As we enter the second month of the year we have already seen overwhelming evidence that cyber criminals are not slowing down the rate of their attacks. 2021 has already seen some high-profile breaches, with two in the last few days highlighting the issues all companies are facing.
2020 saw a huge number of breaches with IT Governance recording 1,120 breaches and cyber-attacks being reported in mainstream media, accounting for a remarkable 20,120,074,574 leaked records. These are remarkable stats but perhaps unsurprising as criminals tried to take advantage of the confusion and changes that the pandemic brought with it.
2021 is already seeing high profile breaches impacting companies across multiple sectors. The last few days have seen two prime examples.
The outsourcing giant Serco was hit by a huge ransomware attack where criminals, using the Babuk ransomware, encrypted more than 1TB of data . It was another example of criminals targeting firms that have been playing an important role in the pandemic, with Serco running the Test and Trace scheme for the NHS.
Whilst it seems the Test and Trace data was not impacted, the fact that 1TB of data, has been encrypted from a company with such huge resources on its side is worrying. The criminals seem to have used the Babuk ransomware in the attack, which has been growing in use of the past few weeks. As such, there is little information available. The coding of the malware has been reported to be unsophisticated, but the way the data is encrypted means that it is impossible for victims to decrypt files themselves.
It is also unclear how the criminals gained access, but from the attacks of 2020, some form of social engineering attack is likely to have been the cause. Also in line with much of the trends we saw in 2020, the criminals spent a long time in the network without being traced. For three weeks, they identified the key data that could be stolen and encrypted.
The other high-profile attack over the last few days was the hack on Mensa which resulted in the theft of members’ personal data.
Forbes has reported that the attacks originated from the use of the credentials of one of the organisation’s directors. The former technology officer at Mensa stood down this week saying that the organisation had failed to secure the data of its 18,000 members properly with claims that passwords had been sent out to members in plain text.
The information held by Mensa includes the IQ scores of members and failed applicants; instant messaging conversations on it’s website; bank details from the online shop; as well as passwords, email details and home addresses.
It is unclear what data the criminals got hold of but it is another worrying attack on an organisation that holds some pretty sensitive data.
The key to defence for companies is proactivity. Criminals are constantly looking for new and easy routes into key infrastructure and as a result are designing new and increasingly sophisticated approaches. This leaves companies that follow traditional methods of defence open to attack.
In the past, companies have built defensive walls in order to keep criminals out. As soon as new threats appear the walls are built higher. However, with criminals always one or two steps ahead and with many employees now sitting outside of the defensive walls, this can no longer be an effective strategy.
Instead, being proactive in defence is crucial. Gaining a 360-degree view of cyber risks including third party suppliers, can give firms a much better view of where vulnerabilities lie in their own defences, giving them the opportunity to close ‘open doors into their networks.
The main route for criminals to gain access to the data and infrastructure is through phishing attacks. Targeting employees, particularly in sectors that are crucial during the pandemic (as we have seen in the Serco example), seems to have been the main approach over the past year.
Those employees outside of the office now have to make decisions as to whether incoming emails and messages look suspicious. Not only that but they also have to know how to deal with them, on their own and often in an environment where they are easily distracted. This has meant many have been clicking on malicious links, which have allowed criminals access.
However, many are turning to Artificial Intelligence (AI), Ransomware Preventions Systems and Advanced Anti Phishing Software Solutions to help employees make such decisions. Such solutions combine proprietary, next-generation machine-learning and advanced analytical techniques to defend against a constantly evolving threat landscape. Using deep linguistic analysis of both content and metadata, such anti-phishing, solutions can check all incoming emails for indicators of compromise. They can also classify each email and insert user-friendly warning banners where appropriate to highlight possible malicious messages. URL-rewriting also prevents direct access to suspect website.
It is clear that phishing attacks, ransomware and hacks into networks will continue throughout 2021. Whilst criminals are making huge efforts to up their game in order to secure access to data, companies have to ensure they are equally proactive in defence. Ensuring staff are fully aware of what a phishing attack looks like, or ensuring that all vulnerabilities and bad security practices are identified and dealt with can make a huge difference as to whether a company is hacked or not.
The results of being hacked can be damaging on many levels, financial, reputation and regulatory. So let’s make 2021 be the year companies fight back.