Skip to main content

All my files are stored in the Cloud, so I’m not at risk, right?

This is something I hear all the time. It is often thought that ransomware is an on-premises threat only affecting old, unpatched Windows PC’s. And on the whole, this is true. We’ve all heard the stories and read the news, “WannaCry infects 230,000 computers in over 150 countries”. In the UK ransomware brought the NHS to its knees affecting over 34% of trusts in England and caused the cancellation of an estimated 19,000 appointments and operations.
But what people storing files in the Cloud don’t often realize is that they are far from immune. Apps used to share files and images, such as Google Drive, OneDrive, iCloud, and Dropbox etc are now being specifically targeted by sophisticated attacks. Emails appearing as document requests from these apps are amongst the most effective in generating some of the highest click-through rates. Don’t take my word for it, researchers at Proofpoint found that when it comes to attacks looking to steal your login credentials, a quarter is targeting Apple IDs followed by Microsoft Online credentials, with Google Drive a close third.

Source: Proofpoint 2017 Human Factor Report

Sophisticated attackers know their audience and are now disguising malicious attachments in order to increase their success rates. For example, someone who works in finance using Google G Suite will potentially be attacked with fake invoices which when opened will direct the user to a convincing but fake Google G Suite login page. In fact, according to Symantec's 2017 ISTR, fake invoices remains the most popular tactic for convincing users into opening phishing emails and more importantly taking the bait.

Source: Symantec 2017 Internet Security Threat Report (ISTR)

These links can perform a number of different attacks from requesting credentials via fake login page or asking the user to grant an app access to their account. Unfortunately, logging in or granting apps access to data is all too common a task for many Cloud users. Once an attacker has your credential or even worst access to your data via an app, they can do all kinds of nasty stuff, damaging you and your business.

Here are just a few things I have witnessed after an attack.
  • Start encrypting or deleting your data. File emails, contacts, photos, all gone or inaccessible.
  • Send emails to all your contacts and customers, requesting a change to banking details.
  • Resetting the passwords for your other accounts (banking, shopping, social media etc.)

Cybercriminals are now able to use techniques that previously only advanced nation-states have access to. It is becoming incredibly difficult to identify these sophisticated attacks. It is therefore important that such techniques are understood and become a discussion within businesses. So to help here are some key areas which will hopefully drive the conversation.

Plan — Create an information security policy. At this point, you may want to look at investing in an ISO:27001 information security accreditation.

Assets - Identify and document information assets that are at risk. Customer data, internal intellectual property, and corporate brand.

Communicate — Make sure all staff is aware of the techniques and dangers. Create a thorough induction process for all new starters and perform regularly updated training for all staff. Provide a central point of contact for issues and implement an incident response team and communications plan.

Be Proactive — Implement solutions such as multifactor authentication, identity and access management, data loss prevention, data backups, and intrusion detection.

Processes — Perform regular risk assessments, privileged account management audits, third-party risk assessments, patch and update management.

Reporting — Regular reporting to senior management and board. This is probably the most difficult, but it is essential that all aspects of the business from the top down are involved.

Unfortunately, cybercriminals are being more and more sophisticated. So my parting advice to you is to plan for the worst, imagine a scenario where all your files and production systems are compromised, how quickly will you be able to get your business back online, and where will this data come from if all your?


Popular posts from this blog

GDPR Compliance - The Sky Is Falling

Over the past few months, I've been speaking to more and more business owners about their concerns regarding GDPR (General Data Protection Regulation), which becomes law on 25th May 2018.

The concerns appear to come from misinformation and fake news over GDPR. There are the scaremongers, reporting on the increase fines that an organisation could face. While it's true GDPR has increased the levels of fines to 2% of an organisation’s global turnover, and for more severe incidents €20 million or 4% of turnover, whichever is the larger, it's unlikely that fines will rocket. Elizabeth Denham, the information commissioner for the UK, stated in a recent blog,

it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm. Denham continued to say that; "The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change under the GDPR. We h…

Google's 2018 Gmail update

This week Google announced "Smart Compose" for Gmail, a Machine Learning powered autocomplete feature for your email. Based on how you generally respond to emails Smart Compose will suggest complete sentences while you type.

Like most Gmail updates Smart Compose will come to consumers first and is expected to be rolled out over the next few weeks, those using Gmail as part of G Suite will have to wait a few months.

This update comes hot on the heels of a massive overhaul, which brought a plethora of UI improvements and security features. So now that the excitement is over let's take a closer look at the recent updates.
UI Improvements & Efficiencies  The first thing you'll notice from the Gmail update is the new Material Design inspired user interface, including some new design components such as the rounded menu items. While the design is clearly different, it still feels very familiar. The new design is packed with subtle features to help you do more. These inc…

How to rob a bank with phishing and malware

OK, I know I keep going on about email phishing, but unfortunately, it's on the increase. Last year Google Research produced a report in which they identified that 12.4 million individuals have potentially been the victim of phishing with over 1.9 billion usernames and passwords readily available on the blackmarket. To help combat phishing and other security attacks Google recently released updates to it's G Suite, GCP and Chrome Enterprise products. These updates include more proactive phishing and malware detection using Machine Learning.

As an example of how cybercriminals are using phishing attacks here is an infographic and article from Europol on how the cybercriminals responsible for the Carbanak and Cobalt malware attacks targetted over 100 financial institutes and stole over 1 billion euros!

The attacks all started with simple spear phishing emails sent to bank employees. These emails, impersonated legitimate companies and customers of the bank, had malicious malware …
Related Posts Plugin for WordPress, Blogger...