The latest annual threat report from the National Cyber Security Centre (NCSC) indicates a concerning rise in cyber-attacks against UK businesses over the past 18 months.
The report, published in partnership with the National Crime Agency (NCA), charts the rise of ransomware, highlights the growing number of large-scale data breaches and emphasises the importance of cloud and supply chain security.
The proliferation of cyber threats
Between October 2016 and the end of 2017, the NCSC recorded 34 ‘significant’ cyber-attacks – defined as those of sufficient size to require a cross-government response. It also recorded 762 ‘less serious incidents’, many of which were confined to single organisations.
Though the report does not break down these numbers, it does state that attacks launched by criminal adversaries and nation states are becoming increasingly hard to differentiate, making response efforts more difficult. It also predicts that, with increasing digitisation and new sophisticated attack methods, the number of attacks in 2018 is likely to grow further.
As the volume of attacks rises, so too do associated costs. The report notes that costs not only arise directly, as a result of damage, but also though remediation and recovery, reputational damage and regulatory fines.
“The last year has seen no deceleration in the tempo and volume of cyber incidents, as attackers devise new ways to harm businesses and citizens around the globe.”
Ciaran Martin, NCSC
Ransomware, DDoS and cryptojacking
The NCSC report states that 2017 will be remembered as ‘the year of ransomware’. Indeed, the sheer scale of WannaCry, affecting 300,000 devices across 150 countries, stole the headlines and catapulted ransomware into the public eye. Worms, the malware used to rapidly infect multiple systems with ransomware, continue to be used by attackers to exploit common vulnerabilities.
Distributed Denial of Service (DDoS) attacks have continued to wreak havoc, with figures quoted in the report indicating a 91% increase between Q1 and Q3 2017. Ransom DDoS attacks, where attackers threaten to perform a DDoS attack unless a ransom is paid, have also seen a rise.
The rise of cryptocurrencies such as Bitcoin has afforded cybercriminals a layer of anonymity and has also spawned a new type of attack – cryptojacking – where malware is secretly installed onto unsuspecting hosts in order to harnesses computer processing for cryptomining. In February 2018, over 4,000 websites, including 600 in the UK, were seen to be facilitating cryptojacking through a compromised screen reader plugin.
Supply chain, IoT and cloud security risks
2017 also saw an increase in the number of cybercriminals turning to the supply chain in order to compromise larger businesses. Even organisations with robust security controls in place have found themselves exposed by weaknesses from third party suppliers, contractors, and software vendors.
Business email compromise (BEC) – targeted phishing attacks – proved a constant menace across all industries, their low cost and high return rate making them an increasingly popular attack method. Between 2014 and 2017, cybercriminals made $5.3 billion from BEC scams, and global losses from BEC scams are projected to exceed $9 billion in 2018.
The number of internet-connected devices is multiplying at an unprecedented rate, with Gartner estimating a global total of 11.2 billion. The Internet of Things (IoT) will provide attackers with a huge range of potential attack vectors, particularly when considering the lack of basic security provisions on many devices. Most IoT attacks are DDoS-based, but many more attack methods are likely to be developed and used in 2018.
The rise in the number of organisations utilising cloud services is likely to create opportunities for cybercriminals, with the report stating that only 40% of all data stored in the cloud is secured. Organisations that store sensitive information in unsecured cloud environments and fail to stipulate how and where data is processed could be leaving themselves open to compromise.
Reasons for optimism
While the report may prove a concerning read for many businesses, it is important to note that many of the threats highlighted by the NCSC and NSA, use rudimentary techniques and can be avoided or mitigated through the implementation of basic security controls.
Each section of the report provides a list of recommendations to help organisations mitigate cyber risk by protecting their network, endpoints and information.
By deploying critical patches as soon as possible, investing in robust perimeter security systems, performing regular penetration testing and implementing policies on authentication, privileging, password control and application whitelisting, organisations can significantly reduce the risk of falling victim to ransomware, DDoS and many other common threats.
To minimise the risk of supply chain compromise, businesses should look to work with organisations certified through the NCSC’s Cyber Essentials scheme, which promotes a baseline level of cyber security.
Finally, to help combat the risk of data breaches, the NCSC also recommends that organisations look to implement a practical monitoring and alerting service. This will help to facilitate the early detection of advanced threats that breach the security perimeter.
How Redscan can help
Redscan is an award-winning provider of managed security services. As a CREST-approved provider of penetration testing and an IASME-accredited Cyber Essentials certification body, Redscan is well placed to assist organisations in the implementation of the NCSC’s recommendations.
ThreatDetect™, our flagship service, performs 24/7 network and endpoint monitoring. Acting as an extension of in-house resources, ThreatDetect’s Cyber Security Operations Centre analysts, engineers and researchers utilise the latest technology and intelligence to rapidly detect and respond to threats and breaches.