Tag Archives: Ransomware

KnowBe4 study reveals 92% of organisations’ biggest security concern is end users

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released the results of new research. The company’s report examines over 350 organisations globally and reveals the security weaknesses and concerns within them. On average, 81% of organisations had some degree of concern around security issues.

Cyber crime continues to evolve and become more sophisticated. Artificial Intelligence and machine learning are leveraged by many criminal organisations to help them better understand how to improve their attacks and they’re now targeting specific industry verticals, organisations and even individuals.

Increases in the frequency of ransomware, phishing and crypto-jacking attacks have been experienced by businesses of nearly every size, vertical and location.

KnowBe4

When it comes to attack vectors, data breaches are the primary concern, with credential compromise coming a close second. These two issues go hand-in-hand as the misuse of credentials remains the foremost attack tactic in data breaches. That’s according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings

*92% of organisations rank end users as their primary security concern. At the same time, security awareness training along with phishing testing tops the list of security initiatives that organisations need to implement

*Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate. In terms of attacks, 95% of those organisations surveyed are most concerned with data breaches

*Ensuring security is in place to meet General Data Protection Regulation (GDPR) requirements is still a challenge for 64% of organisations, despite the GDPR’s fine details having been public knowledge for quite some time

*Attackers’ use of compromised credentials is such a common tactic. 93% of organisations are aware of the problem, but still have lots of work to do to stop it

*When it comes to resources, 75% of organisations don’t have an adequate budget

“2018 was a prolific year for successful cyber attacks, with many of them caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start their defence by establishing a security culture. In order to combat the escalation of social engineering, they absolutely have to ensure that users are trained and tested.”

To read the full report visit www.KnowBe4.com

Advertisements

Leave a comment

Filed under Risk Xtra

UK education technology firm takes lead in cyber security training thanks to formation of new partnership

Education technology firm e-Careers Limited has formed an exclusive partnership with EC Council to deliver cyber security training to professionals nationwide. Having trained over 200,000 information security professionals globally – including representatives from the US Army, the FBI, Microsoft and the United Nations – EC Council offers certifications in ethical hacking, security analysis and network defence.

Now, in an exclusive partnership, e-Careers becomes the only authorised partner across the UK and Ireland to deliver the complete range of online EC Council Cyber Security and Ethical Hacking accreditations, including its Certified Ethical Hacker (CEH) and Computer Hacking Forensic Investigator (CHFI) programmes.

EthicalHackingJazz Gandhum, CEO of e-Careers, confirmed: “Cyber security is an advancing threat to businesses and organisations globally. The recent WannaCry and Petya cyber attacks penetrated businesses, banks, airports, Government departments and health services across multiple locations worldwide, not forgetting the UK’s very own National Health Service. This increasing threat has resulted in a growing demand for cyber security professionals, with recent reports revealing the number of roles advertised in the UK is at the third highest worldwide. Considering this advancing skills gap, e-Careers is delighted to bring all EC Council online courses to the UK, and will be working hard to help increase cyber security skill sets, knowledge and understanding.”

Taken over by Jazz Gandhum in 2011, e-Careers is one of the UK’s leading ‘edtech’ firms, providing access to over 600 courses across a range of industry sectors through its innovative e-learning platform.

Having educated more than 400,000 individuals over the past six years alone, the business has formed partnerships with over 75 key organisations, including awarding bodies, colleges and private establishments with a view towards making education affordable and accessible to the masses.

Sanjay Bavisi, CEO and president of the EC Council, added: “We’re delighted to have formed this new partnership with e-Careers and look forward to the opportunity this now presents for professionals right across the UK. Every day, cyber security threats grow with professional hackers advancing their knowledge and making digital inroads at an exponential and alarming rate. The only way in which to combat cyber security threats is through knowledge and education. Thanks to our new partnership with e-Careers, we’re confident that more and more professionals will be able to quell this risk, making the digital world a safer and stronger environment.”

*All EC Council courses offered through e-Careers’ e-learning platform are accessible online, making cyber security training both convenient and cost-effective. For more details visit www.e-careers.com

Leave a comment

Filed under Risk UK News

360 Vision Technology and Visual Management Systems guard against cyber attacks

As more and more security systems and devices become IP networked, it’s important for security installers and end users alike to consider how their systems will be protected against the possibility of cyber attacks. Providing a solution to the concerns around cyber security and hacking, CCTV specialist 360 Vision Technology has partnered with software control provider Visual Management Systems to provide security operators with an effective solution designed to guard against IP surveillance system cyber attacks.

Without the right level of network security measures in place, system users can be left vulnerable, resulting in exposure to the type of hacking and malware attacks that have recently hit the news headlines.

A serious security breach of an IP network can lead to system inoperability and network downtime and, at worst, direct access to corporate networks for the cyber criminals.

To provide IP surveillance system installers and operators with peace of mind, when used together both 360 Vision Technology cameras and Visual Management Systems’ TITAN SECURE Physical Security Information Management system can exceed 802.1x authentication protocols and encryption to provide “the ultimate protection” for surveillance networks via the latest patent pending technology.

360VisionTechnologySSL8022C5A19E

Designed to Centre for the Protection of National Infrastructure standards, this advanced protocol and encryption technology is said to offer a “far higher level” of hacking protection.

Advanced cyber attack protection

Ultimately, security and IT managers have much to gain by implementing the security advantages of a 802.1x authenticated network. Conversely, they also have a lot to lose should they ignore the security risks involved.

“As part of our ongoing development of products and deep integration techniques, we looked closely at the vulnerabilities of current camera systems and found that expert hackers could easily take control of standard network cameras, and even those models with HTTPS certification,” explained John Downie, sales director at Visual Management Systems. “Employing 802.1x authentication at both the camera and control end using 360 Vision Technology cameras and TITAN SECURE in combination is the most effective way in which to fully secure an IP camera network.”

Mark Rees, business development director at 360 Vision Technology, added: “Designed to protect organisations against hacking and ransomware attacks, the latest 360 Vision Technology IP surveillance cameras include advanced 802.1x encryption protection. Designed and built in the UK, our high-performance camera technology offers customers proven reliability, advanced imaging performance and effective cyber security for use within any high or general level camera surveillance application.”

Leave a comment

Filed under Risk UK News

Ransomware attacks cause one fifth of infected SMEs to cease business operations immediately

More than one third of businesses have experienced a ransomware attack in the last year, while over one-in-five (22%) of these impacted companies had to cease operations immediately. That’s according to a study conducted by Malwarebytes.

The Annual State of Ransomware Report finds that the impact of ransomware on SMEs can be devastating. For roughly one-in-six of impacted organisations, a ransomware infection caused 25 or more hours of downtime, with some companies reporting that it caused systems to be down for more than 100 hours.

Further, among SMEs that experienced a ransomware attack, one-in-five (22%) reported that they had to cease business operations immediately, while 15% lost revenue.

“Businesses of all sizes are increasingly at risk of ransomware attacks,” said Marcin Kleczynski, CEO at Malwarebytes. “However, the stakes of a single attack for a small business are far different than those for a large enterpriseThe findings demonstrate that some SMEs are suffering in the wake of attacks to the point where they must cease business operations. To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies. To be effective, the security community must thoroughly understand the battles that these companies are facing such that we can better protect them.”

Ransomware2

Most organisations make addressing ransomware a high priority, but still lack confidence in their ability to deal with it. 75% of those organisations surveyed place a high or very high priority on addressing the ransomware problem. Despite these investments, nearly 50% of the companies questioned expressed little to only moderate confidence in their ability to stop a ransomware attack.

For many, the source of ransomware is unknown and infections spread quickly. For 27% of organisations that suffered a ransomware infection, decision-makers couldn’t identify how the endpoint(s) became infected. Further, more than one third of ransomware infections spread to other devices. For 2% of the organisations surveyed, the ransomware infection impacted every device on the network.

SMEs in the US are being hit harder by malicious e-mails containing ransomware than SMEs in Europe. The most common source of ransomware infections in US-based organisations is related to e-mail use. 37% of attacks on SMEs in the US were reported as coming from a malicious e-mail attachment and 27% from a malicious link in an e-mail. However, in Europe, only 22% of attacks were reported as originating from a malicious e-mail attachment. An equal number were reported as having emanated from a malicious link in an e-mail.

Most SMEs don’t believe in paying ransomware demands. 72% of respondents believe that ransomware demands should never be paid. Most of the remaining organisations believe that demands should only be paid if the encrypted data is of value to the organisation. Among organisations that chose not to pay cyber criminals’ ransom demands, about one third of them lost files as a result.

Current investments in technology might not be enough. Over a third of SMEs claim to have been running anti-ransomware technologies, while about one third of businesses surveyed still experienced a ransomware attack.

“It’s clear from these findings that there’s widespread awareness of the threat of ransomware among businesses, but many organisations are not yet confident in their ability to deal with it,” said Adam Kujawa, director of malware intelligence at Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Leave a comment

Filed under Risk UK News

Cyber criminals “exploiting human weaknesses” to make their gains

Cyber attackers are relying more than ever on exploiting people instead of software flaws to install malware, steal credentials or confidential information and transfer funds. A study by Proofpoint found that more than 90% of malicious e-mail messages featuring nefarious URLs led users to credential phishing pages, while almost all (99%) email-based financial fraud attacks relied on human clicks rather than automated exploits to install malware.

The Human Factor Report found that business e-mail compromise (BEC) attack message volumes rose from 1% in 2015 to 42% by the end of 2016 relative to e-mails bearing banking Trojans. BEC attacks, which have cost organisations more than $5 billion worldwide, use malware-free messages to trick recipients into sending confidential information or funds to cyber criminals.

BEC is now the fastest-growing category of email-based attacks.

Clicking

“Accelerating a shift that began in 2015, cyber criminals are aggressively using attacks that depend on clicks by humans rather than vulnerable software exploits, tricking victims into carrying out the attack themselves,” said Kevin Epstein, vice-president of Proofpoint’s Threat Operations Centre.

“It’s critical for organisations to deploy advanced protection that stops attackers before they have a chance to reach potential victims. The earlier in the attack chain you can detect malicious content, the easier it is to block, contain and resolve.”

Nearly 90% of clicks on malicious URLs occur within the first 24 hours of delivery, with 25% of those clicks occurring in just ten minutes and nearly 50% within an hour. The median time-to-click (the time between arrival and click) is shortest during business hours from 8.00 am to 3.00 pm EDT in the US and Canada, a pattern that generally holds for the UK and Europe as well.

Watch your inbox closely on Thursdays. Malicious e-mail attachment message volume spikes more than 38% on Thursdays over the average weekday volume. Ransomware attackers in particular favour sending malicious messages from Tuesday through until Thursday. On the other hand, Wednesday is the peak day for banking Trojans. Point-of-Sale campaigns are sent almost exclusively on Thursday and Friday, while keyloggers and backdoors favour Mondays.

Attackers understand e-mail habits and send most e-mail messages in the four-to-five hours after the start of the business day, peaking around lunchtime. Users in the US, Canada and Australia tend to do most of their clicking during this time period, while French clicking peaks around 1.00 pm.

Swiss and German users don’t wait for lunch to click. Their clicks peak in the first hours of the working day.

UK workers pace their clicking evenly over the course of the day, with a clear drop in activity after 2.00 pm.

Leave a comment

Filed under Risk UK News

“EMEA now top source of phishing attacks worldwide” suggests NTT Security’s Global Threat Intelligence Report

Over half (53%) of the world’s most recent phishing attacks have originated in the EMEA region, according to the 2017 Global Threat Intelligence Report (GTIR) published by NTT Security, the specialist security business within the NTT Group.

Analysing global threat trends from 1 October 2015–31 September 2016, the report also shows that, of all phishing attacks worldwide, 38% came from the Netherlands, second only to the US (41%). The data highlights that 73% of all malware globally was delivered to its victims because of a phishing attack.

According to the GTIR, which highlights the latest ransomware, phishing and DDoS attack trends and the impact of these threats against organisations, the UK was the third most common source of attacks against the EMEA behind the US (26%) and France (11%).

In terms of top attack source countries globally, the UK was second only to the US (63%) accounting for 4% of all attacks, just behind China on 3%.

CyberThreatIntelligence

The report reveals some of the biggest regional differences related to brute force attacks, which are commonly used to crack passwords. Of all brute force attacks globally, 45% started in the EMEA, which is more than the Americas (20%) and Asia (7%) combined. In addition, 45% of brute force attacks that deliberately targeted EMEA customers also started in the region.

“While phishing attacks affected organisations everywhere, the EMEA has emerged as the top region for the source of these attacks,” stated Dave Polton, global director of innovation at NTT Security. “These figures, combined with those for brute force attacks, should be of very serious concern for any organisation doing business in the EMEA, especially with the European Union (EU) General Data Protection Regulation just around the corner. Any organisation processing data belonging to EU citizens needs to demonstrate that their information security strategy is robust.”

Polton is calling for more active collaboration between business, Government and law enforcement agencies to tackle global threats and ensure measures are in place that will have a long-lasting and positive impact on global security.

Other key EMEA findings

In the EMEA, over half (54%) of all attacks were targeted at just three industry sectors: finance (20%), manufacturing (17%) and retail (17%). Over 67% of malware detected within the EMEA was some form of Trojan.

Top services used in attacks against the EMEA included file shares (45%), websites (32%) and remote administration (17%).

Frank Brandenburg, COO and regional CEO at NTT Security, said: “We all know that no security plan is guaranteed and that there will always be some level of exposure, but defining an acceptable level of risk is important. Clients are starting to understand that, by default, every employee is part of their organisation’s security team. Businesses are now seeing the value in security awareness training, knowing that educating the end user is directly connected with securing their enterprise.”

Brandenburg added: “Expanding cyber education and ensuring employees adhere to a common methodology, set of practices and mindset are key elements. Clients see that assisting and coaching their employees on the proper use of technology will only enhance the organisation’s overall security presence.”

*Download the NTT Security Global Threat Intelligence Report by accessing the following web address: https://www.nttcomsecurity.com/en/gtir-2017

Leave a comment

Filed under Risk UK News

30% of NHS Trusts have experienced a ransomware attack” finds SentinelOne

30% of NHS Trusts in the UK have experienced a ransomware attack, potentially placing patient data and lives at risk. One Trust – the Imperial College Healthcare NHS Trust – admitted to being attacked 19 times in just 12 months. These are the findings of a Freedom of Information (FoI) request submitted by SentinelOne.

The Ransomware Research Data Summary explains that SentinelOne made FoI requests to 129 NHS Trusts, of which 94 responded. Three Trusts refused to answer, claiming their response could damage commercial interests. All but two Trusts – Surrey and Sussex and University College London Hospitals – have invested in anti-virus security software on their endpoint devices to protect them from malware.

Despite installing a McAfee solution, Leeds Teaching Hospital has apparently suffered five attacks in the past year.

No Trusts reported paying a ransom or informed law enforcement of the attacks: all preferred to deal with the attacks internally.

Ransomware which encrypts data and demands a ransom to decrypt it has been affecting US hospitals for a while now. The Hollywood Presbyterian Medical Center in Los Angeles notoriously paid cyber criminals £12,000 last February after being infected by Locky, one of the most prolific ransomware variants.

nhstrustsransomware

With the infected computers or networks becoming unusable until a ransom has been paid* or the data has been recovered, it’s clear to see why these types of attack can be a concern for business continuity professionals, with the latest Horizon Scan Report published by the Business Continuity Institute highlighting cyber attacks as the prime concern. This is a very good reason why cyber resilience has been chosen as the theme for Business Continuity Awareness Week in 2017.

“These results are far from surprising,” said Tony Rowan, chief security consultant at SentinelOne. “Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short changed when it comes to security basics like regular software patching. The results highlight the fact that old school AV technology is powerless to halt virulent, mutating forms of malware like ransomware. A new and more dynamic approach to endpoint protection is needed.”

Rowan continued: “In the past, some NHS Trusts have been singled out by the Information Commissioner’s Office for their poor record on data breaches. With the growth of connected devices like kidney dialysis machines and heart monitors, there’s even a chance that poor security practices could put lives at risk.”

*Note that the data isn’t always recovered even after a ransom has been paid

Leave a comment

Filed under Risk UK News, Uncategorized