Cyber criminals are becoming ever more sophisticated, and security experts say they’re alarmed
Cisco has released its Midyear Cybersecurity Report for 2017, in which it warns that “our security experts are becoming increasingly concerned about the accelerating pace of change—and yes, sophistication—in the global cyber threat landscape”.
“The breadth and depth of recent ransomware attacks alone demonstrate how adept adversaries are at exploiting security gaps and vulnerabilities across devices and networks for maximum impact.”
Small and medium businesses in Australia got off relatively lightly during the May WannaCry global ransomware attack, but in the UK, pharmacies had to scramble to help patients and manage emergency medicine supplies as GP surgeries became crippled.
In June, another attack found a target at MSD’s offices, which went down for about a week.
Now, Cisco warns of emerging threats in the world of cyber crime: while revenue generation is still usually the main objective, some criminals can lock systems and destroy data as part of their attack process.
“Our researchers see this more sinister activity as a precursor to a new and devastating type of attack that is likely to emerge in the near future: destruction of service,” the company says.
“Within the past year, we have also observed adversaries employing Internet of Things (IoT) devices in DDOS attacks. Botnet activity in the IoT space suggests some operators may be focused on laying the foundation for a wide -reaching, high-impact attack that could potentially disrupt the Internet itself.”
And the humble email may be a weak point for many businesses, Cisco says.
“Ransomware has been drawing much of the attention in the security world lately. However, a threat that’s not nearly as high-profile is raking in far more for its creators than ransomware: Business email compromise, or BEC,” the report says.
“The risk intelligence provider Flashpoint, a Cisco partner, has studied the BEC problem and has determined that it’s currently the most lucrative and profitable method to extract large amounts of money from a business.
“It’s a deceptively easy attack vector that relies on social engineering to trigger the theft.”
Basic BEC attacks involve an email, sometimes designed to appear to be from a colleague, delivered to financial employees who can send funds by transfer.
“The email may appear to be from the CEO or another top executive, asking the recipient to send a wire payment to a supposed business associate or to pay a vendor. The message may express some urgency to compel the recipient to send the money, which typically ends up in foreign and domestic bank accounts owned by cybercriminals.”
While such attacks are generally aimed at big targets, these can usually bypass all but the most sophisticated threat defense tools simply because they don’t contain malware or suspect links.
Cisco also says that spyware which masquerades as potentially unwanted applications (PUAs) is often underestimated or dismissed completely.
“However, spyware can steal user and company information, weaken the security posture of devices, and increase malware infections.
“Spyware infections are also rampant. Cisco threat researchers studied three select spyware families and found that they were present in 20% of the 300 companies in the sample.”
During the WannaCry crisis the Pharmacy Guild issued some advice to pharmacies which is available here.