Tag Archives: Ransomware

KnowBe4 study reveals 92% of organisations’ biggest security concern is end users

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released the results of new research. The company’s report examines over 350 organisations globally and reveals the security weaknesses and concerns within them. On average, 81% of organisations had some degree of concern around security issues.

Cyber crime continues to evolve and become more sophisticated. Artificial Intelligence and machine learning are leveraged by many criminal organisations to help them better understand how to improve their attacks and they’re now targeting specific industry verticals, organisations and even individuals.

Increases in the frequency of ransomware, phishing and crypto-jacking attacks have been experienced by businesses of nearly every size, vertical and location.

KnowBe4

When it comes to attack vectors, data breaches are the primary concern, with credential compromise coming a close second. These two issues go hand-in-hand as the misuse of credentials remains the foremost attack tactic in data breaches. That’s according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings

*92% of organisations rank end users as their primary security concern. At the same time, security awareness training along with phishing testing tops the list of security initiatives that organisations need to implement

*Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate. In terms of attacks, 95% of those organisations surveyed are most concerned with data breaches

*Ensuring security is in place to meet General Data Protection Regulation (GDPR) requirements is still a challenge for 64% of organisations, despite the GDPR’s fine details having been public knowledge for quite some time

*Attackers’ use of compromised credentials is such a common tactic. 93% of organisations are aware of the problem, but still have lots of work to do to stop it

*When it comes to resources, 75% of organisations don’t have an adequate budget

“2018 was a prolific year for successful cyber attacks, with many of them caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start their defence by establishing a security culture. In order to combat the escalation of social engineering, they absolutely have to ensure that users are trained and tested.”

To read the full report visit www.KnowBe4.com

Leave a comment

Filed under Risk Xtra

UK education technology firm takes lead in cyber security training thanks to formation of new partnership

Education technology firm e-Careers Limited has formed an exclusive partnership with EC Council to deliver cyber security training to professionals nationwide. Having trained over 200,000 information security professionals globally – including representatives from the US Army, the FBI, Microsoft and the United Nations – EC Council offers certifications in ethical hacking, security analysis and network defence.

Now, in an exclusive partnership, e-Careers becomes the only authorised partner across the UK and Ireland to deliver the complete range of online EC Council Cyber Security and Ethical Hacking accreditations, including its Certified Ethical Hacker (CEH) and Computer Hacking Forensic Investigator (CHFI) programmes.

EthicalHackingJazz Gandhum, CEO of e-Careers, confirmed: “Cyber security is an advancing threat to businesses and organisations globally. The recent WannaCry and Petya cyber attacks penetrated businesses, banks, airports, Government departments and health services across multiple locations worldwide, not forgetting the UK’s very own National Health Service. This increasing threat has resulted in a growing demand for cyber security professionals, with recent reports revealing the number of roles advertised in the UK is at the third highest worldwide. Considering this advancing skills gap, e-Careers is delighted to bring all EC Council online courses to the UK, and will be working hard to help increase cyber security skill sets, knowledge and understanding.”

Taken over by Jazz Gandhum in 2011, e-Careers is one of the UK’s leading ‘edtech’ firms, providing access to over 600 courses across a range of industry sectors through its innovative e-learning platform.

Having educated more than 400,000 individuals over the past six years alone, the business has formed partnerships with over 75 key organisations, including awarding bodies, colleges and private establishments with a view towards making education affordable and accessible to the masses.

Sanjay Bavisi, CEO and president of the EC Council, added: “We’re delighted to have formed this new partnership with e-Careers and look forward to the opportunity this now presents for professionals right across the UK. Every day, cyber security threats grow with professional hackers advancing their knowledge and making digital inroads at an exponential and alarming rate. The only way in which to combat cyber security threats is through knowledge and education. Thanks to our new partnership with e-Careers, we’re confident that more and more professionals will be able to quell this risk, making the digital world a safer and stronger environment.”

*All EC Council courses offered through e-Careers’ e-learning platform are accessible online, making cyber security training both convenient and cost-effective. For more details visit www.e-careers.com

Leave a comment

Filed under Risk UK News

360 Vision Technology and Visual Management Systems guard against cyber attacks

As more and more security systems and devices become IP networked, it’s important for security installers and end users alike to consider how their systems will be protected against the possibility of cyber attacks. Providing a solution to the concerns around cyber security and hacking, CCTV specialist 360 Vision Technology has partnered with software control provider Visual Management Systems to provide security operators with an effective solution designed to guard against IP surveillance system cyber attacks.

Without the right level of network security measures in place, system users can be left vulnerable, resulting in exposure to the type of hacking and malware attacks that have recently hit the news headlines.

A serious security breach of an IP network can lead to system inoperability and network downtime and, at worst, direct access to corporate networks for the cyber criminals.

To provide IP surveillance system installers and operators with peace of mind, when used together both 360 Vision Technology cameras and Visual Management Systems’ TITAN SECURE Physical Security Information Management system can exceed 802.1x authentication protocols and encryption to provide “the ultimate protection” for surveillance networks via the latest patent pending technology.

360VisionTechnologySSL8022C5A19E

Designed to Centre for the Protection of National Infrastructure standards, this advanced protocol and encryption technology is said to offer a “far higher level” of hacking protection.

Advanced cyber attack protection

Ultimately, security and IT managers have much to gain by implementing the security advantages of a 802.1x authenticated network. Conversely, they also have a lot to lose should they ignore the security risks involved.

“As part of our ongoing development of products and deep integration techniques, we looked closely at the vulnerabilities of current camera systems and found that expert hackers could easily take control of standard network cameras, and even those models with HTTPS certification,” explained John Downie, sales director at Visual Management Systems. “Employing 802.1x authentication at both the camera and control end using 360 Vision Technology cameras and TITAN SECURE in combination is the most effective way in which to fully secure an IP camera network.”

Mark Rees, business development director at 360 Vision Technology, added: “Designed to protect organisations against hacking and ransomware attacks, the latest 360 Vision Technology IP surveillance cameras include advanced 802.1x encryption protection. Designed and built in the UK, our high-performance camera technology offers customers proven reliability, advanced imaging performance and effective cyber security for use within any high or general level camera surveillance application.”

Leave a comment

Filed under Risk UK News

Ransomware attacks cause one fifth of infected SMEs to cease business operations immediately

More than one third of businesses have experienced a ransomware attack in the last year, while over one-in-five (22%) of these impacted companies had to cease operations immediately. That’s according to a study conducted by Malwarebytes.

The Annual State of Ransomware Report finds that the impact of ransomware on SMEs can be devastating. For roughly one-in-six of impacted organisations, a ransomware infection caused 25 or more hours of downtime, with some companies reporting that it caused systems to be down for more than 100 hours.

Further, among SMEs that experienced a ransomware attack, one-in-five (22%) reported that they had to cease business operations immediately, while 15% lost revenue.

“Businesses of all sizes are increasingly at risk of ransomware attacks,” said Marcin Kleczynski, CEO at Malwarebytes. “However, the stakes of a single attack for a small business are far different than those for a large enterpriseThe findings demonstrate that some SMEs are suffering in the wake of attacks to the point where they must cease business operations. To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies. To be effective, the security community must thoroughly understand the battles that these companies are facing such that we can better protect them.”

Ransomware2

Most organisations make addressing ransomware a high priority, but still lack confidence in their ability to deal with it. 75% of those organisations surveyed place a high or very high priority on addressing the ransomware problem. Despite these investments, nearly 50% of the companies questioned expressed little to only moderate confidence in their ability to stop a ransomware attack.

For many, the source of ransomware is unknown and infections spread quickly. For 27% of organisations that suffered a ransomware infection, decision-makers couldn’t identify how the endpoint(s) became infected. Further, more than one third of ransomware infections spread to other devices. For 2% of the organisations surveyed, the ransomware infection impacted every device on the network.

SMEs in the US are being hit harder by malicious e-mails containing ransomware than SMEs in Europe. The most common source of ransomware infections in US-based organisations is related to e-mail use. 37% of attacks on SMEs in the US were reported as coming from a malicious e-mail attachment and 27% from a malicious link in an e-mail. However, in Europe, only 22% of attacks were reported as originating from a malicious e-mail attachment. An equal number were reported as having emanated from a malicious link in an e-mail.

Most SMEs don’t believe in paying ransomware demands. 72% of respondents believe that ransomware demands should never be paid. Most of the remaining organisations believe that demands should only be paid if the encrypted data is of value to the organisation. Among organisations that chose not to pay cyber criminals’ ransom demands, about one third of them lost files as a result.

Current investments in technology might not be enough. Over a third of SMEs claim to have been running anti-ransomware technologies, while about one third of businesses surveyed still experienced a ransomware attack.

“It’s clear from these findings that there’s widespread awareness of the threat of ransomware among businesses, but many organisations are not yet confident in their ability to deal with it,” said Adam Kujawa, director of malware intelligence at Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Leave a comment

Filed under Risk UK News

Cyber criminals “exploiting human weaknesses” to make their gains

Cyber attackers are relying more than ever on exploiting people instead of software flaws to install malware, steal credentials or confidential information and transfer funds. A study by Proofpoint found that more than 90% of malicious e-mail messages featuring nefarious URLs led users to credential phishing pages, while almost all (99%) email-based financial fraud attacks relied on human clicks rather than automated exploits to install malware.

The Human Factor Report found that business e-mail compromise (BEC) attack message volumes rose from 1% in 2015 to 42% by the end of 2016 relative to e-mails bearing banking Trojans. BEC attacks, which have cost organisations more than $5 billion worldwide, use malware-free messages to trick recipients into sending confidential information or funds to cyber criminals.

BEC is now the fastest-growing category of email-based attacks.

Clicking

“Accelerating a shift that began in 2015, cyber criminals are aggressively using attacks that depend on clicks by humans rather than vulnerable software exploits, tricking victims into carrying out the attack themselves,” said Kevin Epstein, vice-president of Proofpoint’s Threat Operations Centre.

“It’s critical for organisations to deploy advanced protection that stops attackers before they have a chance to reach potential victims. The earlier in the attack chain you can detect malicious content, the easier it is to block, contain and resolve.”

Nearly 90% of clicks on malicious URLs occur within the first 24 hours of delivery, with 25% of those clicks occurring in just ten minutes and nearly 50% within an hour. The median time-to-click (the time between arrival and click) is shortest during business hours from 8.00 am to 3.00 pm EDT in the US and Canada, a pattern that generally holds for the UK and Europe as well.

Watch your inbox closely on Thursdays. Malicious e-mail attachment message volume spikes more than 38% on Thursdays over the average weekday volume. Ransomware attackers in particular favour sending malicious messages from Tuesday through until Thursday. On the other hand, Wednesday is the peak day for banking Trojans. Point-of-Sale campaigns are sent almost exclusively on Thursday and Friday, while keyloggers and backdoors favour Mondays.

Attackers understand e-mail habits and send most e-mail messages in the four-to-five hours after the start of the business day, peaking around lunchtime. Users in the US, Canada and Australia tend to do most of their clicking during this time period, while French clicking peaks around 1.00 pm.

Swiss and German users don’t wait for lunch to click. Their clicks peak in the first hours of the working day.

UK workers pace their clicking evenly over the course of the day, with a clear drop in activity after 2.00 pm.

Leave a comment

Filed under Risk UK News

“EMEA now top source of phishing attacks worldwide” suggests NTT Security’s Global Threat Intelligence Report

Over half (53%) of the world’s most recent phishing attacks have originated in the EMEA region, according to the 2017 Global Threat Intelligence Report (GTIR) published by NTT Security, the specialist security business within the NTT Group.

Analysing global threat trends from 1 October 2015–31 September 2016, the report also shows that, of all phishing attacks worldwide, 38% came from the Netherlands, second only to the US (41%). The data highlights that 73% of all malware globally was delivered to its victims because of a phishing attack.

According to the GTIR, which highlights the latest ransomware, phishing and DDoS attack trends and the impact of these threats against organisations, the UK was the third most common source of attacks against the EMEA behind the US (26%) and France (11%).

In terms of top attack source countries globally, the UK was second only to the US (63%) accounting for 4% of all attacks, just behind China on 3%.

CyberThreatIntelligence

The report reveals some of the biggest regional differences related to brute force attacks, which are commonly used to crack passwords. Of all brute force attacks globally, 45% started in the EMEA, which is more than the Americas (20%) and Asia (7%) combined. In addition, 45% of brute force attacks that deliberately targeted EMEA customers also started in the region.

“While phishing attacks affected organisations everywhere, the EMEA has emerged as the top region for the source of these attacks,” stated Dave Polton, global director of innovation at NTT Security. “These figures, combined with those for brute force attacks, should be of very serious concern for any organisation doing business in the EMEA, especially with the European Union (EU) General Data Protection Regulation just around the corner. Any organisation processing data belonging to EU citizens needs to demonstrate that their information security strategy is robust.”

Polton is calling for more active collaboration between business, Government and law enforcement agencies to tackle global threats and ensure measures are in place that will have a long-lasting and positive impact on global security.

Other key EMEA findings

In the EMEA, over half (54%) of all attacks were targeted at just three industry sectors: finance (20%), manufacturing (17%) and retail (17%). Over 67% of malware detected within the EMEA was some form of Trojan.

Top services used in attacks against the EMEA included file shares (45%), websites (32%) and remote administration (17%).

Frank Brandenburg, COO and regional CEO at NTT Security, said: “We all know that no security plan is guaranteed and that there will always be some level of exposure, but defining an acceptable level of risk is important. Clients are starting to understand that, by default, every employee is part of their organisation’s security team. Businesses are now seeing the value in security awareness training, knowing that educating the end user is directly connected with securing their enterprise.”

Brandenburg added: “Expanding cyber education and ensuring employees adhere to a common methodology, set of practices and mindset are key elements. Clients see that assisting and coaching their employees on the proper use of technology will only enhance the organisation’s overall security presence.”

*Download the NTT Security Global Threat Intelligence Report by accessing the following web address: https://www.nttcomsecurity.com/en/gtir-2017

Leave a comment

Filed under Risk UK News

30% of NHS Trusts have experienced a ransomware attack” finds SentinelOne

30% of NHS Trusts in the UK have experienced a ransomware attack, potentially placing patient data and lives at risk. One Trust – the Imperial College Healthcare NHS Trust – admitted to being attacked 19 times in just 12 months. These are the findings of a Freedom of Information (FoI) request submitted by SentinelOne.

The Ransomware Research Data Summary explains that SentinelOne made FoI requests to 129 NHS Trusts, of which 94 responded. Three Trusts refused to answer, claiming their response could damage commercial interests. All but two Trusts – Surrey and Sussex and University College London Hospitals – have invested in anti-virus security software on their endpoint devices to protect them from malware.

Despite installing a McAfee solution, Leeds Teaching Hospital has apparently suffered five attacks in the past year.

No Trusts reported paying a ransom or informed law enforcement of the attacks: all preferred to deal with the attacks internally.

Ransomware which encrypts data and demands a ransom to decrypt it has been affecting US hospitals for a while now. The Hollywood Presbyterian Medical Center in Los Angeles notoriously paid cyber criminals £12,000 last February after being infected by Locky, one of the most prolific ransomware variants.

nhstrustsransomware

With the infected computers or networks becoming unusable until a ransom has been paid* or the data has been recovered, it’s clear to see why these types of attack can be a concern for business continuity professionals, with the latest Horizon Scan Report published by the Business Continuity Institute highlighting cyber attacks as the prime concern. This is a very good reason why cyber resilience has been chosen as the theme for Business Continuity Awareness Week in 2017.

“These results are far from surprising,” said Tony Rowan, chief security consultant at SentinelOne. “Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short changed when it comes to security basics like regular software patching. The results highlight the fact that old school AV technology is powerless to halt virulent, mutating forms of malware like ransomware. A new and more dynamic approach to endpoint protection is needed.”

Rowan continued: “In the past, some NHS Trusts have been singled out by the Information Commissioner’s Office for their poor record on data breaches. With the growth of connected devices like kidney dialysis machines and heart monitors, there’s even a chance that poor security practices could put lives at risk.”

*Note that the data isn’t always recovered even after a ransom has been paid

Leave a comment

Filed under Risk UK News, Uncategorized

Advent IM outlines detail for ‘Cyber for the C-Suite’ Breakfast Seminar

A breakfast seminar created exclusively for business leaders and senior Board members seeking guidance on the present cyber security threat is to be run by security consultancy Advent IM at the company’s Training Centre near the M5, Birmingham on 7 December.

With many years’ experience in senior level consulting, training and mentoring, the seminar will be delivered by Advent IM’s managing director Mike Gillespie, who’s also director of cyber strategy and research for The Security Institute. As a director, Gillespie understands the place of senior leadership in cyber resilience and risk management.

The seminar is designed to promote and enhance understanding of the organisational threats that Boardrooms need to factor into resilience strategies. Attendees will also have first access to places on the forthcoming training course, again exclusively for senior leaders and the C-Suite, which will start in March 2017.

cybersecuritychallengeuk

Gillespie informed Risk UK: “The cyber threat landscape is high on the agenda of all Boardrooms. Many businesses have felt the impact of cyber attack, either directly or through supply chain partners. No size of business is immune and no kind of service spared the attackers’ attentions, with even hospitals being struck by ransomware.”

He added: “Recent research suggests that 82% of businesses say security is a CEO or Board-level concern, with two-thirds suggesting that they’re increasing cyber security spend. The additional spend is great, but without leadership and solid strategy it may not achieve anything near its potential, and cyber risk may not be reduced. We absolutely have to make sure Boardrooms are well briefed and understand how to go about effective cyber risk management.”

*Details of the seminar and how to book can be found at: http://www.advent-im.co.uk/breakfast-seminar-7th-december-cyber-security-awareness-for-business-leaders/. Alternatively, telephone 0121 559 6699 or 0207 100 1124 or send an e-mail to: bestpractice@advent-im.co.uk

Leave a comment

Filed under Risk UK News, Uncategorized

“‘Clean’ Microsoft Office documents deliver cyber threat” warns Bitdefender

Bitdefender, the anti-virus solutions specialist, is warning Microsoft Office users about the emergence of a new spam campaign that’s looking to trick anti-spam filters in order to allow spam to pass freely into mailboxes. The campaign’s success is elevated due to the attachment of what appears to be a ‘clean’ Microsoft document alongside the spam e-mails.

“For a few days, cyber criminals have been sending targeted e-mails to management departments,” explained Catalin Cosoi, chief security strategist at Bitdefender. “The e-mails look like a tax return, a remittance or some kind of bill from a bank and carry a Microsoft Word or Excel attachment. If you’ve recently received an odd tax return or a similar request via e-mail then you may not want to open the file.”

The e-mail isn’t stopped by anti-spam filters because the file itself is clean. The trap lies in the use of macros within the document. Those lines of code, adopted in Microsoft Office, are generally used to create formulas or a repetitive task, but they can also interact with the whole Windows environment and have an impact on an entire system.

A new cyber campaign is designed to trick anti-spam filters such that they allow spam communications to access mailboxes

A new cyber campaign is designed to trick anti-spam filters such that they allow spam communications to access mailboxes

The code in these ‘clean’ documents is a command for the victim’s computer to download a piece of malware from a remote server that will execute automatically, with the macro code disguised to bypass traditional anti-viruses.

Cosoi continued: “The malware on the remote server is either a ransomware or an industrial espionage tool. Both are as dangerous as they look. The effect of the ransomware is immediate as it can encrypt a company’s important files and ask for a ransom. The espionage tool can be even more vicious depending on what kind of files it’s able to access.”

In order to prevent the threat, a company’s network needs security from end to end. There cannot be any reliance on a single defence.

Bitdefender recommends using an anti-virus solution that proactively protects against threats in order to block the danger before it even has the opportunity to send a command – in this case, to prevent the macro from downloading the malware.

Leave a comment

Filed under Risk UK News

CSARN Blog: ‘CryptoLocker ransomware demonstrates criminal innovation’

City Security and Resilience Networks has produced an excellent commentary on CryptoLocker, the latest sophisticated strain of ransomware.

This period has seen the widespread emergence of a sophisticated strain of ransomware called CryptoLocker.

Having infected a computer, invariably via a phishing vector, the malware connects to a command and control server to generate a 2,048 bit RSA cryptographic key (sufficiently complex to deter any attempt to crack it) to encrypt the victim’s files.

The program then demands a ransom of $300 USD via Green Dot MoneyPak pre-paid credit cards or 2 Bitcoins (currently worth around $1,000 US) to decrypt the files. If payment by these anonymised means is not made before the expiration of a 96-hour countdown timer, the victim’s files are permanently encrypted.

In more recent versions of the malware, victims can instead choose to extend this deadline, albeit at vastly inflated prices.

Encryption can also spread to flash drives through private networks, and onto cloud-based storage providers.

CryptoLocker ransomware demonstrates criminal innovation

CryptoLocker ransomware demonstrates criminal innovation

Focus on small businesses

The malware operates on all versions of Windows and appears to be focused on small businesses, presumably on the basis of the combination of data dependence and comparatively weak security practices.

Infections have been most prevalent in the US, with a Massachusetts Police Department reportedly among victims opting to pay the ransom.

In the UK, the newly-formed National Crime Agency has warned that “tens of millions” of malicious e-mails containing the ransomware have been distributed to PC users, though there is currently no evidence of infection on this scale.

Considering current propagation methods, the simplest means of preventing infection is enhanced vigilance to phishing e-mails which feature attachments containing the malware. To date, popular variants have included a document circulated within companies claiming to be a payroll report, designed to pique an employee’s interest, and a document claiming to be parcel tracking information from UPS or FedEx (an approach with particular current appeal due to the upsurge in home deliveries associated with increased online shopping in the run-up to Christmas).

Less common vectors include the exploitation of a vulnerability in Java, and the automatic infection of computers that are part of the Zeus banking Trojan botnet.

Besides user awareness, popular free anti-virus programs such as Avast and MalwareBytes may assist in the detection of such attacks, while CryptoPrevent is specifically designed to prevent infections from this form malware.

Mitigating the worst effects

Though prevention an initial infection is the only guaranteed means of avoiding encryption, some other techniques can help users mitigate the worst effects of the ransomware.

The Windows feature ShadowExplorer allows victims to access previous versions of files. Despite claims to the contrary from the creators, adjusting the time on a PC’s BIOS (Basic Input/Output System, the program used by the operating system to communicate with the hardware on start-up) can buy victims more time.

However, such techniques may be rendered ineffective by future modifications to the ransomware. The creator’s continued financial interest in the ‘integrity’ of the transaction invariably means that payment remains the surest method of regaining access to encrypted files, although there have also been reports of some users’ files corrupting in the decryption process.

While the perpetrators’ sophisticated command and control and payment techniques have helped to maintain their anonymity, evidence that multiple groups are running the ransomware, combined with the program’s use of broken English (“most cheap option” and “nobody and never will be able to restore files”) suggest the possible involvement of Russian criminal gangs, which remain among the world’s leaders in this field.

The ability to constantly adapt has been a significant factor in the success of CryptoLocker. The creators appear to have been monitoring computer security forums for victim ‘feedback’ in order to increase their revenues. This has led to modifications such as the addition of a desktop item to ‘reinstall’ the malware if a victim’s anti-virus software removes their ability to pay after encryption has occurred.

Although current estimates suggest only 3% of the victims opt to pay the ransom, further adjustments and reinvestment of this revenue may increase the attractiveness of this option in the coming period. Accordingly, the authors may increasingly seek to employ alternative methods of infection, such as spear-phishing (highly tailored) attacks with higher ransoms or watering hole attacks, which involve the infection of a trusted third-party website.

This latest strain of ransomware also represents the continuing evolution of the form of malware from relatively unsophisticated ‘Ransomlock’ Trojans which act simply to freeze a user’s interface pending a ransom payment. The increasing success of such tactics despite the currently simplistic means of infection reinforce the need for effective basic security measures.

In addition to the steps above, readers are advised to ensure valuable documents are backed up in secure locations on a regular basis to minimise the impact in the event of such a breach.

Access the CSARN website

Leave a comment

Filed under IFSECGlobal.com News