The National Cyber Security Centre (NCSC) has reported on 2017 and here are some key points from the report.
“It was a year of ransomware attacks, data breaches and online fraud.”
The WannaCry ransomware attack in May spread rapidly and randomly. 300,000 devices were infected across 150 countries and affecting services worldwide, including the NHS. The attack demonstrated the real-world harm that can result from cyber attacks, particularly when they are designed to self-replicate and spread.
The enormous scale of the 2013 Yahoo breach , the 2016 Uber breach and the 2017 Equifax breach came to light, demonstrating that data is a valuable target for cyber adversaries. It is clear that even if an organisation has excellent cyber security, there can be no guarantee that the same standards are applied by contractors and third party suppliers in the supply chain. Attackers will target the most vulnerable part of a supply chain to reach their intended victim.
Between October 2016 and the end of 2017, the NCSC recorded 34 significant cyber attacks. 762 less serious incidents were also recorded. With interest in cryptocurrency still strong, cryptojacking – where an individual’s computer processing power is used to mine cryptocurrency without the user’s consent – will likely become a regular source of revenue for website owners. Increased use of cloud technology to store sensitive information will continue to tempt cyber attackers, which could result in UK citizens’ information being breached.
Distributed Denial of Service (DDoS) attacks – where hackers threaten to conduct DDoS attacks unless a ransom is paid – have increased since mid-2017 when a South Korean web hosting company paid a ransom fee in Bitcoin equivalent to US$ 1 million. In late 2017.
The reported number and scale of data breaches continued to increase in 2017, with Yahoo finally admitting in October that all of its 3 billion customers had been affected by the 2013 breach.
Groups assessed to have links to state actors – were likely responsible for some of the larger breaches.
Examples of data breaches included: • Equifax, where the personally identifiable information of 145 million US users and almost 700,000 UK users was compromised. • Verizon’s data on 14 million customers stored in the cloud, and controlled by a third party company, was exposed to anyone who could guess the web address. • Uber was forced to reveal that it deliberately covered up a year-old breach by paying the hackers US$ 100,000 to destroy the data they had stolen. The data of 57 million accounts, which had not been encrypted, was exposed. • An aggregated database of data, collated from multiple breaches, was discovered by security company 4iQ in December 2017. This contained 1.4 billion credentials in clear text, including unencrypted and valid passwords. Analysis indicated a large number of incidents were caused by third party suppliers failing to secure data properly.
If you have any experiences with scammers, spammers or time-waster do let me know, by email.