Analysis

The hunt for the Wolf continues

Christian Slater's nefarious hacker has your CISO in his sights.

The nature of cybercrime has changed. The biggest threat no longer comes from groups of undisciplined hackers, testing your defences just because they can, but from well-organised, highly-focused gangs looking to get in and steal your data, shut down systems or exploit a breach for their financial gain. Their methods are more sophisticated, combining vectors and creating scenarios to get inside your defences and do exactly what they want. What you see in this video might seem far-fetched hacking with the sheen of a Hollywood thriller but every move the Wolf makes is inspired by real-world cyberattacks. And while they're hitting the biggest, richest corporations, they're not leaving smaller businesses unscathed. A 2017 report by the British Chambers of Commerce found that while 42% of big businesses has experienced cybercrime, nearly one-in-five small companies had also fallen prey to an attack.

These attacks are carefully targeted, with email and spear-phishing attacks the weapons of choice. A 2016 report by RSA FraudAction claimed that there had been more than one million unique phishing attacks in the last twelve months, or a new phishing attack every 30 seconds; a 308% increase over the same period in 2015. Symantec's 2017 Internet Security Threat Report found that one in 131 emails now contained malware, and that email scams relying on spear-phishing, were targeting over 400 businesses around the globe every day. Advanced Persistent Threat attacks, where a hacker gains access to the target network but remains undetected for long periods of time, are on the rise, as are ransomware attacks, Wiper malware attacks (where the malware destroys business data) and encryption attacks (where the malware encrypts business data). The hackers behind ransomware and encryption attacks are now charging up to half a million dollars to decrypt and release corporate data.

Preying on the weak

What's more, it's not just your network that you have to worry about. One of the trends picked out by the SANS Institute report, Cyber Security Trends: Aiming Ahead of the Target, is fourth-party attacks, where hackers compromise an outsourced IT provider to gain access to the systems of their clients. Organised gangs, like the China-based APT10 group, are using custom malware to hit exactly these providers as a stepping stone into attacks on other businesses, with widespread operations against companies in at least 15 countries, including the UK, the US, France and Japan. 

Businesses need to take these threats seriously; obscurity is no longer adequate protection when the stakes so high. On the one hand, a breach means loss of business, downtime and damage to the company's reputation; the Ponemon institute's 2016 Data Breach study put the average cost at $221 per compromised record, with $76 covering direct costs and $145 reflecting indirect costs, such as the impact on the brand and higher customer churn rates. On the other hand, new regulations, like the EU's GDPR, are increasing the penalties for a breach to up to 4million or 4% of annual global turnover whichever is higher.

Protection it's time to change approach

What can businesses do in the face of such concerted attacks? Perhaps it's time to adjust their security approach. The old mainstays of network-level security protecting the perimeter, fortifying the edge no longer work. They run counter to the IT needs of modern enterprises and, if someone wants in hard enough, it's hard to keep them out. One PC neglected for a few minutes with an open USB port, one email clicked on in a rash moment, one printer left unsecured, and the hackers are already inside. Once there, they might lie low and wait for their moment or simply run amok. Either way, you won't know until it's already too late.

Network analytics is a smarter route forwards, while changes to process and staff habits can help stave off attack, but real security means going deeper. Companies need to bring security right down to device level and not just for PCs, but printers and MFPs as well. These are now effectively sophisticated computers, with local processing power, memory, storage, connectivity and a screen. Companies that run them without appropriate security are creating a wide, open hole in their defences that a predator like The Wolf will greedily exploit.

All of the attacks you've seen could have been stopped had the PCs and printers involved been protected at the hardware level with the kind of baked-in security technologies you'll find on business devices from HP, technologies including:

  • HP SureStart monitors the PC or printer's BIOS for signs of tampering, protecting the data that controls device configuration and security. If it detects signs of attack, it can restore the BIOS to a last known good version, along with any settings and policies configured. With SureStart, printers and PCs quickly recover from attacks.
  • Run-time Intrusion detection works in the background, checking the device's memory for potential intrusions and rebooting automatically if one is discovered. If auto-recovery is disabled or the intrusion is repeated, the device can reboot and hold at a pre-boot state to stop malware executing.
  • BIOS whitelisting technology ensures that only known, good firmware can be installed and executed, preventing hacked firmware from giving predators an easy way into your network. If the firmware can't be validated, the device reboots to prevent malware loading.
  • HP WorkWise combines a PC dashboard with a smartphone app, protecting your PC when you're away. You can automatically lock your PC screen when away from your desk, and it unlocks automatically on your return. WorkWise also provides you with real-time alerts on sign-in attempts, the connection or disconnection of cables and USB keys, not to mention any efforts made to move or close your laptop.

Backed up by comprehensive management tools that ensure robust, consistent policies across devices, these technologies provide the security needed to keep the wolves of this world at bay. The predators might be getting smarter, but you don't have to leave yourself such easy prey.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

What is DevSecOps and why is it important?
Security

What is DevSecOps and why is it important?

30 Oct 2020
Weekly threat roundup: NHS COVID-19 app, Nvidia, and Oracle
Security

Weekly threat roundup: NHS COVID-19 app, Nvidia, and Oracle

30 Oct 2020
Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
What is Neuralink?
Technology

What is Neuralink?

24 Oct 2020