Tuesday, 26 November 2019

Tips for Brits to stay Secure on Black Friday

As Brits plan to go to extreme lengths to grab a bargain this Black Friday but are leaving themselves exposed to cyber-criminals?
  • Brits are gearing up to grab a bargain this Black Friday and Cyber Monday, with 17% already considering pulling a sickie.
  • Over half of UK online shoppers will use a mobile device to shop for deals, but more than one in five (21%) will shop on unsecured smartphones or using open wifi networks (19%).
  • F-Secure is warning people to install security software on any devices they’re shopping online with as last year the average count of spam increased by 45% during Cyber Monday.
  • Brits are one and a half times more likely to be affected by financial fraud than people in other countries with 26% of people reporting they or someone in their family has been affected by credit card fraud, compared to an average 17% in other countries.
  • New research highlights the lengths Brits will go to grab a bargain online, even though they may be leaving themselves vulnerable to cybercrime.
Ahead of the big shopping weekend, 17% of those surveyed admitted that they would consider pulling a sickie during Black Friday and Cyber Monday; 32% stated they were already putting items in their basket in anticipation; while a dedicated 18% admitted they would shop on their mobile phone while on the toilet to secure the best deals*.

Over half of UK online shoppers use a mobile device to shop for deals on Black Friday and Cyber Monday**, but more than one in five (21%) will shop on unsecured smartphones (with no security software installed). And nearly 1 in 5 (19%) intend to shop on their commute or during their lunch break using free public wifi (17%)*, all of which puts them at greater risk from cybercriminals who are also looking to cash in.

With Black Friday a growing phenomenon in the UK, and now the busiest retail period of the year, it’s no surprise that last year GCHQ predicted consumer loses of around £30 million due to online fraud.

The Common Security Pitfalls with Online Shipping at Peak Times
F-Secure has found that the biggest security pitfalls people fall into during online shopping peaks are:
  • Not having any protection on their mobile devices with three in four (75%) admitting that they don’t have security software installed to protect themselves from spam*.
  • Making one fateful click on a fake promotional email that promises an incredible deal, with over two thirds (69%) admitting they click on the links in emails rather than going directly to the website.
  • Having easy to guess passwords or the same password across multiple account log-ins, with only three in ten (30%) people ensuring all their accounts have strong, unique passwords, and just under one in eight (12%) using a password manager*. 
Tom Gaffney, cybersecurity consultant at F-Secure said: “When using a mobile phone, people are more likely to be in a System 1 mode of thinking where their guard is down and they make fast, unconscious, automatic decisions. People are much more error prone in this state of mind and more susceptible to cybercrime like phishing attacks. Add to this the heightened number of phishing emails - an increase of 45% during Cyber Monday and 21% leading up to the New Year in 2018 - and you’ve created a hackers field day.”

He continued: “Hackers prey on our vulnerabilities around this time of year so we’re urging consumers to be extra vigilant and to use software protection online to keep themselves safe.”

Additional international research by F-Secure, a company which has three decades of experience stopping advanced cyber attacks, shows that Brits are one and a half times more likely to be affected by financial fraud than people in other countries. Just over a quarter (26%) of people reported that they or someone in their family have been affected by credit card fraud, compared to an average 17% in other countries. Additionally, almost twice as many Brits (9%) reported unauthorised access to their online bank, in comparison to an average of 5% in other countries.


Top Tips to Stay Secure this Black Friday
To help keep consumers safe when shopping online this Black Friday, F-secure have shared their top five tips:

1. Forget your Passwords

If you can remember your passwords, they’re too weak. So what do you do with more than a dozen passwords you cannot remember? Use a password manager.

2. Secure all your Accounts with Two-Factor Authentication

The best password in the world can still be compromised if it is not properly secured by the site you’ve trusted with. Use two-factor authentication to secure your accounts whenever possible.

3. If you’re going to Shop on your Smart Phone, use a Retailer’s App

On your phone you maybe even more vulnerable to some basic scams. Since URLs are harder to view on a smaller screen, you could be tricked by the explosion of tricky newer top-level domains, such as .family or .club. Stick the official apps on your device and you won’t have to worry about checking those web addresses.

4. Use one Web Browser for all of your Shopping and Financial Transactions

It doesn't matter if it's Chrome, Firefox, Edge Opera or Safari. Pick one browser and only use it for anything that involves shopping, banking or checking your financial accounts. And don’t touch it for anything else—especially social media.

5. Take a Break from Clicking on the Links within Emails.
Criminals take advantage of holiday distractions and expectations of gifts and packages being shipped to your home. Keep your focus by avoiding clicking on links in all emails and going directly to a retailer or shipper’s site.

Consumers can find out more about F-secures online safety tools here: https://www.f-secure.com/gb-en/home

Consumer research for this articles statistics was carried out by Vital Research and Statistics, on behalf of F-secure, and surveyed a sample comprised of 2,005 UK adults. Research was carried out online between 1st November 2019 and 4th November 2019.

Friday, 22 November 2019

The Challenges of UK Cyber Security Standards

Article by Matt Cable, VP Solutions Architect and MD Europe, Certes Networks

Public sector organisations in the UK are in the midst of changing cyber security regulations. In mid-2018, the Government, in collaboration the NCSC, published a minimum set of cyber security standards. These standards are now mandated, along with a focus on continually “raising the bar”. The standards set minimum requirements for organisations to protect sensitive information and key operational services, which – given the way in which these services are increasingly dispersed – is driving significant changes in public sector network architecture and security.

In addition to setting today’s ‘minimum’ standards, however, the guidance also sets a target date of 2023 by which public sector organisations will be expected to have adopted a ‘gold-standard’ cyber security profile. Matt Cable, VP Solutions Architect and MD Europe, Certes Networks, therefore outlines the essential considerations that will help organisations select an encryption solution provider that can easily integrate into any network infrastructure as they migrate from Legacy MPLS to SDN or SD-WAN network architectures.

The Principles
For both public and private sector organisations, customer experience is key. From finance and utilities, to local authorities and smart cities, customer touchpoints are increasingly dispersed, remote and application-driven, necessitating a move from Legacy MPLS to SDN or SD-WAN. However, under the Government’s new minimum cyber security standards framework, ensuring sensitive information and key services are protected is a critical consideration.

The UK’s National Cyber Security Centre (NCSC) has therefore issued principles for cyber secure enterprise technology to organisations, including guidance on deploying and buying network encryption, with the aim of reducing risks to the UK by securing public and private sector networks. This guidance bears parallels with the US National Institute of Standard and Technology’s (NIST) Cybersecurity Framework and therefore applies equally to US and other federal organisations in a similar scenario.

Similar to the NIST framework, the NCSC guidance shares the same principle that networks should not be trusted. It recommends that to keep sensitive information protected, encryption should be used between devices, the applications on them, and the services being accessed. IPsec is the recommended method for protecting all data travelling between two points on a network to provide an understood level of security, with further guidance outlining a specific ‘gold-standard’ cipher suite profile known as PRIME.

The guidance is based on the network vendor being CAS(T) certified (CESG (Communications Electronics Security Group) Assured Services (Telecommunications)), which involves an independent assessment focused on the key security areas of service availability, insider attack, unauthorised access to the network and physical attack.

However, there are challenges.

Challenge #1 – Public Sector Adherence to CAS(T)
Many public sector organisations are no longer mandating CAS(T) based services and therefore the risk appetite is expected to be lowered, mainly to support the emergence of internet and SD-WAN suppliers network solutions. This is key as the current NCSC recommendation Foundation standards for IPsec will expire in 2023, and users are being encouraged to move quickly off legacy platforms.

Challenge #2 – Impact to Cloud Service Providers and Bearer Networks
This guidance, such as the protection of information flows on dedicated links between organisations, also applies to cloud service providers, or in the inter-data-centre connections in such providers' networks.

The underlying bearer network is assumed not to provide any security or resilience. This means that any bearer network (such as the Internet, Wi-Fi 4/5G, or a commercial MPLS network) can be used. The choice of bearer network(s) will have an impact on the availability that an encrypted service can provide.

Challenge #3 – Partner Collaboration
NCSC explicitly states in its guidance that establishing trustworthy encrypted network links is not just about technology. It is also important that the management of these networks links is carried out by appropriate individuals, performing their assigned management activities in a competent and trusted fashion, from a management system that protects the overall integrity of the system. Thus, for encryption solution providers, the partner’s service credentials impact how the end user may use the technology.

The Solution
IPsec helps protect the confidentiality and integrity of information as it travels across less-trusted networks, by implementing network-based encryption to establish Virtual Private Networks (VPNs).

Under PRIME principles, devices which implement cryptographic protection of information using IPsec should:

  • Be managed by a competent authority in a manner that does not undermine the protection they provide, from a suitable management platform
  • Be configured to provide effective cryptographic protection
  • Use certificates as a means of identifying and trusting other devices, using a suitable PKI
  • Be independently assured to Foundation Grade, and operated in accordance with published Security Procedures
  • Be initially deployed in a manner that ensures their future trustworthiness
  • Be disposed of securely
Keeping the network design simple is one of the most effective ways to ensure the network provides the expected security and performance. The use of certificates generated in a cryptographically secure manner allows VPN gateways and clients to successfully identify themselves to each other while helping to mitigate brute force attacks.

Conclusion
There are many encryption solutions to help agencies and federal governments who want to move from Legacy MPLS to SDN or SD-WAN. Layer 4 encryption, for example, can integrate easily into any network and encrypt data in transit without disrupting performance or replacing the current network architecture.

Selecting a provider that can offer a PRIME compliant solution – such as Layer 4 encryption - is key in conforming to both today and tomorrow’s cybersecurity standards. And with NCSC starting to treat all networks as untrusted networks (especially those agencies using internet), PRIME is becoming the gold standard for which NCSC will measure regulatory compliance.

Therefore, it is important to consider a vendor that can offer a security solution that is not only compliant but is simple and uncomplicated, minimising disruption, resources and costs.

Thursday, 21 November 2019

How Much is Your Data Worth on the Dark Web?

You may not know much about the dark web, but it may know things about you.

What is the Dark Web?

The dark web is a part of the internet that is not visible to search engines. What makes the dark web, dark? it allows users to anonymise their identity by hiding their IP addresses. This makes those using the dark web nearly impossible to identify.

Only 4% of the internet is available to the general public, which means a vast 96% of the internet is made up of the deep web. It’s important to note here, that the dark web is just a small section of the internet but it’s a powerful small sector.

How much are your bank details worth?
The dark web is full of stolen personal bank credentials. It’s common to see MasterCard, Visa, and American Express credentials on the dark web from a variety of different countries.

Credit card data in the US, UK, Canada and Australia increased in price anywhere from 33% to 83% in the time from 2015 to 2018. The average price for a UK Visa or Mastercard in 2015 was £9, however, this did increase to £17 in 2018. This is approximately an 83% increase. Bank accounts that can transfer funds in stealth mode to United Kingdom banks are considerably more expensive. An account with a £12,500 account balance goes for around £700.


How much are your subscription services worth?
The sale value of your PayPal credentials depends on the available account balance. PayPal details can be sold for as little as £40 and this can increase to £820 - £2,500 for an available balance of £6580.

Your Amazon, British Airways, Facebook, Fortnite and Netflix logins are also available on the dark web. These can go for around £7 which is surprising as they hold various information about your banking and identity. Stolen hotel loyalty programs and auctions accounts can cost as much as £1,150 due to the extensive information they provide the buyer.

Are you surprised to learn that even reward programs and viewing subscriptions can be purchased on dark web markets?


How much is your whole identity worth on the dark web
The average modern person now has many online accounts. These can range from email and Facebook to online shopping, food delivery and banking. Combine all of those accounts and the typical internet user's identity is worth around £987 to hackers. The personal loss for victims is of course much higher.

Jade works for Total Processing, an advanced independent payment gateway provider who answers only to our customers.

Wednesday, 20 November 2019

GTP Security: Securing 5G Networks with a GTP Firewall

Anthony Webb, EMEA Vice President at A10 Networks

It is often written that 5G will usher in the Fourth Industrial Revolution and change the economy. The speeds and capacity that 5G network promises to bring has the potential to be an indispensable technology. Verizon estimated that by 2035, 5G “will enable £10.5 trillion of global economic output and support 22 million jobs worldwide.

Therefore, 5G is not only important because it has the potential to support millions of devices at ultrafast speeds, but also because it has the potential to transform the lives of people around the world. But with this new opportunity also comes higher security risks as cyberattacks grow in sophistication and volume and use lightly protected mobile and IoT devices in their botnets or targeted attacks.

GTP today

Since the early days of 3G or 2.5G, GPRS Tunnelling Protocol (GTP) has been used to carry traffic and signalling through mobile networks and has continued to do so in 4G/LTE and recent 5G non-standalone architectures. But GTP was never designed with security in mind and therefore has no inherent security mechanisms.

As traffic, devices and interconnection partners surge, so does the use of GTP. The transition to 5G is happening and most operators will opt to deploy 5G in stages, using a common 4G core as they build out the 5G RAN. As a result, threats to 4G core elements from GTP-based attacks will still be present during this hybrid period. This where operators must now include a GTP firewall as part of their current network security posture and as they evolve the network to 5G.

GTP vulnerabilities have been well known by the industry and documented in GSMA reports. What is required is a GTP firewall which stops attackers from trying to exploit GTP vulnerabilities on the interfaces exposed to the network. These attacks target both mobile subscribers and mobile network infrastructure. The most common GTP security issues include confidential data disclosures, denial of service, network overloads, and a range of fraud activities. In 5G, additional security measures have been added, but GTP will continue to play an important role, especially in roaming.

What is required?

The simple answer is scalable security. Mobile operators face the challenge of securing roaming and EPC interfaces where GTP protocols are used extensively in and are known to have vulnerabilities that can be readily exploited by malicious actors. As vulnerable devices and partners expand, so does the attack surface available for malicious purposes. Operators need to meet the growing security challenges while also providing a seamless subscriber experience.

As they move towards 5G, with likely a 4G common core for many years, operators will need to tackle the risks inherent in GTP, as threats continue to grow against a much larger volume of traffic and applications. Roaming traffic, with its high complexity and large number of interconnect partners and hubs, can be an especially vulnerable and attractive target for malicious actors.

Common Threats

The most common threats from a GTP based attacks include the following:
Eavesdropping – intercepting and snooping into GTP traffic gaining valuable and confidential subscriber information

  • Fraud: Attackers can use services at the expense of the operator or another subscriber using invalid or hijacked IMSI
  • Injection of malicious GTP messages: Disrupting sessions and creating DDoS
  • Subscriber denial of service: Spoofing subscriber IDs to generate malicious messages that cause service disruption for an individual subscriber
  • Message Suppression and Modification: Prevent message delivery or allow malicious content delivery, disrupting service
  • Network Overload/DDoS: Malicious, malformed or invalid signalling packets are sent that overwhelm network elements or cause vulnerable elements to fail
GTP Firewall 
A GTP firewall provides security and scalability, while protecting the mobile core against GTP-based threats mentioned above through GTP interfaces in the access networks and GRX/IPX interconnect to support uninterrupted operations. The GTP firewall can be inserted into multiple interfaces carrying the GTP traffic. The primary use case is being inserted on S5-Gn and S8-Gp (roaming firewall) interfaces.

Tuesday, 19 November 2019

A UK Small Business is hacked every 19 seconds

Small UK businesses bear the brunt of cyberattacks according to the latest industry reports. SecureTeam have crunched the numbers and put together an InfoGraphic which depicts how cybercrime is impacting UK small business. They have concluded UK small businesses are targeted with 65,000 cyberattacks per day, with one small business hacked every 19 seconds!

As expected, email is by far the most commonly used attack vector, and the security posture of small businesses is not sufficiently robust enough to withstand cyberattacks, knowledge which the cybercriminals clearly understand.


Monday, 18 November 2019

Combating the Accidental Insider Data Leakage Threat

Article by Andrea Babbs, UK General Manager, VIPRE SafeSend

Cybercrime has rapidly become the world’s fastest growing form of criminal activity, and is showing no sign of slowing down with the number of attacks on businesses rising by more than 50% in the last year alone. While most corporates have made significant efforts to invest in cybersecurity defences to protect their organisations from the outside threat of cybercrime, few have addressed the risk of breaches that stem from the inside in the same way. Insider threats can come from accidental error, such as an employee mistakenly sending a sensitive document to the wrong contact, or from negligence such as an employee downloading unauthorised software that results in a virus spreading through the company’s systems.

We’re all guilty of accidentally hitting send on an email to the wrong person, or attaching the wrong document; but current levels of complacency around email security culture are becoming an ever greater threat. Few organisations have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting their staff from becoming an inside threat.

So where does the responsibility lie to ensure that company data is kept secure and confidential?
According to reports, 34% of all breaches are caused by insider fault, yet many employees are unaware of their responsibility when it comes to data protection. With employee carelessness and complacency the leading causes of data breaches - understandable when human error is inevitable in pressured working environments - there is clearly a lack of awareness and training. And while there is an obvious and urgent need for better employee education, should IT leaders not be doing more to provide the tools that take the risk of making accidental mistakes out of employees’ hands?

With simple technology in place that provides an essential double check for employees - with parameters determined by corporate security protocols - before they send sensitive information via email, accidental data loss can be minimised and an improved and proactive email security culture achieved. In addition to checking the validity of outbound and inbound email addresses and attachments - thereby also minimising the risk of staff falling foul of a phishing attack - the technology can also be used to check for keywords and data strings in the body of the email, to identify confidential or sensitive data before the user clicks send.

In order for organisations to limit the number of insider data breaches, it’s crucial for employees to understand the role they play in keeping the company’s data secure. But in addition to supporting employees with training, deploying an essential tool that prompts for a second check and warns when a mistake is about to be made, organisations can mitigate the risk of accidental error, and the potentially devastating consequences that might have on the business.

Email is arguably the key productivity tool in most working environments today; placing the full burden of responsibility for the security of that tool on employees is both an unnecessary overhead and, increasingly, a security risk. In contrast, supporting staff with a simple, extra prompt for them to double check they aren’t mistakenly sharing confidential data raises awareness, understanding and provides that essential security lock-step – before it’s too late.

Friday, 15 November 2019

Broken Security? Most Business Leaders aren't confident about their Cybersecurity

Cybersecurity is a critical battleground for UK businesses today, as the digital footprints of individuals and enterprises continue to grow. However, according to a new study commissioned by VMware in partnership with Forbes Insights, only a quarter (25%) of business leaders across EMEA are confident in their current cybersecurity practices, with UK spending without adequate assessment of the needs of organisations now commonplace.

VMware research reveals British businesses battle sophisticated security threats with old tools and misplaced spend

Key findings of the Study
  • 78% of UK business and IT security leaders believe the cybersecurity solutions their organisation is working with are outdated (despite 40% having acquired new tools over the past 12 months to address potential threats)
  • 74% reveal plans to invest even more in detecting and identifying attacks in the next three years, despite having a multitude of products already installed – a quarter (26%) of businesses currently have 26 or more products for this
  • Only 16% state extreme confidence in the readiness of their organisation to address emerging security challenges
The research shows UK businesses are trapped in a routine of spending without adequately assessing the needs of their organisation. Three quarters (78%) of business and IT security leaders believe the cybersecurity solutions their organisation is working with are outdated, despite 40% having acquired new tools over the past year to address potential threats. Nearly three quarters (74%), meanwhile, reveal plans to invest even more in detecting and identifying attacks in the next three years, despite having a multitude of products already installed – a quarter (26%) of businesses currently have 26 or more products across their enterprises for this.

The apparent hope of UK businesses to spend their way out of security crises is coupled with a significant security skills gap: just 16% of UK respondents state extreme confidence in the readiness of their organisation to address emerging security challenges, with only 14% extremely confident in the readiness of their people and talent.

The result is that, despite British businesses shoring up their defences against an evolving threat landscape, the complexity surrounding multiple cybersecurity solutions is making it harder for organisations to respond, urgently adapt or improve their strategies. In fact, a third (34%) of IT security leaders state it can take up to an entire week to address an issue.

Ian Jenkins, Director, Networking and Security UK & Ireland, VMware, said of the findings: “Businesses across the UK and beyond continue to follow the same IT security paths, and yet expect to see different results. Yet we now live in a world of greater complexity, with more and more intricate interactions, more connected devices and sensors, dispersed workers and the cloud, all of which have created an exponentially larger attack surface. Investment in traditional security solutions continues to be dwarfed by the economic repercussions of breaches.”

The lack of confidence highlighted in this study sits within a chasm forming between business leaders and security teams. In the UK, only a quarter (24%) of IT teams consider C-suite executives in their organisation to be ‘highly collaborative’ when it comes to cybersecurity. Across EMEA, meanwhile, only 27% of executives and only 16% of IT security practitioners say they are collaborating in a significant way to address cybersecurity issues.

Jenkins concludes, “Modern-day security requires a fundamental shift away from prevailing preventative solutions that try to prevent breaches at all costs. British businesses must invest in solutions that make security intrinsic to everything – the application, the network, essentially everything that connects and carries data. Breaches are inevitable, but how fast and how effectively you can mitigate that threat and protect the continuity of operations is what matters. Combining this approach with a culture of security awareness and collaboration across all departments is crucial to driving cyber best practice forward, and helping enterprises in the UK and across EMEA stay one step ahead in the world of sophisticated cybercrime.”

Thursday, 14 November 2019

For Caught in the Crossfire of Cyberwarfare

Authored by Dr Sandra Bell, Head of Resilience Consulting EMEA, Sungard Availability Services 

The 2019 National Cyber Security Centre’s (NCSC) Annual Review does not shy away from naming the four key protagonists when it comes to state-based cyber threats against our country. The review sites China, Russia, North Korea and Iran as being actively engaged in cyber operations against our Critical National Infrastructure and other sectors of society. That being said, the main cyber threat to businesses and individual citizens remains organised crime. But with the capability of organised crime matching some state-based activity and the sharing (if not direct support) of state-based techniques with cyber criminals, how are we expected to defend ourselves against such sophisticated cyberattack means?

The answer offered by Ciaran Martin, CEO of the NCSC, in his Forward to the 2019 Review only scratches the surface of the cultural change we need to embrace if we are to become truly cyber resilient to these modern-day threats.

“Looking ahead, there is also the risk that advanced cyberattack techniques could find their way into the hands of new actors, through the proliferation of such tools on the open market. Additionally, we must always be mindful of the risk of accidental impact from other attacks. Cyber security has moved away from the exclusive prevail of security and intelligence agencies towards one that needs the involvement of all of government, and indeed all of society.”

There are a few key points to draw out from this statement. Firstly, there is an acceptance that all of us may be collateral damage in a broader state-on-state cyberattack. Secondly, we should accept also that we maybe the victims of very sophisticated cyberattacks that have their roots in state-sponsored development. And finally, we must all accept that cyber security is a collective responsibility and, where businesses are concerned, this responsibility must be accepted and owned at the very top.

Modern life is now dependent on cyber security but we are yet to truly embrace the concept of a cyber secure culture. When we perceived terrorism as the major threat to our security, society quickly adopted a ‘reporting culture’ of anything suspicious, but have we seen the same mindset shift with regards to cyber threats? The man in the street may not be the intended target of a state-based or organised crime cyberattack but we can all easily become a victim, either accidentally as collateral damage or intentionally as low-hanging fruit. Either way we can all, individual citizens and businesses alike, fall victim to the new battleground of cyberwarfare.

What can business do in the face of such threats?
One could argue that becoming a victim of cybercrime is a when not an if. This can in turn bring about a sense of the inevitability. But what is clear when you see the magnitude of recent Information Commissioner’s Office (ICO) fines, is that businesses cannot ignore cyber security issues. A business that embraces the idea of a cybersecurity culture within its organisation will not only be less likely to be hit with a fine from the ICO should things go horribly wrong, but are also less likely to fall victim in the first place. Cyber security is about doing the basics well and preparing your organisation to protect itself, and responding correctly when an incident occurs.

Protecting against a new kind of warfare
Organisations need to prepare to potentially become the unintended targets of broad-brush cyberattacks, protecting themselves against the impact they could have on their operations and customer services. With each attack growing in its complexity, businesses must in-tow respond in a swift and sophisticated manner. Defence mechanisms need to be as scalable as the nefarious incidents they may be up against. To give themselves the best chance of ensuring that an attack doesn’t debilitate them and the country in which they operate, there are a few key things that businesses can do:

1) Act swiftly
A cyberattack requires an immediate response from every part of a business. Therefore, when faced with a potential breach, every individual must know how to react precisely and quickly. IT and business teams will need to locate and close any vulnerabilities in IT systems or business processes and switch over to Disaster Recovery arrangements if they believe there has been a data corruption. Business units need to invoke their Business Continuity Plans and the executive Crisis Management Team needs to assemble. This team needs to be rehearsed in cyber related crisis events and not just the more traditional Business Continuity type of crisis.

Both the speed and effectiveness of a response will be greatly improved if businesses have at their fingertips the results of a Data Protection Impact Assessment (DPIA) that details all the personal data collected, processed and stored, categorised by level of sensitivity. If companies are scrambling around, unsure of who should be taking charge and what exactly should be done, then the damage caused by the data encryption will only be intensified.

2) Isolate the threat
Value flows from business to business through networks and supply chains, but so do malware infections. Having adequate back-up resources not only brings back business availability in the wake of an attack, but it also serves to act as a barrier to further disruption in the network. The key element that cybercriminals and hacking groups have worked to iterate on is their delivery vector.

Phishing attempts are more effective if they’re designed using the techniques employed in social engineering. A study conducted by IBM found that human error accounts for more than 95 per cent of security incidents. The majority of the most devastating attacks from recent years have been of the network-based variety, i.e. worms and bots.

Right now, we live in a highly connected world with hyper-extended networks comprised of a multitude of mobile devices and remote workers logging in from international locations. Having a crisis communication plan that sets out in advance who needs to be contacted should a breach occur will mean that important stakeholders based in different locations don’t get forgotten in the heat of the moment.

3) Rely on resilience
Prevention is always better than cure. Rather than waiting until a data breach occurs to discover the hard way which threats and vulnerabilities are present in IT systems and business processes, act now.

It’s good business practice to continuously monitor risk, including information risk, and ensure that the controls are adequate. However, in the fast-paced cyber world where the threats are constantly changing this can be difficult in practice.

With effective Disaster Recovery and cyber focused Business Continuity practices written into business contingency planning, organisations remain robust and ready to spring into action to minimise the impact of a data breach.

The most effective way to test business resilience without unconscious bias risking false-positive results is via evaluation by external security professionals. By conducting physical and logical penetration testing and regularly checking an organisation’s susceptibility to social engineering, effective business continuity can be ensured, and back-up solutions can be rigorously tested.

Cyber Resilience must be woven into the fabric of business operations, including corporate culture itself. Crisis leadership training ensures the C-suite has the skills, competencies and psychological coping strategies that help lead an organisation through the complex, uncertain and unstable environment that is caused by a cyberattack, emerging the other side stronger and more competitive than ever before.

A look ahead to the future
A cyberattack is never insignificant, nor expected, but if a business suffers one it is important to inform those that are affected as quickly as possible. Given the scale at which these are being launched, this couldn’t be truer. It’s vital in the current age of state-backed attacks that businesses prioritise resilience lest they be caught in the crossfire. In a business landscape defined by hyper-extended supply chains, having a crisis communication plan that sets out in advance who needs to be contacted should a breach occur will mean that important stakeholders don’t get forgotten in the heat of the moment and that the most important assets remain protected.

Wednesday, 13 November 2019

Labour Party DDoS Cyber Attacks

It was just a matter of time before cyberattacks were catapulted into the forefront of the UK 2019 General Election campaign, with two cyber-attacks on the Labour Party in the last two days.


It was reported the Labour Party was targeted by two separate Distributed Denial of Service (DDoS) attacks. Labour have not publically disclosed which of its digital systems were targetted by the DDoS attacks, but it is understood cyber attacks impacted the speed of their election and campaigning tools on Monday.

A Labour spokeswoman said: “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.” Following reports of a second cyber-attack, a Labour Party spokesperson said: "We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently."

The National Cyber Security Centre (NCSC) has warned all political parties about the high likelihood of being targeted with cyberattacks during elections for years. An NCSC spokesman said the Labour Party followed the correct procedure and notified them swiftly of Monday's cyber-attack, adding: "The attack was not successful and the incident is now closed".

Despite the apparent 'failure' of this attack, it raises important questions around the security of data ahead of the vote: Who is behind this attack? What is the intended outcome? Do political parties have the required level of security to ward off nation-state hackers?

A Labour source said the attacks came from computers in Russia and Brazil, but given it was a DDoS attack, that attack source is likely from 'zombie' controlled computers, so the countries cited as generating the network traffic on mass against the Labour Party IT systems have no bearing on who the culprit behind the attacks is. The DDoS attacks such as these can be orchestrated from any part of the world, so the culprit could be anyone from a nation-state offensive cyber team to a bored 14-year-old kid sat in a bedroom.


DDoS Cyber Attack Explained
Zombie Computers
A zombie computer is where malware with ‘command and control software” has inflected a computer, which allows the computer to be remotely controlled by a hacker over the internet to perform malicious tasks. Computer users are typically unaware their computer is infected and is being controlled. Where hackers infect and control computers on mass over the internet, it is known as a botnet.

Botnets can have tens and even hundreds of thousands of computers remotely controlled by a hacker. Such botnets are used to send spam and phishing emails, and to perform Distributed Denial of Service DDoS) attacks. A DDoS attack is where a hacker instructs computers within the botnet to send network traffic to a website or server, at the same time, to flood server(s) with so much network traffic the server or website is unable to provide a service or function.


Terry Greer-King, VP EMEA at SonicWall said, "This morning’s ‘failed’ cyber attack on the Labour Party underscores the fact that we are living in an era where political attacks are business as usual for cybercriminals. Breaching a political organisation for the purpose of compromising personal information or even blackmail tampers with the political fabric of a nation and potentially tampers with democratic processes."

Greer-King stated "Despite the apparent 'failure', today's attack once again raises important questions around the upcoming election. Any vulnerabilities within political parties will be ruthlessly exploited, hindering and possibly manipulating their information and systems. Today’s trustworthy security solutions should empower government agencies and political parties, like Labour in this instance, to consistently meet cybersecurity safeguarding requirements and procedures, and implement layered security solutions to block attackers at every step of the way."

Tom Kellermann, Head Cybersecurity Strategist at VMware Carbon Black said "The UK government should be lauded for its ability to successfully thwart an attack campaign targeting its digital platforms. It’s clear the west is under siege as a new Cold War continues to emerge in cyberspace. 

Nation-state-backed hackers have often taken advantage of divisive issues like Brexit to undermine democratically elected governments and cooperative international coalitions like NATO and the EU. It’s hard to think this attack is the last that will target the UK. In turn, the US should see these cyberattacks as a prelude for what may come in 2020.”

Anthony Webb, EMEA Vice President at A10 Networks said “Distributed denial of service (DDoS) attacks present one of the most dangerous forms of cyber threat for political parties and can cause serious reputational and financial damage. This is especially prominent during a General Election campaign when the party will be engaged in influencing voters, thus widening their cyber footprint. The UK Labour Party has suffered two DDoS attacks in quick succession, indicating that similar, future attacks are likely.

While the political parties participating will be on-guard following this latest attack, they all must be prepared for even more sophisticated, multi-vector application layer attacks throughout the remainder of the election period, that could seriously undermine their campaign.

An always-on DDoS protection system between the open web and servers is essential. Network security professionals need to embrace an extensible and adaptable position to detect both application and network attacks. The choice of defensive policy will be determined by the size of the enterprise and its resources. But as the number of high-profile campaign blackouts skyrockets, it’s worth reassessing expenditure and risk levels to combat these threats.

Ultimately, key political parties that cannot ensure that their campaign communication channels are continuously available, risk severely damaging their election campaigns – and may appear untrustworthy in the eyes of constituents. The key is to be prepared: the question is not if but when an attack will come. As we’ve seen in the last three years, cyber-attacks are now commonplace when nationwide elections or referendums are taking place.”

Monday, 11 November 2019

Cyber Security Businesses: Solving Challenges Through New Technologies

From everyday transactions to transport planning, as our world becomes more dependent on technology, cybersecurity risks are becoming more common, and more dangerous. 

Luckily, there’s a range of cybersecurity businesses and start-ups attempting to solve this issue through innovative new technologies.

We look at some recent projects and partnering opportunities tackling cybersecurity challenges. 

Antivirus Software From Japan
Established in 2007, a Japanese company has developed security software to detect unknown threats. They have developed a heuristic application consisting of five engines to detect malware and protect users.

These engines include;
  • Static analyses
  • Sandbox runs programs on a virtual environment
  • Dynamic analyses (monitors the behaviour of currently running programs)
  • Machine learnings
  • Vulnerability attack protection
The advantage of this technology is that it does not depend on pattern files. So far, the programs have detected several major threats and the engines are regularly updated with the latest research and information. In addition, the software requires no signature, a benefit for companies who do not wish to have their data drawn into the cloud.

The company has been very successful in Japan and are now looking to expand into European markets with the help of a partner. Their ideal partner would be an Original Equipment Manufacturer (OEM) company working in Internet Security.

Protecting Data, Assets and Brands Against Global Cyber Attacks
A German company has developed an automated platform to deal with global cybersecurity threats more efficiently.

The technology allows users to;
  • Benefit from ad-hoc assistance in emergencies
  • Simplify their security processes
  • Safely share threat information with a range of stakeholders and organisations
  • Contribute to a collaborative database
Some of the benefits of this platform include;
  • Automated incident response management
  • Real-time alerts
  • Data fusion on a large scale
  • Easy integration
  • Secure collaboration
  • Varied deployment models
  • Helps users understand and monitor threats worldwide
The company is now looking for help with the commercialisation of the business. They are seeking European or Asian partners to aid with sales, marketing and delivery.

Helping SMEs Improve Their Information Security
A British company has developed a bespoke service for SMEs, helping them to improve their security and technology solutions.

This service includes;
  • IT/cybersecurity
  • Privacy/ GDPR
  • Business continuity
  • Disaster recovery
  • Collaboration technologies
  • Blockchain/IoT/AI/Cloud computing
The company prides itself on strong face-to-face communication and their ability to tailor services to meet the needs of specific clients. They are currently looking to make commercial partnerships with businesses looking to improve their cybersecurity.

24/7 Security and Events Management
An Israeli company has developed a new solution to help organisations manage internal and external cyber threats. This real-time technology is available worldwide and offers a reliable, individualised service.

The service includes;
  • Risk assessments
  • Forensics
  • Compliance
  • A flexible pricing model
The advantage of a 24/7 security service is that users can speak to security specialists at any time, and alerts are handled in real-time.

The company is looking for commercial agents in the cybersecurity sector to expand their client base.

Enterprise Europe Network: Connecting Businesses and Partners Worldwide
Enterprise Europe Network (EEN) helps businesses, academia and research institutions connect, expand into new markets and transform ideas into marketable products.

Discover more cybersecurity businesses and partnership opportunities part of the EEN network for an insight into the future of online security.

Sunday, 10 November 2019

Five Emails you don’t want in your Inbox

Phishing attacks are the most common form of cyber attack. Why? The simplicity of email gives cybercriminals an easy route in, allowing them to reach users directly with no defensive barriers, to mislead, harvest credentials and spread malicious elements.

All organisations think it won’t happen to them, but phishing isn’t a trap that only ensnares the gullible or those unacquainted with technology. Far from it. Gone are the days of poorly-worded, patently obvious attempts at scamming users out of their hard-earned cash. Some of today’s most sophisticated phishing attacks are almost indistinguishable from legitimate business communications – they’re well-written, thoroughly researched and establish a thread of communication with the victim before attempting to steal their credentials or bank balance.

Email is the single biggest attack vector used by adversaries who employ a plethora of advanced social engineering techniques to achieve their goal. Andy Pearch, Head of IA Services at CORVID, describes five common types of social engineering attack that no employee – from CISO to HR assistant – wants to see in their inbox.

1. Payment Diversion Fraud
Cybercriminals often masquerade as a supplier, requesting invoices are paid to alternative bank details. They can also pretend to be an employee, asking the HR department to pay their salary into a different account. Payment diversion fraud targets both businesses and individuals and the results can understandably be devastating.

There’s little point requesting someone to make a bank transfer or change payment details who isn’t authorised to do so – threat actors target finance and HR teams, who would expect to process payments and deal with changes to personal account details, so are more likely to comply with the fraudulent request.

2. CEO Fraud

Impersonating a VIP – often the CEO – is big business for adversaries, knowing the recipient will often action the request straightaway. Threat actors research their executive target thoroughly to make sure their spoofed email is as convincing as possible, so it stands more chance of succeeding. They prey on users’ implicit trust of their seniors to coerce them into providing commercially sensitive information, personal information, or bank account details.

These deceitful requests often convey a sense of urgency, and imply the interaction can only be carried out via email – the victim therefore has no time to question the validity of the request and is unable to call the CEO to confirm if it’s genuine.

3. Whaling

The opposite of CEO fraud, whaling targets senior executives rather than impersonating them. These targets are often the decision-makers in a business who have the authority to give the go-ahead on financial transactions and business decisions, without further levels of approval. These phishing attacks are thoroughly researched, containing personalised information about the company or individual, and are written in the company’s tone, adopting fluent business terminology that’s well-known to the VIP target.

4. Spear Phishing

Perhaps the most widespread form of email-based cyberattack, spear phishing targets individuals and specific companies with links to credential harvesting sites or requests for confidential information, such as bank details and personal data. Attackers study their victim’s online presence to include specific information which adds credibility to their request, such as purporting to be from a streaming service the victim is subscribed to, or a supplier that is known to the target company.

5. Sextortion

Not all phishing attacks are subtle. A form of cyber blackmail, sextortion is when cybercriminals email their target claiming to have evidence of them committing X-rated acts or offences, and demanding payment to stop the criminals from sharing the evidence with their victim’s family or employer.

Attackers count on their victim being too embarrassed to tell anyone about the email (although they haven’t done anything wrong), because it’s a taboo subject most wouldn’t feel comfortable talking about with others. They often make the email sound like they’re doing their victim a favour in keeping the details to themselves. The victim may decide to pay up to stop embarrassing details about their private lives being made public, regardless of whether they’re true or not. Payments are usually demanded in Bitcoin so the transaction is untraceable, meaning the adversary cannot be identified.

But if the victim knows they’re innocent, why do these attacks still work? It’s all about credibility – attackers harvest email addresses and passwords from previous cyberattacks, which are available on the internet, and include them in their email to add credibility. If an attacker emails you claiming to know one of your passwords and includes it for proof, you’re more likely to believe the rest of the email is genuine.

Conclusion

These common types of social engineering attack cannot be ignored by any organisation – these threats are very real and won’t disappear anytime soon. Email security and threat protection can be transformed by the use of multiple sophisticated detection engines and threat intelligence sources; employees shouldn’t have to carry the weight of identifying these threats, essentially plugging the gaps in flawed cybersecurity strategies. Organisations need to treat email as the serious security risk that it is and begin to put appropriate measures in place.

Fraud detection and content checking in real time automatically highlight phishing and social engineering techniques, which removes the burden from users and instead leaves technology to do its job. Furthermore, technology enables potentially concerning emails – such as those attempting to harvest credentials, mislead users or spread malicious elements – to be automatically flagged, meaning employees can make quick, informed and confident decisions as to whether the email should be trusted.

With such sophisticated technology available and a growing threat landscape that shows no sign of slowing, it’s time for organisations to make a change and adequately protect themselves from incoming attacks.

Saturday, 9 November 2019

Why Cybersecurity Breach Survivors are Valued Assets

Guest article By Ewen O’Brien, VP of Enterprise, EMEA at BitSight

No one wants to talk about their failures, especially in the cybersecurity realm where the stakes are high. But new insight from Symantec and Goldsmiths, University of London, finds that security professionals who have lived through a cybersecurity attack or breach could be the answer to protecting your organisation against future threats.

The report reveals that just over half of the 3,000 CISOs surveyed believe that learning from failure is incredibly valuable and a vital part of improving corporate cybersecurity postures. Indeed, these professionals may very well be your company’s best line of defence in the face of a potential cyberattack.

The Value of “Cybersecurity Breach Survivors”

Security professionals who have lived through an avoidable breach possess a unique mindset. They are less likely to experience burnout, are less indifferent to their work, less likely to think about quitting their job, feel less personally responsible for an incident, and are more likely to share their learning experiences. Cybersecurity breach survivors also have the first-hand experience of what works on the frontlines of security performance management and what doesn’t and are well versed in crisis management, recovery procedures, and team focus.

Furthermore, cyberattack veterans have unique perspectives on cybersecurity risk management. They understand that risk mitigation requires more than the right tools and technology. Unless an organisation takes a risk-based view of security, where all stakeholders (not just IT) understand the inherent threat of doing business in a digital world, then all the firewalls, endpoint protection, and other security measures won’t help.

Sharing Insights About Cybersecurity Breaches: The Best Defence
Unfortunately, while many businesses tend to extol the virtues of openness and information-sharing, cybersecurity remains a taboo subject for many. Cyber breaches are treated like a scarlet letter, and security teams are often hesitant to share information or discuss vulnerabilities that led to breaches and lessons learned from those incidents.

That might be why security professionals who’ve “been there and done it” remain unfortunately tight-lipped about their experiences. The Symantec/Goldsmiths study shows that 54% of respondents don’t discuss breaches or attacks with their industry peers, with 36% fearing that sharing this information could impact their professional reputation and career prospects.

This new report flips that thinking on its head, and boldly asserts several best practices: that these learnings should be shared, that company boards should foster a more open learning culture for security teams, and that data breach survivors should be at the top of your company's list of hiring priorities.

Indeed, sharing experiences is critically important, especially since everyone in the company must be involved in protecting the organisation. The cybersecurity skills shortage mandates that everyone, from the CEO on down, needs to take responsibility.

Not adhering to this policy can yield some sobering results. The average cost of a cyber breach has now reached $4.6 million per incident. But the impact extends beyond potential financial and reputational ruin. Security teams are also feeling the burn with 51% of tech executives experiencing cybersecurity burnout and stress-related illnesses as a result of cyberattacks, breaches, and outages.

Experience with Vulnerabilities Can Strengthen Security Performance Management 

We’re all vulnerable about our vulnerabilities. But cybersecurity professionals who have witnessed an attack first-hand should be applauded, not vilified. And they should feel confident that their experience can help their organisations be better prepared for the future. Their experiences--and the knowledge they’ve gained from those experiences--can be used to bolster security performance management and create a formidable front against potential threats.

Friday, 8 November 2019

Researchers find security flaws in ‘Amazon’s Ring Video Doorbell Pro’ IoT device

Bitdefender researchers have discovered an issue in ‘Amazon’s Ring Video Doorbell Pro’ IoT device that allows an attacker to intercept the owner’s Wi-Fi network credentials.

During the configuration stage, the mobile app sends the Wi-Fi network credentials in plaintext to the Ring Video Doorbell Pro. This then allows the hacker to sniff the packets and find out the sensitive data it needs to connect to the user’s WiFi.

Once in possession of a user’s WiFi password, an attacker has full access to the network. And it’s no secret that an internal network can be very lax. In fact, many devices such as Smart TVs allow interaction without any authentication whatsoever – even if a device was under attack, there is no trace left and users will have no idea they were even a victim.

Examples of possible things an attacker might do without your knowledge:
  • Interact with all devices within the household network 
  • Intercept network traffic and run ‘man-in-the-middle’ attacks 
  • Access local storage (NAS drives, for example) and subsequently access private photos, videos and other types of information 
  • Exploiting vulnerabilities and gaining access to other devices connected to the local network, that may lead to reading emails and private conversations 
  • Get access to security cameras to steal video recordings 
The Ring Doorbell Pro cameras now receive automatic security updates, the latest update resolves the security vulnerabilities.

Thursday, 7 November 2019

Eliminating the Social Media Cyber Security Blind Spot

Guest article by Anthony Perridge, VP International, ThreatQuotient
More than three billion people around the world use social media each month, with 90% of those users accessing their chosen platforms via mobile devices. While, historically, financial services (FinServ) institutions discouraged the use of social media, it has become a channel that can no longer be ignored.

FinServ institutions are widely recognised as leaders in cybersecurity, employing layers of defence and highly skilled security experts to protect their organisations. But as the attack surface expands with the growing use of social media and external digital platforms, many FinServ security teams are blind to a new wave of digital threats outside the firewall.

Social media is a morass of information flooding the Internet with billions of posts per day that comprise text, images, hashtags and different types of syntax. It is as broad as it is deep and requires an equally broad and deep combination of defences to identify and mitigate the risk it presents.

Understanding prevalent social media threats
Analysis of prevalent social media risks shows the breadth and depth of these types of attacks. A deeper understanding of how bad actors are using social media and digital platforms for malicious purposes is extremely valuable as FinServ institutions strive to strengthen their defence-in-depth architectures and mitigate risk to their institutions, brands, employees and customers.

To gain visibility, reduce risk and automate protection, leaders in the financial industry are expanding their threat models to include these threat vectors. They are embracing a data-driven approach that uses automation and machine learning to keep pace with these persistent and continuously evolving threats, automatically finding fraudulent accounts, spear-phishing attacks, customer scams, exposed personally identifiable information (PII), account takeovers and more.

They are aggregating this data into a central repository so that their threat intelligence teams can trace attacks back to malicious profiles, posts, comments or pages, as well as pivot between these different social media objects for context. Network security teams can block their users from accessing malicious social objects to help prevent attacks, and incident response teams can compare their organisation’s telemetry of incidents with known indicators of compromise to mitigate damage.

Employee education is also a critical component of standard defences. Raising awareness of these threats through regular training and instituting policies to improve social media security hygiene with respect to company and personal accounts goes a long way to preventing these attacks in the first place.

A Checklist for Financial Institutions This checklist that encompasses people, process and technology will go a long way toward helping FinServ security teams better protect their institutions, brands, employees and customers.
  1. IDENTIFY the institution’s social media and digital footprint, including accounts for the company, brands, locations, executives and key individuals.
  2. OBTAIN “Verified Accounts” for company and brand accounts on social media. This provides assurance to customers that they are interacting with legitimate accounts and prevents impersonators from usurping a “Verified Account.”
  3. ENABLE two-factor authentication for social media accounts to deter hijacking and include corporate and brand social media accounts in IT password policy requirements.
  4. MONITOR for spoofed and impersonator accounts and, when malicious, arrange for takedown
  5. IDENTIFY scams, fraud, money-flipping and more by monitoring for corporate and brand social media pages.
  6. MONITOR for signs of corporate and executive social media account hijacking. Early warning indicators are important in protecting the organisation’s brand.
  7. DEPLOY employee training and policies on social media security hygiene.
  8. INCORPORATE a social media and digital threat feed into a threat intelligence platform as part of an overall defence-in-depth approach. This allows teams to ingest, correlate and take action faster on attacks made against their institution via social media.
Conclusion
FinServ institutions and their customers use many different social networks to communicate and conduct business but are often blind to the risk bad actors present as they increasingly targeting these public, uncontrolled channels to commit financial fraud, damage brands and even pose physical threats.

FinServ security teams need visibility into digital threats outside the firewall and actionable information to reduce risk and automate protection. Those that are most successful have a defence-in-depth architecture that includes intelligence on social and digital threats, context to understand what threats pose the greatest risk, and the ability to build on existing processes and workflows to block more threats and accelerate remediation.

Wednesday, 6 November 2019

Microsoft Ignite Cyber Security Takeaways

Microsoft's annual flagship 'Ignite' conference is underway, amongst the hundreds of announcements and content covered, there are a number of interesting security-related updates and new releases by Microsoft, highlighted below.


Microsoft Defender Advanced Threat Protection (ATP)
Microsoft is extending their endpoint detection and response capability in Microsoft Defender ATP to include MacOS, now in preview. Microsoft is planning to add support for Linux servers.

Application Guard for Office
Now available in preview, Application Guard for Office provides hardware-level and container-based protection against potentially malicious Word, Excel, and PowerPoint files. It utilises Microsoft Defender ATP to establish whether a document is either malicious or trusted.

Azure Security Center
Microsoft is announcing new capabilities to find misconfigurations and threats for containers and SQL in IaaS while providing rich vulnerability assessment for virtual machines. Azure Security Center also provides integration with security alerts from partners and quick fixes for fast remediation.

Azure Sentinel
https://azure.microsoft.com/en-us/services/azure-sentinel
Microsoft is introducing new connectors in Azure Sentinel to help security analysts collect data from a variety of sources, including Zscaler, Barracuda, and Citrix. In addition, Microsoft is releasing new hunting queries and machine learning-based detections to assist analysts in prioritising the most important events.

Insider Risk Management in Microsoft 365
Microsoft is announcing a new insider risk management solution in Microsoft 365 to help identify and remediate threats stemming from within an organisation. Now in private preview, this new solution leverages the Microsoft Graph along with third-party signals, like HR systems, to identify hidden patterns that traditional methods would likely miss.

Microsoft Authenticator
Microsoft are making Microsoft Authenticator available to customers as part of the Azure Active Directory (Azure AD) free plan. Deploying Multi-Factor Authentication (MFA) reduces the risk of phishing and other identity-based attacks by 99.9%.

New value in Azure AD
Previewing at the end of November, Azure AD Connect cloud provisioning is a new lightweight agent to move identities from disconnected Active Directory (AD) forests to the cloud. Additionally, Microsoft is announcing secure hybrid access partnerships with F5 Networks, Zscaler, Citrix, and Akamai to simplify access to legacy-auth based applications. Microsoft is introducing a re-imagined MyApps portal to help make apps more discoverable for end-users.

Microsoft Information Protection and Governance
The compliance center in Microsoft 365 now provides the ability to view data classifications categorised by sensitive information types or associated with industry regulations. Machine learning also allows you to use your existing data to train classifiers that are unique to your organisation, such as customer records, HR data, and contracts.

Microsoft Compliance Score
Now in public preview, Microsoft Compliance Score helps simplify regulatory complexity and reduce risk. It maps your Microsoft 365 configuration settings to common regulations and standards, providing continuous monitoring and recommended actions to improve your compliance posture. 

Azure Firewall Manager
Now in public preview, Microsoft customers can manage multiple firewall instances from a single pane of glass with Azure Firewall Manager. Microsoft are creating support for new firewall deployment topologies.

Sunday, 3 November 2019

Cyber Security Roundup for October 2019

The UK National Cyber Security Centre (NCSC) released its annual review. The report showcases the NCSC successes with its core mission to make the UK the safest place to live and work online. The NCSC is certainly having a positive impact in helping British businesses of all sizes with their cyber defences, and with their excellent 'CyberFirst' initiative, which encourages and supports youngsters into the cybersecurity professional.


The NCSC reported it had  "handled" 658 attacks on 900 organisations, including schools, airports and emergency services, with many attacks were "from hostile nation-states". The NCSC said cyberattacks from Russia, China, Iran and North Korea pose "strategic national security threats to the UK", and also warned that "large-scale global cybercrime" was a threat to "our social fabric, our way of life and our economic prosperity", despite often being "low in sophistication".

Mailing and IT services company Pitney Bowes client operations were severely disrupted by a ransomware outbreak, which affected their postage machines services, Mail360, MIPro, SendPro Online in the UK, 'Your Account' and even the 'Pitney Bowes Supplies' online store became inaccessible. According to Rejeev Gutpa of Cowbell Cyber, "Costs related to this cyber incident could go up rapidly for Pitney Bowes: third-party forensic experts, breach notification, loss of revenue, lawsuits and much more. Cybersecurity insurance can help immediately, especially if the cyber policy is up to date with the number of records to be covered. This is why continuous underwriting of cyber policies can eliminate any insurability gaps”.

Amazon Web Services (AWS) Domain Name System (DNS) was taken offline by DDoS attack for a number of hours on 22nd October, affecting a number of websites. According to reports, a flood of fake traffic disrupted legitimate attempts to resolve DNS requests to connect to Amazon cloud-hosted storage buckets and systems.

Another set of unsecured AWS servers belonging were discovered, this time belonging to UK recruitment firm Sonic Jobs and to another US-based recruitment firm, exposing more than 250,000 CVs of job candidates. Sonic Jobs specialises in the recruitment for retail and restaurant jobs and is used by hotel chains Marriott and InterContinental.

NordVPN revealed a third-party server located in Finland was accessed in March 2018The hacker had acquired an expired TLS key from the server through an insecure remote access system. The company said it was an isolated incident and no other servers or datacentres were impacted. “The intruder did not find any user activity logs because they do not exist. They did not discover users’ identities, usernames, or passwords because none of our applications sent user-created credentials for authentication” NordVPN said in a statement.

October was a fairly quiet month for Microsoft security patch releases, Microsoft's 'Patch Tuesdaywas their smallest security update release this year, and saw only 60 vulnerabilities addressed, 9 of which was rated as critical. Adobe patched 81 vulnerabilities in four of their products, and there was the usual barrage of Cisco patches and Juniper patches on then network appliance front. And Oracle didn't hold back with their patching, releasing security updates addressing a massive 218 vulnerabilities, and 6 WordPress bugs were addressed with new patch releases.

FireEye reported attackers are improving Business Email Compromise (BEC) techniques.  BEC or impersonation, or more commonly known as phishing attacks, rose during the second quarter of 2019 by 25%, with some types of attacks becoming more common and better executed according to the FireEye report. Attackers are increasingly impersonating executives and attempting to involve a company’s supply chain vendors as part of the attack to make it appear as if the malicious email is a legitimate request. 

BLOG
NEWS
VULNERABILITIES AND SECURITY UPDATES

AWARENESS, EDUCATION AND THREAT INTELLIGENCE