The Global Risks Landscape 2018

Towards the end of each year, we tend to come across several reports and white papers that discuss the cyber-threat predictions/concerns for the following year. However, I do believe that very few of these reports really attempt to dig deep when it comes to emerging Cyber related threats and really discuss future trends. 

I have had several discussions regarding the future of cyber risk exposure and how cyber risk assessments will start experiencing a significant shift in the following months. There is a bigger picture when it comes to cyber threats and cyber crime. It is not only how much a data breach or business disruption will cost, but at what scale it affects people's lives. This is the moment we need to take a step back and look at magnitude and implications. The main reasons why things should be expected to dramatically change in the Cyber front between 2018-2020, are briefly outlined below:

a) The General Data Protection Regulation (GDPR). GDPR has brought Information Security and Cyber Security into the boardroom as a discussion topic, "motivating" stakeholders to act upon the requirements before the regulation is finally in effect (25 May 2018). You should also consider that the disclosure of a breach needs to take place within 72 hours from the moment it was detected, the increased cost of responding to a data breach, and the fines imposed under GDPR.    

b) The number of Cyber attacks expected in 2018 and their impact, according to the Cyber Security Breaches Survey conducted for 2017. (FYI: The official Cyber Security Breaches Survey 2018 detailing business action on cyber security and the costs and impacts of cyber breaches and attacks will be publish in April 2018).

c) Now consider the domino effect when it comes to the scale and magnitude of the cyberattacks anticipated by 2020, in contrast with the current state of readiness of business entities and their dependencies across all industries. 

The recently published Global Risk Report by the World Economic Forum (www.weforum.org) has highlighted some very important facts regarding the risk perception for the year 2018. Cyberattacks are now perceived as a global risk of highest concern, especially to business leaders in advanced economies. Cyber is also viewed by the wider risk community as the risk most likely to intensify in 2018 according to the publish Global Risks Report. 

A "HIPPA Extortion" case hit the news

Following my recent article where I tried to explain the concept of "GDPR Extortion", a data breach of a Health IT provider hit the news early this week, and the case of "HIPPA Extortion" became a sad reality.

For those of you who are not familiar with HIPAA (Health Insurance Portability and Accountability Act of 1996), is a United States legislation that provides data privacy and security provisions for safeguarding medical information, and in this case it applies to the Health IT provider that was breached.

The Nashville-based company (Medhost) is being asked by the cyber-criminals to pay 2 Bitcoins (BTC) which at the moment is approximately $35K (USD), otherwise they will sell the data they managed to steal. What is however very interesting in this story, is that they try to make their case by saying that they will do:

" ..a media release regarding the lack of security in a HIPPA environment. "

The screenshot is from Google's cache*, as the website of the breach company appeared on 19/Dec 2017 at 20:02 GMT. 

Will "GDPR Extortion" become the new "trend" in cybercrime?

Even though this is not an "official" term that is being used (well, at least not yet), it does describe the concern I am trying to explain to people at different occasions. I often discuss GDPR from the security perspective, and the conversations most of the time end up focusing at the implications of the regulation and the "next day". 

This is when I end up trying to describe the potential scenario of "GDPR Extortion", as I always like to see things through different lenses when it comes to forward-thinking in Information Security and CyberSecurity. 

By saying "GDPR Extortion" I tend to mean something similar to "DDoS Extortion", and it is easier to give an example to people in order to explain this type of potentially evolving threat. 

The rise of the (Chief) Data Protection Officer

Back in August 2015, Sysnet discussed the complexity of what the term CyberSecurity represents, especially in the context of today’s threat landscape. This complexity is not only constantly increasing but it is also expanding at an exponential rate. The risks involved demand constant attention and very good understanding of the new technologies being introduced onto the cyber defence ‘chessboard’.

Sysnet also explored the noticeable shift in the traditional roles of the CSO (Chief Security Officer) and the CIO (Chief Information Officer) which have changed a great deal over the past five years. Their focus on managing security by applying resources to the most crucial system components, in order to reduce the likelihood of a successful breach, is now considered an insufficient approach in the current environment of cyber threats. Threats are changing faster than traditional risk management approaches can cope with, and a more proactive and adaptive approach is needed for an effective cybersecurity strategy.

Looking back a bit further, Sysnet discussed the new EU Data Protection Regulation, which requires the appointment of a Data Protection Officer (DPO) for most organisations, and explained the role and responsibilities of the appointed DPO. 

The Rise of Ransomware - Tips on prevention, response and evading extortion

Ransomware, a malware that prevents or in some cases limits users from accessing their data has been on the rise. Last year, 2015 saw a considerable increase with Crowti (also known as CryptoWall) and FakeBSOD being the two instances that affected more than 850,000 systems between June and November. In the first quarter of 2015, ransomware saw a 165% increase compared to the previous year. In the second quarter of 2015, 4 million samples of ransomware were identified indicating 58% ransomware growth. Ransomware is expected to grow in 2016 considering that more than half of malware attacks in 2015 also carried ransomware.

The main function of ransomware is to prevent the user (or users if it infects a server) from using that particular system. It does this by encrypting the files that it finds stored in the filesystem and connected drives. Usually, ransomware also tries to prevent certain applications and services from running.

Malicious files

These malicious files are called ransomware because they demand a payment (a ransom) in order to allow the users to decrypt their files; the attacker provides the decryption key in exchange for the payment. Some of these types of malicious files try to convince individuals that they have done something illegal in an attempt to scare them into making the payment (ransomware acting as scareware). In order to be more believable, some ransomware payment demands pretend to be from a law enforcement agency. The ransom usually starts at a few US dollars to hundreds of dollars or its Bitcoin equivalent.

Have you heard of "Cyber Insurance"?

The Cyber Liability Insurance Cover (CLIC) or otherwise referred to as cyber insurance, is a market that grew significantly in 2015. One of the main factors that contributed significantly to this growth is the constant increase of threats in the cyber space and more specifically the high profile data breaches that took place during the past years. Due to these data breaches companies were taken to court and were forced not only to cover the losses, but to take upon the extra costs for the data breaches as well. In most cases, these additional costs included crisis management, legal costs, reputational damages, engaging in identity theft resolution, credit and fraud monitoring and further technical costs as well.

Under the potential threat of a breach and the inevitable consequences, this has established not only a need but also a demand for a cyber insurance market. This has also been highlighted by a cyber survey conducted by RIMS. The survey showed that 74 percent of the companies without Cyber insurance will be purchasing one within the next two years. Likewise, by 2025 the total annual premiums for stand-alone cyber insurance are projected to grow to $20 billion.

Biometrics: the Future of Mobile Payments?

Billions of people are now using smartphones, even in the most remote areas of the planet. Global adoption of these new mobile technologies opens up the discussion for more advanced methods of identification, authentication, and verification, especially when it comes to protecting against fraud, identity theft and financial crime. One of these promising new technologies, available to end users as a result of the acceptance of mobile devices such as mobile phones, tablets, and laptops, is biometrics.

Biometrics look promising when it comes to simplifying the processing, authentication, and confirmation of transactions in general, but more importantly when it comes to payments. Technological advances, along with pattern recognition and multi-factor biometrics, are expected to tackle cybercrime by making it very expensive and time-consuming for cybercriminals to attempt to target these systems. 

Message Header Analyzer (Microsoft & Google)

Spear-phishing attacks still happen and are still successful. According to Symantec: “The FBI estimates that the amount lost to BEC (Business Email Compromise) between October 2013 and August 2015 was over $1.2 billion. With such huge returns, it’s unlikely that these scams will cease any time soon.”

Symantec researchers also explained that “BEC attackers target senior-level employees rather than consumers as it’s easier to scam them out of large amounts. In one incident, we observed the scammers asking the target to transfer over US$370,000. By requesting large amounts of money, the scammers only need to be successful a couple of times to make a profit,”.

Usually spear-phishing emails are used for untargeted attacks. Lately we saw spear-phishing attacks becoming more targeted. An example is the CEO fraud attacks. A cyber criminal sends an email that appears to be from an executive (usually from the CEO to the CFO) asking for a specific payment to be processed immediately. The payment may be in any currently or even BitCoin(s). 

There are a couple of tools online that you can use to check the email headers of incoming emails. The email headers allow you to check if a suspicious incoming email is actually a spoofed email as part of a spear-phishing attack campaign.

October’s Cyber Aftermath, CyberSecurity Awareness Month

October is known as being the Cyber Security Awareness Month. Many campaigns especially during October are trying to teach and raise the awareness about Cyber Security. Public and private initiatives especially during this month, are trying to raise the awareness further on online security and safety. 

Unfortunately there are still many steps that need to be made towards awareness and Cyber Security. Businesses and individuals are still affected by cyber-attacks and security breaches. The discovery and investigation of a breach can be a very time-consuming process and this is the main reason it takes so long to be reported.

Even though patches and updates are available for most security vulnerabilities as soon as they are discovered, new threats and zero days (0day) are constantly surface and exploited. 

During this month a number of security breaches, cyber-attacks and vulnerabilities were announced. Let's see this month's aftermath...

NitlovePOS - POS terminals being targeted through phishing emails

Cyber-criminals and fraudsters have started targeting employees working on Point-of-Sales terminals in order to get their hands on card details. 

There is now evidence that social engineering and spear phishing emails are actively being used and have become the next attack method against employees who have access to payment applications, virtual terminals and electronic cash registries. 

The new malware is named NitlovePOS [Virus Total Detection Rate] and it targets track one and track two data by scanning the processes running. In other words, it is yet another memory-scraping malware that sends the captured data to a remote server over SSL.

Adult Friend Finder data breach, the aftermath...

Did you hear about the Adult Friend Finder data breach? Of course you did, it’s all over the news [1] [2] and it is getting major attention due to the spicy nature of the content. 
The online adult service was breached and 3.8 million accounts became public. 

The information including sexual preference, marital status and other personal data (such as, date of birth, email addresses and postal/home addresses) are now all publicly available. 

Well, we have seen data breaches before, but how is this data breach a little bit different??

Up to now, every article I read online about this incident treats it as yet another data breach, without paying any attention to the effects such a data breach will bring to people. Let us see the issues that come to mind, one by one in the following lines.