A recent report by the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) (the "NCA Report") described the cyber-threat to UK business as "significant and growing". 65% of large UK firms detected a cyber security breach in the past year according to the government's Cyber Security Breaches Survey 2016 (the "Cyber Survey"). Against this background, cyber security combined with effective risk management, is a key priority for businesses in 2017.
The NCA Report can be accessed here.
The Cyber survey can be accessed here.
Three factors contribute to this increased threat of cyber-attacks. First, the Internet of Things (IoT) and the progression towards an ever increasing number of internet connected devices provides hackers with more attack vectors than ever before. Secondly, hackers are learning from each other and sharing their knowledge. Thirdly, the technical expertise required to carry out cyber-attacks is declining, as DDoS (distributed denial of service) and malware can easily be obtained on the dark web.
The Internet of Things and the rise of Botnets
As devices become increasingly internet-enabled and accessible, their security measures continue to lag behind. As we have seen with the recent CloudPets breach, many products have inadequate security software and are vulnerable to being accessed remotely.
Botnets are increasingly being used to mount DDoS attacks on insecure internet connected devices, such as webcams, digital video recorders (DVRs), CCTV and smart meters. The NCA Report refers to the fact that the Shodan search engine (a search engine that lets a user find specific types of computers that are connected to the internet) reveals more than 41,000 units of one insecure model of DVR were connected to the internet in January 2017.
The DDoS attack on Dyn in October 2016 provides an illustration of the widespread impact of these attacks. Multiple DDoS attacks targeted systems operated by Dyn causing major internet platforms and services to be unavailable to large numbers of users across Europe and North America. The attack affected a vast amount of services from Amazon and Twitter to Netflix and Spotify. It is believed the activities were executed through a botnet consisting of a number of internet connected devices which had been infected with the Mirai malware (the "Dyn Attack").
The significance of the Dyn Attack is that the hackers targeted part of the Internet's domain name infrastructure ("DNS"). DNS providers operate by translating human readable domain names into IP addresses, helping users find the websites they are looking for. The NCA Report highlights that that we should be prepared to see more such attacks, possibly on a larger scale, and potentially targeting website hosting and database servers.
Attacks on Industrial Connected Devices
Industrial connected devices are a prime target for attackers. Not only can they steal intellectual property or collect competitive intelligence but they can also disrupt critical infrastructure on a large scale.
An attack on Ukranian energy distribution companies in 2015 resulted in electricity outages for approximately 225,000 customers. This attack was achieved by spear-phishing emails with malicious Microsoft Word attachments containing BE3 malware. The malware was used to gain access to the business networks of the electricity supply companies and disconnect electricity substations. This exemplifies the very real impact cyber-attacks can have on industry on a large scale, and the NCA Report predicts that such attacks will increase in 2017.
A report published this month by Lloyd's, "Future Cities: Building Infrastructure Resilience", (the "Lloyds Report") highlights the rise of smart technology for city infrastructure and how critical economic and financial services rely on such technology. This presents the very real threat of cyber-terrorists targeting ICT systems to harm or shut down critical national infrastructures. Attacks of this kind can clearly have a devastating impact on local and global economies.
The Lloyds Report can be read here.
Cyber Extortion and Ransomware
The NCA Report also emphasises the changing nature of cybercrime and that it is becoming "more aggressive and confrontational". Extortion and ransom demands through DDoS attacks or following data theft are on the increase. Internet connected devices again provide an opportunity for hackers as ransomware can target devices containing personal data. The increasing proliferation of wearable technology including smart watches and fitness trackers all present opportunities in this regard.
In January of this year Lloyds Bank was subject to a ransom demand by hackers following DDoS attacks. Some bank customers experienced problems in accessing their online banking portals and outages continued to be reported by customers over two days. The Lloyds Bank website had been overwhelmed by millions of requests in the denial of service attack.
Ultimately the cyber threat to UK businesses is ever increasing, particularly as hackers develop new variants and methods with which to target businesses. Businesses need to regard cyber security as a priority and should have risk management strategies in place to prepare and rehearse for cyber and data breach incidents.