Octree Observer

  • Firms that didn’t patch and enabled local admin rights continue to suffer post cyber-attack

    by : Octree

    Just because a malware outbreak has begun to fade away from the newspaper headlines, doesn’t mean your troubles are over. Many firms can continue to suffer long afterwards.

    Here’s a salutary reminder for all businesses, my thanks to Graham Cluley.

    Just because a malware outbreak has begun to fade away from the newspaper headlines, doesn’t mean your troubles are over. Many firms can continue to suffer long afterwards.

    In late June, a malware attack crippled businesses and critical infrastructure in Ukraine at astonishing speed. Initially suspected of being a similar ransomware attack to the WannaCry outbreak seen the month before, the malware (variously named as Petya, NotPetya or GoldenEye by security vendors) appears to have been launched through a malicious automatic update to a popular Ukrainian accounting software tool called MeDoc.

    We tell companies all the time to keep their software updated with the latest available patches, and yet here was an update which actually delivered a devastating malware attack. The irony isn’t lost on anybody.

    Once in place on an infected PC, the malware would spread to other networked computers, using a variety of lateral movement techniques.

    And it didn’t take long for GoldenEye to spread beyond Ukraine’s borders, hitting the of offices of multinational companies in the United States, UK, Russia, France, Germany and elsewhere.
  • Government to encourage wider adoption of Cyber Essentials scheme

    by : Octree

    The government has said it will be pushing for more companies to gain certification to the Cyber Essentials scheme. The scheme is backed by the government and contains five key controls that, when implemented correctly, can prevent the majority of cyber-attacks.

    Matt Hancock, the Minister for Digital and Culture, was speaking at the Cyber Security Summit at the Institute of Directors in London in March.

    “Numbers are really starting to grow,” he said. “Already, we’ve awarded more than 6,000 certificates to date, with the numbers more than tripling in the past year.”

    According to Hancock, this growth proves that Cyber Essentials is “an effective tool which can be built on to achieve greater security in our organisations”.

    The government already requires all of its suppliers that handle sensitive data to hold a Cyber Essentials certificate, but Hancock said that it will now be “strengthening this requirement to ensure even more of our contractors take up the scheme”.

    Hancock was also quick to highlight the existing and growing cyber threats: “We know the scale of the threat is significant: one in three small firms, and 65% of large businesses are known to have, experienced a cyber breach or attack in the past year. Of those large firms breached, a quarter were known to have been attacked at least once per month.

    It’s absolutely crucial UK industry is protected against this threat - because our economy is a digital economy. Over 95% of businesses are have internet access. Over 60% of employees use computers at work. The internet is used daily by over 80% of adults - and four out of five people in the UK bought something online in the past year. And we know the costs of a successful attack can be huge. My message today is clear: if you’re not concentrating on cyber, you are courting chaos and catering to criminals.”

    Securing organisations’ supply chains

    This announcement signals a growing shift in the importance and authority of the Cyber Essentials scheme. In addition to the government’s requirement for suppliers to be certified, many organisations will feel the pressure to achieve certification.

    For instance, larger companies, especially FTSE 100 companies, will need to certify in order to secure their supply chain, and small and medium-sized enterprises (SMEs) will need to certify in order to work with larger buyers.
  • UK SMEs not educating staff on the risks of cyber-security

    by : Octree

    CFC Underwriting finds that 38 percent of its claims in 2016 could have been avoided if better education and training processes were in place.

    Once again, I really wanted to share this article from Roi Perez, Community Manager at SC Magazine, highlighting the increasing need for security awareness training within businesses, to reduce the threat of email and web borne malware (primarily ransomware).

    New research from specialist cyber-insurance provider CFC Underwriting reveals that over a quarter of UK-based SMEs (27 percent) are still failing to educate and train their staff on the threat of a cyber-attack.

    Phishing scams caused 38 percent of CFC's claims in 2016, meaning that they could arguably have been avoided if staff were trained properly.

    Over a quarter of SMEs (26 percent) say that they do not train and educate their staff on the threat of cyber-security because they are “not sure where to start”. This could be the result of not understanding their cyber-risk profile, with 20 percent of SMEs never assessing the business exposure to cyber-risk.

    CFC saw a 78 percent rise in cyber claims from 2015 to 2016, with 90 percent of claims by volume coming from businesses with less than £50 million in revenue, highlighting just how vulnerable SMEs are to relatively unsophisticated cyber-attacks.

    When SMEs were asked what poses the biggest threat to their business, cyber-crime came in second, topped only by Brexit. Nearly a third (31 percent) of IT companies report cyber-crime to be the main threat, followed by 25 percent in the manufacturing sector. By comparison, just eight percent overall are concerned about traditional crime. Despite these worries, 80 percent of SMEs still do not buy cyber-insurance.
  • Ransomware-as-a-Service is Booming: Here's What You Need to Know

    by : Octree

    Taking a page from the software-as-a-service playbook, ransomware-as-a-service (RaaS) is giving even novice cyber-criminals the ability to launch sophisticated — and profitable — attacks.

    My thanks to the colleagues at Barkly for this somewhat disturbing article, which I thought I would share with you all.

    Ransomware is certainly nothing new in the cybersecurity business, with the first instances cropping up in Russia more than a decade ago. But, the rise of the RaaS distribution model is giving would-be criminals an extremely easy way to launch a cyber-extortion business with virtually no technical expertise required, flooding the market with new ransomware strains in the process.

    In fact, the growth in RaaS platforms on the Dark Web is likely one of the primary drivers behind the huge spike in ransomware attacks over the last year. Network security provider SonicWall reports a staggering total of 638 million attacks over the course of 2016, more than 167x the number of attacks they registered in 2015.

    Other reports indicate nearly half of businesses fell victim to some cyber-ransom campaign last year. At the same time, the number of new ransomware families surged 752 percent, costing businesses $1 billion worldwide.

    What makes RaaS such a threat? It’s the simple, franchise-like deployment model. Instead of writing their own malicious code, aspiring cyber-criminals can now log in to their RaaS portal of choice, configure their deployment, and instantly distribute the malware to unwitting victims. Some RaaS providers even advertise their products in hacking forums, offering customizations and other enticements to drive subscriptions.

    To help you get a better handle on the RaaS threat, let’s dive into some specific FAQs.
  • Alert: New Wave of Ransomware is Bypassing Security

    by : Octree

    Your traditional anti-virus solution is defenseless to this attack!!!

    My thanks to Jonathan Crowe from Barkly for this article. Illuminating and very, very worrying. You really need to act now.

    Key details:
    • Type of attack: Ransomware hidden in NSIS installer files
    • Attack vector: Email
    • Damage: As of yet unknown, but researchers have spotted a major uptick in infections beginning in December

    A new slew of ransomware campaigns are infecting companies thanks to an improved method of avoiding detection — hiding malicious code deep within NSIS installers.

    According to researchers at Microsoft, adoption of the technique appears to be widespread, with Cerber, Locky, and other popular ransomware families all getting in on the act in
    "a collective move by attackers to once again dodge AV detection."

    Beginning last December, the volume of these attacks has experienced a significant uptick, putting more and more companies at risk.

  • What are Your Chances of Suffering a Ransomware Attack — Really?

    by : Octree

    Ransomware has quickly become a top security concern, but does the risk actually merit the hype?

    A big thanks to Jonathan Crowe of Barkly for once again highlighting the growing phenomenon of ransomware. I have witnessed it first hand – it is dangerous and widespread.

    Earlier this month, a post appeared on the Spiceworks IT Community titled, "Have we just been lucky?"

    The question was referring to the fact that, despite all the headlines and widespread attention ransomware has been getting, the poster had yet to experience an infection first-hand. Curious as to whether that might be attributed to the protection they had in place or sheer dumb luck, the poster turned to the Spiceworks community to get more perspectives.

    Were others experiencing ransomware attacks? Was not having experienced an attack really that unique? Was it only a matter of time before their luck ran out?

    Responses to the question varied (they're really worth reading in full). Some IT pros acknowledged they hadn't been hit yet, either, while others reported their organizations had been hit multiple times. The general consensus, however, was that (as with all things security) the best approach was to prepare as if it weren't a matter of IF an attack would happen, but WHEN.

    Especially as long as attacks target the one vulnerability that's never fully under your control — your users.

    Looking beyond the initial "better safe than sorry" lesson, however, I thought this post also tiptoed close to asking another very interesting and valid question:

    How can you determine your risk for ransomware? What are the odds of you suffering an attack?

    1 December 2016 0 Comments Cybercrime
  • Financial, Legal and Public Sector most likely cybercrime targets, but not exclusively!

    by : Octree

    Research shows the most likely victims of attack however do not be fooled into thinking you’re immune.

    As a cyber-security specialist I was recently asked to speak at the UK200Group Annual Conference in Southampton, the UK’s leading association of independent chartered accountants and law firms, representing more than 150,000 UK SMEs.

    I am acutely aware that the financial, legal and public sectors currently attract the most cyber-criminal attention, and for very good reason. However, it would be foolish to believe that those operating in any other vertical are any less susceptible to data breaches. On the contrary, without adopting a pragmatic approach to cyber security it really is a case of when you are compromised, not if.

    The most significant threats today include:

    ransomware - malware that encrypts and threatens to destroy, permanently remove access to, or publicly post data unless a victim makes payment, often increasing as time elapses.

    Phishing and Whaling (AKA CEO Fraud) - A malicious attempt to acquire sensitive information by masquerading as a trustworthy source via email, text, pop-up message, or to coerce an employee into making a money transfer.

    Exploitation of software vulnerabilities - Flaws, glitches, or weaknesses discovered in software.

    And, of course. the insider threat, whether malicious or accidental, which according to research may account for more than 50% of all reported data breaches.
    30 November 2016 0 Comments Cybercrime
  • 26% of British businesses 'have no protection against cyber attacks'

    by : Octree

    Although businesses understand the importance of digital innovation, they aren't prepared for the challenges

    Almost a third of UK businesses are not sufficiently prepared against a cyber attack, research by software and services provider Advanced has revealed.

    Additionally, 46% of companies don't view data security as a priority when deciding which systems and software to adopt when furthering their digital presence.

    “Digital innovation presents a huge opportunity for companies and our economy, but it also goes hand in hand with a need for greater emphasis on cyber security," Tom Thackray, CBI Director for Innovation, said.

    "Cyber resilience is a growing priority for all businesses, and the challenge now is to move from awareness to action. It’s important that businesses in all sectors – from manufacturing to retail – truly understand digital technology’s potential, from the boardroom to the shop or factory floor."

    Advanced questioned more than 1000 professionals across UK businesses in a range of sectors about how ready they were if a cyber attack struck and how their attitude has changed since it was decided the UK would exit the EU.
  • In June, the FBI released stats that showed “business email compromise” (BEC) scams cost businesses $3.1 billion dollars.

    by : Octree

    Also known as CEO Fraud, Whaling, Spear Phishing this threat targets every size business, primarily because of its ease of perpetration.

    Even more troubling, the FBI warned that BEC scams, also known as “CEO fraud” or “Man-in-the-Email” scams, would likely “continue to grow, evolve, and target businesses of all sizes.” The Bureau also mentioned that they’ve seen a 1,300% increase in business email compromise attacks since January 2015.

    What Are Business Email Compromise Attacks?

    A BEC is a form of phishing attack where a cyber criminal impersonates an executive (often the CEO), and attempts to get an employee, customer, or vendor to transfer funds or sensitive information to the phisher.

    Unlike traditional phishing attacks, which target a large number of individuals across a company, BEC attacks are highly focused. Cyber criminals will scrape compromised email inboxes, study recent company news, and research employees on social media sites in order to make these email attacks look as convincing as possible. This high level of targeting helps these email scams to slip through spam filters and evade email whitelisting campaigns. It can also make it much, much harder for employees to recognize the email is not legitimate.

    What Does a BEC Attack Look Like?

    BEC attacks usually begin with a cyber criminal successfully phishing an executive to gain access to their inbox, or emailing employees from a lookalike domain that is one or two letters off to trick them into thinking they received an email from an executive at their company (a tactic often referred to as “spoofing” an email).

  • Lost devices are a leading cause of data breaches

    by : Octree

    For the financial sector lost or stolen mobile devices were the leading cause of data breaches over the last decade.

    An interesting article from SC Magazine that once again highlights the potential data loss through unsecured mobile devices, and particularly within financial services.

    Phishing scams and ransomware attacks may grab the headlines, but for the financial sector lost or stolen mobile devices were the leading cause of data breaches over the last decade.

    A Bitglass report found 25.3 percent of data breaches that have occurred since 2006 were due to malicious actors getting their hands on a corporate mobile device. This is well above the 19.2 percent of breaches that were caused by hacking, the 14.1 percent due to unintended disclosures and the 13.1 percent of incidents caused by company insiders.

    The report does not disclose how many devices are lost, nor how many of those might end up in the hands of a malicious actor, but the fact that many employees have access to key corporate information means any loss can be catastrophic.

Octree Cyber Essentials
Cyber security – don’t know where to start?
Talk to Octree, specialists in helping SMEs achieve Cyber Essentials status.

Is your business at risk of ransomware and cybercrime? Find out now - take our 5 minute health-check

Recent Posts

Blog Categories

Blog Archive