A report looking into cyber threat to UK business warns attacks are “significant and growing.”
The report, which was conducted by the National Crime Agency (NCA) and National Cyber Security Centre (NCSC), highlighted ransomware as the most common cyber extortion method.
Ransomware is a malware that locks a user out of their device after it has covertly installed itself on the device. The malware then holds the data hostage, threatening to publish the victim’s information unless a ransom is paid.
Cyber security experts believe hackers will target devices such as smartphones, watches, televisions and wearable’s because the devices are most susceptible due to the limited security measures implemented by manufactures.
According to the report, cyber crime is becoming more aggressive with modern day attacks being of a scale and boldness not seen before. A growing cause for concern is the evolution of cyber criminal groups that are sophisticated enough to utilize the same advanced tools as governments to attack financial institutions.
With 65% of large UK businesses having detected a cyber security breach or attack in the past year, the report aims to raise awareness and guide businesses on what preventive measures they should employ for the future.
IT security experts from Synack, Impreva, DomainTools, Tenable and Alienvault discuss the issue of Ransomware and the threat it poses:
Mark Kuhr, CTO at Synack:
“If you worked at an auto company whose lock system was defective and enabled car thieves to easily steal customers’ vehicles, would you be concerned? Absolutely. Ransomware is no less of a business issue.
Businesses’ approach to security has not kept pace with the threat – this will have to change. Adversaries are creative and dynamic, so our security should be equally innovative. Defence in Depth no longer just applies to systems architecture – businesses need a pragmatic approach that integrates security across the organization with a dynamic defence system, secure development practices, and security team at scale. The cost of ransomware goes way beyond the attacker’s ransom – an attack now impacts the business. Not only is the GDPR hammering this home, but also chief executives that have neglected security are now coming under fire by the board.”
Jay Kaplan, CEO at Synack:
“The rise of ransomware, combined with the proliferation of IoT devices, has implications far beyond financially-motivated extortion. In a few short years, we may face a stark reality where malicious actors will possess the technical know-how to hijack Industrial Control Systems and hold both nation-states and multinational corporations hostage. Sophisticated attackers would be able to drop exploit payloads on a cluster of offshore oil rigs, encrypt the critical data feeds being used to support safe drilling operations, and demand an exorbitant ransom (probably in Bitcoin) in exchange for decrypting the feeds. At this point, the hostage will face a few choices: uphold the moral high ground and refuse to pay, cave in and pay the ransom, or do nothing. In this scenario, consumers, corporations, and nation-states would pay for a temporary halt in drilling production. We should rethink how we approach ransomware, connected devices, and cyber security. They’re issues that extend far beyond the CISO/CIO suite.”
Amichai Shulman, CTO and Co-Founder of Imperva:
“I don’t think that Ransomware is actually going to grow much bigger. I think it is as big as it can be for organizations and individuals alike (which is a lot). IoT devices, while susceptible to compromise are not targets of ransomware as they hold very little data which is mostly backed up automatically to cloud storage. Hence the devices themselves will not be threatened by ransomware.
Having said that, the true limitation for ransomware expansion today is distribution channels. In this domain IoT device do represent a threat to users and enterprises (and a growth opportunity for attackers). By compromising many IoT devices, attackers can (physically) make their way into more home and enterprise networks and use the compromised devices as a jumping board for attacks – including the distribution of ransomware to end stations and servers alike.”
Kyle Wilhoit, Senior Security Researcher at DomainTools:
“Ransomware has been the scourge of Internet Miscreants for a few years. As criminals have continued to innovate, they are realizing the potential of holding victim computers hostage. While this is a big problem, the likelihood of this issue becoming bigger is almost a guaranteed. NCSC and NCA are correct in assuming and talking about this attack vector continuing to gain notoriety. Bringing awareness to such a large problem will ideally help the defensive posture of any organization.
One of the more concerning scenarios would be an ICS or SCADA network getting compromised by ransomware. While this has happened on a few different occasions, the victim was not targeted because of the importance of the connected devices. These were opportunistic infections, ultimately causing outages to PLC’s and SCADA environments, all because ransomware took over several hosts. So, regardless of the ransomware being targeted or not, these infections will cause outages…Possibly severe. ”
Gavin Millard, EMEA Technical Director at Tenable Network Security:
“As the computational power, complexity and value of these devices increases, the probability they’ll be targeted by cyber criminals to monetize security flaws will also rise. Smartphones are a particular weak spot, with cherished photos being stored and rarely backed up. As with traditional IT equipment, it’s important connected devices are kept up to date, applying fixes the vendors release in a timely manner.”
Chris Doman, Security Researcher at AlienVault:
“These aren’t just theoretical attacks – ransomware attacks against smart TVs have already been seen in the wild. Embedded devices such as ATMs, routers, industrial control systems and printers have been targeted by malware for some time.
So far the only malware for fitness trackers I’ve seen are proof of concepts, and the same with thermostats.
Given many of these devices run standard versions of the Android operating system – they would likely be as susceptible to these attacks as a typical Android phone. However they may be less likely to encounter the attacks if users are rarely accessing the internet with them.
It’s certainly true these devices can record sensitive information. And it’s not only the devices themselves that could be compromised. A central database at a toy company was hacked in 2015, and in the process lost millions of photos taken by kids toys to hackers.”
Javvad Malik, Security Advocate at AlienVault:
“Ransomware will continue to be favoured by criminals looking to easily exploit devices and extort payment from victims.
We’ve seen proof of concept ransomware deployed against thermostats, but haven’t yet seen them myself against smart watches.
One of the key things to bear in mind is how easy IoT devices are to secure, for example, is it easy to change default credentials or disable insecure and unnecessary protocols.
Equally, it’s important to evaluate the recovery process. Something manufacturers can help with by building into their products, so that if it does fall victim to ransomware, it can be restored. Many devices can have factory settings reset with one click, while others may require manufacturer involvement. Worse yet, in some cases, recovery may be impossible, forcing users to pay the ransom as a last resort. It’s up to buyers to understand the recovery process for the devices they own, and to create a contingency plan should one of them be compromised.”