Janet Broadband Policy Watch

Last updated: 
2 weeks 4 days ago
Blog Manager
Log in to request membershipHide blog description
This blog monitors and reports on broadband policy and marketplace developments in the UK, Europe and worldwide that are likely to be of interest to the Janet community. Posts here may also reference my Broadband Policy Watch blog and you can also find me on Twitter.

Group administrators:

Recent members:

Cyber security research and analysis April 2017

Thursday, April 27, 2017 - 16:43

The Department for Culture, Media and Sport (DCMS) published the Cyber Security Breaches Survey 2017: nearly half of all UK businesses suffered at least one cyber breach or attack in the past 12 months. This rises to two-thirds among medium and large firms. Three quarters of UK businesses say that cyber security is a high priority for their senior management, with three in ten saying it is a very high priority. Three in five businesses have sought information, advice or guidance on the cyber security threats facing their organisations over the past year. While half of all firms have enacted basic technical controls across the five areas laid out under the Government’s Cyber Essentials scheme, a sizable proportion of businesses still do not have basic protections or have not formalised their approaches to cyber security. The most common types of breaches relate to staff receiving fraudulent emails, highlighting the importance of staff vigilance and awareness as well as technical measures. The average business now faces costs of £1,570 as a result of breaches, this rises to £19,600 for the average large firm.

The British Chambers of Commerce (BCC) published findings from a survey of more than 1,200 businesses across the UK showing that one in five businesses have fallen victim to cyber-attacks in the past year. Again, big businesses were much more likely to be the victims of attacks; 21% of businesses believe the threat of cyber-crime is preventing their company from growing.

The National Cyber Security Centre (NCSC) published a new report on understanding online criminal activity: the Internet is a major enabler for organised criminal group (OCG) activity, as “hacking individuals, SMEs and large organisations is a relatively low-cost, low-risk proposition”. The most common way to infect computers with data stealing malware remains via emails containing malicious links or attachments. Other common methods include visiting genuine websites that have been compromised with malicious code or adverts that redirect to a malicious server (malvertising).

The National Crime Agency published research investigating how and why young people become involved in cyber crime, particularly in relation to how individuals who are unlikely to commit more traditional offences get involved. Financial gain is not necessarily a priority for young offenders, instead, the sense of accomplishment, the opportunity to prove oneself to peers and to increase online reputation are the main motivations. The ready availability of hacking tools ensures the barrier to entry is low and there is no socio-economic bias to offenders, who tend to be significantly younger than perpetrators of traditional crimes. Education, mentoring and providing opportunities to use skills positively are key to steering individuals away from criminal activity towards a future career in cyber security.

Verizon’s 2017 Data Breach Investigations Report analysed nearly 2,000 breaches, with organised criminal groups (OCGs) escalating their use of ransomware by 50 per cent over the previous year. Twenty-four per cent of breaches affected financial organisations, 15 per cent involved healthcare organisations and 12 per cent public sector entities. Sixty-six per cent of malware was installed via malicious email attachments. In the education sector over half of breaches involved the compromise and disclosure of stored personal information of both students and employees, while a little over a quarter resulted in the disclosure of intellectual property. Verizon also recorded more breaches involving social and malware attacks compared to the previous year, with phishing via email the most prevalent variety of social attacks, while use of stolen credentials against web applications was the dominant hacking tactic. DDoS attacks remained a significant threat to educational institutions, representing half of all security incidents.

Symantec’s latest annual Internet Security Threat Report (ISTR) found that one in 131 emails contained a malicious link or attachment, the highest rate in five years. Malicious emails disguised as routine correspondence, such as invoices or delivery notifications, were the favoured means of spreading ransomware. The average ransom demand in 2016 was $1,077, up from $294 a year earlier. The number of new ransomware families uncovered during 2016 more than tripled to 101 and Symantec logged a 36 percent increase in ransomware infections. Other findings included that attackers have begun to change their tactics, making more use of operating system features, off-the-shelf tools and cloud services to compromise their victims. This is known as “living off the land”, using resources at hand to make attacks, rather than developing and using complex malware and exploit kits. Symantec also noted the emergence of attacks from Internet of Things (IoT) devices via the Mirai botnet; at times of peak activity, the average IoT device was attacked once every two minutes. Attacks on cloud services are also likely to increase in 2017 as more and more organisations make use of them.

Check Point reported a surge in exploit kit usage by cyber criminals worldwide. Exploit kits are designed to discover and exploit vulnerabilities on machines in order to download and execute further malicious code and have been in decline, however March 2017 saw the RIG exploit kit (which delivers exploits for Flash, Java, Silverlight and Internet Explorer) become the second most-used malware worldwide throughout the period. Check Point also reported a new strain of malware found on Google Play. “FalseGuide” was hidden in more than 40 guide apps for games; also see coverage from BBC News.

Malwarebytes published its Cybercrime tactics and techniques report for Q1 2017. The Cerber ransomware family had the most market share in the first quarter of 2017 and Malwarebytes predict that its use is unlikely to decline in coming months. Use of Locky ransomware has declined very significantly. Malwarebytes also noted new instances of Mac and Android malware and also the continued use of the RIG exploit kit.

The European Commission published a report of the Security and Privacy in the Internet of Things (IoT) workshop held on 13th January 2017. Participants were asked to come with, reflect and comment on concrete minimum baseline security and privacy principles to create a trusted IoT environment.

  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo