The Malwarebytes annual State of Malware report has revealed that the UK
is now the most targeted region in the world for cyber threats.

Big Rises

The UK has been elevated to the unenviable position at the top of the targets table after a huge 165% increase in UK bound ransomware was recorded, and after a 134% rise in hijacking attempts against British machines. This means that as well as being most at risk, the UK’s ransomware attack rate is now double that of the US.

Why Is The UK Being Targeted?

One reason is that ransomware use worldwide saw a 90+% increase against businesses in 2017 up until the end of year, when ransomware’s use began to decrease as criminals turned more to the use of banking Trojans and cryptocurrency mining. In 2017, the UK was famously hit by the massive WannaCry ransomware attack, which is believed to have originated in North Korea, claimed victims in 150 countries, and led to around 130,000 infections of computers. Older computer systems, such as those in the NHS, were particularly badly affected.

Spyware Increase

The Malwarebytes data also showed a big increase in the use of spyware last year – an increase of 882%.

Move To Trojans

The report data also shows that cyber-criminals are turning to different attack methods as awareness is raised about ransomware and more measures are taken to combat it. For example, Trojans are now being used in more than 20% of global attacks, and the use of banking Trojans doubled in the second half of 2017.

Earlier this month, security researchers discovered a new type of malware (called Android.banker.A2f8a) targeting 232 banking apps on Android devices, stealing login details, hijacking SMSs, as well as uploading contact lists and SMSs on a malicious server. Banking Trojans of this kind can spy on the credentials entered by the user, and intercept incoming and outgoing SMS.

Move To Crypotocurrency Mining

It appears that cyber-criminals are also moving into cryptocurrency mining, using cryptomining tools to exploit malware infected machines in order to generate and steal digital currencies. Criminals were attracted by the rapid growth in the value of cyptocurrencies such as Bitcoin and Malwarebytes is reported to have blocked an average of 8 million drive-by mining attempts each day in September.

A recent report by Ernst & Young has also highlighted the fact that 10% of all funds raised through Initial Coin Offerings (ICOs) are stolen by hackers using techniques such as Phishing.

What Does This Mean For Your Business?

In 2018, some security experts and commentators are predicting a further rise in the use of drive-by mining tools, new mining platforms and new forms of malware to steal virtual currencies. It seems that 2018’s criminals are more likely to be interested in simply stealing than rather than trying to hold businesses to ransom.

The IoT may continue to be a target, and businesses should be careful to guard against supply chain attacks, malware possibly targeting Mac computers, and more weaponised zero-day vulnerabilities. Giving 3rd parties in your company supply chain / value chain access to systems and sensitive data, combined with increased levels of sophistication in hacking tools and strategies, plus increased oversight from regulators, and potentially ‘weak link’ companies in terms of cyber-security now make the risk of supply chain attack very real for companies in 2018.

Businesses need to increase cyber-security awareness and training, and employ a holistic risk-based authentication infrastructure across multiple vectors in order to stay one step ahead of the developing cyber threat.

The use of enhanced technologies, and the assistance of  greater regulation for cryptocurrencies may also help to reduce some of the risks shown in the Malwarebytes report.

Cyber-security Company, Pan Test Partners, have warned that schools with building management systems that are linked to the Internet could face the risk of hackers turning the school heating system off – or worse.

The Problem

The problem is that many electricians and engineers may be lacking in knowledge about cyber security and/or may have linked a school’s HVAC system to Internet controls against the manufacturer’s guidelines. Also, many smart school heating systems may have vulnerabilities in them that hackers may find easy to exploit.

Tested

The researchers at Pan Test Partners tested for potential hacking risks by looking for building management system controllers made by Trend Control Systems via IoT search tool Shodan. This online tool (see https://www.shodan.io) provides a public API and enables anyone to discover which devices are connected to the Internet. Where they are located and who is using them.

In a test, it was revealed that it took less than 10 seconds to find more than 1,000 examples of a 2003 model of a school heating system known to be vulnerable when connected to the Internet. The visibility of a known vulnerable system via a public website is a clear example that the risk of school heating systems being controlled remotely by hackers is real.

Not Just Schools

The same/similar heating systems may also be used in buildings used by retailers, government offices, businesses and even military bases, thereby highlighting a much wider potential risk.

Incentive

Security commentators have pointed out that there would be very little incentive for hackers to access school systems. Because many hacks are carried out for financial gain.

The risks could, however, increase in future as more devices and systems become part of the IoT.

What Does This Mean For Your Business?

It is possible that some businesses may be in buildings where the heating systems are exposed to a hacking risk. Risks could be reduced if companies used skilled IT workers who are aware of the potential risks and if systems are checked properly after installation.

To make heating systems really secure they should also be configured behind a firewall or virtual private network, and they should have the latest firmware and other security updates.

It is also important to note that some responsibility rests with the manufacturers of heating and other smart building systems. They need to design security features into them because even if a device is not directly connected to the internet, there may be an indirect way to access it.

This story also highlights the wider challenge of tackling security for IoT devices and products. There have been many occasions in recent years when concerns about the security/privacy vulnerabilities in IoT/smart products have been publicly expressed and reported. The truth is that the extent of the current vulnerabilities are unknown because the devices are so widely distributed globally, and many organisations tend not to include them in risk assessments for devices, code, data, and infrastructure. Home users have no real way of ascertaining the risks that smart devices pose, probably until it’s too late.

It has also been noted that not only is it difficult for businesses, including manufacturers of smart products, to ascertain whether all their hardware, software, and service partners are maintaining effective IoT security. But there is also still no universal, certifiable standard for IoT security.

What do you need to do

For businesses, it’s a case of conducting an audit and risk assessment for known IoT devices that are used in the business. One basic security measure is to make sure that any default username and passwords in these devices are changed as soon as possible. For home users of smart products (who don’t run checks and audits), it appears that others need to step in on their behalf and force the manufacturers to take security risks seriously.