The UK’s National Cyber Security Centre has issued an alert, alongside partners in the US and Australia, warning businesses of the increasing threat of ransomware cyber-attacks, writes Rob Batters, pictured, Director of Managed and Technical Services at the IT consultancy Northdoor plc.
The last two years has seen a real increase in the number and the level of sophistication of ransomware attacks. Many of these high-profile attacks made mainstream headline news and as a result the threat of ransomware made its way into the consciousness of C-level executives in businesses across the UK.
Data protection is a process
Whilst it is certainly encouraging that businesses are more aware than ever of the threat, the need for continual work in protecting their data is critical. It is for this reason that the NCSC and its US and Australian partners issued a joint alert.
The alert also highlights new trends that reveal the level of sophistication now common in these cyber-criminal gangs. Some gangs are seeking specialist skill sets to carry out specific attacks, with some even outsourcing some aspects of their criminal activity. There is increased sharing of information of targets and victims and diversifying their approach to extorting money from organisations.
The last few months has seen one of these new extortion techniques increasingly used. Double extortion sees cyber-criminals not only steal a company’s data but also to threaten to publish it. This approach is designed to ramp up the pressure on organisations to pay the ransom; this can be particularly effective when targeting certain sectors where the data is incredibly sensitive.
New types of ransomware threats
However, the NCSC alert also highlights how double extortion attacks are morphing into triple extortion with the added element of an encryption-leak-DDoS combination attack. As part of this new threat, criminal groups are also making voice scrambled VoIP calls to a victim’s customers and even journalists.
NCSC CEO Lindy Cameron reminded businesses that “Ransomware is a rising global threat with potentially devastating consequences, but there are steps organisations can take to protect themselves.” She goes onto encourage UK CEO’s and boards to familiarise themselves with the alert and to ensure that IT teams are looking at increasing cyber resilience.
One of the areas that the alert focuses on is the threat through the supply chain. This has certainly been an area that cyber-criminals have been focusing on during the pandemic and behind some of the most high-profile attacks of recent years. The attack on software provider Kaseya for example meant that criminals not only gained access to the original target but many of the IT consultancies around the world that used Kaseya’s software. The nature of the software then meant there was a further knock-on effect which hit many of the IT consultancies’ customers too. The SolarWinds supply chain attack of 2020 saw hundreds of organisations and government bodies effectively shut down by a successful ransomware attack, crippling some critical services.
Undoubtedly, supply chains will remain an area of real interest for cyber-criminals and businesses need to do more to ensure that they have an insight into the vulnerability of their supply chains and that any gaps are plugged as a matter of urgency.
Can you trust your supply chain’s IT?
For too long ‘trust’ between partners in a supply chain has been based on perception rather than hard fact. For example:
It is often assumed that every member of the chain is competent to deliver the tasks that it says it can. Perhaps you can get reassurance from referees and spreadsheets but ultimately, your partners are asking for your trust
The integrity of every member of the chain can be taken as a given – that they will fulfil their promises. This is regularly based upon experience. That’s good, but past performance is no guarantee
Such intangible measurements cannot ensure that your partner is looking after your data, or their own cyber-security which can leave an open ‘back-door’ to your own infrastructure. There has to be a better and more comprehensive approach to securing supply chains.
Gaining a 360-degree view of your supply chain
As a result of GDPR any supply chain partner working with your data in any way is now seen as your Data Processor. Therefore, it is now a regulatory requirement to audit their IT service as part of your contract. Too often the IT audit is in the form of a self-certification spreadsheet, where your partner fills in a form once a year. Such questionnaires still have their place in some form in supplier governance but cannot offer a true reflection of the state of partner’s IT practices and cyber-defence.
Some are turning to AI powered software that allows companies to gain a 360-degree accurate view of their entire supply chain, giving them the insight into possible vulnerabilities which otherwise may well have been missed.
Having an informed and clear view of possible gaps in security will allow businesses to, at the very least, inform their partners. The need for partners to close these gaps can then become a matter of an ongoing conversation or even better a contractual obligation. This then closes the back-door that so many cyber-criminals will be looking to access over the coming months.
NCSC Ransomware Hub
The NCSC has also recently launched its Ransomware Hub which is aimed at providing a ‘one-stop-shop’ for organisations to learn more about the threat of ransomware and what you can do to better secure data, as well as how to respond if you have been attacked. Such tools, alongside shutting off vulnerabilities in your supply chain can allow companies to get a real handle on the threat of ransomware.
Indeed, ransomware attacks are not going to go away. If anything over the next few months they will continue to increase in number and level of sophistication. Getting up-to-speed with what threats look like, shutting off easy access to data and ensuring higher levels of cyber resilience within your organisation will mean you are as prepared as you can be.
