Last week, the National Cyber Security Centre published their annual review and our team at Hive Communications have analysed the 88-page document, to ensure that we are up to speed on the latest developments in cyber security which we can pass on to you.
In the first four months of 2021, the NCSC handled the same number of ransomware incidents as for the whole of 2020 – which was itself a number more than three times greater than in 2019.
Below is a break down of some of the key points from the latest NCSC review.
The Threat
Over the past year, it has been determined that the cyber threat to the UK and its allies has continued to grow. Cyber attacks throughout 2020-2021 have ranged from ransomware attacks against public and private organisations, to indiscriminate phishing scams and targeted hostile attacks against national infrastructure and government.
All these threatening cyber attacks have had real world impact. Data was compromised, life savings stolen, public services were disrupted including healthcare and food and energy supplies were also affected. The threats are said to have come from a wide range of actors and use an array of methods.
The impact of these attacks in the UK and around the world was stark: food supplies were affected, local fuel prices increased, citizens were denied access to public services, at-risk children’s details were lost and the costs to businesses and public funds ran into hundreds of millions of pounds. 39% of all UK businesses (that’s 2.3million) reported a cyber breach or attack in 2020/21, compounding an already difficult year for many SME’s.
Ransomware – the ever-evolving threat…
In the previous NCSC review, it was determined that the ransomware model has shifted. This means that not only does ransomware steal and hold data, it now threatens to publish it too, and has even become a ‘professional service’ whereby other criminals can pay a one-off payment to ‘buy’ the stolen data or share the profits of using an ‘off-the-shelf’ malware variant.
Unfortunately, this business model has become more and more successful. Cyber criminals are securing significant ransom payments from large businesses who cannot afford to lose their data to encryption or suffer the down time while their services are offline.
The National Cyber Security Centre has shockingly found that victims of these ransomware attacks are being offered a 24/7 ‘helpline’ to pay their ransom and enable them to quickly get back online. The criminals are making it as easy as possible to pay and move on.
Businesses can be detrimentally affected by ransomware attacks and not only is there the financial threat of a ransom payment, but there are also losses to consider when servers go down, phone lines stop working, files are encrypted, and everything comes to a halt.
How do cyber criminals perform ransomware attacks?
Organised crime groups spend time conducting in-depth reconnaissance on their targeted victims. They find and exploit any cyber security weaknesses. This could be in the form of spear phishing and spoofing to pose as an employee and gain access to internal networks. They hold important files hostage, which are identified as being critical to the business and may even find material that is sensitive and can be used to threaten employees, by claiming they will sell or leak to others. These criminals even go to the extent of checking the businesses insurance premiums to see if their insurance would cover the payment of ransoms. Although it may sound lengthy, it means that when their plan is ready to deploy, the effect of their ransomware on a business is brutal and has maximum intended effect.
The NCSC has identified many vulnerable areas which these cyber criminals exploit, however some of the most common include gaining access to networks via unpatched software and devices, vulnerabilities in Virtual Private Networks (VPN’s) which exploit those working from home, remote desktop protocol attacks (RDP’s) used by hackers by using data breaches, credential harvesting and sending phishing emails, gaining access to the victim’s environment.
How can you protect your business from ransomware attacks?
There are many services that business can use to protect themselves from ransomware or mitigate the impact of an attack. There are practical cyber security measures that business owners can take as well as taking advice and implementing defence measures, whilst also working with others to share information and best practice.
The NCSC has a service called the Cyber Security Information Sharing Partnership (CISP) which provides a secure forum where companies and government can collaborate on threat information. They provide regular sensitive threat reports which can be accessed here and is one of many tools available.
There is also a service called the Early Warning Service, designed to help organisations facing cyber attacks on their network. This includes training for staff and school staff and a range of Active Cyber Defence services such as Web Check which provides website configuration and vulnerability scanning services.
It’s not possible to be completely protected, but there are some deterrents and actions you can put in place to prepare or reduce the impact:
- Making regular backups and storing them away from your main business network – this way if your data becomes encrypted you have access to it to be able to restore your files.
- Installing antivirus software and ensuring it is updated regularly to ensure that detection and remediation is as effective as it can be
- Make sure your operating system and applications are updated regularly so that any security vulnerabilities have been patched
- Ensure users are not working on computer accounts with administrative privileges
How to report suspicious emails, websites and text messages
If you have received an email which you are not quite sure about, forward it to the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk.
If you have come across a website which you think may be fake and is trying to scam you, visit ncsc.gov.uk/section/about-this-website/report-scam-website and follow the instructions.
Phone providers allow you to report suspicious text messages for free using the shortcode 7726. If you forward a text, your provider can investigate the origin of the text and take action, if found to be malicious. If 7726 doesn’t work, you can find out how to report a text message by contacting your provider.
Our team at Hive Communications support businesses by helping to implement security measures and regular checks which can help to prevent cyber crime, whilst ensuring that your business communications are running smoothly. If you are concerned about cyber attacks and want to make sure your business is protected, get in touch with our friendly, expert team today by calling 01722 777999.