Users of web-lined devices '˜may be held to ransom' by criminals
Smart phones, watches, televisions, and fitness trackers could be targeted by cyber criminals seeking to hold users to ransom over their personal data, security chiefs have warned.
The rise of internet-connected devices gives attackers more opportunity to deploy their increasingly “aggressive” and “confrontational” tactics, says a joint report from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).
It highlights the huge amount of personal information on consumer gadgets which could be exploited by criminals seeking to commit extortion or fraud.
The study forecasts that this year it is likely that “ransomware” will target connected devices containing data such as photos, emails and even fitness progress information.
“This data may not be inherently valuable, and might not be sold on criminal forums but the device and data will be sufficiently valuable to the victim that they will be willing to pay for it,” the assessment says.
“Ransomware on connected watches, fitness trackers and TVs will present a challenge to manufacturers, and it is not yet known whether customer support will extend to assisting with unlocking devices and providing advice on whether to pay a ransom.”
A surge in the number and variety of internet-ready products has sparked a string of security warnings.
There have even been suggestions that baby monitors and pacemakers could be vulnerable to hacking.
Analysts have forecast that by 2020 there will be as many as 21 billion connected devices used by businesses and consumers around the world.
The NCSC and NCA’s 2016/17 report on the cyber threat to UK business says: “The rise of internet connected devices gives attackers more opportunity.”
The paper notes that smart devices are still “inherently more difficult” to attack than traditional computers, saying that incidents may initially be limited to users who download apps from third-party app stores.
Ministers launched the NCSC, which is part of GCHQ, amid mounting concern over the potential danger to Britain’s industry and infrastructure from online attacks.
The new report says the cyber threat to UK business is “significant and growing”.
In three months after the centre was created, there were 188 “high-level” attacks as well as “countless” lower-level incidents.
The danger is “varied and adaptable”, ranging from high-volume, opportunistic attacks to “highly sophisticated” and persistent threats.
The last year “has been punctuated by cyber attacks on a scale and boldness not seen before”, the report says, pointing to a string of incidents including the targeting of the US Democratic Party and Bangladesh Bank.
Ciaran Martin, chief executive of the NCSC, said: “Cyber attacks will continue to evolve, which is why the public and private sectors must continue to work at pace to deliver real-world outcomes and ground-breaking innovation to reduce the threat to critical services and to deter would-be attackers.”
The report will be published on Tuesday as the NCSC hosts a major conference, CYBERUK, in Liverpool.
It also says that there is no clear understanding of the true scale and cost of cyber attacks to the UK as it is under-reported.
Donald Toon, director for economic and cyber crime at the NCA, said: “Businesses reporting cyber crime is essential if we are to fully understand the threat, and take the most effective action against it.”
It comes days after it was revealed that GCHQ has warned political parties of the the threat posed to democracy by Russian hackers.