Data/Cyber

Cyber criminals increasingly deploying sophisticated malware as attack tools, warns report

in

BY Fraser Tennant

Cyber criminals across the globe are increasingly deploying sophisticated malware such as adware and ransomware to attack companies, warns a new report by Check Point Software Technologies Ltd.

In ‘Global Cyber Attack Trends 2017’, Check Point notes that the global cyber landscape in 2017 appears to have picked up where 2016 left off, with cyber threats emerging on a monthly basis that are increasingly sophisticated, featuring new capabilities and distribution methods.

Among the key trends identified in the report are: (i) nation-state cyber weapons are now in the hands of criminals; (ii) the line between adware and malware is fading, and mobile adware botnets are on the rise; (iii) macro-based downloaders continue to evolve; (iv) a new wave of mobile bankers has arrived on Google Play undetected to infect users; and (v) threat actors are continuing to sell new malware-as-a-service though several platforms, increasing the risk of data breaches.

Also highlighted in the report are today’s most prevalent examples of global malware and ransomware and the regions of the world which attackers target most often.

Acccording to the report: “2017 is shedding light on a new trend – simple, yet highly effective malware families are causing rapid destruction globally. The samples are distributed by unknown threat actors, yet wield high-end attack tools and techniques developed by elite nation-state actors. In addition, massive theft operations, such as the infamous Shadow Brokers leak of tools allegedly developed by the US National Security Agency (NSA), have led to some of the world’s most sophisticated malware ending up in the hands of unskilled attackers.”

Also analysed is the impact of the WannaCry and NotPetya ransomware which has affected public infrastructure as well as medical facilities around the world, with the report noting that many of these attacks could have been blocked had the proper security measures been in place.

“Even with WannaCry and NotPetya making global headlines, most organisations continue to rely on a strategy of detection and response after an attack has occurred as their primary means of defence,” continues the report. “Unfortunately, 99 percent of organisations still have not put in place the fundamental cyber security technologies available to prevent these types of attacks.”

To keep ahead of cyber threats, the report advises companies to stay alert and concludes: “To provide organisations with the best level of protection, security experts must be attuned to the ever-changing landscape and the latest threats and attack methods to keep their security posture at the highest standard.”

Report: Global Cyber Attack Trends 2017

Shortfall in private cyber defences

in

BY Richard Summerfield

Given the increasing sophistication of cyber criminals and the potential risks faced by companies that fall victim to attack, cyber security has become a hot topic in recent years. According to a new report from the President’s National Infrastructure Advisory Council (NIAC), however, cyber defences in the US are not currently fit for purpose.

The report, 'Securing Cyber Assets: Addressing Urgent Cyber Threats to Critical Infrastructure', was based on reviewing hundreds of previous studies plus interviews with 38 cyber experts, who were mostly in the financial services and electricity sectors.

The NIAC, which was created in the aftermath of the 11 September 2001 attacks in the US, is charged with the task of advising the Department of Homeland Security on the security of US critical infrastructure against any form of attack, be it physical or cyber based. It believes that cyber security provisions in the US are currently experiencing a pre-9/11 moment. According to the report, if more is not done to protect the country’s critical infrastructure, such as the financial system or electric grids in the US, both the government and private industries run the risk of missing a “narrow and fleeting window of opportunity before a watershed, 9/11-level cyber attack".

The report notes: “Cyber is the sole arena where private companies are the front line of defence in a nation-state attack on US infrastructure. When a cyber attack can deliver the same damage or consequences as a kinetic attack, it requires national leadership and close coordination of our collective resources, capabilities, and authorities."

The NIAC has proposed 11 specific recommendations to shore up the country’s cyber security defences. Chief among these is establishing specific network paths designated for the most critical networks, which would include dark fibre networks for critical control system traffic and reserved spectrum for backup communications during emergencies. The NIAC also recommended private organisations and government bodies improve their threat information sharing. In addition, the government should provide incentives for any hardware upgrades performed, as well as establish a centre of excellence which will showcase best-in-class tools across the industry and provide a test bed environment for companies to test and evaluate new software, among others.

“We believe the US government and private sector collectively have the tremendous cyber capabilities and resources needed to defend critical private systems from aggressive cyber attacks – provided they are properly organized, harnessed, and focused. Today, we’re falling short”, the report suggests.

Report: Securing Cyber Assets: Addressing Urgent Cyber Threats to Critical Infrastructure

Ransomware among top threat vectors – report

in

BY Richard Summerfield

The cyber security landscape is increasingly fraught with danger. Attacks such as the ‘WannaCry’ cryptoworm, have been headline news in recent months. According to the Cyber Threatscape Report 2017, produced by iDefense, part of Accenture Security, there will be a continuation escalation of the high profile attacks seen in the first half of 2017. As such, companies must be prepared to take action.

“The first six months of 2017 have seen an evolution of ransomware producing more viral variants unleashed by potential state-sponsored actors and cybercriminals. Our findings confirm that a new bar has been set for cybersecurity teams across all industries to defend their assets in the coming months,” said Josh Ray, managing director at Accenture Security. “While the occurrence of new cyber attack methods is not going away, there are immediate actions companies can take to better protect themselves against malicious ransomware and reduce the impact of security breaches.”

According to the report, cyber criminals are rapidly expanding their capabilities, due to factors such as the proliferation of affordable, customisable and accessible tools and exploits. Attack vectors, such as distributed denial of service-for-hire services are likely to become much more widespread as cyber criminals, both individual and state-sponsored, look for new ways to disrupt the landscape.

The report suggests that to improve cyber defences, companies should consider adopting an email analytics platform in the cloud, as well as authentication tools and spam filters. They should also update and test cyber resilience plans, and impose administration rights restrictions on local workstations to further reduce the potential impact of cyber criminality.

The study also found that cyber criminals have begun to use alternative cryptocurrencies or adopt bitcoin laundering schemes to conceal transactions. Furthermore, the report notes that state-sponsored threat actors may continue to conduct espionage activities in response to military exercises and economic sanctions.

Ensuring that adequate business continuity planning is in place is an important step organisations should take as cyber criminals become more ambitious. This requires companies to be proactive. By taking action to protect themselves against cyber attack, companies can reduce the impact of any breaches they suffer.

Report: Cyber Threatscape Report 2017

National exercise tests Singapore’s cyber attack resilience

in ,

BY Fraser Tennant

Against a backdrop of increasingly frequent, sophisticated and impactful cyber attacks, the Cyber Security Agency of Singapore (CSA) has carried out a large multi-sector exercise to test the robustness of the country’s cyber incident management and emergency response plans.

Code-named Cyber Star, the exercise tested 11 critical information infrastructure sectors (CII): government, infocomm, energy, aviation, maritime, land transport, healthcare, banking and finance, water, security and emergency and media.

Comprising of a series of scenario planning sessions, workshops and table-top discussions, exercise participants were tested on their incident management and remediation plans in response to simulated cyber security incidents, such as a malware infection or a large-scale distributed denial of services (DDoS) attack.

The Cyber Star exercise followed a similar exercise in May 2016 which covered the banking and finance, government, energy and infocomm sectors.

"This is a good opportunity for us to level-up our capability and make sure that we are ready as possible," said deputy prime minister Teo Chee Hean, who observed the exercise at CSA headquarters alongside more than 200 sector leaders and owners, including the Monetary Authority of Singapore, the Energy Market Authority and Singapore Airlines.

“With greater interconnectivity and proliferation of cyber threats, the ability of our critical sectors to respond promptly to attacks is vital,” said David Koh, chief executive of the CSA.

The exercise this week also coincides with a public consultation on a proposed Cybersecurity Bill, which was launched last week by the Ministry of Communications and Information (MCI) and the CSA. The proposed Bill seeks to establish a framework for the oversight and maintenance of national cyber security in Singapore and will empower CSA to carry out its functions. The Bill also aims to minimise cyber threats and ensure that the country can better deal with cyber attacks in future.

The Bill has four main objectives: (i) to provide a framework for the regulation of CII owners; (ii) to provide the CSA with powers to manage and respond to cyber security threats and incidents; (iii) to establish a framework for the sharing of cyber security information with and by CSA officers, and the protection of such information; and (iv) to introduce a lighter-touch licensing framework for the regulation of selected cyber security service providers.

The Cybersecurity Bill consultation runs from 10 July to 3 August 2017.

News: Singapore’s 11 critical sectors tested for first time in national cyber security exercise

More money, more problems

in

BY Richard Summerfield

Barely a week goes by without a major cyber attack making global headlines. Indeed, in recent weeks, the ‘WannaCry’ and ‘Petya’ ransomware attacks have caused chaos across a spectrum of organisations the world over. And, although many companies are beginning to respond to the threat, often the response is misguided, according to a new report from KPMG and BT.

The report, 'Securing the digital enterprise: The cyber security journey – from denial to opportunity', notes that too many companies are treating cyber security as a siloed issue, which can be dealt with simply by “throwing money” at the problem. While companies must ensure they have, for example, adequate and updated firewalls and antivirus protection, it is equally as important to pool shared resources and treat cyber security as a conventional operational risk issue. This requires greater ‘buy-in’ on cyber issues from the board and a better integration of cyber issues into overall business strategy.

David Ferbrache, Technical Director in KPMG’s cyber security practice, said: “The recent spate of cyber-attacks is keeping cyber risk at the top of the business agenda, and as such investments are being made. The business community needs to avoid knee-jerk reactions as cyber security is a journey – not a one size fits all issue, and getting the basics like patching and back-ups right matters. It’s important to build a security culture, raise awareness amongst staff, and remember that security needs to enable business, not prevent it.”

There must be a better acknowledgement, at board level, of the threat posed by cyber attacks. As such, organisations must have the right security provisions in place. These include, companies making sure they know where they are on their journey to cyber security, which, according to the report, involves five key stages: denial, worry, false confidence, hard lessons and true leadership.

Mark Hughes, CEO of BT Security, said: “The global scale of the recent ransomware attacks showed the astonishing speed at which even the most unsophisticated of attacks can spread around the world. Many organisations could have avoided these attacks by maintaining better standards of cyber hygiene and getting the basics right. These global incidents remind us that every business today - from the smallest sole trader through to SMEs and large multinational corporations - needs to get to grips with managing the security of their IT estate, as well as their people and processes.”

Report: Securing the digital enterprise - The cyber security journey – from denial to opportunity

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.