In June 2017, the Maersk Group was hit by the NotPetya ransomware attack, shutting down their systems for days. Some of their teams resorted to logging shipments by pen and paper, while other facilities were closed altogether. Ultimately, the disruption to their operations cost Maersk over $200 million in lost revenues.
However, despite the damage wreaked by the ransomware, the attack was not nearly as damaging as it could have been. Though NotPetya gained access to Maersk’s main operation systems, it never accessed any secure data and no sensitive information was made public.
Maersk was by no means the only victim of the NotPetya attacks. The ransomware, which originated in the Ukraine, tore through Europe, crippling many organisations. The NotPetya ransomware came on the heels of WannaCry, another ransomware attack that had a debilitating impact on the UK’s National Health Service, among others.
Cybercrime: an industry on the rise?
This wave of summer cybercrime underscores what cybersecurity experts have been saying for years: cyber-attacks are on the rise and no company is immune. The Nordic countries, historically less impacted by cybercrime, have also experienced an upswing in attacks.
“Losses from cybercrime are estimated to be anywhere between 400 billion and 2 trillion, while the profits for specific cybercrime groups can be in hundreds of millions” says Benjamin Särkkä, Head of Nordea’s IT Security Incident Response team.
And while criminals may be after money or sensitive data, they are also looking for ways to monetize the access to compromised systems. “An infected workstation or laptop can be used as resource in a botnet that can be rented out, or utilized for spam campaigns and DOS attacks,” says Särkkä. “Essentially it’s about information, money and resources that can be sold or stolen for the gain of the criminal.”
Särkkä identifies three main reasons with cybercrime is on the rise generally and in the Nordics specifically.
First, as reliance on network technology increases, there are more opportunities than ever to create malware that can propagate itself without any human interaction. Unlike other forms of malware that require a user to download a corrupt file or click a link, NotPetya and WannaCry used a network vulnerability to spread itself from machine to machine. This capability allows the malware to spread much more rapidly than previous versions.
Second, it’s easier than ever for aspiring cybercriminals to set up shop due to the growing ecosystem of criminal service providers. “The barrier to entry for an aspiring cybercriminal now is the ability to use a credit card or own bitcoin,” says Särkkä. Would-be criminals who lack the technological know-how can now just outsource their needs to sites like XyZBooter which sells denial of service attacks for as little as $20.
Third, the language-barrier protection in the Nordics is decreasing as criminals broaden their horizons. “The Nordics has historically been less targeted likely because of a language barrier,” says Särkkä. “However, the easy targets are disappearing as organisations learn from their mistakes, which has led to an increase in attacks in the Nordics as well. Now we are even seeing ‘local’ groups targeting Nordic countries in their local language, both via email and phone.”
Concerns for treasury departments
Within large corporates, treasury departments control a huge amount of sensitive data. To protect themselves, treasuries must first understand the value of the data they work with, and how the data is classified. “Treasuries should have some level of awareness about the different types of attack that might target them specifically,” says Särkkä. “Understanding the threat will allow for the right security controls to be implemented.”
Treasuries need to work closely with their organisation’s security department in addition to having their own standard operating procedures and security protocols. Solid processes combined with a commitment to remaining up to date with security patches are baseline requirements for a secure ecosystem.
Särkkä recommends developing processes with built-in redundancies to avoid system-wide failure in the case of single access point penetration or human error: “Something as simple as having to get verification from a second person before transferring funds will make it a lot harder for CEO fraud and social engineering to work.”
Ultimately, the most valuable resource treasuries control is data. Losing control of sensitive data can result in financial loss and reputational damage. Although hackers are typically seeking financial gain, it is often the damage to their public perception that impacts companies the most. “Re-gaining lost trust can be even harder than understanding data classification,” says Särkkä. “And handling the information accordingly is as important as any technical security measure”.
Staying ahead of the game
The ever increasing pace of technological development has led to a game of cat and mouse between cybercriminals and their would-be victims. Each side is rushing to stay one step ahead, and already there is evidence of hackers exploiting the latest technology for criminal purposes.
“Hackers are already utilising machine learning for malicious purposes as well as individually tailored attacks towards specific persons,” says Särkkä. “Using drones for corporate surveillance and infiltration is starting and artificial intelligence is on the horizon.”
In this landslide of developing methods of attack, corporates are encourages to shore up on their basic security culture. “We’ve got to do the basics right,” says Särkkä. “A layered defence model, with the understanding that any single control will fail and having the capability to react when that does, will be critical moving forward.”
The information provided within this website is intended for background information only. The views and other information provided herein are the current views of Nordea Bank Abp as of the date of publication and are subject to change without notice. The information provided within this website is not an exhaustive description of the described product or the risks related to it, and it should not be relied on as such, nor is it a substitute for the judgement of the recipient.
The information provided within this website is not intended to constitute and does not constitute investment advice nor is the information intended as an offer or solicitation for the purchase or sale of any financial instrument. The information provided within this website has no regard to the specific investment objectives, the financial situation or particular needs of any particular recipient. Relevant and specific professional advice should always be obtained before making any investment or credit decision. It is important to note that past performance is not indicative of future results.
Nordea Bank Abp is not and does not purport to be an adviser as to legal, taxation, accounting or regulatory matters in any jurisdiction.
The information provided within this website may not be reproduced, distributed or published for any purpose without the prior written consent from Nordea Bank Abp.