Cybercriminals are becoming more sophisticated and collaborative with every coming year. Indeed, incidents such as the recent alleged zero day breach at Lincolnshire Council highlight the impact this can have, as the council was forced to shutdown it’s IT for over four days. Medical records, addresses, dates of birth and bank details were allegedly exposed and a £1m ransom demand made.
Further, according to the latest report from the Office National Statistics, cybercrime including bank fraud, phishing scams, malware account for 3.8m incidents and 40% of crime in the UK. Yet the Government’s IT security initiative, Cyber Streetwise, highlights that around two-thirds of UK SMEs don’t believe their business is vulnerable to cyber-attack.
Onyx Group takes a look at the key vulnerabilities from 2015 and the biggest potential threats for 2016, as understanding the trends is the first step to combating the threat – forewarned is forearmed.
Ransomware
Ransomware uses malware to encrypt files, with the potential to lock access to a user’s computer and render important documents illegible until the victim pays a ransom. In 2015, it was firmly established as the malware attack of preference with many similar strains following in the footsteps of the original Cryptolocker which encrypted files on Windows computers, successfully extorting around $3 million from victims of the trojan.
A recent report published by the Australian Government suggested that 72% of businesses surveyed had experienced ransomware incidents in 2015, this was a significant rise from just 17% in 2013. Indeed the ransomware attack at Lincolnshire Council highlights that this type of threat will continue to cause problems for anyone in 2016 who has yet to get to grips with it. Effective backup, implemented and working perfectly beforehand, is the only sure fire way to ensure protection.
IoT and BYOD hacking
2015 was seen by many as the year of the Internet of Things (IoT) as a whole range of goods became connected to the Internet – fridges, light bulbs, house alarms, cars and medical devices, as well as smartphones and other mobile devices. In 2016 IT departments might be on top of the security of their servers and desktops, but with the rapid uptake of bring-your-own-device (BYOD) and mobile apps for work and home in particular, the risk of hacking from these devices will continue to cause a headache.
Out of date cryptographic protections
2015 saw weaknesses in older cryptographic protections including SSL with FREAK and Logjam bucking the trend, following 2014’s offenders such as POODLE and Heartbleed. This particularly impacts anyone running an ecommerce site, requiring continued vigilance to remain abreast of the newly disclosed flaws.
Under normal circumstances when communicating over an encrypted channel, a server and client negotiate to use the strongest protection that they’re both capable of; the FREAK flaw allows a malicious party the opportunity to force the connection to downgrade to use weaker protocols, which can then be cracked by an attacker. Typical examples of exposed data may include account passwords and credit card numbers. Fortunately for 2016, no flaws have been found in the updated TLS frameworks 1 and 2, at least for the time being.
To address both IoT hacking and out of date cryptographic protections, our advice is the same. Network administrators and IT teams need to know what is connected to, and running on, their networks. Findings from network audits and vulnerability assessments should identify suspect systems and services to mitigate these flaws.
Hidden backdoors
Flaws in Juniper’s secure networking devices used by the US Defense Department and the FBI and vulnerabilities in Trend Micro’s antivirus software, which were criticised last month by Google, serve as early examples of a trend for hidden backdoors being discovered, having been hard coded in vendor appliances. A backdoor is a way of bypassing authentication, allowing anyone to log into a network and is often used for securing unauthorised remote access. We’ve seen malicious parties starting to leverage the flaw in a bid to compromise vulnerable platforms, often within hours of a new weakness being disclosed, and crucially before some IT teams are even aware of the issue. It’s a question of system owners and administrators being able to keep on top of disclosures and react faster than the malicious parties attempting to leverage those flaws.
What can you do?
A reputable IT infrastructure provider will be able to provide you with advice on everything from firewalls and anti-virus to multi factor authentication, email, web security and backups. Further, if you choose to let them manage your network security, you benefit from leveraging specialist expertise and having them share responsibility for the potential risks.
