Cyber criminals targeting everyday gadgets for ransom payments
Cyber criminals could hold innocent consumers to ransom over their data by exploiting security weaknesses in popular gadgets like smart phones, watches, televisions, and fitness trackers according to security chiefs.
The rise of internet-connected devices gives attackers more opportunity to deploy their increasingly “aggressive” and “confrontational” tactics, says a joint report from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).
It highlights the huge amount of personal information on consumer gadgets that could be exploited by criminals seeking to commit extortion or fraud.
The study forecasts that this year it is likely that “ransomware” will target connected devices containing data such as photos, emails and even fitness progress information.
“This data may not be inherently valuable, and might not be sold on criminal forums but the device and data will be sufficiently valuable to the victim that they will be willing to pay for it,” the assessment says.
“Ransomware on connected watches, fitness trackers and TVs will present a challenge to manufacturers, and it is not yet known whether customer support will extend to assisting with unlocking devices and providing advice on whether to pay a ransom.”
A surge in the number and variety of internet-ready products has sparked a string of security warnings.
There have even been suggestions that baby monitors and pacemakers could be vulnerable to hacking.
Analysts have forecast that by 2020 there will be as many as 21 billion connected devices used by businesses and consumers around the world.
The NCSC-NCA 2016/17 report on the cyber threat to UK business says: “The rise of internet connected devices gives attackers more opportunity.”
The paper notes that smart devices are still “inherently more difficult” to attack than traditional computers, saying that incidents may initially be limited to users who download apps from third-party app stores.
Ministers launched the NCSC, which is part of GCHQ, amid mounting concern over the potential danger to Britain’s industry and infrastructure from online attacks.
The new report says the cyber threat to UK business is “significant and growing”.
In three months after the centre was created, there were 188 “high-level” attacks as well as “countless” lower-level incidents.
The danger is “varied and adaptable”, ranging from high-volume, opportunistic attacks to “highly sophisticated” and persistent threats.
The last year “has been punctuated by cyber attacks on a scale and boldness not seen before”, the report says, pointing to a string of incidents including the targeting of the US Democratic Party and Bangladesh Bank.
Yesterday, GCHQ spies warned that Russian cyber-attacks have the potential to undermine the political process in Western democracies.
Ciaran Martin, chief executive of the NCSC, said: “Cyber attacks will continue to evolve, which is why the public and private sectors must continue to work at pace to deliver real-world outcomes and ground-breaking innovation to reduce the threat to critical services and to deter would-be attackers.”