CyNations’ Top Threats of the Month

05/Apr/2017

Ransomware

In 2016 ransomware affected a substantial number of organisations’, and we can expect it to remain a top concern for 2017. Last year was a very prominent for ransomware, with many organisations’ having their network and data hijacked until a ransom was paid. In some cases, the data may not even be decrypted after the victim has paid the ransom.

Ransomware attacks can be tremendously expensive for victims, also the damage to their reputation and trust of the organisation can be huge. Therefore, it is important for organisations to ensure that that they have the appropriate security measures are in place, otherwise an attack like ransomware could cause irreversible damage.

On 3rd March 2017 Pennsylvania’s Democratic State Senators were hit by ransomware. Democrats in Pennsylvania’s state Senate were locked out of their network early Friday morning due to a successful ransomware attack, Penn Live reports.

In the attack affected the whole Caucus network, including the web server. Offices remained open, but no officials could access the computer network. A statement was released by Caucus officials, signed by Senator Jay Costa, saying that the FBI and Microsoft were called in to investigate the incident.

There is no evidence to suggest that the ransomware attack was directly targeted at Pennsylvania Senate Democrats, it may well have been a random ransomware attack that was not directed at one particular target.

 

Phishing Attacks

Phishing Attacks have been an established threat for a long time, but they are now more targeted and sophisticated than ever before. Phishing aims to scam the target into revealing private information such as financial details, usually via a fraudulent email or website.

According to Proofpoint’s Quarterly Threat Summary social media phishing attacks grew by 500% from the start of 2016 compared to the end. An increase in fraudulent accounts was also found in these social media channels, posing risks such as social spam and malware distribution to users.

“To that end, Proofpoint researchers observed a 20% increase in spam content across Facebook and Twitter quarter over quarter,” the report reads.

On 14th March 2017 Lifehacker outlined a Gmail phishing attack that can easily steal your login credentials. Wordfence discovered this attack earlier this year, which targets Gmail users accessing their email accounts via a web browser. During the attack a graphic is displayed which is identical to the one in which Google uses to shows a PDF or Word document attachment.  When the graphic is clicked on the user is redirected to a fraudulent webpage which looks like a normal Google login screen.

This phishing attack should be considered very dangerous, because the graphics and fraudulent login page are almost completely identical to ones used by Google. One way in which users can identify this attack is by checking the URL of the login screen after they have clicked the attachment as it begins with “data:text/htyml” which should normally be “https:”. This is displayed as the fraudulent login page is not hosted on a secure server.

Data Breaches

Data Breaches occur when an incident takes place in which sensitive, protected or confidential data has been viewed, stolen or used by an unauthorised individual. Bloomberg reported that 2016 was a record year for data breaches, with an increase by 40% when compared to 2015.

In Mid-March, it was announced by the Telegraph that the Information Commissioner is investigating concerns that records held by 2,7000 practices. It is thought that one of three of those in England can be accessed by hundreds of thousands of strangers.

Privacy campaigners described the breach as “truly devastating” with millions of patients not knowing if their records have been compromised.

The investigation is focused on a popular computer system used by GPs. When doctors switch on the “enhanced data sharing” feature so that records can be seen by hospitals, it means that the records can also be accessed by hundreds of thousands of workers throughout the country.

Doctors have been urged to consider switching off the function, although this would make it difficult to work with local hospitals, or to tell their patients that security has been compromised.

United Kingdom

contact@cynation.com

+44 020 3190 5000

The Rain Cloud Victoria
76 Vincent Square
London, SW1P 2PD

Netherlands

contact@cynation.com

+31 6 2535 2005

The Hague Security Delta
Wilhelmina van Pruisenweg 104
2595 AN Den Haag

Newsletter Signup

%d bloggers like this: