NCSC: Personal Gadgets At Risk From Ransomware

Personal devices such as smartphones, watches, televisions and fitness trackers are the next frontier for the online attackers behind a growing wave of ransomware, according to a joint study by the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).

Ransomware, which encrypts all the data it finds on a user’s system and demands a payment to restore access, affected organisations across a wide range of sectors last year, and “the rise of internet connected devices gives attackers more opportunity” said the NCSC and the NCA in their 2016/17 report on the cyber threat to UK business.

The NCSC’s headquarters in Victoria

Devices targeted

Attackers could target any data users might be willing to pay to have restored.

“Ransomware on connected watches, fitness trackers and TVs will present a challenge to manufacturers, and it is not yet known whether customer support will extend to assisting with unlocking devices and providing advice on whether to pay a ransom,” the study said.

Such smart devices are still “inherently more difficult” to attack than PCs and laptops, meaning incidents may initially be limited to users who download applications from unsecured third-party online shops, according to the report.

Such malware is, however, also regularly found on mainstream app stores such as those operated by Google and Amazon.

NCSC technical director said the best defence against ransomware was to ensure device software was up to date and that data was regularly backed up.

The study also highlighted concerns that criminals could use the same sophisticated tools used by nation-states to attack financial institutions.

On the other end of the scale, it said basic software is becoming increasingly easily available that allows those with little technical ability to target smaller businesses and the general public.

‘Growing’ business threat

Overall, the study found the cyber threat to UK business is “significant and growing”.

In the three months following the NCSC’s establishment there were 188 “high-level” attacks and “countless” lower-level incidents, the group said.

It listed attacks on the US’ Democratic Party, the Ukrainian power grid and the central bank of Bangladesh to show that 2016 was “punctuated by cyber attacks on a scale and boldness not seen before”.

NCSC chief executive Ciaran Martin said such incidents indicate the need for effective action to protect the UK’s infrastructure.

“Cyber attacks will continue to evolve, which is why the public and private sectors must continue to work at pace to deliver real-world outcomes and ground-breaking innovation to reduce the threat to critical services and to deter would-be attackers,” he said.

Donald Toon, director for economic and cyber crime at the NCA, said it is essential for businesses to report computer crime in order for law enforcement to gain an accurate picture of the threat.

The report is due to be published on Tuesday as the NCSC hosts the CyberUK computer security conference in Liverpool.

Over the weekend Martin warned in a letter to the major political parties that the next general election could be disrupted by Internet-borne attacks.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Microsoft’s Hiring Of Inflection AI Staff Does Not Meet EU Merger Thresholds

European Commission says Microsoft's hiring of Inflection AI's staff will not be investigated under EU…

12 hours ago

Google Urges London Tribunal To Dismiss Mass Lawsuit

Alphabet urges Competition Appeal Tribunal to dismiss mass lawsuit seeking up to £7bn ($9.3bn) for…

12 hours ago

US To Host International Network of AI Safety Institutes In November

The US will host the first meeting of the International Network of AI Safety Institutes,…

13 hours ago

Qualcomm Loses Appeal Over EU Antitrust Fine

EU General Court upholds European Commission €242m antitrust fine against Qualcomm, after it allegedly forced…

15 hours ago

EU Court Rules Google’s €1.49bn Fine Should Be Annulled

Google wins court challenge. Europe's second highest court rules EC's €1.49bn antitrust fine should be…

18 hours ago

Meta Bans Russian State Media Networks

Russian state media networks including RT, Rossiya Segodnya etc banned by Meta Platforms for “foreign…

19 hours ago