The state of cybersecurity in 2016

Cybercriminals are becoming more sophisticated and collaborative with every coming year. Indeed, incidents such as the recent alleged zero day breach at Lincolnshire Council highlight the impact this can have, as the council was forced to shut down its IT for over four days. Medical records, addresses, dates of birth, and bank details were allegedly exposed and a £1m ransom demand made.

Furthermore, according to the latest report from the Office National Statistics, cybercrime, including bank fraud, phishing scams, and malware, accounts for 3.8m incidents and forty per cent of crime in the UK. Yet the Government’s IT security initiative, Cyber Streetwise, highlights that around two-thirds of UK SMEs don’t believe their business is vulnerable to cyberattack.

So we're taking a look at the key cybersecurity vulnerabilities from 2015 and the biggest potential threats for 2016, as understanding the trends is the first step to combating the threat – forewarned is forearmed.

Ransomware

Ransomware uses malware to encrypt files, with the potential to lock access to a user’s computer and render important documents illegible until the victim pays a ransom. In 2015, it was firmly established as the malware attack of preference, with many similar strains following in the footsteps of the original Cryptolocker which encrypted files on Windows computers, successfully extorting around $3 million from victims of the trojan.

A recent report published by the Australian Government suggested that seventy two per cent of businesses surveyed had experienced ransomware incidents in 2015, a significant rise from just seventeen per cent in 2013.

Indeed, the ransomware attack at Lincolnshire Council highlights that this type of threat will continue to cause problems in 2016 for anyone who has yet to get to grips with it. Effective backup, implemented and working perfectly beforehand, is the only surefire way to ensure protection.

IoT and BYOD hacking

2015 was seen by many as the year of the Internet of Things (IoT) as a whole range of goods became connected to the Internet – fridges, light bulbs, house alarms, cars, and medical devices, as well as smartphones and other mobile devices. In 2016, IT departments might be on top of the security of their servers and desktops, but with the rapid uptake of bring-your-own-device (BYOD) and mobile apps for work and home in particular, the risk of hacking from these devices will continue to cause a headache.

Out of date cryptographic protections

2015 saw weaknesses in older cryptographic protections, including SSL with FREAK and Logjam, bucking the trend, following 2014’s offenders such as POODLE and Heartbleed. This particularly impacts anyone running an e-commerce site, requiring continued vigilance to remain abreast of the newly disclosed flaws. Under normal circumstances when communicating over an encrypted channel, a server and client negotiate to use the strongest protection that they’re both capable of; the FREAK flaw allows a malicious party the opportunity to force the connection to downgrade to use weaker protocols, which can then be cracked by an attacker.

Typical examples of exposed data may include account passwords and credit card numbers. Fortunately for 2016, no flaws have been found in the updated TLS frameworks 1 and 2, at least for the time being. To address both IoT hacking and out of date cryptographic protections, our advice is the same. Network administrators and IT teams need to know what is connected to, and running on, their networks. Findings from network audits and vulnerability assessments should identify suspect systems and services to mitigate these flaws.

Hidden backdoors

Flaws in Juniper’s secure networking devices used by the US Defense Department and the FBI, and vulnerabilities in Trend Micro’s antivirus software, which were criticised last month by Google, serve as early examples of a trend for hidden backdoors being discovered, having been hard coded in vendor appliances. A backdoor is a way of bypassing authentication, allowing anyone to log into a network and is often used for securing unauthorised remote access.

We’ve seen malicious parties starting to leverage the flaw in a bid to compromise vulnerable platforms, often within hours of a new weakness being disclosed, and crucially before some IT teams are even aware of the issue. It’s a question of system owners and administrators being able to keep on top of disclosures and react faster than the malicious parties attempting to leverage those flaws.

What can you do about your cybersecurity?

A reputable IT infrastructure provider will be able to provide you with advice on everything from firewalls and antivirus to multi-factor authentication, email, web security, and backups. And if you choose to let them manage your network security, you benefit from leveraging specialist expertise and having them share responsibility for the potential risks.

Andrew Waite, Security Consultant at Onyx