Category Archives: Ransomware

Ransomware on the rise: why we can’t afford to let our guard down

Leave a reply

by Bharat Mistry

The cybercrime underground is continually evolving. That’s what makes it so compelling for news editors: there’s always something new to write about. However, the volatility of the threat landscape also makes it difficult to issue accurate long-term predictions about where things are headed. Just take ransomware: we saw a significant decline in detections and new families last year. But in the first half of 2019, several well publicised attacks on major organisations have raised the profile of the threat yet again.

Continue reading

Security Round-up: Five Things We’ve Learned in 2017

Leave a reply

by Bharat Mistry

The past 12 months have been packed with geopolitical incident, global malware threats and ubiquitous big-name data breaches. From the CIA Vault7 and NSA Shadow Brokers leaks at the start of the year, to the WannaCry and NotPetya ‘ransomware’ campaigns, and Uber’s shock revelations just last month, there’s been plenty for UK CISOs to ruminate on. But now the year is nearly at an end, it might be useful to recap some of the biggest themes of 2017 — with an eye on fortifying systems for the 12 months to come. Continue reading

The Biggest Cyber Attacks of 2018 Will Come from Known Vulnerabilities

Leave a reply

by Bharat Mistry

It’s that time of year again. As we bid farewell to 2017 and look forward to the next 12 months, it’s only right that we share our predictions for 2018 to help IT security bosses prepare for the inevitable cyber-assault on their systems. Our report, Paradigm Shifts: Security Predictions for 2018, features a range of trends to watch out for during the coming year, including: a continued growth in cyber-propaganda; BEC losses to exceed $9m; new IoT threats; and an uptick in digital extortion campaigns.

But to pull back a little and look at the bigger picture, one trend in particular will dominate: known vulnerabilities are set to cause havoc in 2018 as the primary cause of most of the year’s biggest attacks. The good news is that mitigating this risk should not require a major additional investment of time and resources — but it needs to start now.

The problem with vulnerabilities
Anyone with an eye on the past 12 months will understand why known software flaws could be so disruptive in 2018. After all, they caused the biggest security events of the past year. Exhibit A is undoubtedly WannaCry: the infamous ransomware-worm attack which spread around the world in just hours, infecting hundreds of thousands of computers. In this case those behind it used alleged NSA exploit information leaked by the Shadow Brokers group, which it is claimed is backed by the Russian state.

It’s proof if any were needed that even nation states can’t keep research on offensive cyber-tools a secret. Eventually they will find their way onto the cybercrime underground, putting innocent consumers and organisations around the world in danger. In the case of WannaCry it was the NSA’s EternalBlue Windows SMB exploit that was used to make the threat so prolific. It had been patched months earlier by Microsoft, but still managed to spread to a huge range of unprotected endpoints, highlighting organisations’ continued negligence when it comes to security best practices.

There are many potential repercussions. We can expect nation state groups like Pawn Storm to continue their exploitation of known vulnerabilities — as well as more sophisticated zero days — to infiltrate targets. Data theft is usually the outcome in these instances, while among financially motivated cybercrime gangs we can expect software flaws to be exploited in ransomware attacks as well as info-stealing raids.

Who knows what vulnerabilities may be exposed and used over the coming 12 months. All we know is that once flaws become public knowledge, the clock starts ticking: from then it’s just a matter of “when” not “if” it will hit users. The signs aren’t looking good: Trend Micro’s Zero Day Initiative uncovered 382 new vulnerabilities in the first half of 2017 alone, according to our Midyear Security Roundup.

Taking action
The bottom line is that if you have known and unpatched vulnerabilities in your IT environment, they will be targeted — it’s just a matter of time. Yet many IT leaders managing legacy systems either can’t patch — because none are available — or are reluctant to apply fixes in case they break mission critical installations. But there are solutions:

  • Consider reducing the attack surface by minimising the number of unpatched flaws in your environment. Virtual patching is a great way of keeping even legacy and “end-of-life” systems secure
  • Revisit patch management policies and invest in automated tools to ease the burden
  • Be prepared for a worst-case scenario. Ensure you have a comprehensive and thoroughly tested incident response plan in place. This should ideally include key stakeholders from all over the organisation (HR, Legal, IT etc). The quicker you get on top of an incident, the better your chances of minimising the financial and reputational fall-out.

Read our full list of predictions for 2018 in the report. Have any predictions of your own for 2018? Share them with us on Twitter @TrendMicroUK.

 

Three Weeks and Counting to CLOUDSEC 2017 … and the Threats Keep Coming

Leave a reply

by Bharat Mistry

Any IT security professional expecting a quiet summer this year will have been bitterly disappointed. From the global destruction wreaked by NotPetya in June to revelations of a dangerously widespread flaw in the IoT ecosystem the following month, there’s been plenty keep the white hat community busy. Most recently, WikiLeaks has publicised yet another CIA attack tool, this time one designed to capture video from connected cameras. The sheer volume of threats discovered on an almost weekly basis can be mind-boggling. Continue reading