Cryptojacking, Ransomware Threats Continue To Grow, Warns NCSC
UK businesses face growing online danger and need to prioritise cyber security and work closely with law enforcement
Cyber criminals are launching more online attacks on UK businesses than ever before, GCHQ’s cyber-defence arm the National Cyber Security Centre has warned.
The warning comes in a new report ahead of the UK’s largest cyber security conference (CYBERUK 2018) it is hosting in Manchester, and it said that UK businesses will continue to be at risk if they only adopt a basic cyber security posture.
Indeed, it warns that most attacks will only be defeated by organisations which prioritise cyber security and work closely with government and law enforcement.
Attack trends
‘The Cyber Threat to UK Business’ report was written by both the NCSC and the National Crime Agency (NCA), in collaboration with industry partners.
It noted emerging threats such as theft from cloud storage and cryptojacking, in which computers are hijacked to create crypto currencies such as bitcoin.
But it said that 2017 will mostly be remembered as as the year of ransomware attacks and massive data breaches, supply chain threats, and of course, fake news stories.
The report said that attackers in many cases have achieved many of their aims by using relatively unsophisticated attack techniques, a trend which has blurred the distinction between nation states and cyber criminals, which in turn makes attribution all the more difficult.
The report cited the WannaCry ransomware attack in May 2017, which spread rapidly and randomly due to its use of a self-replicating worm.
And the report noted that last year also saw the enormous scale of the 2013 Yahoo breach, the 2016 Uber breach and the 2017 Equifax breach come to light, which showed that data is a valuable target for cyber attackers.
Meanwhile supply chain compromises of managed service providers and legitimate software (such as MeDoc and CCleaner) gave cyber attackers a potential stepping stone into the networks of thousands of clients.
“It is clear that even if an organisation has excellent cyber security, there can be no guarantee that the same standards are applied by contractors and third party suppliers in the supply chain,” said the report. “Attackers will target the most vulnerable part of a supply chain to reach their intended victim.”
And the report noted that cyber attacks have resulted in financial losses (and reputational damage) to businesses of all sizes. Attacks have also triggered declines in share prices and the sacking of senior staff. With the upcoming GDPR rules, the potential financial penalties could lead to severe fines for organisations which fail to prevent data breaches.
It also said that fake news (amplified on malicious websites and via defamatory social media campaigns) had an impact on UK businesses in 2017, showing the potential commercial impact of these practices.
Phising emails
Another emerging popular attack vector is criminals impersonating senior management, an attack known as business email compromise (BEC) . This essentially is a form of phishing attack where a cyber criminal impersonates a senior executive and attempts to coerce an employee, customer, or vendor to transfer funds or sensitive information to the phisher.
This represents one of the fastest growing, lowest cost, highest return cyber crime operation, the report warned.
In February the National Cyber Security Centre’s ‘Active Cyber Defence’ strategy blocked millions of scam emails that were imitating government addresses.
“The key to better cyber security is understanding the problem and taking practical steps to reduce risk,” said Ciaran Martin, chief executive of the NCSC. “This report sets out to explain what terms like cryptojacking and ransomware really mean for businesses and citizens, and using case studies, shows what can happen when the right protections aren’t in place.”
“UK business faces a cyber threat which is growing in scale and complexity,” said Donald Toon, director of the NCA’s Prosperity Command. “Organisations which don’t take cyber security extremely seriously in the next year are risking serious financial and reputational consequences.”
“By increasing collaboration between law enforcement, government and industry we will make sure the UK is a safe place to do business and hostile zone for cyber criminals,” said Toon.
Expert reaction
The report has been welcomed by security experts.
“It should come as no surprise that cyberattacks against UK businesses are on the rise, as threat actors are only becoming more sophisticated, targeted and collaborative with their tactics,” said David Kennerley, Director of Threat Research at Webroot.
“Last year we saw the devastating effects of global attacks, but in addition to ransomware, business leaders also need to be aware of emerging threats such as ‘cryptojacking’, which we found to be on the rise in 2017,” Kennerley added.
“As more organisations invest in technology, such as IoT, to improve business processes they’re also increasing their attack surface area,” said Kennerley. “These new devices are being rapidly adopted by businesses and consumers, but security is typically an afterthought.”
He said that business leaders must be aware of the vulnerabilities not only within their own environments, but in their supply chain as well. And that organisations need to utilise a multi-layered approach with real-time threat intelligence to detect all types of emerging threats and stop attacks before they strike.
“The results of the latest National Cyber Security Centre (NCSC) report are not at all surprising and the increase in cyberattacks against the UK is a direct result of several key influences,” said Joseph Carson, Chief Security Scientist at Thycotic.
“One thing that is clear is that cyberattacks are crossing country borders and disrupting our way of life, without nation-states taking responsibility,” said Carson. “Without clear cooperation and transparency, this will continue to grow as a major problem with a possibility of a full-on cyber war as retaliation.”
“Businesses come in all shapes and sizes, but in today’s world, no organisation, large or small, can afford to ignore online security,” said David Emm, Principal Security Researcher at Kaspersky Lab.
“Whether you’re a team operating out of an office, or an individual working from home, cybersecurity is an issue that every business should prioritise,” said Emm. “In light of the recent findings from the National Cyber Security Centre, it simply comes down to being prepared – and there are several steps that businesses should take to arm themselves against threats.”
“We need a fundamental shift in our thinking as the prevalent bastion mindset is fundamentally flawed,” said Matt Walmsley, EMEA Director at Vectra. “The notion of a defined perimeter no longer works – the ‘attack surface’ is growing exponentially through the increasing use of IoT, mobile and BYOD computing, and digital supply chains, all of which provide hackers with a myriad of new entry points to make their assaults.”
“The harsh reality is that the frequent evidence of breaches shows that even well-resourced organisations can and will be compromised as every defence is imperfect and something always gets through, ” said Walmsley.
“We need to quickly adopt a ‘I’m already compromised’ mentality and put in place security capabilities that not only block known threats but that are smart enough to detect and respond in real-time to active threats that have defeated or bypassed defensive controls and gained access and persistence within the organisation,” said Walmsley. “Only then do we have the chance to get ahead of the attacks before they become critical security incidents.”
Do you know all about security? Try our quiz!