Today [July 20th 2017] the Office for National Statistics in the UK released their annual Crime Survey for England and Wales (CSEW), for the twelve month period March 2016 through to March 2017. Once again, Cyber crime (defined by the CSEW as cases where the internet or any type of online activity was related to any aspect of the offence) featured prominently in the report.
Let’s say that someone approaches you on the street one day.
They point to a busy shop across the street, and they say to you, “That’s my store, and we’re having our best year ever!”
The shop is full of excited people. You step back outside, and the shopkeeper asks you a question: “What do you think I need to do to keep this place safe?”
A few months ago, I was working on a risk assessment with a business and one of the most extreme threats, beyond targeted malware, was an attack by a nation state. Given the nature of the business being assessed wasn't involved in, or related to critical infrastructure, and the IP wasn't such that it was of national or military importance to gain leverage, we gave the risk a low rating. In recent months, due to the leaking of custom malware developed by the NSA, the tools considered available only to nation states are now available to everyone. Where the internet democratised the attack vectors employable against entities with an online presence, the leak of custom, targeted malware, has lowered the barrier to entry such that even non-sophisticated malicious actors can leverage the experience, expertise and destructive force of a nation state.
Malware continues to be one of the main attack vectors used by criminals to compromise user and corporate data. Using phishing or social engineering based attacks, criminals attempt to lure the unsuspecting victim to launch a malicious piece of code that can do anything from sit there in the background as a zombie waiting for the next instruction, or do something more malicious such as lock your computer and demand payment as seen in the recent NHS WannaCry and Petya/NotPetya ransomware breakouts (as badly orchestrated as they may both have been).
Today [July 20th 2017] the Office for National Statistics in the UK released their annual Crime Survey for England and Wales (CSEW), for the twelve month period March 2016 through to March 2017. Once again, Cyber crime (defined by the CSEW as cases where the internet or any type of online activity was related to any aspect of the offence) featured prominently in the report.
Let’s say that someone approaches you on the street one day.
They point to a busy shop across the street, and they say to you, “That’s my store, and we’re having our best year ever!”
The shop is full of excited people. You step back outside, and the shopkeeper asks you a question: “What do you think I need to do to keep this place safe?”
A few months ago, I was working on a risk assessment with a business and one of the most extreme threats, beyond targeted malware, was an attack by a nation state. Given the nature of the business being assessed wasn't involved in, or related to critical infrastructure, and the IP wasn't such that it was of national or military importance to gain leverage, we gave the risk a low rating. In recent months, due to the leaking of custom malware developed by the NSA, the tools considered available only to nation states are now available to everyone. Where the internet democratised the attack vectors employable against entities with an online presence, the leak of custom, targeted malware, has lowered the barrier to entry such that even non-sophisticated malicious actors can leverage the experience, expertise and destructive force of a nation state.
Malware continues to be one of the main attack vectors used by criminals to compromise user and corporate data. Using phishing or social engineering based attacks, criminals attempt to lure the unsuspecting victim to launch a malicious piece of code that can do anything from sit there in the background as a zombie waiting for the next instruction, or do something more malicious such as lock your computer and demand payment as seen in the recent NHS WannaCry and Petya/NotPetya ransomware breakouts (as badly orchestrated as they may both have been).
Discover
Respond
Secure
Assure
