Reports chart rise of ransomware and crypto-mining attacks
Reports out today have revealed the scale and severity of cybercrime threats facing UK businesses – with spyware the number one threat but ransomware and cryptomining detections rising sharply.
The National Cyber Security Centre (NCSC) and National Crime Agency (NCA) counted 34 significant attacks that required a cross-government response between October 2016 and the end of 2017, in addition to 762 less severe attacks across this period, in a joint report released today.
Their report, titled ‘The cyber threat to UK businesses 2017-2018′, said 2018 would bring further attacks; warning vulnerabilities in Internet of Things (IoT) devices will grow, as well as highlighting the increased threat of crypto-jacking – where hackers force victims’ computers to unwittingly mine cryptocurrencies – and the growing temptation for attackers to target sensitive information stored on cloud services.
Major incidents in 2017 included ransomware and distributed denial of service (DDoS) attacks, massive data breaches, supply chain compromises, as well as fake news and information operations.
The NCSC said the risk to UK companies is “bigger than ever”, and Ciaran Martin, NCSC chief executive, emphasised the need for public organisations to share knowledge to fend off attacks.
“We are fortunate to be able to draw on the cyber crime fighting expertise of our law enforcement colleagues in the National Crime Agency,” he said. “This joint report brings together the combined expertise of the NCA and the NCSC. The key to better cyber security is understanding the problem and taking practical steps to reduce risk.”
Raj Samani, chief scientist and fellow at cybersecurity firm McAfee, said sharing knowledge should extend to the private sector too. He said: “The NCSC rightly highlights the importance of collaboration in underpinning the UK’s response to cyberattacks. One way to do this in in adopting threat intelligence sharing. In learning about the attacks that other similar organisations are facing, IT and security professionals can ensure that they are prepared to defend against the popular attacks of the day.”
Verizon also released its 11th annual Data Breach Investigations Report today, the findings of which may prove somewhat unsurprising for those who have been keeping an eye on the security landscape over the last few years.
Predictably, ransomware was one of the biggest threats, becoming the most commonly-seen form of malware over the course of 2017, up from fourth place the previous year. One notable change, however, is that ransomware infections are increasingly affecting business-critical systems rather than just desktops.
Ali Neal, director of international security solutions at Verizon, told IT Pro that although these results may not be surprising, they are still significant. “We have to call out things whether they’re obvious or slightly better-hidden; the ransomware piece is obviously something that’s probably pretty obvious to everyone, but it has been notable in the number of incidents that it created.”
Also out today was Malwarebytes’ quarterly cybercrime report, which outlined that while ransomware detections were up 28% between January and March 2018, it was only the sixth-highest detected threat with the overall volume remaining low – in contrast with the prominence placed on ransomware by the Verizon and NCSC reports, the latter of which highlighted the WannaCry attack as a high-profile example. Among consumers, ransomware detections actually declined 35%, according to Malwarebytes.
Malwarebytes’ report said: “If you look at business detections after January, it looks like all malware activity has dropped off the side of a cliff. Spyware and riskware tools plummeted, though spyware retained the top spot by the hair of its chin.”
Among consumers, adware remains the key threat, while cryptomining saw a dramatic increase among business users – with incidents rising a staggering 4,000%, according to Malwarebytes.
The NCSC also identified the growing threat, writing: “We assume the majority of cryptojacking is carried out by cyber criminals, but website owners have also targeted visitors to their website and used the processing power of visitors’ CPUs, without their knowledge or consent, to mine cryptocurrency for their own financial gain.”
Bitcoin-mining hackers hit thousands of government websites, including the Student Loans Company and other UK government bodies, it was revealed in March.
Verizon found that phishing attacks remain a huge attack vector, and combined with financial pretexting, phishing tactics played a part in more than 90% of all breaches investigated last year. In fact, Verizon’s report found that businesses are three times more likely to be compromised by a social engineering attack like phishing than by a technical vulnerability in their security.
Neal stated that businesses should be doing more to protect themselves, given that the same attack patterns and trends keep recurring, but noted that the area is a complex one.
“I don’t think there’s one answer,” he said. “Better training has probably got to be point number one, because ultimately it’s humans, and that goes to executives who are going to be particularly targeted. I think there is an opportunity to look at better email scanning, better policy enforcement, and there’s also a number of technologies out there that can be implemented.”
The NCSC highlighted business email compromise (BEC) as a form of phishing attack targeting senior business executives, where hackers impersonate business leaders in an attempt to trick customers, vendors or staff to transfer funds and sensitive information.
“BEC scams are a serious threat to organisations of all sizes and across all sectors, including non-profit organisations and government. It represents one of the fastest growing, lowest cost, highest return cyber crime operations,” the report said.