With 2020 coming to an end, after what felt like an eternity to many, cybersecurity & technology firm CrowdStrike have released their annual ‘Cyber Front Lines’ incident-analysis report, and it contains much food for thought. One of the more striking figures is that more than half of the cyber attacks they investigated involved ransomware; a form of malware which encrypts any files it can find until a ‘ransom’ is paid. Ransomware attacks are known to be extremely destructive, spreading quickly through networks and shutting down critical operations as they go.
Financially-motivated attacks in general, the majority of which were ransomware-based, made up 63% of the more than 200 incidents they responded to, demonstrating that the file-encrypting malware is big business for cyber criminals, and not going away any time soon.
The team behind Wordfence, a popular security plugin for WordPress, have reported seeing a large increase in cyber attacks aimed at WordPress-based websites over the last few weeks. This is believed to be due to a vulnerability in another WordPress plugin, File Manager, which has over 700,000 active installations. While the vulnerability only affects those running certain versions of the File Manager plugin, Wordfence reports that cyber attacks are up across the board, as cyber criminals cast a wide net with their attacks.
A 58 year old woman in the UK has become one of a handful of people ever convicted under the Computer Misuse Act 1990 after committing an act of ‘revenge’ against a former business associate, causing a new company to cease operations and lay off staff.
The woman, Danielle Bulley, was formerly a director at successful UK-based property magazine Property Press, alongside co-director Alan Marriott. When Bulley and Marriott fell out in 2018, Bulley left the company and Marriott started a new venue called Letterbox Productions – using former assets from Property Press.
After Property Press went into liquidation, Marriott started a new company called Letterbox Productions without Bulley – however the new venture used former Property Press assets.
Upon learning of the new company and angry at her former co-director, Bulley engaged in a revenge mission to gain unauthorised access to its Dropbox account and spent hours deleting the contents. Over 5,000 files were permanently erased, causing damage to Letterbox Productions so great that it could no longer function and had to shut down, laying off all its staff in the process.
Bulley admitted to deleting the files when speaking to authorities, stating that she believed she was entitled to do so, but acknowledging that she knew the move would cause harm to the fledgling business.
Bulley was sentenced to an 18 month community order with 80 hours of unpaid work under the Computer Misuse Act 1990, becoming one of only a handful of people to be convicted using the legislation. Bulley had no previous convictions or offenses.
In a statement from the North Yorkshire Police’s Cyber Crime Unit, Detective Constable Steven Harris said “During our investigation, it became clear that Bulley had left the original company on a bad note, but the deletion of thousands of files containing vital information was catastrophic for the victim.”
“It dealt the new business a blow from which it never recovered. Ex-employees can pose a serious risk to a business because they are familiar with the company’s IT infrastructure and procedures. This can make it easier for them to carry out cyber crimes against their former organisation.”
“We encourage businesses to ensure they have policies in place for removing user accounts and changing passwords when an employee leaves an organisation.”
The incident highlights the need for strict user access controls and stringent leaver procedures along with regular backups to another secure location. As the North Yorkshire police rightfully pointed out, former employees pose a unique threat in that they have inside knowledge of the business and are familiar with its infrastructure, especially if they are in high-level positions or sensitive departments such as finance or IT.
When a user leaves, their accounts should be disabled and their passwords changed. Where possible, multiple users should never share login details for generic/shared accounts – if this cannot be avoided, then the password must be changed whenever users leave. Multi-factor authentication should be used where possible to prevent unauthorised access.
And of course, if you are angry at a company you used to work for, we strongly advise against committing criminal acts which will only make the situation worse for everyone.
Judge Simon Hickey noted that Bulley was a respectable woman who had acted on impulse and lost her good character to chase revenge.
Microsoft has released a statement warning users to stay vigilant of phishing emails, as a malicious campaign has been detected which tricks users into downloading an Excel sheet containing harmful software. The criminals responsible are taking advantage of the confusion around Covid-19, as many others have been doing lately, to convince users that the emails are genuine and to enable macros within Excel once the file has been downloaded to their computer.
Just a few months ago, it would be unimaginable that so many of us would be working from home. While more and more companies had been allowing some users to work remotely to some degree, the situation that we now find ourselves in is that a significant chunk of the workforce is now working from their homes, on very short notice.
As the Covid19 pandemic grips the world, cyber criminals have seen this increased online activity and confusion as an opportunity for them to take advantage of, and have stepped up phishing and scam attacks. We’ve already covered some of the main threats to look out for in another article, but now we’d like to share some of our tips on making sure you protect your company and your family’s data while working from home.
Here at Tech Guard, we’ve come up with a handy list of our top security tips for those who find themselves suddenly working from home.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.