Blog

26 July 2024

Cyber Security: four trends to watch

a lady with glasses on sitting at a desk with a desktop. happy after learning more about cybersecurity with MHR.

Welcome to the first of our series of blogs from the Cyber Security team at MHR.

Over the next few months, we’ll be addressing the latest topics, trends, and developments in the cyber security industry and their impact on the workplace. In this introductory post, we delve into some recent developments and discuss what your organisation can do to stay protected.

The rise of cheap ransomware

Ransomware attacks have become increasingly accessible and affordable. Recently, law enforcement agencies, including Europol, successfully dismantled the LockBit and Clop ransomware groups. While this is a significant victory, it has left a void quickly filled by low-level, unsophisticated ransomware, commonly referred to as "junk gun ransomware."

This type of ransomware is sold cheaply on the dark web, around £500 for the initial purchase, with an additional 5% of the ransom paid back to the operator. This low barrier to entry has made it appealing to a wider audience, primarily targeting small to medium-sized businesses. It's a growing threat that demands vigilance.

Weak password crackdown

On April 29, 2024, the UK Government passed a law requiring secure passwords for all smart devices, including mobile phones, Ring doorbells, smart fridges, and smart TVs. This move aims to combat the prevalent use of simple, easily guessable passwords like "password123." 

Manufacturers are now mandated to ensure that users cannot set weak passwords. For instance, if someone tries to use "Ring1234" for their Ring Doorbell, the software will prompt them to choose a more secure password that meets the minimum standards set by the UK government. This legislation is a significant step towards enhancing security for both individuals and corporate environments.

A rise in state-sponsored attacks

The first quarter of 2024 has seen a surge in nation-state cyber-attacks, particularly targeting critical infrastructure. Reports from the National Cyber Security Centre (NCSC) and GCHQ highlight the severity of these attacks. The UK identifies 13 critical infrastructure sectors, including energy, utilities, transport, government, and health, all of which are potential targets. 

Recent examples include the Ministry of Defence payroll breach attributed to China and GPS jamming of airlines linked to Russia. In the United States, Russian groups have been accused of attacking water utility companies. With nation-states possessing vast resources and sophisticated infrastructures, critical infrastructure remains a prime target.

To address this growing threat, the NIS regulation (Network and Information Security System regulation) is set to be implemented in October 2024, focusing on safeguarding critical infrastructure.

AI use in cyber crime

Cybercriminals are increasingly leveraging AI to enhance their attacks. Microsoft and OpenAI, the organisation behind ChatGPT, have confirmed that they have disrupted various cybercriminal operations using their platforms. This means that the often poorly written, grammatically incorrect phishing emails filled with spelling mistakes are becoming a thing of the past.

AI enables cybercriminals to craft convincing phishing emails and gather information about public organisations or individuals with ease, enhancing their malware's effectiveness. The NCSC predicts that AI usage in cybercrime will significantly increase the volume and impact of cyber-attacks over the next two years.

What can organisations do to protect themselves?

Despite the increasing accessibility of ransomware and sophisticated attacks, getting the basics right can significantly enhance your organisation’s security. Here are some fundamental practices to implement:

  • Strong password policies: Enforce the use of complex passwords and regular updates.
  • MFA implementation: Mandate multi-factor authentication to add an extra layer of security.
  • Zero trust: Adopt a zero-trust approach to minimise the risk of breaches.
  • Patching vulnerabilities: Regularly update and patch systems to close security gaps.

These basic cyber hygiene practices are crucial in protecting against common attack vectors.

At MHR, we’re also evolving our defences in line with attackers. As phishing emails become more sophisticated, our user awareness training has evolved. We conduct varying levels of phishing tests, from basic to advanced spear-phishing attempts, to better prepare our users.

We recognize that while cybercriminals use AI to attack, cyber defenders also leverage AI and machine learning to enhance threat detection and response. Tools like Microsoft Defender XDR's Copilot, an AI integration, help us stay ahead of threats and respond more swiftly.

Stay tuned for more insights from our Cyber Security team as we continue to explore the ever-evolving landscape of cyber threats and defences.

Find out more
Blog tags
Cyber Security
MHR logo.

MHR

If you would like to submit a guest-blog to appear on the MHR website, please email marketing@mhr.co.uk

Back to previous

Related blog posts

A shield with a compliance tick and a lock and key.

3 November 2023

How will technology and cybersecurity change in 2024?

“I wonder if the main technological challenge of 2024 will be getting any interesting technology noticed over the noisy large language model gorilla in the room!”- Neil Stenton, Research Engineer…

Read more
data security

12 January 2023

Don’t let cyber-criminals ruin the start to your year

Data – an invaluable asset Data might not be tangible in the conventional sense. But data is a currency of sorts and an invaluable one – an asset that needs…

Read more
Supply ch attacks

17 November 2022

Supply chain attacks: what are they and how can you protect against them?

What are supply chain attacks? Most organisations rely upon a supply chain to deliver products, systems and software critical to the day-to-day business operations. However, a large proportion of these…

Read more

 

MHR logo rounded corners