2017 the year Cybercrime became the new normal. The cybersecurity landscape changed immeasurably after several high-profile attacks caused major disruption around the World.
In the UK, the WannaCrypt0r 2.0 ransomware attack (also known as WannaCry) brought the NHS to a standstill. A&E departments, outpatient centres and GP surgeries were forced to close in a desperate effort to stop the malicious software from spreading.
High profile cases have the unintended effect of making SMB's believe that cybercrime isn’t something that will affect the size of their organisation. The way that cybercrime is reported in the media can incorrectly give the impression that it is only large organisations and government institutions that are targeted.
However, a Government report indicates that 45% of small businesses suffered cybersecurity attacks or breaches of some form in the last 12 months. In fact, it wasn't just the NHS that was hit by the WannaCry attack. It is thought that over 300,000 computers at organisations of all sizes were affected in 145 different countries, proving that these attacks are indiscriminate and opportunistic.
What is a ransomware attack?
Ransomware is a form of malware that locks Users out of their computers, while demanding a ransom to regain access. The malware usually enters the system via email. This happens when unsuspecting Users open emails sent to them by hackers and click on malicious links that release the virus onto their computer, before spreading to other computers in the network.
Once the ransomware is installed on the system, it spreads instantaneously, infecting all of an organisation’s unprotected data in a matter of moments. From a single employee’s machine, the virus can spread to every connected device, desktop, laptop, server and storage unit within a network. It then locks out the whole organisation from critical information, before demanding a ransom.
In many cases, the malware demands that the user quickly pays the ransom, either by providing a deadline after which all the data will be deleted or by increasing the price day by day. The criminals usually ask to be paid in Bitcoin, which is the cryptocurrency of choice for hackers, used because it makes the recipient of a payment untraceable.
Such aggressive behaviour can often scare organisations into payment. But this can make matters worse. First, it is fuelling criminal activity and therefore encouraging criminals to carry out further attacks; second, in many cases, paying the ransom doesn’t unlock your data at all.
Ransomware attacks now make up 25% of all cyberattacks, with Ransomware-as-a- Service (RaaS) being sold widely on the dark web. A collection of websites and services that lie hidden from normal search engines like Google and require special software to access. This makes it easy for criminals who don’t have in-depth knowledge of its workings to get their hands on the technology and carry out attacks. If businesses remain unprotected and victims keep paying the ransom in a desperate panic to regain their files, hackers will continue to view ransomware as a viable way to cause disruption and make money.
Major Ransomware attacks in 2017
The WannaCry attack that infected as many as 40 hospitals and 24 NHS Trusts is the most high-profile example of a ransomware attack to hit the UK. In June, a similar attack, called the Petya virus, caused widespread damage globally. This included shutting down the monitoring systems at the Chernobyl nuclear power plant. The Petya attack shows that WannaCry was not just a one-off. We should expect more to come.
What other threats exist?
Ransomware may be making all the headlines, but it isn’t the only threat that exists. Let’s take a quick look at other risks facing organisations.
Phishing emails
The maxim that there is always someone in every organisation who will click on anything, often proves to be true.
Phishing attacks revolve around an attempt to trick employees, usually via emails that appear to be from trusted sources, into giving away personal details such as passwords, credit card numbers, or downloading malicious files. Google, PayPal, Yahoo and Apple log-in pages are often impersonated to lure unsuspecting users into giving away passwords.
In the past, phishing was largely undertaken by cybercriminals to steal personal information. In recent years, it has become the most common way that hackers try to install viruses, including the recent ransomware attacks.
Internal threats
Internal threats remain one of the largest causes of data breaches. Ranging from human error to rogue employees (often ex-employees), the consequences can be as costly as any other type of cybercrime. It can take the form of an ex-employee hacking back into the system using their old password and either corrupting and deleting the files themselves or leaking sensitive data to the public or, worse, to other cybercriminals on the black market.
The key to dealing with the risks associated with rogue employees is to adopt strict permissions management; and watch out for typical early warning signs from disgruntled employees. Very often they will make repeat verbal ‘warnings’ to colleagues about the amount they know about the company before taking action.
DDoS attacks
Distributed Denial of Service (DDoS) attacks also pose a threat to SMBs. A DDoS attack inundates websites with fake visitors to overwhelm Servers to the point that they can no longer cope and shut down. These cyberattacks are carried out by hacktivists. Also, by government sponsored hackers and business competitors, who want to cause as much disruption as possible.
One survey of IT leaders found that a third of respondents (34%⁵) encounter DDoS attacks on a weekly basis. The consequences can be severe, as customers can lose trust in your services if they lose access to them at critical times − 45%⁶ reported a loss in customer confidence after a DDoS attack.
www.amshire.co.uk solutions@amshire.co.uk 0330 2020 340 @amshire
