Brit infosec's greatest threat? Thug malware holding nation's devices to ransom – report

The National Crime Agency and newly formed National Cyber Security Centre joint report on cybercrime unsurprisingly names ransomware as the top internet menace.

The report notes that ransomware is a “significant and growing” risk, with file-encrypting malware poses a threat to a greater range of kit beyond PCs. Smartphones, connected devices, wearables and even TVs are also at risk. Distributed Denial of Service (DDoS) attacks are also becoming more aggressive.

David Mount, director, security consulting EMEA at Micro Focus, said: “As this report demonstrates, the IoT is ushering in a new era in security terms. It’s positive that issues like ransomware and IoT security are now part of the national conversation, but we still have a long way to go to encourage connected tech companies to build security into IoT products from the start. All too often device vendors prioritise usability and customer experience over security, and that is putting consumers and businesses at risk. Quite simply, IoT security can no longer be treated as an afterthought."

Malcolm Murphy, technology director Western Europe at Infoblox, added: "Ransomware was a dominating trend in cyber-crime in 2016 and is only set to increase, with its commoditisation through cyber-crime toolkits allowing even the most novice criminal to deploy it."

"Many Internet of Things manufacturers may be contributing to this rise by not prioritising security when building their devices [for example] many are being produced with predictable passwords that cannot easily be changed."

He added: "Too many electronics firms want to make their IoT device as cheap as possible. Security is expensive and paying developers to write secure code might mean a gadget is late to market and costly. Ultimately though, insecure products will lead to greater attacks."

The cyber threat to UK businesses report can be found here (pdf). A press release summary is here. The release of the report on Tuesday coincides with the opening of the CyberUK 2017 conference, hosted by the National Cyber Security Centre (NCSC), five months after the organisation’s launch in Liverpool. ®