Business Info - issue 146

INTERVIEW businessinfomag.uk magazine 08 often have done enough damage and gathered enough intelligence to persuade a business that the ransom is a price worth paying to avoid the burden and bad publicity of a data breach. “In a lot of cases we see that ransomware is actually the last stage in the attack,” he says. “They’ve penetrated your network; they’ve snooped around a bit; they’ve understood your financials; they realise there is little money to be gained by snooping around and that the longer they do so the more likely they are to be caught. But, because they have breached the network, they can disable back-ups, turn off security solutions and basically deploy the ransomware like a policy update, so all the endpoints get it at the same time. A lot of times the ransom cost is calculated to be right in that sweet-spot where a business might think what is the bigger headache or the bigger burden, paying the ransom or going public with it and coping with the damage to productivity and reputation.” 2 Phishing Phishing continued to be a major threat in 2020, with a 34.4% year-on-year increase in activity, and continued to evolve in response to changing end user habits caused by the coronavirus pandemic. “Covid really had an impact,” explains Milbourne. “One of the brands we had never seen before at the top of the list of phishing targets was eBay. Typically, the most targeted sites are email providers because criminals want to get into your main email account and then break into whatever other accounts you have. For the first couple of months of the pandemic, basically every phishing attempt we encountered was some variant of an eBay log in, saying your order has an issue or spoofing the natural notifications you would get from eBay.We suspect product shortages and people trying to buy stuff on eBay. Then we saw it rapidly fall off; 90% of eBay’s total phishing for the year happened in those two months.” In February last year, 31.1% of all phishing attacks impersonated eBay. In March, phishing activity surged among streaming services like YouTube (up 3,064%), Netflix (525%) and Twitch (337%). Another Covid-related risk, not featured in this year’s report but which Milbourne expects to have telemetry on next year, is scam sites or improperly secured shopping sites. “We saw a lot of this with Covid. Phishing isn’t always for log-in credentials. A lot of times it could just be leading you to donate money to a scam charity – and that whole process could have https and look very good. In the last year we have been investing more in identifying sites that aren’t textbook malicious but which you might wish you hadn’t tried to buy a pair of shoes from so that they could sell your credit card details.” Meanwhile, the trend for phishing sites to use https continued. In fact, by December it had become the norm, with 54% of such sites using https, compared to 46% using http. Milbourne expects the ratio to have reached 70:30 by the end of the year, as it already has in some verticals, such as cryptocurrency sites. 3 Malware Malware has declined since its peak in 2015, due to a number of factors, including the roll-out of Windows 10; actions by Google amongst others against the PUA (Potentially Unwanted Applications) group of threats and the pay-per-install model; and, thirdly, a shift to the use of Windows built-in components to carry out attacks instead, like the PowerShell administrator tool. “You can do almost every stage of an attack with PowerShell itself, so in 2018 we released script protection as part of theWebroot Evasion Shield to really try to stop these attacks.We advocate disabling PowerShell if it is not needed – the same for office macros. Almost no one needs them, and if they do, then enable it for that individual specifically. The same goes for PowerShell; it should definitely not be enabled for a local user account,” says Milbourne. Despite these changes, malware is obviously still a problem, especially for consumer devices, which experience twice as many malware infections as business ones. “One interesting thing we saw is that there is not that much diversity in where the majority of malware tries to hide itself on the operating system.We found that most malware hides in one of four directories – the temp directory, the browser, cache directories or your download folder. You can easily set up a policy to prevent execution from these directories. It’s an easy layer to implement that gives you 25% or 30% efficacy just based on breaking how malware tries to install itself.” 4 Mobile and Android Not surprisingly this is a growing area of concern, not just because malware for Android devices, including IoT devices, is growing, but also because of new techniques like fleeceware, where scammers lure a victim in with a cheap subscription of, say, $1.99 a month which then rises to $199 a month. There is a lot more detail, statistics and advice in the 2021Webroot BrightCloud Threat Report itself. To download a copy, please visit https://mypage.webroot . com/2021-threat-report.html . Infection Rates by Country and Industry n At 2.3%, Japan had the lowest PC infection rate per region, followed by the United Kingdom (2.7%), Australasia (3.2%) and North America (3.7%) n In Europe, home devices were more than three times as likely to encounter an infection as business devices (17.4% versus 5.3%) n Healthcare and Social Assistance (down 41.4% from the YoY average) had the lowest infection rates; the industries with the highest infection rates were Wholesale Trade, Mining/Oil/Gas and Manufacturing opentext.com ...continued