2018 has been an interesting year in cyber security. We’ve seen massive breaches across the world and new legislation in the form of GDPR and the NIS Directive come into force.
Behind the scenes, agencies such as the UK’s National Cyber Security Centre have issued stark warnings about the level of threats faced by both the UK and companies based there.
In October, the NCSC warned that hostile state actors were engaged in ongoing attacks against UK companies involved in the critical infrastructure supply chain (CNI). The attacks targeted engineering and industrial control companies and have been going on since November 2017. The attacks have taken the form of spear-phishing and harvesting of credentials.
The threat to the UK should not be underestimated. This week, we’ve seen an example of what can happen when a technical issue arises, when O2 suffered an issue with its 4G network, which affected users around the world.
Overnight work by O2 and network equipment provider, Ericsson, restored services, but the disruption from a technical fault should be seen as a warning of what could happen following a successful cyber attack. So far, the UK has been spared large-scale attack similar to those experienced by Ukraine, but there are serious concerns over the country’s preparedness.
Ericsson president Börje Ekholm gave more detail about the cause of the disruption to the BBC.
He said “an initial root cause analysis” had indicated that the “main issue was an expired certificate in the software versions installed with these customers”.
The company was carrying out “a complete and comprehensive root cause analysis”, he added.
It should be noted that a current attack vector to emerge this year is Certificate spoofing. This allows criminals to generate forged TLS or SSL certificates in order to fool users or access networks and can make it very difficult to detect a malicious attack. Last year, the NCSC issued a warning about criminals using HTTPS sites, showing that criminals are increasingly using legitimate means to obtain information.
In late November, the NCSC warned of an ongoing ransomware campaign aimed at UK companies. The NSCS had noted more targeted ransomware attacks emerge. The attacks apparently analysed the ‘value’ of victim networks and then set ransomware levels accordingly. The level of attack was also scaled according to the ‘value’ of the victim. This new trend is more advanced and companies should take all steps to ensure their networks are secured.