Cyber attacks on businesses surge by 55%, warns Malwarebytes
It’s long been known that businesses in the UK are failing to address fundamental security flaws and a report from cybersecurity firm Malwarebytes highlights how this is being exploited.
According to the cybersecurity firm’s quarterly report which was released this week, banking Trojan attacks were up 84% earlier this year making them the most popular form of malware attack for both businesses and consumers. More alarmingly, it shows a shift in the way hackers choose to target vulnerable users as the types of Trojan used are changing.
A mix of both new Trojans and stronger, evolved iterations of previous malware top the most detected list.
The report also highlights the hike in attacks on businesses compared to consumer targets with a 55% and 4% rise in the respective sectors.
Not only are the targeted attacks becoming more sophisticated, they’re starting to target those with larger pockets, seeking greater rewards for their efforts. This is shown in the increased detection of Emotet, a malware that exclusively steals financial information from infected computers which is up 37% and ranks in the top six detected malware for businesses.
The threats don’t end with Trojans either, ransomware attacks saw an 88% increase while consumer attacks saw a welcome decline. Malwarebytes said new developments to GandCrab, including faster and more robust encryption features have made it an even greater threat. The new variant has already hit Florida’s Monroe County School District, causing a week-long outage of their computer network.
In addition, Magniber ransomware expanded to other regions. In previous years the attacks have been localised to South Korea, but in recent months the malware has increased its target range, setting its sights on other Asian countries too. Previous iterations of Magniber targeted users by identifying keyboard language layouts but it now checks for other languages native to Asian countries including Hong Kong, Singapore, and Malay.
The report should alarm businesses that make up the surprisingly high number of firms in the UK that are failing to implement the five steps recommended by the government's Cyber Essentials scheme. According to the annual Cyber Security Breaches Survey, only 50% of all businesses surveyed have implemented all five security measures as set out by the scheme.
"The number of businesses making cybersecurity a priority has increased year-on-year, but this survey shows that there is still a long way to go in addressing the very basics," said Tony Pepper, CEO of file-sharing firm Egress.
“Q3 2018 proved that more and more cybercriminals are willing to put on their big boy pants and put their software to the test in a much larger arena—whether that’s going toe to toe with businesses who have more robust security practices (but much juicer, profitable targets) or spreading out into new geolocations," the report said.
"The big story here is how many different malware authors (and thus different families and categories of threats) turned their attention at once to organizations, leaving their experimentation to the consumer side."
Industry: Cyber Security News
- Penetration Tester, UK based. Ability to achieve SC clearance
- United Kingdom
Experienced Penetration tester- UK based with the ability to achieve SC clearance. On-going training and development and paid certifications / renewals. Interested to hear from all areas of penetration testing, web app, infrastructure, mobile, etc. MUST have current hands on experience delivering penetration testing. Ideally from a consultancy background with experience working with multiple clients. OSCP / CREST / CHECK / Tigerscheme penetration testing experience / certifications desirable. Apply today for more details. All information kept in the strictest of confidence.
- Senior Data Privacy Specialist, London. CIPT
REF CH7875 £60,000 Senior Data Privacy Specialist, London. CIPT Senior Data Privacy Specialist needed to help advise client on project and programmes relating to Data Privacy and compliance. UK based role. Ideally looking for someone that has a strong appreciation of technology and Data Privacy that can work with clients to develop or enhance their strategies, policies, processes and techniques to manage cybersecurity risks while enabling business driven data. Certified Information Privacy Technologists (CIPT), Certified Information Privacy Professional/Europe CIPP/E experience and or certification highly desirable. Specific experience within the healthcare industry is of particular interest. All details kept in confidence Apply today for more information
- Cyber Security lead Managing Consultant, Healthcare
REF CH7874 £120,000 Cyber Security lead Managing Consultant, Healthcare, Public Sector. UK Cyber Security lead Managing Consultant with a specialisation in healthcare needed. The Cyber Security lead Managing Consultant will identify, engage with, consult and deliver key and critical cyber focused programmes and projects into healthcare clients. To be a success in the role you will be able to identify and engage with clients building pipelines of new business opportunities. A key part of your role will be to engage with new and existing clients to win new business opportunities- this role is revenue generating. Consulting experience around digital cyber transformations, Governance, Risk & Compliance, Critical National Infrastructure programmes, Managed Detection and Response etc are key. NIST, ISO27001, etc Team management, , identifying Cyber Risk, UK based, Permanent position. The ability to achieve UK security clearance is a perquisite. All details held in confidence. Apply today for more information.
- CONTRACT outside IR35 - SENIOR Security Analyst level 3.
- United Kingdom
- competitive day rates
REF CH7873 CONTRACT 3 month rolling outside ir35 SENIOR Security Analyst level 3. London ideally- but flexible SOC SIEM experience essential. Broad cyber hands on experience should include Threat hunting, Detection, Phishing, Malware etc Scope of engagement · Managing / running BAU tasks (Organising and assigning workloads to the Tier 2 analysts) · Working with the various security tools (Creating documentation to support the use of these tools) · Support Incident Management activities (Work with the incident managers when an incident is identified) · Support Incident Response activities (Recommendations and support remediation activities without completing these activities) · Be technical point of contact to the wider business on security related issues (SME within the team on security related issues) · Train the SOC Analysts (Continuity of service - knowledge transfer to the T2 analysts ) · Working with the Security Engineers on: (Use Case Development Identifying scenarios and developing the use case for the engineering team to deploy Identifying rules and alerts triggered to be fine-tuned by the engineering team) · Recommendations for dashboard creation (Working with the engineering team to identify potential dashboards to create) · Creating, maintaining and uplifting documentation (Playbooks, Process Documentation) · Drive improvement across the estate (Support Vulnerability Management activities and provide enrichment where possible) Any of the following certifications are desirable Splunk Phantom certified admin, Splunk Core Certified Power User / Advanced, Splunk Certified Enterprise Security Admin, etc The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) Looking to interview immediately. Arrange a call https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-role- Chris.Holt@dclsearch.com