The National Cyber Security Centre’s latest “The Cyber Threat to UK Businesses” report for 2017- 2018 has highlighted how hackers have managed to inflict financial losses on businesses of all sizes by circulating fake news and by launching supply chain attacks after exploiting weaknesses in third-party software.
While it is a well-known fact that cyber criminals are acutely aware of security deficiencies in enterprise IT systems and cloud platforms where businesses of all sizes store their corporate and customer data, they are also leveraging new techniques and exploits to inflict significant financial losses on targeted enterprises.
A surge in the distribution of fake news
For instance, a number of businesses recently discovered that some people, who could be disgruntled employees, competitors, or pranksters, were deliberately spreading fake news on social media in order to inflict reputational damage and, in turn, loss of businesses. This trend proved that the proliferation of fake news could not only aid or destroy political campaigns, but could also cause significant reputational or financial damage to businesses.
“The unregulated nature of social media presents opportunities for those looking to cause reputational damage to a business. The spreading of fake news cannot only damage a company’s reputation but can affect the share price or sales. In extreme cases, smaller businesses could be forced to close,” the NCSC noted.
For instance, in May last year, as many as six Indian restaurants were targeted by malicious and fake news that was circulated on social media, forcing one of them to cut staff hours and to see its revenue fall by half.
In November, the government observed that a disinformation campaign was launched by malicious actors on social media where people were told that the government’s vaccination programmes were the primary reasons behind an outbreak of measles in Liverpool and Leeds. Thanks to such fake news, a large number of citizens expressed reservations about getting their children vaccinated, forcing Public Health England to dispel the rumours and telling people how important it was to take up the offer of the MMR vaccination for their children whenever offered.
Speaking to The Mirror, Chris Phillips, the former head of the National Counter Terrorism Security Office, said that the disinformation campaign was led and managed by Russian cyber units who were intent on destabilising the UK and the West.
“The Russians have long felt that the UK, America and the European Union is a major threat to them so have developed major strategies in how to interfere with politics, policy, and now it seems the interference is impacting on vital decisions in our daily lives. The art of being able to exert this control over a society is arguably one of the most powerful weapons available in modern warfare.
“If the Russian government, or whoever, wishes to exert this kind of influence, is able to cause difficulty in decisions, in trusting the government of the day in that country, or otherwise trusted media and news organisations, then so much the better for them,’ he added.
To respond effectively to such disinformation campaigns, the government announced plans to set up National Security Communications Unit under the Cabinet Office, to counter disinformation by state actors and others.
Supply chain attacks
Hackers have also carried out a number of supply chain attacks in the past year to infiltrate organisations’ IT systems to manipulate or disrupt their operations.
“Supply chain compromises typically seek to introduce security flaws or other exploitable features into equipment, hardware, software, or services, prior to their supply to the target (or make use of a compromised supplier organisation’s connections to the target.
“Operations or activities are usually designed to breach confidentiality and integrity, but they may also be designed to affect availability (such as supplying defective equipment). Ongoing servicing, support or updates to equipment, hardware or software may also provide opportunities for threat actors to interfere with the supply chain,” the NCSC said.
Two major examples of hackers exploiting the supply chain to attack enterprises in 2017 were the CCleaner and MeDoc hacking operations. In September last year, suspected hackers installed a multi-stage malware payload on CCleaner version 5.33 which was downloaded and used by up to 4 million PC users worldwide until Avast released version 5.34 on 15th September.
According to Piriform, the maker of CCleaner and a subsidiary of Avast, the compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA.
“In many organizations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources. Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected,” said security firm Cisco Talos who discovered the presence of the malware payload in CCleaner.
Suspected Russian hackers also launched last year’s NotPetya ransomware attack after they hacked into MeDoc, a software that was used by over 80 percent of businesses in Ukraine for tax filing purposes. The software was also used by the country’s banks, media organisations, transport, telecommunications, and energy departments.
The cyber attack also affected operations at global firms like Danish shipping company Maersk, Russian oil giant Rosneft, aircraft manufacturer Antonov, US pharmaceutical giant Merck as well as its subsidiary Merck Sharp & Dohme (MSD) in the UK.
Earlier this year, Foreign Office Minister Lord Ahmad said that the NotPetya cyber attack was masqueraded as a criminal enterprise but its purpose was principally to disrupt businesses in Ukraine and Europe.
“The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017. The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds,’ he said.
“The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather than secretly trying to undermine it,” he said.