Devastating ransomware attacks
Ransomware was a relatively unknown and not often thought about term outside of the cyber realm until the two recent world-wide attacks and the particularly crippling effects of this on the NHS. Ransomware as a cyber threat has proven it is a force to reckon with and one which only seems to get worse, taking down businesses every day.
One way many organisations attempt to protect themselves from these attacks is to have a solid backup of all vital files which is stored on another network. By having a backup in place in another location this avoids paying nasty ransoms to cyber criminals in order to release encrypted data. Unfortunately, in response to this, cybercriminals are targeting and encrypting backups also. Most current attempts are encrypting local backups, however there is evidence that these will soon include cloud backups too with some attackers even erasing the backup altogether.
It’s also predicted that cyber criminals will become even more ruthless in not releasing the files or even re-encrypting the data at some point down the line- even after they were paid!
It may sound cliché but always think before you click. Be consciously aware of click bait and use your common sense. If it sounds too good to be true, it probably is!
Always keep backups. External hard drives are particularly good places to store precious files and in the event of an attack, seriously consider whether it is worth paying up. By doing so be aware that you are contributing to the rise of such attacks.
An increase in Phishing
Many organisations are aware of cyber security threats and as a result are adopting effective strategies to evade malware such as anti-virus scanners etc. In reaction to this, attackers are increasing their use of phishing emails to steal credentials when hacking accounts. Cyber criminals are continuing to increase their attacks on social media and personal email accounts which bypass many network defences, like email scans and URL filters. What is most worrying is how manipulative attackers can be in targeting victims with enticing offers and malicious threats.
Phishing emails are not a new phenomenon, in fact we have a blog based on how to spot them. In particular, watch out for inconsistent behaviour from the sender. If something feels off about their communication, double check before responding or clicking on a link.
Internet of Things
IoT is an area of the cyber world which is relatively new and becoming increasingly more popular with many cool gadgets on the market offering sophisticated tech features. The range it seems is endless, from handy home appliances to security monitoring systems, to even more interactive kiddies’ toys. Devices that were not initially internet-enabled are now online and potentially open to attack.
Without the vigorous testing needed before launching these devices into the market, networks are becoming even more vulnerable. Hackers are now equipped with new entry points through which they can not only gain access to our networks, but can also intrude on our privacy by bugging and spying. Aside from the risks of attacks on consumer IoT devices, there is also a growing threat against industrial IoT as well. As many manufacturers and infrastructure providers transition to Industry 4.0, sufficient cyber protection strategies are critically lacking. Not only do these IoT devices provide ideal manipulation opportunities for hackers when launching attacks on others, but their security weaknesses render them open doorways to being used against industrial providers of critical infrastructure. This holds the potential to cause mass disruption or destruction of our critical infrastructure systems themselves.
The scale of these potential attacks could cause disruption like nothing we have ever witnessed before. What is perhaps even more of a cause for concern is that the majority of industrial firms do not have the necessary skills on board to deal with such web attacks in real-time. This is one of the greatest threats that corporations need to be prepared for in 2017 and coming years.
Denial of Service attacks get even bigger
Recent years have unveiled some of the most disruptive DDoS attacks on record. The DDoS attack against Domain Name System (DNS) provider Dyn last year took many major sites that use Dyn offline. This attack showcased just how severe an attack can be when hackers target a wide scale service provider as opposed to the end users. In future, we can anticipate that DDoS attacks will certainly increase in impact and frequency.
To mitigate the risk of such attacks wreaking havoc worldwide, DNS providers should increase their security measures.
Attack attempts on industrial control systems
Similar to IoT attacks, it’s only a matter of time until we see enormous industrial control system (ICS) attacks. The hardcore hackers are setting their sights on big targets such as electricity providers, tele-communications, dams, water treatment facilities and other vital infrastructure systems. All of these lie at a high likelihood of attack as the serious bad guys seek even bigger recognition. The disruption that will ensue on entire populations would be even more devastating than we have ever seen before as many organisations are powerless to the effects of such attacks.
Interested in protecting your organisation from these types of attacks? Contact our friendly staff to discuss what MetaCompliance can do to raise your employees’ cyber security awareness levels and mitigate the risks.