DATA

A time for vigilance as ransomware threat still looms

Among the many recently identified threat vectors that should concern local government is a malware threat group known as APT12, which has been attributed to China, warns chief executive of the iESE Dr Andrew Larner.

Recent information published by the MITRE ATT&CK knowledge base illustrates that there are increasing threats targeted specifically at government (central and local) from Nation States and organised criminal groups, designed to cause ‘local disruption' and access ‘sensitive data'.

Among the many recently identified threat vectors that should concern local government is a threat group known as APT12, which has been attributed to China. The group has targeted a variety of victims including, media outlets, high-tech companies, and multiple Governments and governmental organisations. They have expertly exploited multiple vulnerabilities for execution, which is particularly concerning at this moment in time with workers operating remotely. There is a fear that malicious code may be ‘injected' into remote workers' machines and remain inactive until that device is reconnected to the central network.

The techniques above are often used to effect ransomware attacks on organisations and a particularly worrying development is the move from requesting a set ransom from the specific council to putting a sample of their data up on auction sites to raise the ransom value to a higher level, selling to the highest bidder. Not only would you be unable to perform your critical functions, but the whole world would immediately know about it and be able to see a sample of stolen data!

In early June, the University of California San Francisco was attacked by the notorious NetWalker ransomware; medical research files were encrypted, and a demand was made for $3m Bitcoin payment. BBC News was anonymously tipped-off about the ransom and was able to follow the demands and negotiations in near real-time. The University ended up negotiating a settlement of $1.14m to stop the data being sold on the dark web.

It is impossible for any anti-virus, EDR, firewall solution to continuously update and increase their signatures to stop all these attacks, many of which have not been seen before. However, there is now a unique and patented zero-day, zero-trust technology. Unlike other malware protection, this technology is capable of defence on day zero when the virus is first released as it does not need to know or have seen previously the signature of the attack. And zero-trust means that it monitors everything and trusts nothing.

We are currently testing this new technology with local authorities, if you are interested in being a trial site please contact annabelle.spencer@iese.org.uk.

Dr Andrew Larner is chief executive of the Improvement & Efficiency Social Enterprise (iESE), which supports public sector transformation

For more information visit www.iese.org.uk

DATA

Empowering councils through cyber resilience

By Cllr Kevin Bentley | 11 December 2024

Prioritising cyber security risk management is an investment in the safety and wellbeing of communities, says Cllr Kevin Bentley

DATA

Regeneration: The real key to successful city-wide decarbonisation

By Matt Crossley | 05 December 2024

Equans' partnership with Manchester City Council exemplifies how collaboration, open communication, and community engagement can offer the foundation for tra...

DATA

Thurrock v APSE: A tale of two sides

By Paul Marinko | 28 November 2024

As Thurrock Council fights to get its finances back in order it has filed a High Court claim against 23 councils with membership of the Association of Public...

DATA

Tackling net zero knowledge gaps

By Ryan O'Neill | 26 November 2024

Ryan O’Neill looks at how to bridge the gap between confidence and capability on the pathway to Net Zero.

Dr Andrew Larner

Popular articles by Dr Andrew Larner