NHS and Cisco among latest high-profile cybercrime victims

The ongoing disruption caused by the recent ransomware attack on the NHS raises serious – and familiar – concerns. According to reporting by the BBC, disruption to NHS 111 services “targeted the system used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings and emergency prescriptions.”

The attack, which targeted an NHS Managed Services Provider (MSP), is likely to be a “ransomware or data extortion attack,” according to BleepingComputer and could take weeks to fix. The incident is also being investigated for potential data theft, with media reports raising concerns that stolen patient details could be used as “leverage” by the cybercriminals behind the attack.

At almost the same time, Cisco confirmed news of its own serious incident after a ransomware group published a “partial list of files it claims to have exfiltrated,” according to reporting from Forbes. This breach, which took place in late May but was only recently reported, is thought to have resulted in the theft of 2.8GB of data. According to The Register, “an employee’s personal Google account was compromised,” and the attacker “did manage to spend some time inside Cisco’s IT.”

A Cisco statement said the company “did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations.” However, the breach is a significant embarrassment to the networking giant – one of the world’s biggest tech companies with annual revenues of nearly $50 billion.

How to prevent cyberattacks

The solution to fending off cyberattacks at both an individual and company level is twofold: training and technology. Training will arm employees to be alert to risks and follow best practices. This can be as simple as using strong passwords and multi-factor authentication, not opening links and/or attachments from unfamiliar sources.

On the technology side, taking a proactive, zero-trust (never trust/always verify) approach when it comes to security can protect organizations and their customers. Having these measures in place is more efficient than using employees as an organization’s first line of defense. By combining training and technology, individual, company, and client data privacy is significantly more achievable for organizations around the globe.

As reports of ransomware and other serious vulnerabilities, such as those affecting Cisco, continue to surface, organizations need proactive protection against a wide range of risks, including those exploited in the distribution of files and documents containing malware and ransomware. These cybersecurity blindspots can remain active and undetected for up to 18 days until antivirus technologies are updated to mitigate the risk.

During that window of vulnerability, unprotected infrastructure remains open to attack and as a result, zero-day exploits have become a preferred way for cybercriminals and nation-state hackers to gain access to networks or deliver malware.

What’s more, one of the major challenges presented by file-based malware is that approximately 1 in every 100,000 files contain malicious content. Almost all of these (98%) are unknown to antivirus solutions when they are released – effectively making these risks invisible to reactive cybersecurity technologies.

Instead, security teams need to be given advanced tools, so they can take a proactive posture to the risks posed by files.

Glasswall takes a proactive approach to file-based threats – our Content Disarm and Reconstruction (CDR) technology identifies and cleans risky, file-based threats from all files – minimizing downtime and disruption often caused by traditional antivirus or sandboxing solutions.