February 2022 Newsletter
Posted By: Mark Thursday 3rd March 2022 Tags: business support, computer backups, Cyber Safe, Cyber Security, IT services, Newsletter, phishing, technologyThis month we review the world of ransomware attacks, talk two-factor authentication & multi-factor authentication, listen to government warnings to boost cyber security, warn about subscription traps, celebrate a booming cyber security economy… and we’re going back to Tees Expo.
Ransomware Attacks Hitting Record Levels
Ransomware attacks — the encryption of data that prevents access to it followed by a demand for payment to decrypt the data — “surpassed the worst expectations of 2021”, with $5 billion paid out by companies in the first half of the year alone. Both Public and private sectors are under growing attack.
A string of high-profile cyber attacks has made ransomware an impossible issue to ignore and it has become such a significant worldwide problem that politicians discuss these attacks at high-profile international summits.
Global Figures For Ransomware Attacks
SonicWall’s annual cyber-threat report noted that, globally, there were 623.3 million ransomware attacks last year. That more than doubled 2020 levels and more than tripled 2019’s figure.
Malware, in general, actually saw a 4% drop in 2021 (although still recording 5.4 billion hits), but, there was an increase towards latter part of the year, indicating a likely upward trend for 2022. That slight drop in malware was driven by a 9% decrease across North America. In Europe it actually rose by 35% while Asia also saw a rise of 27%.
Ransomware Attacks Hit All Sectors
The report shows an eye-watering 1,885% increase in ransomware attacks on the government sector. Increases in ransomware volume of 755% were noted in healthcare, 152% in education, and 21% in retail. All sectors, however, are seeing an increase in cyber attacks.
While action has been taken to take down significant ransomware groups, such as REvil, the report warns that this has been “largely ineffective” in stemming the tide of ransomware as a whole, as “due to the lucrative nature of ransomware, as soon as one group is taken down, new ones rise to fill the void”.
Should you pay if hit by a ransomware attack?
From the NCSC website:
Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you do pay the ransom:
- there is no guarantee that you will get access to your data or computer
- your computer will still be infected
- you will be paying criminal groups
- you’re more likely to be targeted in the future
A global survey by cyber security group, Venafi, found that:
- 18% of victims who paid the ransom still had their data exposed on the dark web.
- 8% refused to pay the ransom, and the attackers tried to extort their customers.
- 35% of victims paid the ransom but were still unable to retrieve their data.
As for the ransomware actor extortion tactics, these are summarized as follows:
- 83% of all successful ransomware attacks featured double and triple extortion.
- 38% of ransomware attacks threatened to use stolen data to extort customers.
- 35% of ransomware attacks threatened to expose stolen data on the dark web.
- 32% of attacks threatened to directly inform the victim’s customers of the data breach incident.
Mitigating the Effects of a Ransomware Attack
Back up your data – make regular copies of all important files and keep those backups offline.
Limit System Access – cut down entry points to your network and reduce the opportunities for a successful attack. If practical, use a whitelist of websites and apps for trusted resources.
Filter Your Email – screen for, block and remove threats at the most common entry point for ransomware attacks.
Monitor Network traffic – look out for anomalies and scan regularly to identify malware.
Keep software patched and up to date – vulnerabilities will be found and not updating offers opportunity for unauthorised access by cyber criminals.
Expect that your company will be subject to a ransomware attack or other malware infection at some point and have a tested recovery plan in operation. Attackers will also threaten to publish data if payment is not made. To counter this, businesses should take measures to minimise the impact of data exfiltration.
LaneSystems provides a range of cyber security services required to keep your data safe and your business operating. Contact us for a review of your company’s IT security and get all your Cyber Essentials in order.
LaneSystems Returning To Tees Expo
We are delighted to, once again, be attending the Teesside Expo on March 24th.
Claire, Hayley and Michel will be there at The Grand Marquee, Wynyard Hall, between 10am-3pm, to greet you and answer any questions you may have about the world of IT Security, Cyber Essentials and keeping your business protected.
Pop along and say hello!
The Trouble With Two-Factor Authentication
Back in January, Crypto.com lost more than $30 million in cash, Bitcoin and Ethereum after a cyber-attack that bypassed their two-factor authentication (2FA).
Unauthorised transactions plundered more than 400 accounts, without requiring the approval of 2FA authentication for any of the users. It’s likely that hackers bypassed their 2FA services after compromising a privileged account that they later used to change the 2FA policy of other users.
Crypto.com immediately canned their 2FA and moved to a more robust multi-factor authentication system (MFA), while adding further layers of security to transactions.
2FA vs MFA
Two-Factor Authentication (2FA) is a type of authentication that requires exactly two factors of authentication.
Multi-Factor Authentication (MFA) is a type of authentication that requires two or more factors of authentication.
An ‘authentication’ is a piece of evidence that a user has to present to prove they are who they claim to be. There are four general factors to be considered:
- Knowledge Factor – some information that represents what you know, e.g. a password
- Possession Factor – something that represents what you have, e.g. a phone, a security token
- Inherence Factor – some biometric data that represents who you are, e.g. your fingerprint or eye retinal pattern
- Location factors – some information that represents your whereabouts, e.g. geolocation data and IP address
The main problem with 2FA is that the most common used method is to combine your user ID/password combo with an SMS text message to your phone. It’s also the poorest way to deploy 2FA. Cyber criminals can often hijack this authentication through phishing trickery or tricking the mobile phone company into SIM swapping, but can often be as simple as intercepting a text on a provider’s network because they’re considered so insecure.
2FA is still better than single-factor authentication of just username and password. And, there are stronger versions of 2FA such as Time Based One-Time Passwords, a Universal 2nd Factor device (U2F), such as the Google Titan Key, or even a 2FA authenticator app. Just ditch the SMS.
Moving To Multi-Factor Authentication
Although many interchange the terms 2FA and MFA, the differences of MFA, are more than semantic. It means that there are multiple authentication factoring options on the table, rather than just specifically two. So even if only two of those factors are required to authenticate and gain access, a criminal doesn’t necessarily know which two are being used. If they’ve cloned your phone in the hope of intercepting a verification code, it’s of no use if you also, or instead, use a keycode device or fingerprint scanning.
MFA means that you do have the means to implement extra levels of security checks for access to higher priority data in your business. You can require three or more security checks rather than just the two. It’s a trade-off between complexity and usability. Extra levels of authentication add further hurdles for the user to navigate.
But, the Payment Card Industry Data Security Standard (PCI DSS) replaced all references to two-factor authentication with multi-factor authentication, which shows the direction things are heading.
No authentication is 100% foolproof, as any method is only strong while there’s no third-party breach in the chain, but there are options that are far more secure than others.
Talk to us today about implementing a secure business working environment for your business.
Companies Get Cyber Security Boost Warning
Businesses in countries who are placing sanctions on Russia, which includes the UK, have been warned to upgrade cyber defences because of the threat of retaliation. This warning follows on from a joint advisory by NCSC, and partners from the USA, and Australia observing a general increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations.
Companies are urged to prepare for attempts to disrupt systems and are should be reviewing their ability to detect, mitigate and respond effectively to online threats.
With industrial and infrastructure organisations already the main target of cyber-criminal activity, engineering, transport & logistics, and manufacturing businesses are likely to see an even greater threat escalation. And, as a country with a considerable service industry economy, those sectors are also subject to Advanced Persistent Threats (APTs).
Recent cyber attacks on government and business entities in Ukraine have shown the potential avenue of attacks.
Companies need to mitigate the potential disruption of access to websites and online services, but need to be especially careful with the integrity of all data held, whether that’s a data breach that steals data or access that encrypts or destroys it.
LaneSystems offers robust cyber security services for protecting, backing up and restoring data in a secure and timely manner. Get in touch today to check that your IT defences are up to the job with the best in Cyber Essentials.
Online Subscription Scam Warning
A BBC investigation has found that online subscription scams, or traps, are costing victims tens of millions of pounds a year. These scams are increasingly using fake celebrity endorsements to sell the fraud, and it’s estimated that 300,000 people are being tricked each year. The average loss is around £250, so costing roughly £75 million each year.
What is a Subscription Trap
Subscription trap fraud takes place when someone signs up online to a free or low-cost trials of a product, to then find they’ve been tricked into Continuous Payment Authorities (CPAs), fleecing them with costly recurring payments.
Commonly found in the areas of health and beauty — slimming pills, health foods, pharmaceuticals and anti-aging products — there’s an increasing presence around products such as mobile phones, clothing and shoes, music and video streaming services, and even insurance services.
Many victims respond to some form of online or social media advert, often on Facebook. The BBC reported that 800 were found on the social media platform during the investigation.
How Subscription Traps Work
Continuous Payment Authorities are a legitimate financial service allowing businesses to take repeated payments for an ongoing service provided to a customer. The scam of setting up a CPA is carried out by initially requesting payment card details as proof of identity and age. Those details are then used to set up a CPA and withdraw multiple and/or monthly payments from the victim’s account. The detail of signing up to this CPA agreement in the form of a distance contract is buried within lengthy terms & conditions which are easily missed by people eager to get the offer being advertised.
Subscription Trap Advice
Citizens Advice has found that subscription traps are a significant problem for UK consumers. This has mainly been driven by the growth of online shopping.
The growth of online subscription based products has lead to an increase in the numbers of CPAs that UK consumers are signed up to. CPAs can be a problem because:
- People are generally unaware of CPAs, including their right to cancel them
- People unwittingly consent once to a whole series of payments
- CPAs offer less protection to consumers than direct debits
- Companies can, in theory, take as much money as they want, when they want without prior notification to the consumer
- Banks and card issuers don’t always know the rules around CPAs and sometimes aren’t helpful in redressing the situation
Avoiding subscription traps
Get Safe Online has a number of recommendations to avoid subscription traps.
- Read the small print (terms & conditions) carefully before entering into any agreement or making a purchase, however long this may take.
- Make sure the terms & conditions box has not been pre-ticked.
- If you make a purchase of this kind that gives you a limited timescale to cancel the agreement, make sure you do so before the due date if you want to cancel it.
- Never provide bank details to companies without doing some prior research beforehand.
- Keep a copy of any advertisement (print it or take a screenshot) that you reply to, and to keep a note of the webpage.
- Remember that you will have more chance of cancelling agreements or obtaining a refund if the company is UK-based. Even those with UK addresses are often just fulfilment companies who are contracted to send out the goods. The companies themselves often have no physical presence in the UK.
- Check your bank/payment card statements regularly for unexpected payments.
Report any subscription scam companies to Trading Standards or Action Fraud, and report any bank complaints to the Financial Ombudsman.
Stay safe online!
Record Levels of Investment for UK’s Cyber Security Sector
The UK government’s Department for Digital, Culture, Media and Sport (DCMS) is claiming a record-breaking year for Britain’s tech sector, with data showing £10.1 billion revenue generated by 1800 cyber security firms. This equates to a 14% increase on last year’s revenue of £8.9 billion.
The Annual Cyber Sector Report said that sector contributed around £5.3 billion to the UK economy in 2021, up a third on the £4 billion from the previous year, which is the largest increase since the report began in 2018. UK-registered firms attracted a reported £1 billion of external investment across 84 deals.
The latest DCMS figures also showed more than 6000 new cyber security jobs had been created, a 13% rise on the previous year, bringing the total number of people working in the sector to 52,700. The UK, though, is still said to have a cyber skills shortage.
Digital Secretary Nadine Dorries said: “Cybersecurity firms are major contributors to the UK’s incredible tech success story.”
“Hundreds of British firms from Edinburgh to Bristol are developing and selling cutting-edge cyber tools around the world that make it safer for people to live and work online.”
“We are investing in skills training and business initiatives to help the UK go from strength to strength as a global cyber power and open up the sector to people from all walks of life.”
Over the last decade, the UK has established itself as a leader in areas including network security, threat monitoring and professional services which has contributed to the sector’s double digit growth last year.