There were three critical digital canaries in the cyber security coal mine in the past seven days, all of which signal a rising tide of threats for every sector outside of banking and finance. The first of the three critical reports came out on Wednesday, with the Anti-Phishing Reporting Group noting a record-breaking 250% increase in phishing activities between October 2015 and March 2016.
According to the report, there were 289,371 unique phishing sites in Q1 2016 – the highest-ever quarterly and monthly totals since records were first tracked in 2004. The second occurred on Sunday with the story from the UK’s Telegraph that Lloyds Banking Group has seen an 80 to 90 percent drop in digital attacks. According to Miguel-Ángel Rodríguez-Sola, Group Director for Digital, Marketing & Customer Development at Lloyds Banking Group, the drop comes at a time when attacks in general in the UK have been on the rise:
"There had been an increase in the UK in terms of cyber attacks, between June and February this year," he said, noting that distributed denial-of-service (DDOS) attacks became particularly common. "However, over the last two months, I have had five-times less than at the end of last year."
The third critical sign came Monday as the University of Calgary faced a digital state of emergency, with a malware infection forcing it to shut down most of its computing infrastructure and ask users to avoid using university-issued PCs. As the school continues its recovery from the attack, it’s too soon to know how the infection started, how it spread, whether it was ransomware, or if it was a targeted attack.
These are all questions that will likely receive some answers in the coming days and weeks. But what is worth noting is that the UofC malware attack came during a particularly busy weekend, as the school hosts an international academic event with more than 8,000 participants. It’s likely not a coincidence. It’s also clear that this kind of large-scale attack, as seen a few months ago when US healthcare provider MedStar was forced to shut down many IT operations to contain a ransomware infection, is on the rise.
Putting It All Together
Looking carefully at some of the key signals from these three events, it’s possible to make some informed observations and predictions:
- With major, large scale banks investing heavily in cyber security and advancing their defensive posture, organized cyber crime groups are increasingly turning to new targets to maintain acceptable levels of criminal return on investment per attack. While we’ve seen evidence of a specific, nation-state backed campaign attacking the interbank SWIFT system, the targets to date have been banks with weaker cyber security defensive postures.
- As criminals turn to ransomware for better return on investment, large size organizations in healthcare and education will be the first, but not the last, to bear the brunt of this increased activities. Universities, in particular, present a tempting target for a number of reasons, including access to personally identifiable information (PII), intellectual property and infrastructure that can be used to attack others.
- In order to face these cyber threats, organizations must invest more in proactive measures, such as policy, governance and education, to reduce risk and improve reaction time, as well as invest in the right mix of technology to avoid silicon bias.
If recent history is any indication, it's highly likely that the University of Calgary won't be the only large-scale Canadian post-secondary institution, firm, or organization this year to fall victim to a major cyber attack. The only question is how many Canadian organizations will learn from the valuable lessons to come from the UofC incident and avoid similar fates as the pressure increases on virtually every sector to improve their cyber security defensive posture.
About the Author:
David Shipley is a co-founder and CEO of Beauceron Security Inc., a new start-up focused on strategic cybersecurity management and the human aspects of cybersecurity risk and defence. He writes frequently about cybersecurity issues and has spoken at regional, national and global cybersecurity conferences.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.
