When it comes to security for their IT infrastructures, are companies their own worst enemy? They’re prepared to invest, but have difficulty implementing projects – despite facing new cyber-threats on a daily basis. The latest, highly-publicised viruses to attack IT systems IoT devices are Locky, Cerber, Hajime and BrickerBot.
Are companies insufficiently equipped to deal with cybercrime? According to a survey by Intel Security and CSIS, yes. The report revealed an alarming discrepancy between the existence of cyber-security strategies within companies and their full operational implementation. Other discrepancies were highlighted by the survey: cyber-criminals have a direct incentive for their work, yet there are few incentives for cyber-security professionals, despite executives’ confidence about the effectiveness of the existing incentives. For example, 42 percent of cyber-security implementers reported that no incentives exist, compared to only 18 percent of decision makers and eight percent of leaders.
As Denise Zheng, director and senior fellow, technology policy programme at CSIS (Centre for Strategic and International Studies), points out: “It's not a matter of ‘what' needs to be done, but rather determining ‘why' it's not getting done, and ‘how' to do it better.” The report cites lack of funding and skills as the key obstacles to effective cyber-security implementation, problems which are more acute in the public than the private sector.
Ransomwares and IoT security still major issues
Locky and Cerber are two ransomwares users need to be on the lookout for. Hajime and BrickerBot, meanwhile, specifically target vulnerabilities in the Internet of Things. Both types of threat pose new challenges for security experts.
Locky and Cerber appeared in 2016. Locky is spread mainly via email with (.docx) or zip file (.zip) attachments, often disguised as invoices. At the end of last year, the Locky wave seemed to have been eclipsed by its competitor Cerber. But Locky is back with a vengeance – according to alerts from Cisco, and it’s mostly targeting companies.
Hajime is a worm that infects connected devices, disabling them and then potentially crippling the internet infrastructure, like the infamous Mirai. The evil purpose of Hajime remains as yet unclear to cybersecurity experts: some suspect it wants to limit the consequences of its predecessor Mirai, as part of an “IoT botnet turf war”, while others say it aims to point out the vulnerability of connected devices. Hajime is currently particularly rife in Asia, according to Kapersky’s observations, but remains a serious threat to watch out for all over the world.
The author of PDoS (permanent denial of service) malware BrickerBot, who was found on a hacker forum recently, claims his attacks are a radical means of exposing internet security vulnerabilities. In an email published on Bleeping Computer, the hacker, known as Janit0r, said: “Like so many others I was dismayed by the indiscriminate DDoS attacks by IoT botnets in 2016. I thought for sure that the large attacks would force the industry to finally get its act together, but after a few months of record-breaking attacks it became obvious that in spite of all the sincere efforts the problem couldn't be solved quickly enough by conventional means.” In a follow-up email, he refers to himself as a doctor, performing "Internet Chemotherapy." Hopefully the industry will take his threats seriously and respond accordingly with tighter IoT security.