Ransomware attacks on IoT devices are on the increase according to a warning issued by cyber experts, and businesses are in the firing line.
The warning has come from the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) who issued a joint 2016/2017 report called ‘The cyber threat to UK business’.
Attacks of this variety work by holding a device to ransom, preventing the user from being able to gain access to the device’s full use until a payment had been made to the hacker.
This issue on the one hand affects everyone, with smart devices spanning society and all demographics, but the risk posed to business is particularly concerning. The report includes a key trend affecting businesses: “A move towards targeting specific businesses, where the rewards can be greater.”
The report outlines other current threat trends that are making attacks more formidable and ultimately more dangerous.
The report notes that “technical expertise is not necessary to carry out attacks”. This means that adversaries are no longer pigeonholed into a category of individuals with professional grade skills, and all that is now required is the will to launch an attack.
This dynamic has come about through developments such as the sale of pre-packaged ransomware on the Dark Web, a cheap and simple method of compromising a chosen target.
In response to the report Greg Day, VP and chief security officer EMEA, Palo Alto Networks said: “One of the most pressing challenges when it comes to security is educating organisations and the general public and, as such, we applaud this report. It plays a crucial role in further helping businesses, governmental bodies and users to keep pace with the threats they face today.”
Day highlights a crucial point, while businesses and governments may be at threat, society in general requires more extensive education on the current cyber threat risks, and how best to evade them.
Tony Pepper, CEO and co-founder Egress highlights another side of the problem: “This report certainly highlights the numerous security threats businesses are facing at the moment. While it’s all things everyone should really be aware of anyway, it does clearly show the uphill battle we’re all facing.”
Justin Coker Vice President, EMEA, Skybox Security has looked at the report from a holistic perspective and said: “The report reflects what we are seeing ourselves. Cybercrime has evolved into a dark global industry that’s growing in size and significance. While security professionals have observed this gradual “corporatization” of cybercrime, 2017 will be the year non-security folks begin to recognize this fact as well and this report helps clarify things greatly.”