This website uses cookies.Learn MoreGet Started
By Patronum
October 31, 2017
Share Article
This is something I hear all the time. It is often thought that ransomware is an on-premises threat only affecting old, unpatched Windows PC’s. And on the whole, this is true. We’ve all heard the stories and read the news, “WannaCry infects 230,000 computers in over 150 countries”. In the UK ransomware brought the NHS to its knees affecting over 34% of trusts in England and caused the cancellation of an estimated 19,000 appointments and operations.
But what people storing files in the Cloud don’t often realize is that they are far from immune. Apps used to share files and images, such as Google Drive, OneDrive, iCloud, and Dropbox etc are now being specifically targeted by sophisticated attacks. Emails appearing as document requests from these apps are amongst the most effective in generating some of the highest click-through rates.
Don’t take my word for it, researchers at Proofpoint found that when it comes to attacks looking to steal your login credentials, a quarter is targeting Apple IDs followed by Microsoft Online credentials, with Google Drive a close third.
Sophisticated attackers know their audience and are now disguising malicious attachments in order to increase their success rates. For example, someone who works in finance using Google G Suite will potentially be attacked with fake invoices which when opened will direct the user to a convincing but fake Google G Suite login page. In fact, according to Symantec’s 2017 ISTR, fake invoices remains the most popular tactic for convincing users into opening phishing emails and more importantly taking the bait.
These links can perform a number of different attacks from requesting credentials via fake login page or asking the user to grant an app access to their account. Unfortunately, logging in or granting apps access to data is all too common a task for many Cloud users. Once an attacker has your credential or even worst access to your data via an app, they can do all kinds of nasty stuff, damaging you and your business.
Here are just a few things I have witnessed after an attack.
Start encrypting or deleting your data. File emails, contacts, photos, all gone or inaccessible.
Send emails to all your contacts and customers, requesting a change to banking details.
Resetting the passwords for your other accounts (banking, shopping, social media etc.)
Cybercriminals are now able to use techniques that previously only advanced nation-states have access to. It is becoming incredibly difficult to identify these sophisticated attacks. It is therefore important that such techniques are understood and become a discussion within businesses. So to help here are some key areas which will hopefully drive the conversation.
Plan — Create an information security policy. At this point, you may want to look at investing in an ISO:27001 information security accreditation.
Assets – Identify and document information assets that are at risk. Customer data, internal intellectual property, and corporate brand.
Communicate — Make sure all staff is aware of the techniques and dangers. Create a thorough induction process for all new starters and perform regularly updated training for all staff. Provide a central point of contact for issues and implement an incident response team and communications plan.
Be Proactive — Implement solutions such as multifactor authentication, identity and access management, data loss prevention, data backups, and intrusion detection.
Processes — Perform regular risk assessments, privileged account management audits, third-party risk assessments, patch and update management.
Reporting — Regular reporting to senior management and board. This is probably the most difficult, but it is essential that all aspects of the business from the top down are involved.
Unfortunately, cybercriminals are being more and more sophisticated. So my parting advice to you is to plan for the worst, imagine a scenario where all your files and production systems are compromised, how quickly will you be able to get your business back online, and where will this data come from if all your?
