Year: 2017

How is Cyber Crime Policed ?

by
cyber crime

How is Cyber Crime policed ?

The emergence of cyber crime in the UK with 53% of all crime relating to this form of criminal activity, the need for this to be addressed has called for the adoption of specialist crime units.

Throughout the UK there now exists Regional Cyber Crime Units (RCCU) which have been set up by the National Crime Agency to help combat and manage the effects of cyber crime.

With cyber criminals becoming increasingly sophisticated the RCCU’s have a very important role to play in our society and the business environment.

What is the role of a RCCU?

They normally consist of two main teams :-

Cybercrime Investigation Team  

This team is involved with investigating all forms of cyber related crime that occur within their designated region

Cyber Protect Team 

Advice on to protect individuals and businesses is provided by this team . This is carried out with input and presentations on cyber crime and cyber security.

Within these teams the following is also provided :-

  • The provision  of law enforcement set up and response
  • Advice on current trends and threats that the RCCU is experiencing

Cyber Briefings

Cyber Briefings are published on a monthly basis and distributed to businesses that provide details of current threats, advise and news.

http://www.zephyrswrocu.org.uk/userfiles/Regional%20Cyber%20Briefing%205th%20June%202017.pdf2.pdf

These areas of activity provide invaluable support to those affected by cyber crime and its prevention.

The RCCU look to work with other ancillary cyber related businesses whether they be cyber security firms, risk managers within the insurance industry and their counterparts in other parts of the world. The exchange of data is invaluable in assessing future cyber risks and offering preventative advice and updated guidelines on cyber threats.

The RCCU’s also work closely with a number of bodies that already are helping raise the awareness of cyber risks and share knowledge of emerging threat vectors such as the following:-

Get Safe Online

https://www.getsafeonline.org/

Cyber Aware

https://www.cyberaware.gov.uk/

Cyber Information Sharing Partnership ( CiSP)

https://www.ncsc.gov.uk/cisp

The challenge that these cyber crime police units face far out weigh the resources that each region has and this represents a stiff challenge with the cyber landscape constantly changing on a daily basis.

Ransomware : The Modern Day “Stand and Deliver”

by
Ransomware

Ransomware : It you didn’t know what ransomware was a few weeks ago….. it is almost certain that you do now in the wake of the WannaCry cyber attack that occurred earlier this month.

What is Ransomware? 

This is a form of malicious software that is designed to block access to a computer system until a sum of money is paid. It is not possible to use the data and in some cases the hackers threatens to publish the data until a ransom is paid, there is of course no guarantee that once the ransom has been paid that the encryption code will be provided or if the hacker will still delete the data. If the ransom is paid it is possible that the hacker will return to carry out a further attack.

This form of malware effectively employs scare tactics not unlike that which have been seen in the days of a highway man in Victorian times who would hold a coach of unsuspecting passengers at gunpoint until they had handed over a ransom representing their wealth. Ransomware can be compared to the modern day “stand and deliver” threats that a highwayman posed.

The Impact of a Ransomware Attack 

Ransomware attacks have increased four fold over the past two years with the UK being one of main targets for ransomware attacks as we are perceived to be a destination that will readily pay the ransom.

One report has collected data which reveals that 54% of UK businesses have been targeted with a ransomware attack where revenue has been lost and in extreme circumstances the businesses have had to close. The impact of a ramsomware attack can also cause reputational issues to a business that they may never recover from.

With the General Data Protection Regulations (GDPR) coming into force on the 25th May next year the emphasis of protecting personal data is increasing. If a ransomware attack encrypts personal data and the business is unable to restore the data it is conceivable that the ICO would consider that the business has not taken appropriate measures to keep the data safe and as a result in breach of the Data Protection Act.

The WannaCry Attack

The ransomware attack affected approximately 200,000 computers in 150 countries on 12th May . The most high profile organisation hit by this attack in the UK was the NHS . Outside of this, Renault, Nissan, FedEx and Telefonica were also hit by this indiscriminate cyber attack that appear to target legacy software that had not been updated. Organizations that still utilized Windows XP were particularly hard hit as this contained certain software vulnerabilities.

Managing the Ransomware Cyber Risk

Businesses should consider the following:-

  • Adequate Back Up and Recovery of computer systems
  • Patch Management of all systems with particular attention to older systems
  • Staff Training to raise awareness of what to look for in a ransomware attack
  • Regular Firewall Management
  • The Purchase of Cyber Insurance

The National Cyber Security Centre offer some excellence guidance on their website entitled “Protecting your organization from ransomware” at the attached link :-

https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

How Cyber Insurance Can Help 

Cyber Insurance is a modular policy and it is possible to purchase specific areas of coverage tailored to a businesses requirements.

Cyber Extortion Coverage

This includes the negotiations with hackers and payment of the actual ransom

Forensic Investigation

This determines what data was compromised and how the systems were accessed

Data Restoration

This covers costs associated with trying to unencrypt data and to assist with the back up of data.

Business Interruption

This module provides coverage for costs associated with costs incurred with increased costs of working and possible loss of profits.

There are now many strains of ransomware which are becoming increasing harder to manage , presenting a constant challenge for businesses to manage. Business do need to constantly review their cyber security risk management processes and procedures which will go some way in alleviating this evolving threat that this poses.

Is BYOD an acceptable Cyber Risk?

by
BYOD

BYOD know as Bring Your Own Device is a practice whereby businesses permit the use of employees own laptops, notebooks or smartphones in the working environment.

The cyber risk associated with this philosophy is very real and it is vitally important that this is managed within the businesss.

A survey carried out by Information Security last year reported that 1 in 5 businesses around the world suffered a mobile security breach. The survey also identified that the main concern of usage of BYOD’s was data leakage or loss.

Did you know that 35% of employees store their work password on their smartphone (Source : SecureEdge Networks)

BYOD Policy

It is crucial that the business has a clear and robust BYOD policy which should include the following:

1.An acceptable use policy that reflects appropriate guidance and accountability with input from other stakeholders of the business.

2.Management of Social Media as it is likely that there will an an increased use of this.

3.The type of personal data that can be processed on the device.

4. Ensure that a back up plan is in place as mobile devices can fail or be compromised.

5.Reporting of incidents in a prompt fashion in order to comply with company policy and to meet any legal obligations.

The Information Comissoners Office provides guidance notes on BYOD which are a good reference point for businesses.

https://ico.org.uk/media/for-organisations/documents/1563/ico_bring_your_own_device_byod_guidance.pdf

What are the risks?

The main feature of BYOD is that the user owns, maintains and supports the device. As a result of this the data controller will not have as much control as they would should the device be provided by the business.The main concern is the security of the data and this is monitored over a number of devices.

With the focus on data the business should be aware of the following:-

The type of data held on the device

What application data will be held on

How the data will be transferred and asssessment of any possible leakage.

The type of security that is operated under the device.

The line between personal use and business use.

Can Cyber Insurance help?

It is possible for a cyber insurance to provide coverage for cyber risks arising from BYOD devices within a business. Insurers will ask certain risk management questions in order to assess the risk and if acceptable will include this aspect of coverage under the policy.

Image : Shutterstock

What is a Denial of Service Attack?

by
Denial of Service

What is a Denial of Service attack?

A denial of service attacks is a form of cyber attack where a hacker aims to make a computer or network unavailable to its user.

It’s full description is described as a Distributed Denial of Service (DDoS) attack and is carried out by disrupting the services of a host that are connected to the internet by flooding the target with bogus requests which will overload the computer making it inaccessible by the users.

The UK is only second behind the US as being the most targeted country for DDoS attacks. The UK is subject to just under 10%of the world’s DDoS attacks, whereas the US boasts 50.30% of the total of attacks.

Over the last year DDoS attacks have increased by 211% as reported by cyber security consultants Imperva. The main source of the attacks is South Korea over taking China .

In recent months the size of attacks have started to become much larger. An average attack is around 200 Gigabits per second but attacks of between 600Gbps and 1 Terrabit per second are now evident. An attack of this magnitude would cause serious disruption to a businesses computer systems.

Consequences of a DDoS Attack

Business Interruption

A business could be severely disputed for a period of  time which prevents the business from trading normally.On-line retailers for example could loose a high volume of sales.

Reputational Harm

The business may suffer reputational issues following a DDoS attack and the perception by it customers that its cyber security procedures are not of a sufficiently robust standard

Common Types of DDoS Attacks

UDP Flood

User Datagram Protocol is where random ports are attacked on a computer system by packets which cause it to listen for applications on those ports and signal back with a ICMP packet.

Ping of Death

This is known as a “POD” that manipulates IP protocol by sending packets larger than the maximum byte allowance. As a result this causes the computer servers to crash.

Peer to Peer

This is where a peer to peer server is compromised to route traffic to a target website. Users are resultantly sent to the target website where it is eventually overwhelmed and is taken off line.

https://www.rivalhost.com/12-types-of-ddos-attacks-used-by-hackers

Dyn – The Largest DDoS Attack – Case Study 

This DDOS attack heralded a new dawn of what these forms of cyber attacks can achieve as it bought down a huge chunk of the US internet.

It was called the Mirai bonnet and targeted the servers of Dyn which is a company that controls a large proportion of the the DNS infrastructure.This occurred in October last year and took place for almost a day. In its wake it bought down household names such as Twitter, the Guardian and Netflix in Europe and the US.

A network of computers were infected with malware know as a “botnet” and coordinates into bombarding a sever with traffic until it gives way under the weight of the traffic that it is being hit with.

What was unusual with the Mirai botnet which normally consists of a number of computers but this consisted of Internet of Things devices that included digital camera and DVR players.

Due to the fact that so many devices connected to the internet this enabled the attack to be so much larger than any other previous DDoS attack. The attack was thought to be the strength of 1.2 Tbps and twice as powerful of  the next most powerful attack.

It is good business for hackers ….

Kaspersky Labs have carried out studies on Denial of Service attacks exploring the business model and its popularity. A DDos attack can costs as little as $7 an hour with the average rice being $25 an hour . The profit margin can be as much as 95%.

https://www.thecsuite.co.uk/cio/security-cio/ddos-attacks-the-hackers-profit-margin/

Cyber Insurance 

Cyber Insurance can provide assistance in the event of DDos attack by providing the following policy coverage :-

Business Interruption

Cyber Extortion

Incident Response Services

Businesees need to be prepared for the threat that a DDos attack can bring and it important that their cyber security risk management procedures are effective to combat attacks of this nature which are being bought about with increasing severity by hackers.

Image : Shutterstock

Navigating Cyber Risk At Sea

by
Cyber Risk

Navigating Cyber Risk At Sea  

The maritime sector is not immune from the every day cyber risks that other transport industry sectors experience. with a high reliance on technology giving rise to similar cyber risk profiles and the ensuing threats vectors.

Ships that are now built rely on software to run their engines and GPS navigational systems to move from A to B, the impact therefore of a cyber attack from a hacker has the potential to cause severe disruption to the running of the ship.

There is an apparent lack of under reporting of cyber attacks in the shipping world with the true extent of cyber attacks not yet really known.

Cyber risk does not only exist at sea , cargo handling and container tracking at ports are also very dependent on technology which forms part of the cyber threat landscape that ships face.

To help this sector manage safety and security The International Maritime Organization, a United Nations agency released a set of draft guidelines on maritime cyber risk management which identified the following key areas:-

  • Identify: Definition of the roles and responsibilities for cyber risk management of individuals in order to assess cyber risks
  • Protect: The implementation of risk control processes to manage cyber attacks
  • Detect: The installation of systems to detect new and existing cyber risks
  • Respond: Procedures in place to provide cyber resilience and the ability to restore computer systems
  • Recover: Effective recovery procedures to back up and restore shipping operations

http://www.imo.org/en/MediaCentre/HotTopics/piracy/Pages/default.aspx

Possible Types of Cyber Threats

1.Hackers accessing a shipping management systems so that data can be accessed providing details of future shipments and route.

2.Hackers utilizing a GPS system to direct a ship to unsafe waters which may lead to an attack from pirates so that cargo can be stolen

3.Cyber terrorist hacking into a cruise ships’ navigation system in order to cause loss of life or some form of physical damage to the ship.

4.Curtailment of a transportation ship by hackers accessing navigational systems and delaying the ship in reaching it destination and causing goods to perish.

5.The hijacking of a oil tanker via its GPS system by a hacker which leads to the tanker being taken to a different destination.

6. The cyber extortion of ships’ navigational systems that paralyzes it therefore making it is unable to move or reach its’ end destination.

The emerging cyber threat of the Internet of Things is also an new area of concern that will become more prevalent in the coming years.

Can Insurance Help?

The majority of Marine Insurance policies include a cyber attack exclusion clause which is likely to lead to the sector considering the purchase of a stand alone specific cyber insurance policy which will address a number of the associated cyber risks that the maritime sector faces.

It must be stressed that insurance is only part of the process of the cyber risk management process and should be treated as such.

Image : Shutterstock

The Human Factor in Cyber Risk

by
Deep Fake

The Human Factor in Cyber Risk is the biggest cyber threat that businesses face today……

Businesses recognize the cyber risk created by the outside threat of a hacker but the human factor or insider threat is the greater threat . By virtue of human nature, people are susceptible to making mistakes and it is this unpredictability that offers most businesses most concern and the ability in which to manage this.

The Facts

  • The Kroll Annual Global Fraud and Risk Report identified that 56% of businesses advised that insiders were the key perpetrators of cyber security incidents , with former employees being a high percentage of these at 23%.

http://www.kroll.com/en-us/intelligence-center/press-releases/building-resilience-in-a-volatile-world

  • The Mimecast study last year showed that 45% of businesses felt that they were not prepared against insider attacks.

https://www.mimecast.com/resources/press-releases/Dates/2016/8/malicious-insiders/

A PWc report prepared last year also found that current employees are the top insider cyber risk to UK businesses, so what are the main forms of cyber risk that are bought about by human factors…..

1.Malicious 

Motivated by a user wishing to cause a businesses harm, possibly for revenge or spite due to frustration at work, reward by an outside organisation or competitor.

As an insider they do not need to get around firewalls and can avoid detection and are normally in a position of trust where their actions are not questioned.

The attacks consist of deliberate acts such as :-

Infection of Computer Systems with Malware  

An employee could deliberately inject a malicious software in the businesses computer system which would cause disruption.

Selling of Passwords

This could lead to corporate data being being stolen and passed to a competitor

Abuse of Internal Logins

The Ponemon Institutes’study on the Insecurity of Privileged users last year identified that 21% of the respondents felt that privileged access was not actually necessary. The report highlighted that users with access to the most sensitive information are the most likely to be an insider risk.

https://www.ponemon.org/

2. Accidental

These are caused by carelessness and lack of awareness perhaps during a busy period at work, at a certain time during the day after lunch or a Friday afternoon when thoughts could be on the weekend.

Negligence 

An inadvertent transmission of a virus via an e-mail that could corrupt a third parties computer system

The leaving of a laptop   on a train or in shop

Uploading of sensitive information that may be sent out into the public domain.

Social Engineering

An employee may open an innocent looking attachment to an e-mail which contains a virus that compromises the business computer systems. This is known as a phishing attack and could lead to the system being locked down from a ransomware virus attack.

Phishing attacks can be targeted i.e Spear Phishing or ciculated non discrimently.

Poor Password Housekeeping

An employee may keep their password by writing it on a postit note on their computer screen or have this written on their desk note pad, this provides an opportunity for another employee to access their computer profile.

Examples of Insider Attacks in the UK 

Tesco

40,000 customer accounts of Tesco bank out of a total of 136,000 were subject to suspicious transactions, 9,000 of these had money stolen from their accounts. The sums taken were relatively small varying up to amounts of £600 but eventually totaled £2,500,000. It is suspected that the compromise of the customer accounts were as a result of an insider.

Sage

The accounting and HR software firm suffered a data breach, which appeared to be an insider attack. Employee data of 280 UK customers was accessed and possibly compromised. It is understood that an internal login was used to gain unauthorized access to the data.

Morrisons

An insider published details of the entire Morrison 100,000 employee database which appeared to be motivated as a revenge attack. The employee was likely to have taken advantage of his privileged rights. A number of employees have now launched legal action against Morrison’s

Ten ways to help manage the Human Factor  

1.Ensure that cyber security policies and procedures are in place

2.Introduce staff awareness of current cyber security threats

3.Robust training of staff on all aspects of cyber security

4.Employee conduct review prior to joining company

5.Monitoring of employees that are leaving the company in terms of their on-line activity

6.Monitoring of internal network activity and review of unusual activity

7.Assessment of large amounts of data being accessed or moved

8.Sharing of best practices

9.Restriction of  administrator login

10.Purchase of cyber insurance to help mitigate losses

The Human Factor can also be one of the best defences against cyber attacks if employees are appropriately trained and aware of the changing threat landscape that businesses face.

Image : Shutterstock