The UK’s National Cyber Security Centre is part of GCHQ and has published its advice on 10 Steps to Cyber Security which is well worth studying - even for non-IT people - as it details an expert risk management approach. Threats are constantly evolving in sophistication and becoming more difficult to successfully defend against.
We have listed just four of the more likely candidates to cause security breaches in the closing months of 2018.
Cryptojacking
This is where a device is hijacked to mine cryptocurrency unknown to the owner. Because the rewards to the criminal are extremely lucrative if a sufficiently large volume of devices can be set to work, attacks are growing in sophistication. The malware is loaded onto an unprotected system from a website visit or through the tried and trusted email attachment or bad app approach. And it’s not just computers that are at risk - smartphones have been found to be infected also. A good anti-virus system is the most important defence, followed by staff training on avoiding activities that carry risk of infection.
Advanced Social Engineering Tactics - AI Hacking And Phishing
The human element has long been the favourite attack point of criminals. Humans are more gullible than automated systems and the key to successful phishing is to make it appear to be a normal request for confidential information. A popular example is for the criminal to impersonate a support technician when asking for a password, for example. AI means that computers can now emulate human responses in a highly convincing manner.
Ransomware And Denial Of Service Attacks
What these have in common is preventing users from accessing their data or services. DDOS attackers may not always demand a ransom but can simply intend to hurt the operations of the victim for a protracted period of time. They can be politically motivated, or an act of revenge, and not just for commercial competitive gain. Many hosting providers now offer defensive mechanisms to alleviate attacks although a truly determined attacker can swamp even those. Ransomware, although of high nuisance value, can be countered by a robust backup policy to offline storage, such as external hard drives, together with a good recovery plan.
Supply Chain Compromise
An increasing trend is finding malware already embedded in devices and software by the time they reach point of sale. Windows and Android devices are the most popular target but, in theory, any infrastructure device or IoT device could equally be compromised. Reputable manufacturers themselves are not under suspicion but rather the suppliers of hardware components and application software that are embedded or bundled with the end product. This is especially significant to service providers, whose systems and services could then be used as access points to sensitive data owned by their customers. It can be difficult or impossible to detect some of these infestations by conventional means until they deliver their payload, by which time it is too late.
Find Out More
It is worth studying the 2017-2018 trends and threats as assessed by the National Cyber Security Centre. You can find it here on their website. Awareness of new threats, as well as old ones like password protection, is half the battle in countering cyber criminals.
Avoid self-inflicted damage and data leaks when disposing of outdated IT equipment. Ensure all data is guaranteed to be sanitised by engaging a professional disposal firm such as Absolute IT Asset Disposals Ltd, who can guarantee 100% compliance with all regulations.
