What do cybercriminals use?

Prime threats are malicious worms, viruses and ransomware

Opportunities for criminals are growing, thanks to the open nature of the internet and the increasing volumes of e-commerce. The main tools and techniques used by criminals are:

Malware (malicious software) that threatens a business’ ability to operate, including:
Worms:Standalone software that can take over control of business systems and equipment without the operators’ knowledge (Stuxnet, discovered in 2010, targets industrial control systems to alter PLC automated type tasks.)ⁱⁱViruses:A piece of code spread by an infected host file that can replicate itself and corrupt a computer’s system or delete data (In 2000, an email called ILOVEYOU, which distributed a virus, overwrote system files and personal files.)ⁱⁱⁱRansomware:Blocks users’ access to their files and demands that a ransom is paid to regain access to the files (In 2013, CryptoLocker encrypted users’ files and demanded a ransom before issuing a decryption key.)Data theft and fraudCyberattacks are most often about infiltrating a business’s systems and gaining access to customer data to steal their bank details (or even their identity) and commit fraud. ‘Bad actors’ may use sophisticated hacking techniques. They can also just send scam emails, knowing people will be careless.

Video ►

The key essentials to Cybersecurity risk and threat management
with Ben Russell, Head of Threat Response, NCA., and Gillian Lees, Snr Director Governance and Risk Research, CIMA.

Dealing with ransomware

These tips for dealing with ransomware are primarily aimed at organisations and their employees, but some also apply to individual users:

Make sure employees are aware of ransomware and of their critical roles in protecting the organisation’s data.
Patch operating system, software, and firmware on digital devices (which may be made easier through a centralised patch-management system).
Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
Manage the use of privileged accounts — no users should be assigned administrative access unless absolutely needed and only use administrator accounts when necessary.
Configure access controls, including file, directory, and network share permissions appropriately. If users only need to read specific information, they don’t need write-access to those files or directories.
Disable macro scripts from office files transmitted over email.
Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular internet browsers, compression/decompression programs).
Back up data regularly and verify the integrity of those backups regularly.
Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

Source: FBI (Federal Bureau of Investigation), what we investigate – cybercrime

Recognise the risks to build trust

The Open Web Application Security Project (OWASP) is a community enabling organizations’ to develop, purchase and maintain trustworthy applications and APIs (application protocol interfaces).

The 'OWASP Top 10' is a report outlining the 10 most critical web application security risks. A glance at the risks will confirm the need to work side by side with IT professionals to counter sophisticated forms of cyberattack.

The OWASP Top 10, 2017

Injection flaws: An attacker inputs data tricking the application/system to execute unintended commands
Broken authentication: Incorrectly implemented authentication or session management allows an attacker to assume a user’s identity
Sensitive data exposure: Some web applications and APIs don’t protect sensitive data properly, for example allowing attackers to access a credit card to commit fraud
XML external entities (XXE): Some older or poorly configured XML (external mark-up language) processors allow an attacker to access files
Broken access control: Restrictions on authenticated users’ access are not controlled
Security misconfiguration: Data is put at risk through not patching or upgrading systems frameworks, dependencies or components
Cross-site scripting (XSS) (on a web page): An attacker is allowed to execute scripts in the user’s browser and hijack sessions
Insecure deserialization: Permits remote code execution or sensitive object manipulation on affected platforms
Using components with known vulnerabilities: This can lead to serious data loss or server takeover
Insufficient logging and monitoring: While breaches of security should be identified by internal monitoring and logging of activities, data breaches are often not spotted 120 days after they occurred.

Source: OWASP Top 10

Dangling the bait
Although the majority of cybercrime is committed externally, it is often unwittingly enabled by employees.For example, leaders might fully intend that their business should treat its customers’ data responsibly, ensuring data policies are in full accordance with GDPR. However, without monitoring and accountability, well-intentioned employees might use customers’ data to achieve business objectives without always checking that customers are happy with their data being used this way.

Another example is ‘phishing’. A scam which dupes employees into thinking an email is from a trusted source. So they click on an infected link that downloads malware. ‘Whaling’ is a variation on phishing, which targets one big fish — often the CFO. Critically, the email might appear to come from the CEO or a regulator, looking like an urgent demand to pay a supplier or settle a fine.Compromised business email accounts are currently the main cause of cyber insurance claims.^ivPhishing is a numbers game. Criminals send many emails at negligible cost and wait. Every now and then someone will be careless and bite the bait. Prevention is better than the cure — and a lot cheaper. The priority must be to cultivate a risk-aware, security-first culture.

“Most people see the hacker as the bad guy in a thriller movie, breaking in and causing havoc, but by far the number one greatest risk for an organisation is the insider problem. Sometimes that’s a malicious insider and sometimes it’s a good person doing stupid things.”^v

— Larry Ponemon, chairman and founder of
the Ponemon Institute data protection and
cybersecurity research centre