In 2017, the cybercrime landscape changed immeasurably after several high-profile attacks caused major disruption around the world.
In the UK, the WannaCrypt0r 2.0 ransomware attack (also known as WannaCry) brought the NHS to a standstill. A&E departments, outpatient centres and GP surgeries were forced to close in a desperate effort to stop the malicious software from spreading.
High profile cases can have the unintended effect of making small and medium-sized businesses believe that cybercrime isn’t something that will affect an organisation of their size. The way that cybercrime is reported in the media can incorrectly give the impression that it is only large organisations and government institutions that are targeted.
However, a Government report indicates that 45% of small businesses suffered cybersecurity attacks or breaches of some form in the last 12 months. In fact, it wasn’t just the NHS that was hit by the WannaCry attack. It is thought that over 300,000 computers at organisations of all sizes were affected in 145 different countries, proving that these attacks are indiscriminate and opportunistic. 1
Here is a quick guide to understanding the current cyber threats to business.
What is a ransomware attack?
Ransomware is a form of malware that locks users out of their computers, while demanding a ransom to regain access. The malware usually enters the system via email. This happens when unsuspecting users open emails sent to them by hackers and click on malicious links that release the virus onto their computer, before spreading to other computers in the network.
Once the ransomware is installed on the system, it spreads instantaneously, infecting all of an organisation’s unprotected data in a matter of moments. From a single employee’s machine, the virus can spread to every connected device, desktop, laptop, server and storage unit within a network. It then locks out the whole organisation from critical information, before demanding a ransom.
In many cases, the malware demands that the user quickly pays the ransom, either by providing a deadline after which all the data will be deleted or by increasing the price day by day. The criminals usually ask to be paid in Bitcoin, which is the cryptocurrency of choice for hackers, used because it makes the recipient of a payment untraceable.
Such aggressive behaviour can often scare organisations into payment. But this can make matters worse. First, it is fueling criminal activity and therefore encouraging criminals to carry out further attacks; second, in many cases, paying the ransom doesn’t unlock your data at all.
Major ransomware attacks in 2017
Ransomware attacks now make up 25% of all cyberattacks, with Ransomware-as-a- Service (RaaS) being sold widely on the dark web − a collection of websites and services that lie hidden from normal search engines like Google and require special software to access. This makes it easy for criminals who don’t have in-depth knowledge of its workings to get their hands on the technology and carry out attacks. If businesses remain unprotected and victims keep paying the ransom in a desperate panic to regain their files, hackers will continue to view ransomware as a viable way to cause disruption and make money.2
The WannaCry attack that infected as many as 40 hospitals and 24 NHS Trusts is the most high-profile example of a ransomware attack to hit the UK. In June, a similar attack, called the Petya virus, caused widespread damage globally, including shutting down the monitoring systems at the Chernobyl nuclear power plant. The Petya attack shows that WannaCry was not just a one-off and that we should expect more to come.
What other cybercrime threats exist?
Ransomware may be making all the headlines, but it isn’t the only threat that exists. Let’s take a quick look at other risks facing organisations.
The maxim that there is always someone in every organisation who will click on anything, often proves to be true. Phishing attacks revolve around an attempt to trick employees, usually via emails that appear to be from trusted sources, into giving away personal details such as passwords, credit card numbers, or downloading malicious files. Google, PayPal, Yahoo and Apple log-in pages are often impersonated to lure unsuspecting users into giving away passwords.
In the past, phishing was largely undertaken by cybercriminals to steal personal information. In recent years, it has become the most common way that hackers try to install viruses onto people’s computers, including the recent ransomware attacks.
Internal threats remain one of the largest causes of data breaches. Ranging from human error to rogue employees (often ex-employees), the consequences can be as costly as any other type of cybercrime. It can take the form of an ex-employee hacking back into the system using their old password and either corrupting and deleting the files themselves or leaking sensitive data to the public or, worse, to other cybercriminals on the black market.
The key to dealing with the risks associated with rogue employees is to adopt strict permissions management; and watch out for typical early warning signs from disgruntled employees. Very often they will make repeat verbal ‘warnings’ to colleagues about the amount they know about the company before taking action.
Distributed Denial of Service (DDoS) attacks also pose a threat to SMBs. A DDoS attack is a type of cyberattack that inundates websites with fake visitors to overwhelm servers to the point that they can no longer cope and shut down. These types of cyberattacks tend to be carried out largely by hacktivists, but also by government sponsored hackers and business competitors, who want to cause as much disruption as possible.
One survey of IT leaders found that a third of respondents (34%) encounter DDoS attacks on a weekly basis. The consequences can be severe, as customers can lose trust in your services if they lose access to them at critical times − 45% reported a loss in customer confidence after a DDoS attack.3
Synergy Technology can provide support and advice to help keep your business applications secure including business software support and software updating services, advice and services for cloud and secure desktop solutions, as well as further information on user training and business software options. Contact Synergy Technology on 0345 346 0050 for further information.