[BreachExchange] A Ransom Note From Your Coffee-Machine Is No Joke, But It's Not The Only Threat

Fri Apr 7 13:55:58 EDT 2017

http://www.huffingtonpost.co.uk/greg-sim/a-ransom-note-
from-your-c_b_15825140.html

Why have gadgets and devices suddenly become linked to cyber security and
ransomware? Cyber criminals are not stupid - they are after your money, not
the glory of hacking into your internet-connected coffee-maker or heating
system.

It was a question addressed in a joint report from the UK's National Cyber
Security Centre and National Crime Agency this month. Not only are cyber
criminals more aggressive, say the authors, it is the proliferation of
connected devices that is providing them with more doorways they can sneak
through.

And instead of simply stealing money or information, many criminals find it
easier and more profitable to encrypt your data and demand a ransom for
releasing it back to you. The volume of these ransomware attacks has
rocketed, with an estimated total cost to business of $1 billion. The
perpetrators are also completely unsentimental and frequently target
hospitals. It was only in January that England's largest NHS trust - Barts
Health Trust - was hit with ransomware.

Even you or I, logging on to our laptops at home can suddenly be confronted
by the dreaded skull-and-crossbones insignia and a demand for payment in
bitcoin in return for release of our own data. Last year it was reckoned
that householders in the UK paid out £4.5 million in ransoms.

Where is this all going? Does good security practice require me to forego
the pleasure of firing up the office coffee machine for my high-voltage
espresso with a click of a button on my laptop? Do I have to consider
whether it is necessary for six people to control the heating or security
systems from their phones? I'm afraid the answer may well be yes.

Criminals find everyday devices easier to hack into than computers.
Internet-connected smoke detectors and air conditioning systems were not
primarily designed with security in mind, and very often the default
factory passwords are never re-set at installation. It means that once the
device is compromised the ransomware has immediate access to the Wi-Fi
connecting the device to your home laptop or office network. From that
point it will seek out your data and slam the door shut behind it. Then you
have to pay up if you want to see it again, whether it's photos of your
holiday in the Cairngorms or your entire customer database.

Is the removal of internet connections from kettles all that is required to
defeat the hackers and their ransom demands? Certainly not. Despite all the
talk about connected kettles and fitness devices, the great majority of
ransomware gains access to your server or hard drive when you do something
you probably do every day - click open an ordinary file like a Word
document or a pdf. Once you click away, malicious code hidden in the
content or structure downloads the ransomware.

Just consider how many documents fly around from unknown sources. If you
have a business and are recruiting, for example, you'll enjoy dozens of
emailed CVs and covering letters from people you have never heard of (and
may never wish to hear from again).

If we are to protect ourselves from ransomware we need to be smarter about
what we let into our systems. Disconnect those risk-laden devices that do
not have to be on your Wi-Fi network. If you do connect them, have the
passwords changed. Be suspicious of the apps you download to your phone or
tablet - check the reviews and make sure they are genuine and not
doppelgangers created by criminals to record your keystrokes or open every
gateway in your system.

It's important to avoid software applications that don't require updates,
too. Almost all applications have some weak-points that become apparent
with use and require remedial updates. And most importantly, think
seriously about email security. Just because nothing untoward has happened,
doesn't mean you can rely on traditional solutions like anti-virus, which
has quickly become obsolete when dealing with the latest cyber threats.

We all need to set a new baseline for security and adopt new approaches and
practices, because it is as clear as day that sticking with the old ways
will not protect us from criminals with deviously-clever ransomware or
poisoned files. Every potential gateway needs to be slammed shut in their
faces.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170407/6b0dd1f2/attachment.html>