Week in review 01 December 2019: staff susceptible to phishing, businesses fail to implement IT disaster plans, ransomware unlikely to go away, the most notable cyber events of the last 10 years
A summary of the top cyber news events from the last week and how they relate to business and individuals in Guernsey and the wider Channel Islands.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Nearly half of workers have clicked on a phishing email
New research released this week has revealed that almost a quarter of businesses have fallen victim to a phishing attack.
A survey of 714 people working in businesses across the US discovered that many organizations are not taking the proper measures to protect themselves from phishing attacks including employee training and the implementation of two-factor authentication.
Of those surveyed, only 64 percent said they currently use a two-factor authentication system to help protect their organization's data. This means that over one third of organizations are potentially leaving themselves exposed to phishing attacks.
Some phishing schemes, such as spear phishing, target specific members of staff within an organisation and this is typically accomplished through social engineering.
In order to combat these phishing scams firms should ensure the provide staff with suitable social engineering training.
https://www.techradar.com/news/nearly-half-of-workers-have-clicked-on-a-phishing-email
Phishing emails are still managing to catch everyone out
Staying with Phishing, another article this week points out that workers are still finding it too hard to spot phishing emails, with nearly three-quarters of companies seeing staff hand over passwords when tested by a security company.
A security consultancy tested 525 businesses for their susceptibility to a range of different hacking techniques and security vulnerabilities. It found that employees at 71% of these businesses handed over access credentials when targeted with phishing attacks by penetration testers -- up from 63% last year.
In 20% of cases, login details were shared by more than half of employees, compared to just 10% last year.
The firm doing the research carried out 623 penetration tests across the US, Europe and the UK, aiming to simulate a range of cyberattacks to assess how well companies were able to cope with them.
Weak passwords and insecure internal procedures, such as improper file-access restrictions and a lack of staff training, along with using out-of-date software, were the three most common vulnerabilities discovered during the tests.
The original article can be found here: https://www.zdnet.com/article/phishing-emails-are-still-managing-to-catch-everyone-out/
Many UK businesses have no IT disaster recovery plan
Disaster recovery plan, a set of steps designed to help businesses get back on their feet after an incident as soon as possible, is not something many UK businesses have.
A Survey of 1,125 IT workers came to the conclusion that a quarter of SMEs don’t have such a plan set up and this equates to “gambling with the continuity of business”.
In the report, it stresses that four fifths of all businesses who suffered a major incident failed within a year and a half.
Among businesses that do have a disaster recovery plan created – more than half (54 per cent) don’t regularly test it. A third has never tested it, at all. A small portion of the firms don’t have automated backups set up, either.
“The message to business leaders is get a DR plan in place and test, test, test!”
https://www.itproportal.com/news/many-uk-businesses-have-no-it-disaster-recovery-plan/
Ransomware: Big paydays and little chance of getting caught means boom time for crooks
Ransomware will continue to plague organisations in 2020 because there's little risk of the cyber criminals behind the network-encrypting malware attacks getting caught; so for them there's only a small amount of risk, but a potentially large reward.
During the last year, there's been many examples of ransomware attacks where victims have given into the extortion demands of the attackers, often paying hundreds of thousands of dollars in bitcoin in exchange for the safe return of their networks.
In many cases, the victims will pay the ransom because it's seen as the quickest – and cheapest – means of restoring the network.
The full article can be found here: https://www.zdnet.com/article/ransomware-big-paydays-and-little-chance-of-getting-caught-means-boom-time-for-crooks/
A decade of hacking: The most notable cyber-security events of the 2010s
The 2010s decade is drawing to a close and ZDNet have taken a look back at the most important cyber-security events that have taken place during the past ten years.
There have been monstrous data breaches, years of prolific hacktivism, plenty of nation-state cyber-espionage operations, almost non-stop financially-motivated cybercrime, and destructive malware that has rendered systems unusable.
Read the full article for the full list here:
Authorities take down 'Imminent Monitor' RAT malware operation
Law enforcement agencies from all over the world announced this week that they took down the infrastructure of the Imminent Monitor remote access trojan (IM-RAT), a hacking tool that has been on sale online for the past six years.
According to a press release from Europol, the operation had two stages. The first occurred in June 2019, when Australian and Belgian police forces searched the homes of the IM-RAT author and one of his employees.
The second stage took place earlier this week, when authorities took down the IM-RAT website, its backend servers, and arrested the malware's author and 13 of the tool's most prolific users.
Europol reported arrests in Australia, Colombia, Czechia, the Netherlands, Poland, Spain, Sweden, and the United Kingdom.
Authorities also served search warrants at 85 locations and seized 430 devices they believed were used to spread the malware.
The UK National Crime Agency (NCA) took credit for a good chunk of the bounty, with 21 search warrants, nine arrests, and more than 100 seized devices.
More here: https://www.zdnet.com/article/authorities-take-down-imminent-monitor-rat-malware-operation/
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our new regular ‘Cyber Tip Tuesday’ video blog, here and on our YouTube channel.