Biggest cyber threats will target ‘building blocks’ of the internet

Attacks against internet “building blocks” and not new technologies will pose the largest threat to cyber security this year, experts have warned.

The most impactful cyber attacks of 2017 will be against the services that operate the ‘Internet of Things’, according to a joint report by the National Crime Agency and the National Cyber Security Centre (NCSC).

This is predicted to be a bigger threat than other emerging trends such as attackers targeting smartphones and televisions and demanding ransom to restore access to their owners.

The report also warned that the risk to businesses from cybercrime is “significant and growing”.

Ciaran Martin, Chief Executive Officer of the NCSC, said: “Cyber attacks will continue to evolve, which is why the country must work together at pace to deliver hard outcomes and ground-breaking innovation to reduce the cyber threat to critical services and deter would-be attackers.

“No single organisation can defend against the threat on its own and it is vital that we work together to understand the challenges we face.

“We can only properly protect UK cyberspace by working with others, with the rest of government, with law enforcement, the Armed Forces, our international allies and, crucially, with business and wider society.”

The NCSC found the past year has seen cyber attacks on a scale never seen before as 65 per cent of UK businesses reported security breaches.

In December 2015, attackers took down three Ukrainian energy distribution companies, resulting in power outages across the west of the country.

This marked the first confirmed case of cyber-enabled disruption to electricity supply on a regional scale.

Cybercrime growth has been facilitated by the rise of internet connected devices and has resulted in dangerous systems like the Mirai botnet.

Mirai is a malware that infects connected devices to create a network – or ‘botnet’ – that can be used to overwhelm victim sites and disrupt service provision.

Last year, the botnet was used to attack several businesses by preventing them from accessing the internet.

The source code for the programme was publicly released in October and lowered technical barriers to carrying out attacks.

The NCSC said the kinds of attacks made possible by malware like Mirai could take down “critical internet services” and have a “far reaching impact” affecting many organisations.

The report, published on Tuesday (March 14), also recognised the threats posed by malware being made available on the dark web, such as the increased risk of attacks on mobile devices.

As many as 21 billion devices could be connected to the internet by 2020.

Experts predict that cybercriminals will soon begin specifically targeting users’ smartphones and tablets to steal personal data that might not be inherently valuable but would have worth to the victim.

Other emerging trends include fake apps mimicking known brands to trick users into downloading them and installing malware that allows details to be stolen.

However, the percentage of affected devices remains low, and the NCSC believes it will become increasingly possible to mitigate the impact of insecure devices.

Don Smith, technology director, SecureWorks and Strategic Cyber Industry Group representative, said: “The Internet of Things will doubtless bring opportunities for new methods of attack.

“Many businesses face understandable difficulty in reporting cybercrime incidents, but knowing that revealing such information might prevent further harm to their business is essential.

“This assessment proves that collaboration is key to protecting our assets and targeting cyber criminals.”