NCSC: Personal Gadgets At Risk From Ransomware

Personal devices such as smartphones, watches, televisions and fitness trackers are the next frontier for the online attackers behind a growing wave of ransomware, according to a joint study by the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).

Ransomware, which encrypts all the data it finds on a user’s system and demands a payment to restore access, affected organisations across a wide range of sectors last year, and “the rise of internet connected devices gives attackers more opportunity” said the NCSC and the NCA in their 2016/17 report on the cyber threat to UK business.

Devices targeted

Attackers could target any data users might be willing to pay to have restored.

“Ransomware on connected watches, fitness trackers and TVs will present a challenge to manufacturers, and it is not yet known whether customer support will extend to assisting with unlocking devices and providing advice on whether to pay a ransom,” the study said.

Such smart devices are still “inherently more difficult” to attack than PCs and laptops, meaning incidents may initially be limited to users who download applications from unsecured third-party online shops, according to the report.

Such malware is, however, also regularly found on mainstream app stores such as those operated by Google and Amazon.

NCSC technical director said the best defence against ransomware was to ensure device software was up to date and that data was regularly backed up.

The study also highlighted concerns that criminals could use the same sophisticated tools used by nation-states to attack financial institutions.

On the other end of the scale, it said basic software is becoming increasingly easily available that allows those with little technical ability to target smaller businesses and the general public.

‘Growing’ business threat

Overall, the study found the cyber threat to UK business is “significant and growing”.

In the three months following the NCSC’s establishment there were 188 “high-level” attacks and “countless” lower-level incidents, the group said.

It listed attacks on the US’ Democratic Party, the Ukrainian power grid and the central bank of Bangladesh to show that 2016 was “punctuated by cyber attacks on a scale and boldness not seen before”.

NCSC chief executive Ciaran Martin said such incidents indicate the need for effective action to protect the UK’s infrastructure.

“Cyber attacks will continue to evolve, which is why the public and private sectors must continue to work at pace to deliver real-world outcomes and ground-breaking innovation to reduce the threat to critical services and to deter would-be attackers,” he said.

Donald Toon, director for economic and cyber crime at the NCA, said it is essential for businesses to report computer crime in order for law enforcement to gain an accurate picture of the threat.

The report is due to be published on Tuesday as the NCSC hosts the CyberUK computer security conference in Liverpool.

Over the weekend Martin warned in a letter to the major political parties that the next general election could be disrupted by Internet-borne attacks.

Do you know all about security in 2017? Try our quiz!