Cyber criminals ‘could target smart phones in bid to hold users to ransom’
Analysts forecast that by 2020 there will be 21 billion connected devices used by businesses and consumers around the world.
Smart phones, watches, televisions, and fitness trackers could be targeted by cyber criminals seeking to hold users to ransom over their personal data, security chiefs have warned.
The rise of internet-connected devices gives attackers more opportunity to deploy their increasingly “aggressive” and “confrontational” tactics, says a joint report from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).
It highlights the huge amount of personal information on consumer gadgets which could be exploited by criminals seeking to commit extortion or fraud.
The study forecasts that this year it is likely that “ransomware” will target connected devices containing data such as photos, emails and even fitness progress information.
“This data may not be inherently valuable, and might not be sold on criminal forums but the device and data will be sufficiently valuable to the victim that they will be willing to pay for it,” the assessment says.
“It is not yet known whether customer support will extend to assisting with unlocking devices and providing advice on whether to pay a ransom,” it added.
There have even been suggestions that baby monitors and pacemakers could be vulnerable to hacking.
The NCSC and NCA’s 2016/17 report on the cyber threat to UK business says: “The rise of internet-connected devices gives attackers more opportunity.”
The paper notes that smart devices are still “inherently more difficult” to attack than traditional computers, saying that incidents may initially be limited to users who download apps from third-party app stores.
Ministers launched the NCSC, which is part of GCHQ, amid mounting concern over the potential danger to Britain’s industry and infrastructure from online attacks.
The new report, which will be published on Tuesday as the NCSC hosts a major conference, CYBERUK, in Liverpool, says the cyber threat to UK business is “significant and growing”.
In three months after the centre was created, there were 188 “high-level” attacks as well as “countless” lower-level incidents.
The danger is “varied and adaptable”, ranging from high-volume, opportunistic attacks to “highly sophisticated” and persistent threats.
The last year “has been punctuated by cyber attacks on a scale and boldness not seen before”, the report says, pointing to a string of incidents including the targeting of the US Democratic Party and Bangladesh Bank.
Ciaran Martin, chief executive of the NCSC, said: “Cyber attacks will continue to evolve, which is why the public and private sectors must continue to work at pace to deliver real-world outcomes and ground-breaking innovation to reduce the threat to critical services and to deter would-be attackers.”