Insights and Observations: U.K. Threat Intelligence Spotlight

eSentire’s second U.K. Threat Intelligence Spotlight focuses on trends observed across our U.K. customer base over the past 12 months in the context of the broader threat landscape. The report provides visuals, data and written analysis, as well as practical recommendations for readers to better understand and respond to cybersecurity risks. General themes and findings of this reiterate many of the core conclusions and predictions reported in our Annual Global Threat Intelligence Report, published January 2020.

Key findings of the report include:

• The U.K. is not resistant to the rise in commodity malware, which drove 21 percent of serious incidents observed in the region attributable to five malware families (XMR Coinminer, MoqHao, SocGholish, Shlayer and MsraMiner)
• 2019 saw a jump in ransomware targeting enterprise networks, although none were successful across our customer base. The more disturbing trend was an increase in sophisticated “hands on keyboard” attacks that evade traditional defences and take advantage of remote access tools to exploit firms
• Cybercriminals continue to demonstrate sophisticated techniques utilising existing tools and software to exploit vulnerabilities in system error, human error … or both. This is illustrated by how cloud is now leveraged as a more efficient phishing outlet, include using Microsoft Azure cloud services to host Office 365 phishing pages
• Of course, any annual review covering this period must mention the extraordinary impact of COVID-19 and how adversaries focused COVID-related lures or unencrypted collaboration tools as businesses shifted to remote workforces. Home routers remain a very popular target and we observed increases in exploits against Citrix (GoToMeeting) and attempts using Remote Desktop Protocol (RDP)

Finally, it has been an interesting year for the Information Commissioner’s Office (ICO). The first signs of muscle-flexing occurred in July 2019 when it fined British Airways and Marriott a combined total of £280M for clear violation of GDPR regulations. However the deferral of those fines, apparent silence over the Travelex incident, rumours of a lack of qualified technical advisors, combined with the pandemic, are driving allegations that the British Data Protection Authority has had a light touch. Ultimately, according to the U.K. government’s Department for Digital, Culture, Media & Sport, 46 percent of UK businesses reported experiencing a cybersecurity breach or attack in the last 12 months and 37 percent of businesses reported a breach to ICO, which indicates cyberattacks on U.K. businesses remain probable.

The risk of a major cybersecurity incident cannot only be measured in terms of how many pounds a company is fined, but by the impact on business continuity, intellectual property, brand reputation and customer and employee data. As the industry pioneer and global leader in Managed Detection and Response (MDR), we operate as an extension of our customers’ security teams to respond to hunt and respond to threats before they disrupt business and to fulfill our core value that a customer’s network can never be compromised.

To learn more about eSentire’s findings, read the full U.K. Threat Intelligence Spotlight here, or contact us for more info.