Raconteur

Cyber Security Special Report 2016

Issue link: https://raconteur.uberflip.com/i/755382

Contents of this Issue

Navigation

Page 0 of 7

INDEPENDENT PUBLICATION BY 27 / 11 / 2016 #0418 raconteur.net Suspected state-sponsored attacks have triggered an international cyber arms race Cyber criminals are driven by a diverse range of aims and ambitions to break into a computer Small contractors are in the sights of cyber villains as the weak link in corporate defences BEWARE THE HOME APPLIANCES THAT CAN LAUNCH A CYBER ATTACK 'SILENT' CYBER ARMS RACE IS MAKING NOISE WHAT MAKES CRIMINAL HACKERS WANT TO HACK? SMALL UK BUSINESSES ARE NOW BIG TARGETS The internet of things and connected devices present a cyber-security risk 03 04 06 08 CYBER SECURITY Although this publication is funded through advertising and sponsorship, all editorial is without bias and spon- sored features are clearly labelled. For an upcoming schedule, partnership inquiries or feedback, please call +44 (0)20 8616 7400 or e-mail info@raconteur.net Raconteur is a leading publisher of special-interest content and research. Its publications and articles cover a wide range of topics, including business, finance, sustainability, healthcare, lifestyle and technology. Raconteur special reports are published exclusively in The Times and The Sunday Times as well as online at raconteur.net The information contained in this publication has been obtained from sources the Proprietors believe to be correct. However, no legal liability can be accepted for any errors. No part of this publication may be repro- duced without the prior consent of the Publisher. © Raconteur Media STEPHEN ARMSTRONG Contributor to The Sunday Times, Monocle, Wallpaper* and GQ, he is also an occasional broadcaster on BBC Radio. FINBARR TOESLAND Freelance journalist, he specialises in technology, business and economic issues, and contributes to a wide range of publications. JOHN LEYDEN Former crime reporter in Manchester, he is now a writer for the technology news and opinion website The Register. DAVEY WINDER Award-winning journalist and author, he specialises in information security, contributing to Infosecurity magazine. DAN MATTHEWS Journalist and author of The New Rules of Business, he writes for newspapers, maga- zines and websites on a range of issues. EMMA WOOLLACOTT Specialist technolo- gy writer, she covers legal and regulatory issues, contributing to Forbes and the New Statesman. EDWIN SMITH Writer and editor, he contributes to publications including The Guardian and The Sunday Telegraph. DISTRIBUTED IN BUSINESS CULTURE FINANCE HEALTHCARE LIFEST YLE SUSTAINABILIT Y TECHNOLOGY INFOGRAPHICS raconteur.net/cyber-security-2016-ii RACONTEUR PUBLISHING MANAGER John Okell DIGITAL CONTENT MANAGER Jessica McGreal HEAD OF PRODUCTION Natalia Rosek DESIGN Samuele Motta Grant Chapman Kellie Jerrard PRODUCTION EDITOR Benjamin Chiou MANAGING EDITOR Peter Archer CONTRIBUTORS MOST FREQUENTLY OCCURRING INCIDENT CATEGORIES Source: IBM Securit y Ser vices 2016 Organised cyber criminals are digital mafia In the wake of the Tesco Bank hack, which saw 9,000 customer accounts targeted, cyber security experts are warning of organised online crime gangs operating like a digital mafia OVERVIEW STEPHEN ARMSTRONG M r Robot is possibly Holly- wood's ultimate hacker show – the chaotically unfolding sto- ry of Elliot Alderson, a cyber security engineer with emotional problems, who is recruited by a fiendishly cunning group of hacktivists in their attempt to bring down the fictitious financial giant E Corp. Elliot wears a hoodie and hacks from his bedroom, just like all good movie or TV hack - ers do. For Mikko Hypponen, chief research officer at the cyber security firm F-Secure, this image is quaint and entirely false. Mr Hypponen looks at 350,000 samples of new malware attacks almost every single day. Some 95 per cent of them are from organised online crime syndicates. Only the tiniest pro - portion of hacks is committed by hacktivists. "The earliest viruses were written by bored teenagers looking for a challenge, but to - day's hackers are much more malicious," he explains. "What makes them different from old-school hackers is they have a motive." This new breed of cyber criminals see themselves as digital mafiosos. The Mol - dovan hackers behind the Dridex malware attack stole millions of dollars in co-ordi- nated hits on 300 banks around the world. Evgeniy Mikhailovich Bogachev, the Russian thought to be the author of the Zeus trojan, has a $3-million bounty on his head from the FBI, and is wanted by Interpol and Europol. That's not to say naughty teenagers aren't a threat, says Troy Hunt of data breach aggre - gation service Have I Been Pwned? "There are teenagers getting hold of vast amounts of personal data, using freely available soft- ware, as in the recent TalkTalk hack," he points out. "Scotland Yard told the press it was a Russia-based Islamic jihadist group, but it turned out to be two teenagers." Either way you lose, says Adrian Nish, who leads the Threat Intelligence team in BAE Sys - tem's cyber-defence division. Real-life hackers are as good as or even better than movies sug- gest. A few months ago, Mr Nish explains, hack- ers targeted the Central Bank of Bangladesh and tried to steal $951 million, six times the amount in George Clooney's Ocean's Eleven. "They set up bank accounts in Manila in the Philippines and in Sri Lanka then broke into the Bangladesh bank network, probably sometime in 2015, and waited until Febru - ary 4," he explains. "This was a Thursday, the end of the week in Bangladesh and just before the Chinese New Year, so overall they had this four-day window to get away with the heist. They flipped just eight bits of code, secured root access and covered up the transactions to make it look like the money hadn't left the bank's accounts at all." Of 35 attempted transactions, only four got through – meaning the hackers stole $81 million rather than $951 million – but it's still one of the biggest bank robberies in history. "Banks don't do enough testing," Mr Nish warns. "We're dealing with people who've been trained to make net - work intrusions, so the people we have defend- ing our system also need training, also need to know how to spot these types of attacks and how to set up the system security in order to defend against it." In TV drama, people are a big weak point that hackers take advantage of. In Sherlock, for instance, Moriarty pretends to hack the Bank of England, the Tower of London and Pentonville Prison before – spoiler alert – revealing it was the human factor all along – disgruntled employees, with no super technology needed. And the human factor is definitely key in online security. "The most sophisticated attacks of recent years had people on the inside," says Sadie Creese, professor of cyber security at the University of Oxford. "That's people who work for us, people that are members of our This new breed of cyber criminals see themselves as digital mafiosos family, our small groups, employees on the books, our business partners, anyone with valid access to some part of our system. "We all carry sophisticated technology like smartphones around with us and we all work or use the cloud. So now hackers no longer have to hack 20 or 50 organisations. They hack one cloud and they get every single person who is using that cloud." Working the people factor is common - place. "You've got to work on five or six dif- ferent attack factors at any one given time," says white hat hacker Jamie Woodruff from Metrix Cloud. "My favourite is the viewing webcams on Google. You can locate a specific area, find open cameras and build up a profile about who walks into that infrastructure and who walks out. People follow routine. You see them repeat, you build up a pattern then use tools like Montego, where you can type in key identifiable information then find your eBay account, your e-mail account, your address, your telephone number… then you're in." Among the tricks Mr Woodruff has pulled there's setting up fake .eu versions of compa - ny sites and asking employees to log in, tail- gating into an office with a group of smokers then walking around dropping tainted USBs and sticking up official looking QR codes at business conferences which infect smart - phones with malware. And movies rarely show one of the fast- est-growing forms of cyber attack – ransom- ware, where a hacker locks down all the files on anything from a laptop to an entire com- pany or steals extensive information and de- mands money to release or return everything. Moty Cristal, professional negotiator and chief executive of NEST Negotiation Strate- gies, recalls one banking client receiving an e-mail stuffed with very confidential customer information. Two minutes later, he received a WhatsApp message demanding $120,000. Mr Cristal adds: "When you're facing this crisis, it is the human factor that needs to be managed. Making connections and negoti - ating are essential." Although, to be fair, The Negotiator is a whole different movie. Looks like hackers can get into almost everything. Share this article online via raconteur.net WHO ARE THE CYBER ATTACKERS? Source: IBM Securit y Ser vices 2016 PERCENTAGE OF TOTAL GLOBAL CYBER-SECURIT Y INCIDENTS Unauthorised access Based on data IBM collected in 2015 from more than 8,000 client devices in 100 countries Malicious code Sustained probe/scan Suspicious activity Access or credentials abuse 2014 37% 45% 20% 29% 20% 16% 11% 6% 8% 3% 40% Outsiders 44.5% Malicious insiders 15.5% Inadvertent actors Based on data IBM collected in 2015 from more than 8,000 client devices in 100 countries 2015

Articles in this issue

Links on this page

Archives of this issue

view archives of Raconteur - Cyber Security Special Report 2016