UK under attack from surge in cybercrime

Almost every UK business has suffered a cyberattack over the last 12 months – and the threats are getting more sophisticated, says new VMware Carbon Black report

Posted 23 July 2020 by Christine Horton

Cybersecurity vendor VMware Carbon Black has called for the different branches of government to communicate better to help stem the rising tide of cyberattacks.

“Intelligence sharing works; it stops plots and stops threats,” said Rick McElroy, cyber security strategist at VMware Carbon Black.

Rick McElroy, cyber security strategist at VMware Carbon Black

His comment comes with the launch of a new report by the firm which points to a surge in cyberattacks in the UK over the last 12 months.

The findings show that 98 percent of UK CIOs, CTOs and CISOs believe attack volumes have increased in the last 12 months.

Almost all – 99 percent – said their business has suffered a security breach in the last 12 months. The average organisation experienced 2.63 breaches, the survey found.

Ninety-two percent of cybersecurity professionals said attack volumes have increased due to more employees working from home during COVID-19 stay at home orders.

“Most of the time disasters are localised, but now it’s a global pool,” McElroy told TDP. “And that’s exacerbated by sending everyone home. The big issue is our communication security. It’s been known and documented for several years – even home routers are completely insecure. Nation states absolutely have access to those devices which gives them the ability to do all kinds of nefarious things.”

Eighty-four percent of respondents reported gaps in disaster planning around communications with external parties including customers, prospects and partners – 45 percent said those gaps were significant. 93 percent said they have been targeted by COVID-19-related malware; 89 percent said IoT exposure risk has increased.

“If you look at COVID-19-related phishing and ransomware, they’re not that sophisticated. It’s the same stuff they’ve been doing for years, with some minor code tweaks. But what we see is common commodity malware like ransomware now exhibiting sophisticated behaviours. We’re seeing ransomware start to do destructive attacks, credential harvesting, doing lateral movements whereas before its whole intent was to get on one system,” said McElroy.

Indeed, 96 percent of respondents said attacks have become more sophisticated. OS vulnerabilities are the leading cause of breaches, according to the survey, but island-hopping and third-party application attacks are causing a disproportionate percentage of breaches.  

UK companies said they are using an average of 8.24 different security technologies to manage their security programme, the survey found. Moreover, 99.6 percent said they plan to increase cyber defence spending in the coming year.

Noting that the dark web is prospering during the current pandemic, McElroy urged governments to “to do better.” He said: We’re not collaborating enough, as nations, as defenders. Forget politics – we’re all in this together. We need to lean in and share more.”