The UK Research and Innovation (UKRI) is dealing with a ransomware incident that encrypted data and impacted two of its services, one offering information to subscribers and the platform for peer review of various parts of the agency. UKRI is a public body of the Government of the United Kingdom, tasked with investing in science and research. It operates across the country with a budget of more than £6 billion, funded by the Department for Business, Energy, and Industrial Strategy. Given the funds it works with, the agency is an attractive target for big-game ransomware gangs that target organizations with large pockets to pay for data decryption.
More information: https://www.zdnet.com/article/uk-research-and-innovation-suffers-ransomware-attack/
<p>The majority of ransomware attacks happen because of a combination of two factors: an unpatched, known vulnerability and an element of social engineering that enables attackers to execute a payload on an internal network.</p> <p> </p> <p>The first factor is preventable with a strong patch management strategy and by improving visibility through regular vulnerability scans. Only by seeing where security weaknesses are can a security team fix them before they can be exploited. The second factor is much trickier: socially engineered phishing emails and other techniques that target employees are often so sophisticated that even trained professionals could make the mistake of clicking on a malicious link or opening an infected attachment. Organisations\’ best bet to reduce this risk remains security awareness courses, which should happen regularly and should be designed to prepare users for the real thing.</p> <p> </p> <p>Ransomware gangs have also upgraded their modus operandi and have taken the habit of not only encrypting people\’s data (kidnapping of data via encryption) but also stealing such data, which is certainly more worrisome.</p>
<p>While we’re unclear on the details of this potential breach, and whether it was a result of a cyber attack, it should be a reminder that the science and research space is considered a high-value target to many threat actors and firms need to redouble their efforts when it comes to threat intelligence and risk management. </p> <p>It would come as no surprise if the UK Research and Innovation department (UKRI) had been targeted by cyber criminals, with hackers increasingly targeting companies like this for the sensitive data they hold. Government departments and public sector organisations in particular, are often targeted by both opportunistic and targeted hackers, looking for an easy target or a specific set of intellectual property that they know is of value. </p> <p>It is vital that cybersecurity capabilities don’t become an afterthought. Organisations must work together to create information sharing communities so they can better understand the potential financial and operational impact of the risks they face, the vulnerabilities being targeted and the adversaries attacking the sector. If companies share information, while also quantifying the risk they face as a company, they can better prepare themselves, and prevent breaches.</p>
<p>We\’ve seen an increase in attacks against government departments and local councils over the last year, with many cases of ransomware. In all these cases, the affected parties have only been aware of the incident once ransomware has been deployed and have been unable to confirm if any data was exfiltrated prior to ransomware. </p> <p> </p> <p>Ransomware attacks are not going to slow down any time soon, especially since the majority of attacks are successful through social engineering such as phishing attacks. It is therefore imperative that the Government invests not just in cybersecurity controls, but cultivate a culture of cybersecurity. This way, not only can it reduce the likelihood of an attack being successful, but ensure the right controls are in place throughout the layers so that it is possible to quickly detect where any data may be exfiltrated or where criminals have accessed corporate resources.</p>
<p style=\"font-weight: 400;\">Theoretically, every time there is a ransomware attack, organisations should learn from other companies’ mistakes. Whether this is preparing to fail – having protection in place for when a successful attack occurs – or by learning how others dealt with the aftermath, there are multiple case studies to heed advice from. </p> <p> </p> <p style=\"font-weight: 400;\">Suspending services may sound extreme, but organisations are often far better positioned to deal with the consequences of a cyber attack while offline, as they can fully inspect the damage and mitigate further upheaval. With greater risk if sensitive data is released, it is far safer to suspend services that have been compromised until thorough checks have been made and more robust protection is in place.</p>
<p>Ransomware will remain a global cybersecurity threat during 2021 and the associated risk of this threat materializing will be more prevalent for certain industries and in particular Government bodies. Cybercrime is a business so all should think of it the same way. Out of all the various types of cybercrime activities, ransomware is the one activity that has a high direct return of investment associated with it, by holding the victims\’ ransom for financial payment. Taking the global economic environment and current market conditions into consideration, cybercriminals will of course continue to focus their efforts on this revenue-generating stream. In 2021 we are likely to see cyber-criminal individuals and groups partner together to try to maximize their return of investment with their attacks. This could be targeting high-value individuals and/or large enterprise organizations. The key message here is no one person or industry is exempt from the ransomware threat and it requires constant focus, assessment, and review to ensure you and your critical information assets remain safeguarded and protected against it.</p>