It’s that time of the year for infosecurity pros to gather around the fire and tell the spookiest security stories from the year, and what a year it’s been.
2017 has been a terrible year for large-scale attacks. From WannaCry, NotPetya through to Equifax. The latter incident affected a whopping 143 million Americans alone, not taking into account Brits where cyber-criminals obtained access to names, social security numbers, birth dates, addresses, driver’s license numbers and credit card numbers.
Cyber-criminals are clearly getting sneakier and scarier with their tactics making it all the more reason for not just IT teams, but CEOs and board members to sit up and pay attention and put a plan and preventative measures in place.
Here I’ll pick apart the frightening from the foolish security threats outlining what security bods should watch out for and how they can protect themselves.
Ghostly cryptomining
First up is a new threat. We’ve taken a close look at cryptomining in the browser, this is all the rage lately. Essentially, you navigate to a website – which can be either legitimate or suspicious – and without knowing, your computer is used to mine for a crypto-currency via your browser. We discovered publishers are monetizing their traffic by having their visitors mine for crypto-currencies while on their site. The idea is that you are accessing content for free and in exchange, your computer (its CPU in particular) will be used for mining purposes.
It might not sound too insidious, but mining has a big impact on productivity and (to some degree) a computer's overall lifespan. By pushing the CPU (central processing unit) to 100% it can severely slow down the PC, or even force it to shut down meaning your employee’s productivity levels start to plummet. A PC not designed for mining but left on overnight could also overheat, leading to more hardware or safety issues.
Heeeere’s Locky!
Like Jack Nicholson’s character in The Shining isolating himself in an abandoned hotel, Locky ransomware went under the radar earlier this year. However, it came back with another iteration this summer. Although ransomware families popping up more and more are enough to make CEOs hide under their duvet, some would argue DIY Ransomware is scarier simply because there’s no guarantee you’ll get your files back after paying the ransom.
DIY ransomware is usually coded via free-to-use tools, varies wildly in quality, and much like Esher from Orphan, it doesn’t appear to belong to any set family which can cause delays with regards identification.
Magniber the poltergeist
Next on the list is the Magniber ransomware. Like Pubert from The Addams Family, Magniber is a young member of the ransomware clan. Distributed by the exploit kit Magnitude, it’s being touted as a possible replacement for the previously distributed Cerber.
Although it primarily focused on South Korea, make no bones about it – ransomware is a major business issue of our time, marked as a ‘top four’ problem for UK organizations, according to our State of Ransomware Report conducted in July this year. Our report examined how this form of crime is affecting the UK’s 5.4 million SMEs. As a collective the UK – and indeed the global – business community must work exceptionally hard to do more to combat it.
Trick or treat emails
One threat that always remains is, of course, the person in front of the screen. Social engineering tactics – like an email that comes through and convincingly looks to be from someone you know with a suspect attachment – are becoming more and more genuine, and are often the way that nasty malware gets on the network. It’s widely known that humans are all too often the weakest link at any organization. Steps must be taken to ensure that all employees understand the risk of opening fraudulent emails, or clicking on links that could let cyber-criminals in.
In fact, we found the major perpetrator for ransomware getting into businesses’ systems is via emails: 23% of respondents said they were attacked after clicking on a dodgy link, while 17% opened an attachment sent their way. Malicious websites and web applications also contributed significantly (with 11%), while nine per cent sited businesses’ applications as the main gateway for ransomware. Social media accounted for five percent of attacks.
It’s not all doom and gloom
CEOs are right to believe that businesses will never be 100% safe from cyber-attacks. If a cybercriminal wants to hack your network, they will get in eventually. It's the unfortunate reality we now live in. Therefore, businesses must prepare the best way they can and ensure plans are in place for when the incident happens. For instance, although businesses may think they are safe with anti-virus software installed, our telemetry data flagged certain anti-virus vendors are still letting in 20% of malware.
In order to adequately protect against cyber-threats, organizations must adopt a layered approach to security, using both an anti-virus for traditional threats and anti-malware for the more advanced. What’s more, systems have to be fit for purpose – as do the individuals responsible for it. That requires clearly understood chains of accountability, an educated workforce that is alert to the threat posed by outdated software, bad internet habits and the introduction of personal devices into the corporate IT estate, and clearly defined responsibilities from senior management down.
The good news is that unlike most horror films, there doesn’t have to be a gory ending. Following these steps can help protect your organization and minimize the risk of the boogie man infiltrating your network this Halloween.