Research Roundup – 28 May

by | May 28, 2021

Over one third of IT professionals are ‘very concerned’ about supply chain security risk

Over one third (38%) of IT professionals say they are very concerned about the security risks third-party providers present to their organisation, according to the latest Twitter poll run by Infosecurity Europe. More than a quarter (27.7%) admit they have no processes in place to control data and information flow between suppliers, with 20.1% simply having no idea whether any such measures have been implemented. 

Meha Shukla, Researcher with University College London’s Department of Security and Crime Science, believes organisations need to assess not only security risks, but also operational resilience and liability risks in the event of disruption of citizen-centric services. She says: “Assessments should focus on holistic operational risks, including physical locations, people, processes and cyber, for critical components of composite services in the entire ecosystem. The government needs to support third-parties in terms of an approach to a consistent benchmark and a roadmap for upgrading their capabilities. Organisations must also ensure that their risk reduction strategies do not stifle innovation.” 

UK’s NSA flags emerging technology and online spaces as increasingly used to commit crimes at scale

The UK’s National Crime Agency has released its 2021 National Strategic Assessment (NSA) of Serious and Organised Crime. The report uses intelligence from across law enforcement, government, the third sector and private industry to set out the UK’s understanding of the threat posed by organised criminals.

In particular, offenders have turned to online spaces, increasingly using emerging technologies to commit crimes at scale and avoid detection. Ransomware attacks have increased in frequency and impact. It is estimated 50% of all ransomware attacks included a threat to publish stolen data and over the last year there were £3bn of estimated fraud losses for UK individuals and businesses and Criminals increasingly used cryptocurrencies to facilitate money laundering, at least in part because the pandemic made it harder to move cash.

Responding to the report, Andrea Carcano, CPO and co-founder of Nozomi Networks, said, “Looking at the long list of ransomware victims we have seen in the last year, it is clear that no company is immune to the threat. It doesn’t matter what security tools you have in place, determined hackers will always find a way in. All of the industry research leads to one conclusion….the threats are increasing, and defenders need more. More resources, more people, more budget, more tools, and more time.”

Similary, Bindu Sundaresan, Director, AT&T Cybersecurity, said “With the traditional threat of ransomware still front and center and the added threat of data for sale on underground marketplaces, security leaders must plan for resiliency. Ransomware is not only cheap to purchase and download; it is also easy to spread with every business being a target, considering the current digital lifestyle. The rise of the RaaS distribution model is allowing budding criminals a straightforward way to start a cyber-extortion business with typically no technical expertise required, flooding the market with new ransomware strains. In fact, the growth in RaaS platforms is likely one of the primary reasons behind the massive spike in ransomware attacks.”

Boom in Fake Vaccine and Test Certificates on Darknet and Telegram Threatens UK and EU Covid Passport Schemes

Security company Check Point is warning that the UK and EU’s Covid passport schemes could unravel if measures are not taken to combat the threat of fake vaccination and counterfeit test certificates that are increasingly being sold on the Darknet and via the messaging app Telegram. Its researchers have discovered a 500% increase in the number of vendors selling fake Covid-19 vaccine and test certificates, five Darknet vendors were found in March 2021, and in May there were more than 100 channels on Telegram offering to sell fake vaccine or negative test certificates.

Oded Vanunu, Head of Products Vulnerability Research at Check Point Software said, “individuals must remember that a QR code is nothing more than a quick and convenient way to access a website link; a link that in many cases they don’t even see. It’s not possible, therefore, to be certain that the resource is legitimate, and an attack could have already started. The EU says that its planned vaccination passports will be safe and secure, but hackers will always evolve to exploit new opportunities, and so we strongly advise everyone to use a mobile security solution that will protect their devices and data against phishing, malicious apps and malware.”

Device encryption increased over the past year, according to a third of organisations 

Apricorn, a manufacturer of hardware-encrypted USB drives announced findings from research into the implementation of encryption technology within organisations. The survey highlighted that a third (32%) of organisations have seen an increase in encryption across all mobile and removeable devices in the past year. Additionally, 31 percent noted that their organisation now requires all data to be encrypted as standard, whether it’s at rest or in transit, and 24 per cent require the encryption of all data when it’s being stored on their systems or in the cloud. 

“Jon Fielding, Managing Director EMEA, Apricorn commented: “The pandemic upended business operations, with vast numbers thrown into remote working. Data traffic is no longer simply moving from the confines of the corporate network, but from numerous devices and from a multitude of locations. Encryption is increasingly recognised as a key component for data security and cyber resilience, especially at the highest levels. Examples include the use of encryption being one of very few technologies recommended within GDPR and Joe Biden’s recent Executive order, stipulating the need to adopt encryption for data at rest and in transit. If ever there were a time to increase and execute the use of encryption, this is it!” 

Get Our Briefing Newsletter

* indicates required