Cyber security update March 2017
Policy developments:
Minister for Digital and Culture Matt Hancock delivered a speech at the Institute of Directors (IoD) Cyber Security Conference, flagging the National Cyber Security Strategy, Digital Strategy and the launch of the National Cyber Security Centre as key pillars of the Government’s cyber security approach. The IoD published new research at the conference showing that businesses need to do much more to protect themselves from security risks and attacks (also see this related IoD guidance).
The Government announced there had been a good response to its cyber security apprenticeship scheme, with almost 1,250 people applying for 23 cyber security apprentice roles during the three-week application period. The apprenticeships in Critical National Infrastructure (CNI) scheme aims to help develop tomorrow’s online security professionals and tackle the risk of a future skills shortage.
The High Level Group of the European Commission's Scientific Advice Mechanism (SAM) published a new independent scientific opinion on Cybersecurity in the Digital Single Market. Recommendations include making systems more secure by avoiding 'backdoors' that bypass normal authentication processes and by using state of the art standards for encryption, strengthening Europe's cybersecurity industry and improving the coordination and sharing of information on cyber-incidents across Europe.
Research and analysis:
The National Crime Agency and National Cyber Security Centre warned that cyber attacks are becoming bolder and more aggressive than ever before, publishing the annual assessment of the biggest threats to UK business jointly for the first time. The report flags that criminals are imitating the way suspected nation state actors attack organisations such as financial institutions, and the risks posed by the ever-increasing number of connected Internet of Things (IoT) devices. It also urges businesses to report all cyber crime incidents to ensure the UK has an accurate intelligence picture.
The fraud prevention service Cifas reported that identity fraud has reached record levels: 172,919 identity frauds were recorded in 2016, more than in any other previous year, with identity fraud now representing over half of all fraud recorded. The number of victims under 21 years of age has risen by more than a third and harvesting information from social media sites is a key attack vector for fraudsters.
Verisign published its Q4 2016 Distributed Denial of Service (DDoS) Trends Report: overall, average peak attack sizes in 2016 were larger than in previous years. Verisign observed a 167 percent increase in average peak attack size (16.1 Gbit/s) — compared with 2015 (6.02 Gbit/s). The largest and highest intensity DDoS attack observed was a multi-vector attack, which peaked at over 125 Gbit/s and around 50 Million packets per second (Mpps). Eighty-six percent of the DDoS attacks mitigated by Verisign in Q4 2016 employed multiple attack types, with 65% employing three or more.
Phishlabs published its 2017 Phishing Trends & Intelligence Report: phishing is the top vector for cyber attacks, with phishing volumes growing by an average of more than 33% across the five most targeted industries. Phishlabs predict that cloud storage sites will likely overtake financial institutions as the top targets for phishing attacks. Ransomware attacks, the predominant type of malware being distributed via phishing, are now focusing on organisations such as healthcare, government, critical infrastructure, education and small businesses.
Malwarebytes published its Cybercrime Tactics and Techniques 2016 Wrap-Up Report: it expects ransomware to continue to dominate in 2017. The Kovter Trojan, exhibiting ad fraud behaviour, was the most prevalent non-ransomware Windows malware family observed not only during the end of 2016 but throughout most the year. Malwarebytes expects to observe an increase in exploit kit activity by the middle of 2017.
Nokia’s latest Threat Intelligence Report revealed a new all-time high in mobile device malware infections, a sharp increase in compromised smartphones and major Internet of Things (IoT) device security vulnerabilities. Malware struck 1.35% of all mobile devices in October 2016, the highest level seen since reporting started in 2012. Smartphones were the most-targeted devices in the second half of the year, accounting for 85% of all mobile device infections, with Android based devices continuing to be the primary targets.
The US Digital Citizens Alliance published research showing that cyber criminals are sharing millions of US higher education institutions’ emails and passwords on the Dark Web. The purpose of the research was to demonstrate the scale of the problem and the complexity large organizations face in trying to protect email users; the report acknowledges that higher education security teams have taken dramatic steps to protect their users and that universities have worked hard to educate their communities about how to protect themselves.
More on ransomware:
BBC News reported that the value of Bitcoin, the currency in which many ransomware demands are made, had topped the value of gold for the first time. The rise in value was attributed to surging demand in China, where authorities warned it is used to channel money out of the country.
Cyber Edge Group’s Cyberthreat Defence Report revealed that 61% of organisations were victims of ransomware attacks during 2016. Of those, over half managed to recover their data without paying the ransom, while a third paid to regain access. A further 13 percent of organisations opted not to give into ransom demands and lost their data.
New advice and guidance:
The European Union Agency for Network and Information Security (ENISA) published new guidance for digital service providers on incident reporting under EU cybersecurity laws, which are intended to ensure “a high common level of security of networks and information systems within the Union so as to improve the functioning of the internal market.” Also see commentary from Out-Law.
