Octree Observer

  • Ransomware – the threat inside

    by : Octree

    When it comes to ransomware, it only takes one person to let the marauders run free

    That's the assessment of cybersecurity company Malwarebytes, which has found as many as one third of small-to-medium-sized businesses were hit by ransomware last year, and that "the human factor" is increasingly behind large-scale outages.

    The findings come as part of Malwarebytes' Second Annual State of Ransomware Report, which showed that, of the 32 percent of companies hit by at least one malware attack last year, one fifth had to completely stop operations immediately. Do not pass go, do not collect $200 (unless you're coughing it up in Bitcoin).

    The figures paint a grim picture of digital security in the modern era, at a time when malware attacks routinely make news headlines, and ransomware (malicious software that infects systems and demands a ransom to regain access to encrypted files) has the power to bring everything from home computers to the world's biggest companies into the digital dark ages.

  • Firms that didn’t patch and enabled local admin rights continue to suffer post cyber-attack

    by : Octree

    Just because a malware outbreak has begun to fade away from the newspaper headlines, doesn’t mean your troubles are over. Many firms can continue to suffer long afterwards.

    Here’s a salutary reminder for all businesses, my thanks to Graham Cluley.

    Just because a malware outbreak has begun to fade away from the newspaper headlines, doesn’t mean your troubles are over. Many firms can continue to suffer long afterwards.

    In late June, a malware attack crippled businesses and critical infrastructure in Ukraine at astonishing speed. Initially suspected of being a similar ransomware attack to the WannaCry outbreak seen the month before, the malware (variously named as Petya, NotPetya or GoldenEye by security vendors) appears to have been launched through a malicious automatic update to a popular Ukrainian accounting software tool called MeDoc.

    We tell companies all the time to keep their software updated with the latest available patches, and yet here was an update which actually delivered a devastating malware attack. The irony isn’t lost on anybody.

    Once in place on an infected PC, the malware would spread to other networked computers, using a variety of lateral movement techniques.

    And it didn’t take long for GoldenEye to spread beyond Ukraine’s borders, hitting the of offices of multinational companies in the United States, UK, Russia, France, Germany and elsewhere.
  • Ransomware-as-a-Service is Booming: Here's What You Need to Know

    by : Octree

    Taking a page from the software-as-a-service playbook, ransomware-as-a-service (RaaS) is giving even novice cyber-criminals the ability to launch sophisticated — and profitable — attacks.

    My thanks to the colleagues at Barkly for this somewhat disturbing article, which I thought I would share with you all.

    Ransomware is certainly nothing new in the cybersecurity business, with the first instances cropping up in Russia more than a decade ago. But, the rise of the RaaS distribution model is giving would-be criminals an extremely easy way to launch a cyber-extortion business with virtually no technical expertise required, flooding the market with new ransomware strains in the process.

    In fact, the growth in RaaS platforms on the Dark Web is likely one of the primary drivers behind the huge spike in ransomware attacks over the last year. Network security provider SonicWall reports a staggering total of 638 million attacks over the course of 2016, more than 167x the number of attacks they registered in 2015.

    Other reports indicate nearly half of businesses fell victim to some cyber-ransom campaign last year. At the same time, the number of new ransomware families surged 752 percent, costing businesses $1 billion worldwide.

    What makes RaaS such a threat? It’s the simple, franchise-like deployment model. Instead of writing their own malicious code, aspiring cyber-criminals can now log in to their RaaS portal of choice, configure their deployment, and instantly distribute the malware to unwitting victims. Some RaaS providers even advertise their products in hacking forums, offering customizations and other enticements to drive subscriptions.

    To help you get a better handle on the RaaS threat, let’s dive into some specific FAQs.
  • Alert: New Wave of Ransomware is Bypassing Security

    by : Octree

    Your traditional anti-virus solution is defenseless to this attack!!!

    My thanks to Jonathan Crowe from Barkly for this article. Illuminating and very, very worrying. You really need to act now.

    Key details:
    • Type of attack: Ransomware hidden in NSIS installer files
    • Attack vector: Email
    • Damage: As of yet unknown, but researchers have spotted a major uptick in infections beginning in December

    A new slew of ransomware campaigns are infecting companies thanks to an improved method of avoiding detection — hiding malicious code deep within NSIS installers.

    According to researchers at Microsoft, adoption of the technique appears to be widespread, with Cerber, Locky, and other popular ransomware families all getting in on the act in
    "a collective move by attackers to once again dodge AV detection."

    Beginning last December, the volume of these attacks has experienced a significant uptick, putting more and more companies at risk.

  • What are Your Chances of Suffering a Ransomware Attack — Really?

    by : Octree

    Ransomware has quickly become a top security concern, but does the risk actually merit the hype?

    A big thanks to Jonathan Crowe of Barkly for once again highlighting the growing phenomenon of ransomware. I have witnessed it first hand – it is dangerous and widespread.

    Earlier this month, a post appeared on the Spiceworks IT Community titled, "Have we just been lucky?"

    The question was referring to the fact that, despite all the headlines and widespread attention ransomware has been getting, the poster had yet to experience an infection first-hand. Curious as to whether that might be attributed to the protection they had in place or sheer dumb luck, the poster turned to the Spiceworks community to get more perspectives.

    Were others experiencing ransomware attacks? Was not having experienced an attack really that unique? Was it only a matter of time before their luck ran out?

    Responses to the question varied (they're really worth reading in full). Some IT pros acknowledged they hadn't been hit yet, either, while others reported their organizations had been hit multiple times. The general consensus, however, was that (as with all things security) the best approach was to prepare as if it weren't a matter of IF an attack would happen, but WHEN.

    Especially as long as attacks target the one vulnerability that's never fully under your control — your users.

    Looking beyond the initial "better safe than sorry" lesson, however, I thought this post also tiptoed close to asking another very interesting and valid question:

    How can you determine your risk for ransomware? What are the odds of you suffering an attack?

    1 December 2016 0 Comments Cybercrime
  • Financial, Legal and Public Sector most likely cybercrime targets, but not exclusively!

    by : Octree

    Research shows the most likely victims of attack however do not be fooled into thinking you’re immune.

    As a cyber-security specialist I was recently asked to speak at the UK200Group Annual Conference in Southampton, the UK’s leading association of independent chartered accountants and law firms, representing more than 150,000 UK SMEs.

    I am acutely aware that the financial, legal and public sectors currently attract the most cyber-criminal attention, and for very good reason. However, it would be foolish to believe that those operating in any other vertical are any less susceptible to data breaches. On the contrary, without adopting a pragmatic approach to cyber security it really is a case of when you are compromised, not if.

    The most significant threats today include:

    ransomware - malware that encrypts and threatens to destroy, permanently remove access to, or publicly post data unless a victim makes payment, often increasing as time elapses.

    Phishing and Whaling (AKA CEO Fraud) - A malicious attempt to acquire sensitive information by masquerading as a trustworthy source via email, text, pop-up message, or to coerce an employee into making a money transfer.

    Exploitation of software vulnerabilities - Flaws, glitches, or weaknesses discovered in software.

    And, of course. the insider threat, whether malicious or accidental, which according to research may account for more than 50% of all reported data breaches.
    30 November 2016 0 Comments Cybercrime
  • In June, the FBI released stats that showed “business email compromise” (BEC) scams cost businesses $3.1 billion dollars.

    by : Octree

    Also known as CEO Fraud, Whaling, Spear Phishing this threat targets every size business, primarily because of its ease of perpetration.

    Even more troubling, the FBI warned that BEC scams, also known as “CEO fraud” or “Man-in-the-Email” scams, would likely “continue to grow, evolve, and target businesses of all sizes.” The Bureau also mentioned that they’ve seen a 1,300% increase in business email compromise attacks since January 2015.

    What Are Business Email Compromise Attacks?

    A BEC is a form of phishing attack where a cyber criminal impersonates an executive (often the CEO), and attempts to get an employee, customer, or vendor to transfer funds or sensitive information to the phisher.

    Unlike traditional phishing attacks, which target a large number of individuals across a company, BEC attacks are highly focused. Cyber criminals will scrape compromised email inboxes, study recent company news, and research employees on social media sites in order to make these email attacks look as convincing as possible. This high level of targeting helps these email scams to slip through spam filters and evade email whitelisting campaigns. It can also make it much, much harder for employees to recognize the email is not legitimate.

    What Does a BEC Attack Look Like?

    BEC attacks usually begin with a cyber criminal successfully phishing an executive to gain access to their inbox, or emailing employees from a lookalike domain that is one or two letters off to trick them into thinking they received an email from an executive at their company (a tactic often referred to as “spoofing” an email).

  • Five social engineering scams employees still fall for

    by : Octree

    Is your security awareness training letting you down? It certainly seems so. That’s if you are actually delivering any!!!

    My thanks to Stacy Collett at CSO for this remarkable insight into human behaviour. So.....

    You’ve trained them (I doubt it!).

    You’ve deployed simulated phishing tests (Oh no you haven’t!!).

    You’ve reminded your employees countless times with posters and games and emails about avoiding phishing scams (Really? When?).

    Still, they keep falling for the same ploys they’ve been warned about for years. It’s enough to drive security teams to madness.

    According to Verizon’s 2016 Data Breach Investigation Report, 30 percent of phishing messages were opened by their intended target, and about 12 percent of recipients went on to click the malicious attachment or link that enabled the attack to succeed. A year earlier, only 23 percent of users opened the email, which suggests that employees are getting worse at identifying phishing emails -- or the bad guys are finding more creative ways to outsmart users.

  • 2016 – the Year of Ransomware

    by : Octree

    It’s a matter of when, not if, you are breached, and it could be terminal for your data

    It seemed like just another ordinary day for staff at vehicle hire company MNH Platinum. Little did they know that the simple click of an email link was about to threaten their entire business.

    It was early last year when the Blackburn-based firm was the victim of a virus which encrypted over 12,000 files on its company network. A ransom demand followed – the criminals would decrypt the company’s files in exchange for more than £3,000.

    With the virus proving impossible to remove without the loss of crucial company data, the firm had no choice but to pay up.

    “We were completely unprepared for a cyber breach simply due to a lack of awareness of the magnitude an attack of this type could have through mistakenly clicking a link in an email,” says managing director Mark Hindle. “I am thankful that we had a lucky escape, in that I was able to retrieve the documents that are crucial to the running of the business, albeit at a price.”

    Hackers are ahead in the cyberwar – businesses need to wake up
  • The rise and rise of ransomware

    by : Octree

    The relative low cost of ransomware as a business means that criminals can jump in and out of the business. This article looks at why it continues to work

    My thanks to Davey Winder of SC Magazine for this. Frightening stuff.

    Newly published research suggests that the growth in ransomware infrastructure is, frankly, incredible. With old threats being neutralised, and the public becoming increasingly aware of how to mitigate against these attacks, we wonder just how big a threat ransomware really is?

    The latest Infoblox DNS Threat Index for Q1 2016 reports a 3,500 percent increase in ransomware domain creation quarter on quarter from 2015. The relative cost of infrastructure is so low that it completely makes sense from the criminal's point of view, to scale up those activities that prove to have a return on their investment.

    Ransomware has certainly jumped on that commoditisation of cyber-crime wave, and is riding it for all it's worth. And let's not forget that the Infoblox DNS numbers are not the end of all of it. "Ransomware can work perfectly well without needing freshly registered domains," warns Paul Ducklin, senior technologist at Sophos, "if it uses Tor, or a collection of hacked servers on legitimate domains."

    Another factor in the ongoing rise and rise of ransomware is that since "the criminals have typically provided the unlocking keys, mainly due to automation in their tools, people are paying the ransoms".

  • 75% of UK consumers won't do biz with a company that has been hacked

    by : Octree

    Three quarters of UK consumers would stop doing business or cancel memberships with an organisation if it was hacked.

    New research from Centrify discovered that 73 percent of consumers in the UK admit that it has become normal or expected for businesses to be hacked, yet only half feel they are taking enough responsibility for their customer's information security. The survey evaluated responses from 2,400 people across the UK, Germany and the US.

    About two thirds of respondents in each studied country rated organisations as a nine or 10 on a 10-point scale when it comes to how responsible they should be for preventing hacks and securing the personal information of their customers.

    Those that are more than likely to take their business elsewhere following a data breach include individuals who have had their personal information compromised previously in a hack, tech savvy people and those who shop regularly online.
  • Ransomware and phishing attacks are up, once again.

    by : Octree

    Verizon's new data breach investigation report shows a perhaps depressing continuation of previous problems, once again, phishing and ransomware attacks are up.

    The report brings together data from 2260 breaches and 100,000 incidents in 82 countries, collecting information from 67 partners.

    "Phishing has continued to trend upward” notes the report, “and is found in the most opportunistic attacks as well as the sophisticated nation state tomfoolery.”

    Phishing and ransomware are two of the most threatening and common intrusion techniques.

    Phishing often comes in the form of an email, compelling the recipient to open an embedded link or attachment. Once that link is opened by the unsuspecting victim, a trap is sprung and malware is downloaded onto the system. It's simple, but incredibly effective.

  • 3 million Brits have switched providers after data breach

    by : Octree

    Talk Talk loses the personal details of only 110,000 customers yet pays a heavier price in lost business and reputation!

    This news article should act as a salient reminder to each and every one of us in business that cybercrime is not just about lost data. The periphery costs can be even more acute. And, contrary to popular opinion, it is not just large businesses that suffer – we are all susceptible, and particularly those among us who chose to ignore the threat.

    TalkTalk might well have lost "only" 110,000 customers as a result of last year's high profile data breach but a whopping 3 million Brits say they have ditched a company after having their personal data compromised.

    According to new research by security firm Privitar, perceptions about how well companies safeguard customer data is becoming a significant factor when consumers choose to do business with them.

    Some 83% of respondents said they would look to switch to another service if they felt it could manage their data better.

    17 February 2016 0 Comments Cybercrime
  • UK shoppers lose workday picking up aftermath of cyber-crime

    by : Octree

    More than 12 million Brits (20 percent) have been victimised by cyber-criminals this past year

    UK consumers lost more than one full working day (nine hours) when dealing with the aftermath of online crime, costing roughly £134 each person or £1.6 billion across the country.

    "The fact that over a fifth of consumers have had their personal details stolen should come as no surprise – criminals seek money, consumers have it, and personal details are the online route to it. The criminals are entrepreneurial, well-resourced and technically able, so it is unrealistic to hope to prevent breaches," said Paul McEvatt, senior cyber-threat intelligence manager, UK & Ireland at Fujitsu.

    The Norton Cyber-Security Insights Report surveyed more than 1,000 UK consumers to shed light on the global impact of consumer cyber-crime. Brits are more likely to point fingers at foreign governments with 45 percent blaming them as the main guilty party of online crime. Two of every five Brits choose not to take time to change their account passwords after a security compromise. Over 10 percent of victims in the past year stated that their identity was stolen and one in seven had their financial information stolen after shopping online.

  • Are you serious about cyber-security? Security Serious Week opens

    by : Octree

    It's Security Serious Week, a campaign designed to bring industry experts together to make others more serious about cyber-security.

    My thanks to Max Metzger of SC Magazine for this news article.

    To mark the opening of Security Serious Week, the cream of UK cyber-security marshalled at London's St Katharine's Docks, to discuss the campaign as the opening salvo of an industry-wide effort to raise security awareness.

    Yvonne Eskenzi, one of the founders of the campaign, explained the drive behind it: “Security Serious is all about those that can't, learning from those that can – it's simple really. I plan to bring together our leading experts to convey their words of wisdom to those people and organisations who want to become more security savvy.”

  • Police nab 9 for allegedly spoofing bank employees in £60 million scam

    by : Octree

    UK police have arrested nine people over allegedly spoofing phone calls from victims' banks to drain them of a total of £60 million.According to a release from the Metropolitan Police, the gang fooled their marks into handing over confidential information by posing as bank employees on the phone.

    My thanks to Lisa Vas of Sophos for this article.

    UK police have arrested nine people over allegedly spoofing phone calls from victims' banks to drain them of a total of £60 million.

    According to a release from the Metropolitan Police, the gang fooled their marks into handing over confidential information by posing as bank employees on the phone.

    The UK gang was arrested on Wednesday after a series of coordinated raids on 14 addresses in Ilford, Watford, Slough and Scotland.

    Police had been investigating
  • What should business owners do on Monday morning?

    by : Octree

    Over the weekend there has been much publicised and printed regarding the recent breach at TalkTalk but we’ll leave it to the ongoing investigation by the appropriate authorities to report on the facts in due course.



    It has however raised calls by leading business organisations for urgent action to be taken to tackle cyber-crime with the Institute of Directors (IOD) claiming only “serious breaches” of crime make the headlines but attacks on British businesses “happen consistently”.

    Little over 12 months ago the UK Government launched a cyber hygiene standard for businesses called Cyber Essentials, by implementing Five Key Controls it is claimed that around 80% of cyber-attacks could be prevented if businesses implemented controls covering.....
  • Huge spam campaign drops Trojan on UK bank customers

    by : Octree

    A huge spam campaign has been installing the Dyreza banking Trojan on tens of thousands of UK computers, specifically targeting those with accounts at major banks.

    According to Bitdefender, an email phishing campaign has seen up to 30,000 malicious emails being sent in a single day and to customers of NatWest, Barclays, RBS, HSBC, Lloyds Bank and Santander. These malicious emails carry links to HTML files, which in turn direct users to URLs pointing to highly-obfuscated JavaScript code, which downloads the Trojan.

    The target is then directed to the webpage of a fax service provider as soon as the download is complete.

    This is part of a widespread campaign which has also affected major international banks such as the Bank of America, Wells Fargo, JP Morgan Chase in the US and Deutsche Bank and Axa Bank Europe in Germany. Banks in Romania and Australia have also been targeted.

    And apparently the malware - which is also called 'Dyre' - is very similar to the infamous Zeus Trojan. It installs itself on the user's computer and becomes active only when the user enters credentials on a specific site, usually the login page of a banking institution or financial service. Through a man-in-the-browser attack, hackers inject malicious JavaScript code, which allows them to steal credentials and further manipulate accounts – all in a completely covert way.

    18 February 2015 0 Comments Cybercrime
  • Retailers are "overconfident" about their security, majority have fundamental gaps

    by : Octree

    Worrying signs for Xmas shopping!

    Just in from Lisa Vaas at Sophos Labs, right in time for the holiday shopping daze: many UK retailers' heads are comfortably buried in the sand when it comes to their cyber security and data protection capabilities, thinking that in spite of not having basic protection and no contingency plans for data breaches, something - maybe magic? - will somehow protect them from malicious cyber-attack.

    In fact, the vast majority - 72% - of 250 UK retail IT decision makers surveyed for the 2014 Retail Security Barometer report, which was conducted by Opinium for Sophos, have failed to implement fundamental security required to safeguard both business and customer data.

    It's not that retailers aren't aware of the increasing risks, and it's not as though retailers don't know how a breach could affect both consumers and their own brand.

    One of many recent examples, this one from across the pond, is US retailer Home Depot, which at the end of last month was facing 44 civil lawsuits across the US and Canada following a huge data breach in September that left 56 million credit cards and 53 million email addresses exposed.

  • UK businesses suffer £10.5 billion in losses due to inadequate IT security

    by : Octree

    The vast majority of UK businesses remain behind the global curve for data protection

    A recent data protection study conducted by EMC revealed the impact of data loss and downtime on businesses across the globe, amounting to over £1 trillion in financial losses annually, £10.5 billion of that in the UK alone.

    Examining organisations across 24 countries — their adoption of various data protection strategies and abilities to fully employ them — the report demonstrates that companies are still unable to successfully meet the challenges presented with emerging data storage, mobile and cloud technologies. In the UK some 200 IT decision makers, in businesses of more than 250 employees, across both private and public sector organisations were interviewed.

    According to EMC, businesses are still quite hesitant to disrupt their “complex” workloads by strategically creating data protection plans. In the UK the vast majority of businesses remain behind the global curve for data protection and maturity, with only two percent cited as “leaders” in the field, and eleven percent as “adopters.” This is especially surprising considering that more than three quarters of UK enterprises are “not confident” of full recovery after a disruption, and already this year 60 percent have suffered downtime and 23 percent suffered data loss in the UK.
  • UK businesses suffer £10.5 billion in losses due to inadequate IT security

    by : Octree

    The vast majority of UK businesses remain behind the global curve for data protection

    A recent data protection study conducted by EMC revealed the impact of data loss and downtime on businesses across the globe, amounting to over £1 trillion in financial losses annually, £10.5 billion of that in the UK alone.

    Examining organisations across 24 countries — their adoption of various data protection strategies and abilities to fully employ them — the report demonstrates that companies are still unable to successfully meet the challenges presented with emerging data storage, mobile and cloud technologies. In the UK some 200 IT decision makers, in businesses of more than 250 employees, across both private and public sector organisations were interviewed.

    According to EMC, businesses are still quite hesitant to disrupt their “complex” workloads by strategically creating data protection plans. In the UK the vast majority of businesses remain behind the global curve for data protection and maturity, with only two percent cited as “leaders” in the field, and eleven percent as “adopters.” This is especially surprising considering that more than three quarters of UK enterprises are “not confident” of full recovery after a disruption, and already this year 60 percent have suffered downtime and 23 percent suffered data loss in the UK.
Octree Cyber Essentials
Cyber security – don’t know where to start?
Talk to Octree, specialists in helping SMEs achieve Cyber Essentials status.
GDPR Survey

Recent Posts

Blog Categories

Blog Archive