamic threat environment could prove disastrous, and the costs associated with doing so may not be as high as imagined.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Business needs help to act on cyber security advice

Businesses need help to act on all the information they receive about cyber security according to the London Digital Security Centre,

Businesses need help to act on all the information they receive about cyber security according to the London Digital Security Centre,

Small businesses need help in tackling cyber crime and embracing cyber security, not just information, according to John Unsworth, chief executive of the London Digital Security Centre (DSC).

“Information is good, but action is better,” he told the Whitehall Media Enterprise Cyber Security Conference in London. “There is a lot of information, but businesses want help in implementing it.”

The London DSC was set up as a not-for-profit organisation in 2015 by the Mayor’s Office for Policing and Crime to help the city’s roughly one million small businesses protect themselves from cyber crime.

The centre is run as a joint venture between the Mayor of London, the Metropolitan Police Service and the City of London Police to protect small businesses that are at the heart of the economy.

“The point of the centre is to help businesses act on the wealth of information that is out there to take control of their cyber security by implementing controls that make a difference,” said Unsworth.

“Part of our role is also to cut through the noise and show businesses that the things that will make a difference for the majority of small businesses cost little or nothing to implement.”

Many of the things small businesses can do to improve their cyber security only have a cost in time and effort, said Unsworth. “Cyber security is not always about buying a technical solution,” he added.

Investments in security technologies depend on the size of the business, the business operating model and what the business is trying to achieve, he said. “So for businesses that handle sensitive information, there is a cost because they need to ensure that data is protected and demonstrate that they have a good security posture.”

The role of the London DSC is to identify and prioritise business needs in terms of cyber security controls, said Unsworth.

 

Underlining the need to support small business in the face of cyber crime, Unsworth said that although more than 50% of crime reported to police is cyber enabled in some way, only 0.1% of policing resources across England and Wales are dedicated to the prevention and detection of cyber crime.

This is symptomatic of the fact that not everyone recognises that cyber crime is a big problem and it tends to be under-reported, he said. “What we need to start doing is creating a little bit of evidence noise about what the issues are, so we can get the right type of response to all of this.”

 

“What we have got to change and shift is this behaviour, so what we have done is to set about getting face-to-face with small businesses and talk to them one-to-one rather than relying on social media campaigns to get businesses to take cyber security more seriously.”

“When you start speaking to them in simple language, they soon realise that all cyber security is really about is understanding what you are using, what you are connected to, and if you have got the right controls in place,” said Unsworth.

Small businesses in denial over cyber security threats

According to Unsworth, many small businesses are in denial when it comes to cyber crime – they tend to think it will not happen to them because they don’t understand why they might be targeted.

“We want to help businesses avoid the regret of not doing something that could have prevented a cyber attack by helping them to embrace cyber security and putting in appropriate controls,” he said.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

National Cyber Securty Centre’s 2017 Annual Review

The National Cyber Security Centre (NCSC) celebrates its first anniversary of operations this week.

The National Cyber Security Centre (NCSC) celebrates its first anniversary of operations this week.

The Annual Review highlights the work it has done to make the UK the safest place to live and work online.

While there is still much work to be done, the NCSC’s first annual report says it has prevented thousands of cyber attacks since its inception.

The NCSC received 1,131 incident reports, with 590 classed as “significant”, according to the agency’s first annual review.

Those “significant attacks” ranged from attacks on key national institutions such as the National Health Service (NHS) and the UK and Scottish Parliaments, through to attacks on large and small businesses and other organisations, said Ciaran Martin, chief executive of the NCSC.

But, he said, so much of the NCSC’s work aims to make successful attacks less likely, and to that end the NCSC has so far produced more than 200,000 protective items for military communications; supported the Cabinet Office in developing more secure communications for key government organisations; and supported the Home Office in ensuring the security of new mobile communications for emergency services.

The NCSC, part of GCHQ, brought together elements of its parent organisation with previously separate parts of government and intelligence to create a single, one stop shop for UK cyber security, with the aim of making the UK the safest place to live and work online.

A crucial part of the NCSC’s role is to help everyone in the UK operate more securely online.

“Through a pioneering partnership with the private sector, tens of millions of suspicious communications in the UK are being blocked every month,” he said.

Martin highlighted the fact that the NCSC’s Active Cyber Defence programme has developed capabilities, which have seen the average lifetime for a phishing site hosted in the UK reduce from 27 hours to less than an hour.

He added that the NCSC’s information-sharing platform with industry, the Cyber Security Information Sharing Partnership (CiSP), grew 43% over the year.

However, he said the NSCS still has much to do in the years ahead to “counter this strategic threat to our values, prosperity and way of life” in collaboration with GCHQ and the UK intelligence community, law enforcement, wider government, industry and the rest of the world.

Martin said cyber security is crucial to the UK’s national security and prosperity. “We’re incredibly proud of what we have achieved in our first year, bringing together some of the best cyber security brains in the country in a single place.

“But the threat remains very real and growing – further attacks will happen and there is much more for us to do. We look forward to working with our partners at home and abroad in the year ahead in pursuit of that vital goal,” he said.

According to the review, tens of millions of cyber attacks are being blocked every week by industry partners implementing NCSC’s Active Cyber Defence programme

The programme currently includes the NCSC’s protected domain name server (DNS) service built by Nominet to block bad stuff from being accessed from government systems; the use and support of the domain-based message authentication, reporting and conformance protocol (Dmarc) to block bad emails pretending to be from government; and a phishing and malware countermeasures service to protect the UK, including government brands.

Similarly, while the number of IP-addresses associated with phishing around the world is up 47% this year, the UK share of those has gone down from 5.1% to 3.3%.

 

Million new cyber phishing sites created each month

Cyber phishing attacks continue to increase in volume and sophistication, according to researchers at security firm Webroot.

Cyber phishing attacks continue to increase in volume and sophistication, according to researchers at security firm Webroot.
In May 2017, the number of new phishing sites reached a new high of 2.3 million in that month alone, according to the September 2017 Webroot Quarterly Threat Trends Report.

Data collected by Webroot shows that the latest phishing sites use realistic web pages that are almost impossible to find using web crawlers to trick victims into providing personal and business information.

Once this data is harvested, attackers are able to steal digital identities to access business IT systems to steal data and compromise business email accounts to carry out CEO fraud attacks.

The Webroot data also shows phishing attacks have grown at an unprecedented rate in 2017, with it continuing to be one of the most common, widespread security threats faced by both businesses and consumers.

According to the report, phishing is the top cause of cyber breaches in the world, with an average of more than 46,000 new phishing sites created each day.

The sheer volume of new sites makes phishing attacks difficult to defend against for businesses, the report said.

Even if the block lists are updated hourly, they are generally 3–5 days out of date by the time they are made available, the report said, by which time the sites in question may have already victimised users and disappeared.

Attacks are increasingly sophisticated and more adept at fooling the victim, the researchers found. The note that while in the past, phishing attacks randomly targeted as many people as possible,today’s phishing is more sophisticated.

Cyber attackers now typically research their targets and use social engineering to uncover relevant personal information for individualised attacks. Phishing sites also hide behind benign domains and obfuscate true uniform resource locators (URLs), fooling users with realistic impersonated websites.

The researchers found that zero-day websites used for phishing may number in the millions each month, yet they tend to impersonate a small number of companies. Webroot categorised URLs by the type of website being impersonated and found that financial institutions and technology companies are the most phished categories.

According to an FBI public service announcement issued on 4 May 2017, phishing scams cost US business $500m a year, while Verizon found phishing to be involved in 90% of breaches and security incidents and a report by ESG showed that 63% of surveyed security and network influencers and decision makers have suffered from phishing attacks in the past two years.

In the ESG report, 46% of respondents said malware attacks have become more targeted over the past two years, and 45% said there is a greater volume of malware than in the past two years.

“Today’s phishing attacks are incredibly sophisticated, with hackers obfuscating malicious URLs, using psychology and information gleaned from reconnaissance to get you to click on a link,” said Hal Lonas, chief technology officer at Webroot.

“Even savvy cyber security professionals can fall prey. Instead of blaming the victim, the industry needs to embrace a combination of user education and organisational protection with real-time intelligence to stay ahead of the ever-changing threat landscape,” he said.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Millions of customer records hacked in major Equifax security breach

A major security breach at Equifax has taken place over a two month period

A major security breach at Equifax has taken place over a two month period

It is thought to have affected 143 million customers in the US, as well as an undisclosed number of Britons and Canadians.

The perpetrators exploited a vulnerability in a US website application to gain access to confidential information – including names, social security numbers, birth dates, addresses and driver’s license numbers, as well as around 209,000 credit card numbers – over a two month period from May 2017.

It also found unauthorised access to “limited personal information” of a number of British and Canadian customers, and will work with regulators in both countries to determine an appropriate path forward. It added that it had found “no evidence” of any unauthorised activity on its core consumer or enterprise credit reporting databases.

Since halting the intrusion on 29 July, Equifax has been working closely with law enforcement and brought in a cyber security partner to conduct a thorough forensic review of its systems. This investigation is mostly complete, but more detailed information is expected to emerge in the coming days and weeks.

Equifax has confirmed that the massive data breach was result of missed patch and appear to have failed to roll out a patch that might have stopped the massive breach of its systems.

From a hacker perspective, many organisations are still leaving the front door open and the windows unlocked. Failure to protect and handle data correctly can also result in punitive actions for companies participating in the digital economy.

In a brief update statement, Equifax said it had been “intensely investigating” the scope of the intrusion with the help of an undisclosed cyber security firm – thought to be Mandiant – to find out exactly what information was accessed and whom it belongs to.

“We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638,” it said. “We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.”

Apache Struts is an open-source model-view controller (MVC) framework for building Java web applications, and is well used across the financial services sector. The vulnerability causes it to mishandle file upload, which enables malicious actors to execute arbitrary commands via a command string in a crafted content-type HTTP header.

This was first highlighted in March 2017, and patches were subsequently released for it.

However, the Equifax breach began in May, which would seem to suggest the organisation did not bother to apply the updates to its systems.

Since news of the breach emerged, it has also emerged that the incident may have resulted in many more Britons than at first suspected having their data compromised – around 44 million by some estimates.

This is because even if people do not directly purchase Equifax’s consumer services themselves, some of their sensitive personal data is almost certainly held by enterprises, which use its corporate services to check credit scores for loans, for example.

Experts criticised the Equifax breach response as insufficient given the size and scope of the data loss, and said the company was likely not prepared for such an incident.

While doing preparation work for GDPR, organisations should look at the Equifax breach and understand they would have to notify customers of a problem much sooner.

“We will be advising Equifax to alert affected UK customers at the earliest opportunity. In cyber attack cases that cross borders the ICO is committed to working with relevant overseas authorities on behalf of UK citizens.”

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

How to improve cyber security against email attacks and for GDPR compliance

Emails are becoming increasingly dangerous for cyber security risks.

Emails are becoming increasingly dangerous for cyber security risks.

About 200 billion emails are sent every day, but because of its importance email is constantly exploited by attackers – yet is often overlooked in cyber security strategies

From a hacker perspective, many organisations are still leaving the front door open and the windows unlocked. Failure to protect and handle data correctly can also result in punitive actions for companies participating in the digital economy.

The General Data Protection Regulation (GDPR), set to come into force in May 2018, is designed to protect European Union (EU) citizensí data, and organisations that want to operate within the EU will be expected to comply with it.

Section 2 of the GDPR states that organisations must ìprotect personal data against accidental or unlawful destruction or accidental loss and to prevent any unlawful forms of processing, in particular any unauthorised disclosure, dissemination or access, or alteration of personal dataî.

The European Commission defines personal data as ìany information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computerís IP addressî.

This regulation of greater email protection arrives shortly after the WannaCry and Petya cyber attacks. Despite emails being used regularly, they remain vulnerable to attack, both as a target and as an attack vector.

Several malware families, such as Emotet and Trickbot, have recently added functionality that enables them to spread via email. Emotet, for example, now has the capability to steal email credentials from infected computers and use these to send out emails to spread itself further.

The dangers that organisations can expose themselves to through unsecured email accounts are often more than just compromised emails. Financial account information can be leaked, ransomware and viruses can infect networks, and reputational damage can occur from hacks being disclosed. This disclosure will become mandatory under the GDPR.

Developing a security policy for email can be relatively simple, and a natural first step for bringing organisations into alignment with GDPRís requirements. However, a companyís email security protocols are only as strong as the employees who use them.

Email cyber security risks

Anti-virus filtering should be used on all email traffic.

Although this will not be a complete solution in itself, it will remove much of the background noise – the easy-to-spot threats -allowing security teams to focus on the more sophisticated attacks. Organisations should also consider using a secure anti-malware proxy or next-generation firewalls.

Some organisations may want to consider whitelisting or blacklisting filters for managing their email security. With whitelisting, only known, trusted email sources are allowed through; with blacklisting, all but the known, malicious email sources are blocked.

Whitelisting offers more protection, but it will inevitably block some important emails, which can cause frustration for employees.

Some organisations have gone as far as to block all attachments, which is effective in preventing malicious attachments, but naturally has consequences.

But there is no such thing as 100% security.

Organisations need to educate their employees in how to spot fraudulent emails and raise awareness of the dangers of malicious emails.

To engage the participants, this education should be easy to understand and should not rely on technical jargon. Staff should be positively encouraged to report suspicious emails and given feedback about any emails reported. Not only will this allow the security settings to be updated, but it will also educate staff further.

It is also vital to tailor the message to the particular audience. For example, telling an HR department not to open attachments from external addresses will not work, because they deal with people who are applying for jobs.

Following recent incidents of leaked emails, many organisations are now encrypting emails, installing encryption protocols as add-ons to existing email apps.

Not only do these systems rely on end-to-end encryption to secure their content, but some also ensure compliance with the GDPR. ìThere are hundreds of email security or encryption services, but we have found customers need verifiability, which is in high demand because of GDPR,î says Kurt Kammerer, CEO of Regify.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Business warned of massive ransomware campaign

Cyber security researchers are urging businesses to prepare for ransomware attacks after the discovery of a massive cyber attack campaign

Cyber security researchers are urging businesses to prepare for ransomware attacks after the discovery of a massive cyber attack campaign

Businesses should ensure employees are aware of the dangers of email attachments in the light of evidence of large scale ransomware distribution campaigns.

On 28 August, more than 23 million email messages were sent in just 24 hours with malicious attachments containing variants of the Locky ransomware, according to researchers at AppRiver.

As a first line of defence, businesses are urged to inform employees of the ransomware risks associated with email attachments.

Businesses are advised to pay particular attention to raising awareness among employees who have access to sensitive data with high business impact.

In the second quarter of 2017, ransomware was the most popular form of malware, with 68% of all malicious email messages bearing some variant of ransomware, according to security firm Proofpoint.

In particular, email recipients should be wary of any attachments to email with the subject such as: please print, documents, photo, images, scans, pictures, and payment.

Some of the latest Locky campaings send emails appearing to be from the targeted organisationís scanner, printer or other legitimate source, warns Comodo Threat Intelligence Lab.

The latest versions of the Locky ransomware are typically downloaded by a Visual Basic Script file in a ZIP file nested in another ZIP file as soon as the attachment is clicked.

Locky then encrypts all files on the system before instructing the victim to install the TOR browser and visit a .onion (Darkweb) site to process payment of .5 Bitcoins worth around $2,150.

Once the ransom payment is made the attackers promise a redirect to the decryption service, but the consensus among law enforcement and security industry representatives is to advise against payment because there is no guarantee the files will be decrypted or that the attackers will not strike again.

As there are currently no publicly shared methods to reverse the latest Locky variants, security researchers say employee awareness is paramount.

As a second line of defence, businesses are advised to ensure they have systems in place that can block spoofed emails and detect new variants of malware such as advanced analysis at the email gateway.

However, with each resurgence of Locky, the ransomware has continued to evolve to evade enterprise security defences, making it notoriously difficult to detect.

In the latest round of Locky ransomware campaigns that started around 9 August 2017, some Locky variants include sandbox evasion capabilities, according to security researchers at Malwarebytes Labs.

Malware authors have used booby trapped Office documents containing macros to retrieve their payloads for some time, but ordinarily, the code executes as soon as the user clicks the ìEnable Contentî button.

Sandboxes will not help the cyber security risks

For analysis purposes, many sandboxes lower the security settings of various applications and enable macros by default, which allows for the automated capture of the malicious payload.

However, Malwarebytes researcher Marcelo Rivero discovered that some of the latest versions of Locky do not simply trigger by running the macro itself, but wait until the fake Word document is closed by the user before it starts to invoke a set of command to download the ransomware and issue the ransom demand.

‘While not a sophisticated technique, it nonetheless illustrates the constant cat and mouse battle between attackers and defenders. We ascertain that in their current form, the malicious documents are likely to exhibit a harmless behavior in many sandboxes while still infecting end users that would logically close the file when they realise there is nothing to be seen,’ Rivero and colleague JÈrÙme Segura wrote in a blog post.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Business confidence in managing cyber security threats low

Business digital transformation and cyber security threats have outpaced enterprise security capacity, a survey has revealed

Business digital transformation and cyber security threats have outpaced enterprise security capacity, a survey has revealed

An average of 40% of organisations experienced five or more significant security incidents in the past 12 months, according to the survey report by digital threat management firm RiskIQ.

The most cited external threats included malware, ransomware, phishing, domain and brand abuse, online scams, rogue mobile apps, and social impersonation.

In the face of these threats, 70% of respondents said they had little or no confidence in reducing their digital attack surface, expressing the least confidence in threats against web, brand and ecosystem assessment.

The majority of those surveyed are aware some of their digital security measures are immature or ineffective, with only 31% expressing high confidence in the likelihood their organisations can mitigate or prevent digital threats despite all respondents increasing their near-term digital security spend.

More than half of survey respondents expect their near term digital defence investment to increase between 15% to 25% or more.

Correspondingly, nearly half of respondents view cyber threat intelligence as ‘very important’, and all respondents saw cyber threat intelligence tools as being ‘very important’or ‘somewhat important’- especially in fortifying research and reducing time to respond to external threats.

However, confidence in capacity to address digital threats appears to be higher in the UK, with UK respondents seeing more value than US counterparts in the ability for cyber threat intelligence and digital threat management tools in reducing time to remediate threats.

In terms of industry sectors, the survey shows digital threat management appears more progressive among organisations in financial services, manufacturing and consumer goods in terms of overall expenditure.

Larger companies felt they were better able to update control systems and collaborate across departments perhaps showing the benefits of scale and smaller companies felt best able to inform others about the status of external attacks, perhaps reflecting the benefits of having a smaller base to worry about.

Nearly a quarter of healthcare and pharmaceutical respondents felt little to no confidence in their ability to assess digital risk.

Outsourcing the cyber security risks

In an attempt to mitigate the cyber security risks organisations are outsourcing a third of digital threat management tasks to managed security service providers (MSSPs), and outsourcing looks set to grow by nearly 13% in compound annual growth rate by 2019.

The survey shows the UK is growing faster in its plans to outsource digital threat management tasks to MSSPs, with an expected year-on-year growth rate for the UK of 17% compared with just 11% in US.

‘The independent research provides a useful litmus test for the level of exposure, controls and investment regarding external web, social and mobile threats among global industries,’ said Scott Gordon, chief marketing officer at RiskIQ.

‘The findings validate the need for enterprises to leverage cross-channel intelligence, automation and resource optimisation as they build out digital defences to reduce operational and reputational risk.’

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139