INDEPENDENT PUBLICATION BY raconteur.net #0418 27 / 11 / 2016 CYBER SECURITY BEWARE THE HOME APPLIANCES ‘SILENT’ CYBER ARMS WHAT MAKES CRIMINAL SMALL UK BUSINESSES 04 RACE IS MAKING NOISE 06 HACKERS WANT TO HACK? 08 ARE NOW BIG TARGETS 03 THAT CAN LAUNCH A CYBER ATTACK Suspected state-sponsored attacks have Cyber criminals are driven by a diverse range Small contractors are in the sights of cyber The internet of things and connected devices present a cyber-security risk triggered an international cyber arms race of aims and ambitions to break into a computer villains as the weak link in corporate defences WHO ARE THE CYBER ATTACKERS? Based on data IBM collected in 2015 from more Organised cyber than 8,000 client devices in 100 countries 40% criminals are Outsiders digital mafia 44.5% Malicious insiders In the wake of the Tesco Bank hack, which saw 9,000 customer accounts targeted, cyber security experts are warning of organised online 15.5% Inadvertent actors crime gangs operating like a digital mafia Source: IBM Security Services 2016 family, our small groups, employees on the books, our business partners, anyone with valid access to some part of our system. OVERVIEW Either way you lose, says Adrian Nish, who “We all carry sophisticated technology like STEPHEN ARMSTRONG leads the Threat Intelligence team in BAE Sys- smartphones around with us and we all work tem’s cyber-defence division. Real-life hackers or use the cloud. So now hackers no longer are as good as or even better than movies sug- have to hack 20 or 50 organisations. They r Robot is possibly Holly- gest. A few months ago, Mr Nish explains, hack- hack one cloud and they get every single wood’s ultimate hacker show – ers targeted the Central Bank of Bangladesh person who is using that cloud.” the chaotically unfolding sto- and tried to steal $951 million, six times the Working the people factor is common- Mry of Elliot Alderson, a cyber amount in George Clooney’s Ocean’s Eleven. place. “You’ve got to work on five or six dif- security engineer with emotional problems, “They set up bank accounts in Manila in ferent attack factors at any one given time,” who is recruited by a fiendishly cunning the Philippines and in Sri Lanka then broke says white hat hacker Jamie Woodruff from group of hacktivists in their attempt to bring into the Bangladesh bank network, probably Metrix Cloud. “My favourite is the viewing down the fictitious financial giant E Corp. sometime in 2015, and waited until Febru- webcams on Google. You can locate a specific Elliot wears a hoodie and hacks from his ary 4,” he explains. “This was a Thursday, area, find open cameras and build up a profile bedroom, just like all good movie or TV hack- the end of the week in Bangladesh and just about who walks into that infrastructure and ers do. For Mikko Hypponen, chief research before the Chinese New Year, so overall who walks out. People follow routine. You see officer at the cyber security firm F-Secure, they had this four-day window to get away them repeat, you build up a pattern then use this image is quaint and entirely false. Mr with the heist. They flipped just eight bits of tools like Montego, where you can type in key Hypponen looks at 350,000 samples of new code, secured root access and covered up the identifiable information then find your eBay malware attacks almost every single day. transactions to make it look like the money account, your e-mail account, your address, Some 95 per cent of them are from organised hadn’t left the bank’s accounts at all.” your telephone number… then you’re in.” online crime syndicates. Only the tiniest pro- Of 35 attempted transactions, only four Among the tricks Mr Woodruff has pulled portion of hacks is committed by hacktivists. got through – meaning the hackers stole $81 there’s setting up fake .eu versions of compa- “The earliest viruses million rather than $951 ny sites and asking employees to log in, tail- were written by bored million – but it’s still gating into an office with a group of smokers teenagers looking for one of the biggest bank then walking around dropping tainted USBs a challenge, but to- robberies in history. and sticking up official looking QR codes at day’s hackers are much This new breed of “Banks don’t do enough business conferences which infect smart- more malicious,” he testing,” Mr Nish warns. MOST FREQUENTLY OCCURRING INCIDENT CATEGORIES phones with malware. explains. “What makes cyber criminals see “We’re dealing with PERCENTAGE OF TOTAL GLOBAL CYBER-SECURITY INCIDENTS 2014 2015 And movies rarely show one of the fast- them different from themselves as people who’ve been Based on data IBM collected in 2015 from more than 8,000 client devices in 100 countries est-growing forms of cyber attack – ransom- old-school hackers is digital mafiosos trained to make net- ware, where a hacker locks down all the files they have a motive.” work intrusions, so the on anything from a laptop to an entire com- This new breed of people we have defend- Unauthorised 37% pany or steals extensive information and de- cyber criminals see ing our system also access 45% mands money to release or return everything. themselves as digital mafiosos. The Mol- need training, also need to know how to spot Moty Cristal, professional negotiator and dovan hackers behind the Dridex malware these types of attacks and how to set up the % chief executive of NEST Negotiation Strate- attack stole millions of dollars in co-ordi- system security in order to defend against it.” Malicious 20 gies, recalls one banking client receiving an nated hits on 300 banks around the world. In TV drama, people are a big weak point code 29% e-mail stuffed with very confidential customer Evgeniy Mikhailovich Bogachev, the Russian that hackers take advantage of. In Sherlock, information. Two minutes later, he received a thought to be the author of the Zeus trojan, for instance, Moriarty pretends to hack the 20% WhatsApp message demanding $120,000. has a $3-million bounty on his head from the Bank of England, the Tower of London and Sustained Mr Cristal adds: “When you’re facing this probe/scan FBI, and is wanted by Interpol and Europol. Pentonville Prison before – spoiler alert – 16% crisis, it is the human factor that needs to be That’s not to say naughty teenagers aren’t a revealing it was the human factor all along managed. Making connections and negoti- threat, says Troy Hunt of data breach aggre- – disgruntled employees, with no super 11% ating are essential.” gation service Have I Been Pwned? “There technology needed. And the human factor Suspicious Although, to be fair, The Negotiator is a activity are teenagers getting hold of vast amounts is definitely key in online security. 6% whole different movie. Looks like hackers of personal data, using freely available soft- “The most sophisticated attacks of recent can get into almost everything. ware, as in the recent TalkTalk hack,” he years had people on the inside,” says Sadie Access or 8% points out. “Scotland Yard told the press it Creese, professor of cyber security at the credentials abuse 3% Share this article online via was a Russia-based Islamic jihadist group, University of Oxford. “That’s people who raconteur.net but it turned out to be two teenagers.” work for us, people that are members of our Source: IBM Security Services 2016 RACONTEUR CONTRIBUTORS DISTRIBUTED IN PUBLISHING MANAGER HEAD OF PRODUCTION STEPHEN ARMSTRONG JOHN LEYDEN DAN MATTHEWS EDWIN SMITH FINBARR TOESLAND DAVEY WINDER EMMA John Okell Natalia Rosek Contributor to The Former crime reporter Journalist and author Writer and editor, Freelance journalist, Award-winning WOOLLACOTT Sunday Times, Monocle, in Manchester, he of The New Rules of he contributes to he specialises in journalist and Specialist technolo- PRODUCTION EDITOR DIGITAL CONTENT MANAGER Wallpaper* and GQ, is now a writer for Business, he writes for publications including technology, business author, he specialises gy writer, she covers Benjamin Chiou Jessica McGreal he is also an occasional the technology news newspapers, maga- The Guardian and The and economic issues, in information legal and regulatory broadcaster on and opinion website zines and websites on a Sunday Telegraph. and contributes security, contributing issues, contributing MANAGING EDITOR DESIGN to Forbes and the Peter Archer Samuele Motta BBC Radio. The Register. range of issues. to a wide range of to Infosecurity Grant Chapman publications. magazine. New Statesman. Kellie Jerrard BUSINESS CULTURE FINANCE HEALTHCARE LIFESTYLE SUSTAINABILITY TECHNOLOGY INFOGRAPHICS raconteur.net/cyber-security-2016-ii Although this publication is funded through advertising and sponsorship, all editorial is without bias and spon- Raconteur is a leading publisher of special-interest content and research. Its publications and articles cover a wide The information contained in this publication has been obtained from sources the Proprietors believe to be sored features are clearly labelled. For an upcoming schedule, partnership inquiries or feedback, please call range of topics, including business, finance, sustainability, healthcare, lifestyle and technology. Raconteur special correct. However, no legal liability can be accepted for any errors. No part of this publication may be repro- +44 (0)20 8616 7400 or e-mail [email protected] reports are published exclusively in The Times and The Sunday Times as well as online at raconteur.net duced without the prior consent of the Publisher. © Raconteur Media 2 CYBER SECURITY raconteur.net 27 / 11 / 2016 RACONTEUR COMMERCIAL FEATURE jamesteohart/istockphoto The fallout of Ya- hoo!’s data breach is a major concern for chief executive Marissa Mayer, who is currently working to finalise a $4.8-billion deal to sell Yahoo!’s core internet busi- Ethan Miller/Getty Images Miller/Getty Ethan ness to Verizon Be ready to limit damage after a data breach… Cyber attacks are on the rise and may even be inevitable, so SECURITY RISK OF THINGS organisations must create a culture of cyber awareness and be The internet of things is connecting devices to networks on an ever-increasing prepared to protect their reputation scale.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages8 Page
-
File Size-