What do Travelex foreign exchange shops, the University of California at San Francisco, and Redcar and Cleveland Borough Council in England have in common? They’ve all been the victim of multi-million dollar ransomware attacks…and that’s just this year. There is only one word separating organisations who have suffered a ransomware attack and those who haven’t, and that word is “yet”. Ransomware is a particularly malign and sinister threat to your network security, but it isn’t the only one.
In this article, we will look at the most common cybersecurity threats faced by organisations and private individuals in 2020, where they come from, how they might affect your systems and what to be on the lookout for. In our next article, we’ll tell you what you can do about them.
Where in the world do threats come from?
Cybercriminals are everywhere, and they are sophisticated. While stories of teenagers playing on home computers in their bedrooms might make good cinema, the reality is very different. Cybercrime is organised and pervasive. Furthermore, much of it is state-sponsored. It may sound like something out of a James Bond film, but there are a number of nation-states well known for their illicit cyber activities. Traditional espionage is the main purpose of most of these targeted intrusions, but North Korea has been linked to financial services and cryptocurrency incidents, possibly for currency generation or industrial espionage.
Much eCrime is perpetrated by large, established criminal organisations, located all over the globe. For example, Wizard Spider is a Russia-based criminal enterprise responsible for banking malware and the ransomware Ryuk, with multiple offshoots. This is no teenager in a bedroom. One can only speculate as to what the proceeds of this criminal activity are funding.
Who’s affected?
In a word, everyone. Cyber threats are a global problem. From South Africa to Switzerland, no country is immune. British IT security company Sophos conducted a survey of 5,000 IT managers in January and February this year. They interviewed respondents in 26 countries across all six continents on their experience of ransomware. While the sample does not reflect the entire universe of countries and excludes low-income countries, it is representative of high and middle-income countries. From Australia to UAE, Mexico to Malaysia, no nation was exempt from cyberattacks.
South Africa would appear to get off lightly, relatively speaking. It’s not often we are glad to be at the bottom of a table, but when it comes to the percentage of organisations hit by ransomware in the last year, we have the lowest ranking, fewer than 25% of South African organisations reported having been targeted. However, we shouldn’t be too proud of this apparent achievement. The key phrase is reported having been targeted. What looks like a lower prevalence of eCrime could be the failure of companies to report attacks to the authorities. Unfortunately, our actual rate may be higher. At the top of the table, 82% of organisations in India were hit, and 52% of US organisations. India’s high figure is most likely due to poor “cyber hygiene”.
We use the word “organisation” and not “company” because not all victims are commercial entities. When a public sector agency is hit, it tends to make the news, because essential services are impacted, such as hospitals or local authorities. Corporations try to minimise publicity by acting swiftly to contain the attack and communicating with stakeholders directly. They may make waves on social media but are less likely to hit the headlines. Public sector attacks may receive more attention than their numbers merit, but they are not uncommon.
Ransomware
All cybercrime is villainous, but there is something particularly iniquitous about ransomware. Your data is literally held hostage. Ransomware is malicious software that encrypts your files. The criminals hold the decryption key you need to make your files readable again, which is released to you on payment of the ransom. The settlement is usually via cryptocurrency, which is hard to trace. For most businesses, this is paralysing. Offsite back-ups provide some protection. In fact, in the Sophos survey, 94% of organisations whose data was encrypted got it back, and 56% did so via back-ups, compared to the 26% who paid the ransom. But restoring and cleaning systems still takes precious time…a time when customer interaction is affected, trading may be paused, and key resources are diverted to crisis management.
Whether or not you pay the ransom, a ransomware attack will cost you money. Paying the ransom will not spare you the cost of data recovery and system restore, even if you get the data back from the criminals. The study indicates that paying the ransom effectively doubles the cost of recovering from the attack.
Other key threats
Ransomware, menacing as it is, represented just over a quarter of reported eCrime threats in 2019. What other threats made up the remaining three quarters? Let’s look at the most common hazards.
Malware
Malware is actually a catch-all term for any software written with the intention of damaging devices, stealing data, causing havoc. Malware is simply a contraction of “malicious software”. It includes viruses, trojans, spyware and others. Ransomware is a form of malware. Malware usually has a commercial purpose for its creators. They either make money directly or sell the malware on the dark web. It may also be put to more pernicious uses.
DDOS
Distributed denial of service (DDOS) attacks affect websites. If you are an online retailer or your website is particularly critical to your business model, you need to be extra vigilant against a DDOS attack. DDOS works by overwhelming the site with more traffic than the server or network can handle. This renders the website or service non-functional. While it may seem like the ploy of an underhanded competitor, the motive is usually more sinister. DDOS attacks are sometimes carried out to divert the attention of the target organisation. While the organisation is distracted by the attack, the cybercriminal is busy installing malware or stealing data. DDOS has also been used by “hacktivists” – as the name suggests, people who use cyber techniques to advance an activist agenda.
Phishing
We’re all aware of phishing, but it’s worth reiterating that it is still a key threat. We may think we are wise to the tactics and pride ourselves on our caution, but the perpetrators are always one step ahead, and techniques are increasingly sophisticated. $17,700 is lost every minute as a result of phishing attacks. There are many variations of phishing, too many to detail here. But phishing is basically a form of social engineering. Human beings are social animals, and generally trusting, especially of friends. Strategies such as domain spoofing and phone number spoofing fool us into thinking a message is trustworthy because it has come from a friend, and we are “hooked”.
Internet of Things (IoT)
If phishing has been around seemingly forever, the IoT is still in its infancy. Smart music systems, thermometers, security systems, etc. enhance our quality of life. In a country with a high crime rate, it is reassuring to check the output of your home security cameras on your cell phone when you are away on holiday. But this convenience comes at a price. Connectivity brings security risks, particularly because we don’t think of our connected devices in the same way we view our laptops. IoT technologies are a gaping hole in cybersecurity.
Form-jacking
Have you ever ordered something online, paid for it, and then been informed by the retailer that payment has not been received? If so, you’ve been a victim of a type of fraud called form-jacking. For the customer, this is inconvenient and irritating, but they will probably be reimbursed by their bank or credit card company. However, for the retailer, this is a serious breach of consumer trust as well as a financial loss. In form-jacking, a cybercriminal takes over forms on websites that have weak security. Lines of malicious JavaScript code on the checkout page can steal customers’ financial and payment information such as credit card numbers.
Think only small, and unsophisticated local retailers are vulnerable? Think again. British Airways was hit by a malware called Magecart that resulted in 380,000 credit cards being stolen, amounting to an estimated loss of $17 million.
Man in the Middle (MITM)
This type of cyber attack is exactly what it sounds like. Someone intercepts your communications and hijacks your data, while you think you are having a legitimate conversation with another party. A MITM attack can happen in several ways. It can be done through physical proximity, while you are using a public, unsecured WiFi network. (Hint: don’t do that!) It can also happen via your browser, for example by stealing cookies or hijacking your SSL (secure sockets layer), and sometimes involves phishing, for example in email hijacking. Banks and financial institutions are frequent targets of this type of MITM attack, as you will know if you’ve ever received an email from your bank that turned out to be fraudulent.
Not updating/patching systems
Outdated hardware and software systems and poor patch management are frequent sources of vulnerability, and arguably the easiest to rectify. It is undoubtedly a constant battle to keep ahead of cybercriminals, and software manufacturers do their best to issue patches timeously for any gaps in security as they arise. While it may not guarantee protection against every eventuality, it’s vital to keep patches up to date. And if your entire operating system is past its sell-by date, you have left yourself wide open to attack.
People
Lastly, old-fashioned human nature cannot be discounted. Humans are fallible, and disgruntled humans are dangerous. Data breaches can occur due to ignorance, carelessness, or malevolence. Malicious attacks can come from former employees (or even employees of suppliers). Poor password management, falling prey to phishing attacks, and outright theft of data are all risks posed by the people you employ and/or do business with. Fortunately, like patch management, it is a threat within your control (mostly).
How do you manage these (and other) threats?
This article has laid out some of the key threats faced by South African organisations. It is not an exhaustive list. Cybersecurity may seem like a losing battle in the face of so many risks. Fortunately, there are ways to protect your network and your business. In our next article, we’ll look at some of the solutions to these threats.
If you want to know more about the threats described or have any questions about your cybersecurity arrangements, we’ll be happy to have a discussion about your requirements [options/circumstances]. Call us today for a confidential consultation.