THE FIRST OF OUR 3-PART SERIES, BASKERVILLE DRUMMOND REPORTS ABOUT THE TYPES OF ACTIVITY IN REGARDS TO CYBER SECURITY.
CYBER SECURITY – INTRODUCTION
Cyber Crime accounts for nearly 50% of all reported crimes and cost UK Businesses an estimated £30bn in 2017. With 43% of businesses reporting a cyber attack or breech last year the movement of criminal activity from the physical to the cyber world shows no sign of abating.
Against this threat firms have a duty of care to :-
- Protect privileged client information
- Ensure the business can operate
- Protect brand value
- Protect staff welfare
In order to do this most firms have embarked on a program to increase their cyber security (the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access).
With the tightening of technology-based security the attackers are moving from “old school” hacking where they seek to gain access to solutions via direct connection to your network to social engineering hacking. This is where they seek to trick people into providing the access and by-pass the security solutions by using intelligent “scams” based on data harvested from various sources.
This change of approach has put staff members at the forefront of cybercrime activity. In a recent survey 91% of IT Professionals highlighted “users” as a major vulnerability with 62% believing this to be the largest threat. This is borne out by the fact that 72% of data breeches are directly attributable to staff receiving fraudulent emails and 67% of targeted attacks are aimed at junior members of staff.
It has to be accepted that human behaviour is the biggest risk to a firm’s security but it should also be recognised that staff members are now under a constant attack from organised cyber criminals and therefore need education and protection from social engineering hacking.
TYPES OF ACTIVITY
There are four types of activities which cyber criminals are seeking to undertake :-
In these attacks, criminals are either looking to find specific information for a specific reason or are collecting information which will be useful for future attacks.
For example, emails and passwords collected from one cyber attack can be used later for “intercept” fraud or used to gain access to other services. Data is often shared on the dark web and used several years after it was first gathered.
In other cases, attackers are looking to find out data for personal interest (such as Gary McKinnon who hacked the US military claiming he was looking for proof of UFO cover-up) or for business reasons.
There have been several cases of Law Firms discovering “unexplained” devices inserted into PCs which have been found to have been collecting information from the network.
In these attacks, criminals are seeking to extract money from their target. There are two common frauds which most law firms see on a regular basis :-
- The “conveyancing intercept” is an example of a fraud where the criminals seek to divert funds during a conveyancing transaction. Often for this fraud the criminal has been silently monitoring emails for years to until they pick-up key words relating to a property transaction.
- The false “Invoice” scam where false instructions are sent to the finance team from a senior person.
There is also a growing theme of “Money by menaces” style fraud :-
- Firms are hit by an “encryption locker” (aka “ransom ware” and have to pay the perpetrator to regain access to the data. There have been several high-profile cases of firms paying the “ransom”.
- Members of staff receive targeted personal threats. Often this relates to information gathered elsewhere or threats of release of embarrassing pictures or information. They are coerced into assisting with the targeted crime.
- Disrupt Operations
Often hackers want to gain notoriety or cause disruption to businesses by bringing systems down. Sometimes these are individuals doing it for “fun” but often there are groups of people, known as “Hacktivists” who have a stated aim to cause disruption.
For example, there are teams of anti-capitalist activists trying to disrupt the stock market and banking systems.
These attacks are typically “denial of service” where the business can not operate due to their systems not being available or a general disruption to business caused by viruses or ransomware.
Sometimes hackers aim to cause embarrassment to their target. Often this a tactic used by the hacktivist campaign groups but equally is can fall into the “Money with Menaces” category.