Whenever there is a scandal these days, we are quick to add the word "gate" to it, in order to underline the seriousness of the affair. Its origins can be traced back to the Watergate scandal in 1974 which eventually led to the downfall of a U.S. president. Since then, we've seen Bloodgate, Nipplegate, Expensesgate and even the Simpsons dedicating an episode to Waitergate. That's quite a legacy, and has even made it into the Oxford English dictionary and spawned the Italian deviation, "...opoli".
But in the Internet world we have our own version of the "gate". Ladies and gentlemen, I give you something to "ware". An immaterial asset or benefit such as a service or personal accomplishment regarded as an article of commerce is the actual definition. But in our world, it is becoming more widely used to refer to something bad. Most of us are familiar with malware, short for malicious software, which is software used or created to disrupt computer operation, gather sensitive information or gain access to private computer systems. We often refer to malware as computer viruses, but it is much more than that. Spyware, Adware, Trojans and Worms are all generic examples of such malicious software that we see all too often today.
In their recent report, the Anti-Phishing Working Group (APWG) highlighted that there were more than six million unique samples of malware seen in the first part of 2012. Most are Trojans that are designed to sit on a user's computer and offer a criminal a secret back door into your digital life. However, research now suggests that there are two very specific but growing threats that companies need to stay one step ahead of.
Crimeware is a specific malicious piece of software that is solely interested in harvesting financial data. A user clicks on an infected link, a piece of software is downloaded and then springs to life when you visit a particular financial institution online. Keystrokes are then recorded and sent back to the criminals who then illegally access your bank account to devastating effects. Whilst Crimeware only accounts for about 1% of malware, it is a fast growing problem.
But the big cloud looming over companies is the growing threat of Ransomware. According to the 2012 report on cybercrime, Norton claim that over 556 million people globally were affected by some sort of cybercrime. But they also highlighted the uptick in incidents of companies having their data being held hostage - the practice of Ransomware.
As technology increases both in terms of speed and specification, so does our storage requirements. We are all digital hoarders - it seems that just because we cannot actually see or touch our digital material, we think we can keep every bit of data. So we store more and more data; a fact that cybercriminals use with Ransomware. Its simplicity is its genius.
Many of us bring our own storage devices into the office, relying on a USB key which is easier than carrying around a bulky laptop. These USBs are rarely virus checked and essentially gives cybercriminals open access to company data. Plug in an infected USB into a corporate network and within seconds, a piece of malicious code goes to work - firstly on your machine, and then borrowing its way into the centre of a company's data network. Once the virus is in this warm place, it activates encryption software, rendering all information on a server or even a whole network unusable. The only way to unencrypted the data is to pay a hefty ransom fee.
No company would ever want to be in this position, yet they can take some very simple steps to keep one step ahead of the cybercriminals. Three basic steps to reduce these risk are:
- Use a company, like NetNames, to scan the Internet for cybercriminals using your brand for phishing purposes. Over 72% of malware comes from phishing emails, so by staying on top of illegal activity against your brand in this way ultimately reduces the threat of Ransomware both to your brand and others.
- Ensure that all staff use USBs that have anti-virus software integrated into the storage. Some companies actually prohibit the use of external USBs completely.
- Ensure that all data is backed up on a daily basis to an external location. That way if Ransomware does take hold, firms can access their back up system quickly, and negate the need to pay the cybercriminals.
There is no doubt that we will see more complex and ingenious cyber threats every single month in future, so it is important that all brands do what they can to stay one step ahead. Ransomware is certainly not going to be the last 'ware' we see.
Written by Stuart Fuller, Director of Communications, NetNames
1 November 2012