lolloj - Fotolia
Without a doubt, the most significant cyber crime related stories in 2017 were about the first global cyber attacks from WannaCry and NotPetya, which for many individuals and organisations, made the cyber threat real. The potential effect of cyber attacks was graphically illustrated by the impact of WannaCry on the NHS and NotPetya on Danish shipping giant Maersk.
Although security researchers have argued WannaCry and NotPetya are not true examples of ransomware, arguing they were primarily disruptive in nature, true ransomware rapidly gained in popularity with cyber criminals during 2017.
Ransomware as a service has enabled cyber criminals to tap into this lucrative way of raising money easily without requiring any technical expertise. Cyber criminals also continued to tap into opportunities afforded by new technologies, targeting e-commerce, online banking and internet of things (IoT) technologies.
In the face of these growing threats, European and UK law enforcement authorities are stepping up their focus on engaging with industry around cyber crime, and London is pioneering a programme of engaging with small businesses to raise their awareness and capabilities around cyber crime.
Two months after the WannaCry attack, the UK’s National Crime Agency said it represented a “signal moment” in terms of awareness of cyber attacks and their real-world impact, and put cyber crime into the consciousness of most people.
Even though the NHS was not specifically targeted, the effects of WannaCry on hospitals, surgeries and pharmacies showed how a cyber attack can have real-world consequences, and the NCA has joined cyber security industry representatives in expressing the hope that as a result, organisations will be more willing to report cyber-related and cyber-enabled crime to law enforcement.
Although there was a lot of commentary from the cyber security industry following the WannaCry attack, one of the most interesting observations was that the malware was not typical of most types of ransomware hitting organisations before May 2017.
Although WannaCry’s inability to automatically decrypt once the ransom had been paid initially appeared to be a mistake, researchers at McAfee believe it pointed to the malware’s true purpose, which was disruption. McAfee researchers and others believe that WannaCry is example of pseudo-ransomware, which means organisations need to prepare for more disruptive and destructive attacks in future.
While law enforcement hoped WannCry would encourage more organisations to report cyber attacks, cyber security commentators expressed that hope that more organisations would take the cyber threat more seriously because of its global nature and obvious impact on business operations.
The hope was that WannaCry was a sufficiently significant attack to force even the most recalcitrant organisations to sit up, take notice and take cyber security seriously at every level of the organisation, but a survey by AlienVault published in December 2017 indicates that little has changed.
The survey of over 200 cyber security professionals globally showed that just 16% of IT security professionals believe their bosses and company boards have taken a greater interest in their roles as a result of WannaCry, just 14% have had their budgets for cyber security increased, and only a fifth (20%) have been able to implement changes or projects that were previously put on hold.
NotPetya, like WannaCry, is not strictly speaking ransomware, and appears to have had a more disruptive goal. Nevertheless, it topped the 2017 ransomware rankings as the “nastiest” piece of malware to hit organisations, further underlining its dominance of the threat landscape for the past year.
Unsurprisingly, it was followed closely by WannaCry and then Locky – a more traditional type of ransomware – based on data collected from the Webroot BrightCloud threat intelligence platform about all devices running Windows operating systems that were infected with ransomware in 2017.
The researchers said NotPetya was ranked highest because it was engineered to do damage to a country’s infrastructure, also further underlining this trend, which many researchers believe will continue in 2018 and beyond.
Just as the disruption to the NHS caused by WannaCry brought home the physical impact that cyber attacks can have, the cost of the disruption caused by NotPetya to shipping giant A.P. Moller-Maersk brought home the potentially devastating financial aspect of such attacks.
Of all the big name companies hit by NotPetya, Maersk is believed to be one of the hardest hit, with a number of IT systems, including email systems, forced to shut down across multiple sites and selected businesses.
The most disruption was caused by the need to shut down the APM Terminals and Damco freight forwarding and supply chain management systems, which resulted in significant business interruption, including congestion at some of the 76 ports. Businesses are encouraged to harden their cyber defences, like Maersk, in light of NotPetya and increase their ability to isolate hacker incidents and rebuild systems faster.
While WannaCry and NotPetya signalled the emergence of destructive and disruptive attacks, security researchers found that, in general, cyber attacks on businesses in 2017 grew in frequency, sophistication and malice.
A report on the new age of organised cyber crime by Malwarebytes claims that the new generation of cyber criminals increasingly resembles traditional mafia organisations, requiring a new approach to dealing with it.
In addition to ransomware, a report on the state of cyber crime identified business email compromise, and banking and mobile malware as the top threats representing a “significant risk” to individuals and organisations.
Business email compromise (BEC) and business email spoofing, also known as CEO fraud and whaling, accounted for $5bn in losses globally, between October 2013 and December 2016, according to a September 2017 report by Secureworks.
As a result, European law enforcement is to focus on collaborating with industry around cyber crime as organised crime groups increasingly exploit new technologies and the increasing digital connectivity between organisations and between internet-enabled devices, collectively known as the internet of things, which is a growing security concern among governments and law enforcement organisations.
Just as cooperation with industry is a goal by European law enforcement, UK cyber cops are also keen to increase the level of reporting of cyber crime, as well as information sharing about cyber attacks.
Although UK law enforcement has an established and effective coordination plan in place that is resulting in arrests, the UK’s National Crime Agency (NCA), National Police Chiefs’ Council (NPCC) and National Cyber Security Centre (NCSC) all say under-reporting of cyber crime is a huge problem and business has a key role to play.
In an attempt to help small business address the threat of cyber crime, London is calling on the cyber security community to help keep the city’s more than one million small businesses safe from cyber crime, and its leaders hope other cities across the UK will follow suit.
According to the Mayor’s Office for Policing and Crime (Mopac), cyber crime is a huge area of crime, and one that policing alone cannot solve, which is why the city has set up the London Digital Security Centre to help small businesses take effective, but low-cost security measures. However, the initiative needs help and guidance from the cyber security community and big business to improve its reach, capabilities, services and processes, according to John Unsworth, the centre’s chief executive.