Beruflich Dokumente
Kultur Dokumente
This was confirmed by Eset data which showed that ransomware made up a quarter of
UK cyber attacks, and was continuing to rise, while in August Trend Micro reported
that the occurrence of ransomware families nearly doubled in the first half of
2016 compared with the whole of 2015 and PhishMe research concluded
that ransomware is a mature business model for cyber criminals.
The impact of ransomware was underlined by a study, also published in August, that
found that one in five businesses hit by ransomware are forced to close, but despite
this harsh reality, another study found that almost two-thirds of US office workers
were unaware of ransomware threat, emphasising the need for cyber security
awareness training.
CW+
Features
Enjoy the benefits of CW+ membership, learn more and join.
E-Zine
CW Benelux: Young wayward hackers could help fill Dutch IT skills gap
Although DDoS mitigation technologies are fairly mature, security consultants report
that after ransomware attacks, DDoS attacks were the most common reason for
callouts from affected businesses in 2016. DDoS attacks are not new, but attackers
have been exploring new techniques for delivering more powerful attacks over longer
periods. DDoS attacks have also been driven by the release of the Mirai code for
establishing IoT botnetsand the availability of DDoS services for as little as $5 an
hour.
Cyber security commentators said the Tesco Bank theft shows need to take cyber
security more seriously. Interestingly, within weeks of the attack, academics from
Newcastle University said payment card vulnerability could be linked the heist, and
called for standardisation of online transaction checking.
In line with this strategy, the NCA published a report in July that showed business has
critical role in fighting cyber crime, which was largely welcomed by the security
industry.
Other evidence that the tide may be turning is the number of arrests made of cyber
criminals in 2016, including the hackers arrested in the Three mobile upgrade scam,
the charging of more people with cyber crime offences, including the third member of
an international ATM hacking gangby London police, and the jailing of cyber
criminals including the Apple iCloud and Gmail hacker.
Same goes for businesses, with the important difference that in business life you have
less of a choice. To remain competitive, you have to set up your workspace in the digital
realm, to improve workflows and to work more efficiently. This makes you more
vulnerable if you are not cautious.
This article gives an overview of some of the worst and most media effective cases of
cybercrime that happened in 2016. As a side effect, we introduce categories relevant in
cybercrime. Our infographic at the end of the text shows you what happened so far in
2017 – WannaCry, Wheeping Angel and Cloudbleed might sound familiar to you. Read
on to find out all about it and to get some crucial security tips.
Even though SWIFT has not actually been compromised, it is still bad news according
to the Tech-Site Wired, because “the hackers undermine[d] a system that until now had
been viewed as stalwart.”
Most of those attacks were no straight forward brute force attacks, but were executed
indirectly. In Pichai’s case, tweets were sent via an old Quora account that apparently
had been linked to Twitter. It seems like in Dorsey’s case, tweets were sent via Vine.
Ransomware in Hospitals
Ransomware has been around for some time, but in 2016 attacks grew stronger and
more frequent. The most prominent examples of 2016 ransomware attacks were those
targeting hospitals, for example the Union Memorial Hospital in Maryland. The
ransomware encrypts the data on hospital computers, and only in exchange with 45
bitcoins the attackers decrypt the data again. This is critical for hospitals that deal with
very sensitive patient data.
In another case, the IT of the Hollywood Presbyterian Medical Center in LA, has been
shut down for a whole week because of ransomware. More attacks targeted the
Methodist Hospital in Henderson, Kentucky, as well as a hospital in Neuss, Germany. In
the case of the German hospital there was not a lot of damage done, because the data
has only been stored in encrypted mode and backups have been made regularly.
However, the IT of the entire hospital has been shut down for several days, forcing staff
to work as in the pre-digital era.
Have a look at our infographic and see what happened so far in 2017. You will find
some tips for secure behavior online as well.
The year saw a growing recognition that personal data is high-value data, that
no business or organisation is immune from attack, and that cyber crime is
professional and organised.
There has also been a significant number of arrests by police forces in the UK
and around the world.
2015 has also seen the emergence of several cyber criminal gangs, such as
the DD4BC gang that is using DDoS, or the threat of DDoS as a way of
extorting money from internet-dependent businesses.
CW+
Features
Enjoy the benefits of CW+ membership, learn more and join.
E-Zine
CW Benelux: Young wayward hackers could help fill Dutch IT skills gap
This represents an increase of 233% to 273% from a year ago, while the cost of
breaches for small businesses is between £75,000 and £311,000, up by between 115%
and 270% from 2014.
Police have arrested five people in connection with the incident who have all been
released on bail until 2016.
On 19 August 2015, the group carried out its threat to publish user records if ALM did
not take down Ashley Madison and dating site Established Men, first publishing
9.7GB and then 13GB of data.
In the VTech breach, the personal details of five million parents and more than six
million children were exposed, Athem breach exposed up to 80 million records,
while 11 million records were exposed at Premera.
The hotel group confirmed credit card data was stolen from an “isolated number” of
payment card systems at hotels in Europe and the US, after the company’s network
was hacked.
The Hilton hotel group was hit by a similar attack, as was Starwood Hotels – which
owns Sheraton and Westin, the Trump Hotel Collection, Hard Rock’s Las Vegas
Hotel & Casino, the Las Vegas Sands casino, and FireKeepers Casino and Hotel.
In March the company revealed that DDoS losses can cost as much as £100k an hour,
while Imperva warned in June that DDoS attacks were starting to resemble APTs.
The gang, calling itself DD4BC (DDoS for Bitcoin), has been rapidly increasing the
frequency and scope of its DDoS extortion attempts, shifting from targeting Bitcoin
exchanges to online casinos and betting shops and, most recently, prominent financial
institutions in the US, Europe, Asia, Australia and New Zealand.
In February 2015, Kaspersky Lab said a cyber espionage group was targeting
thousands of high-profile organisations and individuals in the Middle East and around
the globe. In April, FireEye accused the Chinese government of running a decade-
long cyber espionage campaign aimed at stealing sensitive information belonging to
organisations in south-east Asia and India, and in July, Symantec uncovered a
corporate espionage group, dubbed Morpho, that has compromised a string of major
corporations in recent years.
In August 2015, US authorities arrested nine suspected insider traders who relied on
hackers to steal commercially sensitive corporate information from newswire services,
and according to the Systemic Risk Barometer Study, most financial institutions cite
cyber threats as a top five risk.
After a number of high-profile malware threats to the UK, the National Crime
Agency (NCA) is leading the initiative to help network administrators who manage
key parts of the UK internet infrastructure.
UK law enforcement has taken part in several international operations to tackle cyber
crime.
In the first quarter of 2015, McAfee Labs saw a 165% increase from the previous
quarter in new ransomware, driven largely by the hard-to-detect CTB-
Locker ransomware family, a new ransomware family called Teslacryptand the
emergence of new versions of CryptoWall, TorrentLocker and BandarChor.
“While companies will never be able to make cyber crime go away, there is a lot they
can do to reduce the risk to the business,” said Seth Berman, executive managing
director at Stroz Friedberg.
Without a doubt, the most significant cyber crime related stories in 2017 were
about the first global cyber attacks from WannaCry and NotPetya, which for
many individuals and organisations, made the cyber threat real. The potential
effect of cyber attacks was graphically illustrated by the impact of WannaCry
on the NHS and NotPetya on Danish shipping giant Maersk.
It is not just western countries such as the US and the UK that are being targeted by hackers, as
the rapidly developed and wealthy nations of the Middle East become targets of both politically
and financially driven attacks. Discover how cyber security expertise can help businesses in the
Middle East navigate digital transformations and keep cyber criminals at bay.
Corporate E-mail Address:
Dow nload Now
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content,
You also agree that your personal information may be transferred and processed in the United States, and that you have read and
Although security researchers have argued WannaCry and NotPetya are not
true examples of ransomware, arguing they were primarily disruptive in
nature, true ransomware rapidly gained in popularity with cyber criminals
during 2017.
Ransomware as a service has enabled cyber criminals to tap into this
lucrative way of raising money easily without requiring any technical expertise.
Cyber criminals also continued to tap into opportunities afforded by new
technologies, targeting e-commerce, online banking and internet of things
(IoT) technologies.
Even though the NHS was not specifically targeted, the effects of WannaCry on
hospitals, surgeries and pharmacies showed how a cyber attack can have real-world
consequences, and the NCA has joined cyber security industry representatives in
expressing the hope that as a result, organisations will be more willing to report cyber-
related and cyber-enabled crime to law enforcement.
CW Benelux: Young wayward hackers could help fill Dutch IT skills gap
Although WannaCry’s inability to automatically decrypt once the ransom had been
paid initially appeared to be a mistake, researchers at McAfee believe it pointed to the
malware’s true purpose, which was disruption. McAfee researchers and others believe
that WannaCry is example of pseudo-ransomware, which means organisations need to
prepare for more disruptive and destructive attacks in future.
The hope was that WannaCry was a sufficiently significant attack to force even the
most recalcitrant organisations to sit up, take notice and take cyber security seriously
at every level of the organisation, but a survey by AlienVault published in December
2017 indicates that little has changed.
The survey of over 200 cyber security professionals globally showed that just 16% of
IT security professionals believe their bosses and company boards have taken a
greater interest in their roles as a result of WannaCry, just 14% have had their budgets
for cyber security increased, and only a fifth (20%) have been able to implement
changes or projects that were previously put on hold.
The researchers said NotPetya was ranked highest because it was engineered to
do damage to a country’s infrastructure, also further underlining this trend, which
many researchers believe will continue in 2018 and beyond.
Of all the big name companies hit by NotPetya, Maersk is believed to be one of the
hardest hit, with a number of IT systems, including email systems, forced to shut
down across multiple sites and selected businesses.
The most disruption was caused by the need to shut down the APM Terminals and
Damco freight forwarding and supply chain management systems, which resulted in
significant business interruption, including congestion at some of the 76 ports.
Businesses are encouraged to harden their cyber defences, like Maersk, in light of
NotPetya and increase their ability to isolate hacker incidents and rebuild systems
faster.
A report on the new age of organised cyber crime by Malwarebytes claims that the
new generation of cyber criminals increasingly resembles traditional mafia
organisations, requiring a new approach to dealing with it.
Business email compromise (BEC) and business email spoofing, also known as CEO
fraud and whaling, accounted for $5bn in losses globally, between October 2013 and
December 2016, according to a September 2017 report by Secureworks.
8. Organised crime exploiting new technology
Cyber crime was highlighted as a key issue by the the Serious and organised crime
threat assessment (Socta) for 2017 by the European Police Commission (Europol).
According to the Mayor’s Office for Policing and Crime (Mopac), cyber crime is a
huge area of crime, and one that policing alone cannot solve, which is why the city
has set up the London Digital Security Centre to help small businesses take effective,
but low-cost security measures. However, the initiative needs help and guidance from
the cyber security community and big business to improve its reach, capabilities,
services and processes, according to John Unsworth, the centre’s chief executive.