NCSC to UK businesses: Watch out for ransomware, phishing & cloud service threats


In the Wizard of Oz, Dorothy and her friends feared attacks from lions, tigers and bears. Well, the UK isn’t Oz (feel free to insert a “faux wizard” joke here starring your least favourite politician), but the National Cyber Security Center (NCSC) is warning businesses to beware of another trio of enemies: ransomware, phishing, and cloud service threats.

The warning is per a new report issued by the NCSC, which looked at cyber incident trends across the U.K. between October 2018 and April 2019. Key findings include:

  • Cyber criminals are increasingly targeting cloud services, and especially Office 365. Often, threat actors only need a set of compromised credentials — which they capture through methods like password spraying and credential stuffing — to access a staggering amount of private and sensitive corporate data, while they raid SharePoint, Exchange, and any other third-party services that are linked to Azure AD.
  • Ransomware is on the rise, but with an unnerving twist: instead of being deployed as a standalone campaign, cyber criminals are now using network access to increase the impact — and hence, the damage — of their attacks. Often, ransomware is delivered through vulnerabilities in Microsoft Office documents sent through email.
  • Phishing (or spear phishing, which targets specific individuals) is also on the rise, for the simple and quite unfortunate reason that end users have been, are now, and will likely always be the weakest link in the cyber security defense chain. Methods that cyber criminals use to get unsuspecting victims to hand over their credentials and other sensitive data include fake emails, fake login pages, and fake social media posts.

In addition, the report highlighted two more threats that are finding their way into more cyber criminal playbooks: vulnerability scanning, and supply chain attacks. The former involves searching for open network ports like those created by RDP sessions. Frankly, these are so easy to find that they might as well be situated next to a giant illuminated “PLEASE HACK US!” sign.

The latter involves accessing enterprise devices and systems by hacking into third party vendors, suppliers, and other members of the supply chain.

The bad news is that the cyber threat landscape is getting worse. And whether you run a website for a regional sign company or a huge international corporation, cyber security should be high on your priority list. But the good news (or at least, the not-as-bad news) is that businesses can, and frankly must step up and proactively secure their endpoints and networks.

Best practices in this pursuit include, but are not limited to: educating and training end users, using a password vault to store credentials and other confidential data (e.g. corporate credit cards, software license keys, etc.), implementing a privileged access management policy (and supporting it with suitable technology), segmenting networks, and using multi-factor authentication.

Will doing all of this completely eliminate the possibility of being victimised by cyber criminals? No; because nothing can do that. But it will lower the chances of getting attacked, while also reducing the severity and extent of a breach. And on today’s rather terrifying threat landscape, that’s not a bad outcome.