Friday, 7 May 2021

Achieving PCI DSS Compliant Firewalls within a Small Business

The most important and integral part of any data security begins with having firewalls installed in the environment. Not just that, installing firewalls is an essential requirement of the Payment Card Industry Data Security Standard (PCI DSS). However, simply installing a firewall on the network perimeter will not make your organization PCI DSS compliant.

PCI DSS draws out specific requirements pertinent to firewalls under requirement 1 and its sub-requirements on how firewalls should be installed, updated, maintained along with other firewall rules. Elaborating more on this, we have explained in this article basic PCI DSS firewall requirements, and the need for small businesses to install firewalls. But before getting into the details of it, let us first understand the meaning of a PCI DSS compliant firewall.

What is a PCI DSS Compliant Firewall?
Firewalls are used to segment or isolate networks and are an essential component to limit cyber threats and protect internal networks from the internet and untrusted networksIn a merchant’s point-of-sale environments (POS), a firewall's purpose to restrict only specific permitted network traffic into and out of the POS network environment.

However, if misconfigured and unmaintained, a firewall could fail to adequately protect
 networks and IT systems that process payment cards. The PCI Security Standards Council have provided requirements and guidance for firewalls to ensure the merchants and service providers, correctly deploy and maintain firewalls.

PCI Firewall Requirements
The PCI DSS firewall requirements cover both technical specifications and physical access controls requirements within PCI DSS requirements 1 & 9.  This includes planning for future updates, reconfiguration, limiting only relevant inbound network traffic, etc. The physical access requirements are more about ensuring that companies limit physical access to the Cardholder Data Environment (CDE). This would include inspecting card reading devices for identifying any tampering of devices, installing monitoring devices, the requirement of unique IDs for authorized access, and visitor logs to name a few. 

To understand the technical requirements, let understand the PCI DSS firewall requirements summarised below for your better understanding.





Protect cardholder data with a firewall.

Firewalls are a key protection mechanism for securing the network and Cardholder Data Environment.


Establish and implement firewall and router configuration standards.

Ensure establishing firewall and router configuration standards and other documentation to verify that standards are complete and implemented.


Establish a formal process to validate and test all network connections, changes to firewall and router configurations.

Established documented procedures to verify there is a formal process for testing and approving network connections, changes to firewall and router configurations. This would even include interviewing responsible personnel and examining records periodically to verify that, network connections and a sample of actual changes made to firewall and router configurations are approved and tested.


Establish a network diagram to identify all connections between the cardholder data environment and other networks, including any wireless networks

Create network diagrams that describe how networks are configured, and identify the location of all network devices. This prevents the possibility of any area being overlooked and unknowingly left out of the security controls implemented for PCI DSS and vulnerable to compromise


Establish a data flow diagram that shows all cardholder data flows across systems and networks.

Create a data-flow diagram to identify the location of all cardholder data in the environment. This will help you in understanding and tracking the flow of the data in the environment across systems and networks. Further, the data flow must be kept up to date as needed depending on the changes to the environment.


Establish firewalls at each Internet connection between the DMZ and the local network.

The firewall on every Internet connection coming into the network, and between any DMZ and the internal network, allows the organization to monitor and control access. This further minimizes the chances of malicious unauthorized access to the internal network via an unprotected connection.


Create descriptions of groups, roles, and responsibilities for managing network components.

Establish roles and responsibilities for the management of network components. This is to ensure that personnel is aware of their roles and responsibilities pertaining to the security of all network components. This helps facilitates better accountability for the security of the CDE.


Document the security measures implemented and protocols considered unsafe and the business rationale for using all services, protocols, and ports allowed.


Implementing documentation of services, protocols, and ports that are necessary for business can prevent a compromise that is otherwise caused due to the unused or insecure service and ports. Further, the use of any necessary protocol and ports should be justified, and the security features that allow these protocols to be used securely should be documented and implemented.


Review firewall and router rules at least every six months


Organizations must periodically review firewall and router rules at least every six months to clearly unwanted outdated, or incorrect rules and ensure establishment rule that allows only authorized services and ports that match the documented business justifications.


Restrict connections between untrusted networks and all system components in the cardholder data environment with firewall and router configurations

Install network protection between the internal, trusted network and any untrusted network that is external and/or out of one's ability to control or manage. This is to limit traffic and prevent any kind of vulnerability and unauthorized access by malicious individuals or software.


Restrict inbound and outbound traffic to only that is necessary for the cardholder data environment, and limit all other traffic.

Examine all inbound and outbound connections and set restrictions of traffic based on the source and/or destination address. This helps filter out unnecessary traffic and prevents malicious individuals from accessing the network via unauthorized IP addresses or from using services, protocols, or ports in an unauthorized manner.


Install perimeter firewalls between all wireless networks and the cardholder data environment and configure these firewalls to filter only the authorized traffic for business purposes.

Firewalls must be installed between all wireless networks and the CDE, which may include, but is not limited to, corporate networks, retail stores, guest networks, warehouse environments, etc. Installing firewalls at the network perimeter works as a filter to limit only authorized traffic. This restricts malicious individuals from gaining unauthorized access to the wireless network and the CDE to compromise account information.


Prohibit direct public access between the internet and any system components in the cardholder data environment.


Firewalls must be installed to manage and control all connections between public systems and internal systems, especially those that store, process or transmit cardholder data. This prevents bypassing and compromise of system components and card data.



Create a demilitarized zone (DMZ) to limit incoming traffic to system components that only provide publicly accessible authorized services, protocols, and ports.

Implementing DMZ prevents malicious individuals from accessing the organization's internal network from the Internet, or from using services, protocols, or ports in an unauthorized manner.


Implement anti-spoofing measures to detect and prevent fraudulent source IP addresses from entering the network.

Implement anti-spoofing measures to filter forged IP addresses entering the internal network and causing compromise.


Do not allow unauthorized traffic from the cardholder data environment to the internet.

Evaluate all traffic outbound from the cardholder data environment to the internet to ensure that it follows established, authorized rules and restricts traffic to only authorized communications.


Allow only established connections to the network.

Examine the firewall and router configurations to verify that the firewall permits only established connections into the internal network and blocks any inbound connections not associated with a previously established session. This prevents malicious traffic from trying to trick the firewall into allowing the connection.


Install personal firewall software on all portable computing devices connected to the internet and access the CDE while off the network.

Installing personal firewall software or equivalent functionality on any portable computing device protect devices from Internet-based attacks, that use the device to gain access to the organization's systems and data once the device is reconnected to the network.


Ensure that security policy and operational procedures for the management of firewalls are documented in use and are known to all parties concerned.

Ensure that the security policies and operational procedures for managing firewalls are documented, in use, and personnel responsible are aware of it. This is to manage and prevent unauthorized access to the network.

Why does a small business need to have PCI Compliant Firewall?
Poor firewall implementation and maintenance is a common factor in cyber attacks and payment card data thefts within small businesses, which is often due to poor IT security understanding and suitable resources by IT and business management. All business connectivity with the internet poses the greatest risk to safeguard with a firewall. PCI DSS requirement all
internet connectivity to be protected with a firewall, which effectively creates a ‘buffer zone’ between the business's IT network or systems, and untrust external networks and systems. Other reasons why firewalls are essential for small business include:

Access Controls
The firewall operates at the network layer, filtering all incoming requests based on IP address and the service being accessed such as web or email or some customised ports. So, installing firewalls to a great extent restricts unauthorized access and prevents entry of any malicious individuals gaining unauthorised access to the network and compromise any data.

Cloud Security

Connectivity with third parties and cloud service providers can also be controlled through a firewall policy, to safeguard from supply chain threats and protect sensitive data from exposure.

Malware Protection
Firewalls are much more than just filtering network traffic based on IP addresses. 'Next Generation firewalls provide security controls beyond the traditional firewall controls of IP address and port filtering. Such as providing VPNs, web filtering capabilities, anti-malware screening of incoming traffic, and intrusion detection/prevention which is another PCI DSS requirement. 

Application and Database Protection
Some firewalls have web application screening capability and are known as Web Application Firewalls (WAF). A correctly configured WAF provides protection from application-layer threats such as web-based attacks like SQL injections, where an attacker manipulates a web application to expose the back-end database. PCI DSS requirement 6.6 requires installing an automated technical solution that detects and prevents web-based attacks (e.g., a web application firewall) as one of two ways to address vulnerabilities to public-facing web applications.

Monitoring and Responding to Malicious Activity
Firewalls monitor and report suspicious attacks, with the support of a 'Security Information and Event Management' (SIEM) tool, the business is able to detect and quickly respond to cyber-attacks, which is covered by PCI DSS requirement 10.

Smaller businesses are considered easy prey by hackers, due to the tendency of such firms not having sufficiently robust IT security controls in place. Small businesses which process payment cards are specifically targeted by cybercriminals, as they can quickly turnaround stolen credit card data into cash via the dark web. Installing and maintain a firewall is a fundamental and basic IT security pillar that should never be neglected and underestimated in its importance, along with configuring IT systems to be secure, implementing access control, deploying anti-virus, and keeping all software up-to-date. PCI DSS provides a highly descriptive set of security industry good practice IT controls, which if completely adhered to on a continual 24/7/365 basis, is sufficient to protect your business from payment card compromises by cybercriminals.

Author Bio
Narendra Sahoo
(PCI QSA, PCI QPA, CISSP, CISA, and CRISC) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.

Thursday, 6 May 2021

Cybersecurity Is Not A One-Stop-Shop

Cybersecurity is not a One-Stop-Shop
Boris Johnson announced the Government’s roadmap to lift Coronavirus restrictions for both businesses and the general public earlier in February, and since then, this has provided a glimmer of hope for many across the country. However, since the start of the pandemic, the way business is conducted has changed permanently, with many workforces wanting to continue to work remotely as lockdowns and restrictions ease over time. So, as companies relax and rules are eased, life is expected to return to a form of ‘new normal.’ But, the issues around cybersecurity are here to stay, and the gas pedal must not be eased – especially with the increased risks associated with continued remote working.

If anything, security should be more reinforced now than ever before to ensure all aspects of a business are secure. But this isn’t the case. Steve Law, CTO, Giacom and Kelvin Murray, Threat Researcher, Webroot, detail the importance of embedding a trilogy security approach into organisations, and this is where a strong CSP/MSP relationship can be invaluable.

The Risk Grows
Despite lockdown restrictions easing, cybersecurity risks remain and are likely to grow as COVID-19 changes the working landscape. As indoor spaces begin to open in the next few months, employees will want to venture out to new spaces to work, such as coffee shops and internet cafes – but working on open networks and personal devices creates unlocked gateways for cyberattacks to take place. Since this hybrid and remote way of working looks like it’s here to stay, businesses must ensure they have the right infrastructure in place to combat any cyber threats.

For instance, research by the National Cyber Security Centre shows that there has been a rise in COVID-19 related cyber attacks over the past year, with more than one in four UK hacks being related to the pandemic. This trend is not likely to ease up any time soon either. And, going forward, hackers could take advantage of excited travellers waiting to book their next holiday once the travel ban is lifted, deploying fake travel websites, for example.

Aside from the bad actors in this wider scenario, part of the problem here is that many IT teams are not making use of a holistic and layered approach to security and data recovery; which can lead to damaging consequences as data is stolen from organisations. Such issues continue to resonate strongly across businesses of all sizes, who will, therefore, turn to their MSPs for a solution.

The Importance of a Layered Approach
Cybersecurity is not a one-stop-shop. A full trilogy of solutions is required to ensure maximum effect. This includes a layered combination of DNS networking, secure endpoint connections, and an educated and empowered human workforce.

The need for DNS security cannot be ignored, especially with the rise of remote workforces, in order to monitor and manage internet access policies, as well as reduce malware. DNS is frequently targeted by

bad actors, and so DNS-layer protection is now increasingly regarded as an essential security control – providing an added layer of protection between a user and the internet by blocking malicious websites and filtering out unwanted material.

Similarly, endpoint protection solutions prevent file-based malware, detect and block malicious internal and external activity, and respond to security alerts in real-time. Webroot® Business Endpoint Protection, for example, harnesses the power of cloud computing and real-time machine learning to monitor and adapt individual endpoint defences to the unique threats that users face.

However, these innovative tools and solutions cannot be implemented without educating users and embedding a cyber security-aware culture throughout the workforce. Humans are often the weakest link in cybersecurity, with 90% of data breaches occurring due to human error. So, by offering the right training and resources, businesses can help their employees increase their cyber resilience and position themselves strongly on the front line of defence. This combination is crucial to ensure the right digital solutions are in place – as well as increasing workforces’ understanding of the critical role they play in keeping the organisation safe. In turn, these security needs provide various monetisation opportunities for the channel as more businesses require the right blend of technology and education to enable employees to be secure.

The Channel’s Role
Businesses, particularly SMBs, will look to MSPs to protect their businesses and help them achieve cyber resilience. This creates a unique and valuable opportunity for MSPs to guide customers through their cybersecurity journeys, providing them with the right tools and data protection solutions to get the most out of their employees’ home working environments in the most secure ways. Just as importantly, MSPs need to take responsibility for educating their own teams and clients. This includes delivering additional training modules around online safety through ongoing security awareness training, as well as endpoint protection and anything else that is required to enhance cyber resilience.

Moreover, cyber resilience solutions and packages can be custom-built and personalised to fit the needs of the customer, including endpoint protection, ongoing end-user training, threat intelligence, and backup and recovery. With the right tools in place to grow and automate various services – complemented by technical, organisational and personal support – channel partners will then have the keys to success to develop new revenue streams too.

Hackers are more innovative than ever before, and in order to combat increasing threats, businesses need to stay one step ahead. Companies must continue to account for the new realities of remote work and distracted workforces, and they must reinforce to employees that cyber resilience isn’t just the job of IT teams – it’s a responsibility that everyone shares. By taking a multi-layered approach to cybersecurity, businesses can develop a holistic view of their defence strategy, accounting for the multitude of vectors by which modern malware and threats are delivered. Within this evolving cybersecurity landscape, it's essential for SMBs to find an MSP partner that offers a varied portfolio of security offerings and training, as well as the knowledge and support, to keep their business data, workforces and network secure.

Wednesday, 5 May 2021

The Role of Translation in Cyber Security and Data Privacy

Article by Shiela Pulido

Due to our dependence on the internet for digital transformation, most people suffer from the risks of cyberattacks. It is an even greater concern this year due to the trend of remote working and international business expansions. According to IBM, the cost of cyber hacks in 2020 is about $3.86 million. Thus, understanding how cybersecurity and data privacy plays a priority role in organizations, especially in a multilingual setting.

But, what is the relationship of languages in data privacy, and how can a reliable translation help prevent cyber-attacks?

The Connection of Translation Company to Data Privacy
A lot of people will ask about the clear connection between translations and cybersecurity. In data privacy, conveying important information through effective communications is important. However, with language barriers and complicated jargon in the IT industry, only IT professionals can understand their messages. It is also especially difficult for multilingual people who only know basic translations of the contents.

Oftentimes, a cyber attack or cyber hack happens when people don’t know what’s happening in their gadgets. Malware developers have different ways of attacking their victims, and they make their attempts as difficult to identify as they can. Some of them use spam which is in the form of unsolicited and inappropriate messages. According to the Message Anti-Abuse Working Group, about 88–92% of total email messages in 2010 are spam.

Aside from that, phishing is also a known way of attempting to get sensitive information from users through a webpage that looks the same as a trustworthy entity. Due to the uncanny similarity of the sites, the unsuspecting visitors tend to put their bank, credit card, and identity details willingly.

For clarity and convenience, it is essential to have accurate translations for guidelines, procedures, and warnings to bridge communication gaps in cybersecurity. However, you must find an experienced translation company with specialists in diverse technologies and masters the terminologies in the IT industry. It is best to avoid free translation software that is more prone to data piracy and cyberattacks.

Cyberattack Cases Worldwide
To understand the severity of cyber hacking, here are some of the widely known cyberattacks in different parts of the world:

Even with its title as one of the leading countries with high technology, Japan still wasn’t able to escape cybercrimes. Last 2016, Japan experienced a series of cyberattacks on different companies that led to the leaking of over 12.6 million confidential corporate information. There was also another ransomware named WannaCry that attacked over 500 companies at that time. They even caused great damage to large brands like Honda Motors, which had to shut their operations down for some time.

Last 2015, there were some cyberattacks on the staff members of the Danish defence and foreign minister. It was followed by the ransomware that paralyzed the operations of Maersk, Denmark’s transport and logistics giant brand. The multiple threats of cyber attacks in their country also affected their hospitals and energy infrastructures. Due to that, the request for their languages for cybersecurity is continuously increasing up to this year.

Some people think that Russia is one of the major perpetrators of cyber-attacks around the world. However, they are vulnerable to cybercrimes themselves and have already experienced previous attacks. Some of the targeted organizations in Russia were Rosnet, their largest oil producer, airports, and banks. Wannacry was also able to infiltrate Russia’s Interior Ministry, which was a great threat to their government.

How Translators Help Prevent Cyber Attacks
As mentioned, translators are of great help in preventing cyber attacks. But, how is it possible? Here are some of the best ways to avoid data privacy invasion and malware installations through accurate translations:

Translating User Interface
The user interface is the screen that lets users and computers interact with each other. If the users cannot understand what they’re seeing, it will be difficult for them to identify suspicious ads and pop-ups. Thus, it is ideal to translate the user interface to different languages to cater to the needs of their multilingual users.

For example, if the users entered a website trying to install malicious software to a computer, they should be able to identify what they can click and not. However, most websites and user interfaces (UI) are in English, and not everyone around the world speaks this language. This is why most people tend to click the wrong buttons and accidentally permit the installation of virus-infected files.

This is also the same case when it comes to using mobile applications. Most cyber hackers are using ads and pop-ups to attack users. To confuse people, malware developers don’t only rely on standard keys such as “x” that confuses people on what they should click. They make finding the exit difficult to find to force the users to make a mistake.

In these cases, translating the UI of the website, software, and application to other languages is the ideal solution.

Bridging Communication Gaps between Cybersecurity Experts
Cybersecurity staff may understand the jargon in the IT industry, but it is a different case when they speak different languages. There are numerous cybersecurity centres all around the world and they don’t always understand English. The language barrier interferes with their ability to convey important information about cybersecurity. Due to this, most companies are hiring reliable translators to let the professionals speak confidently about important matters.

Securing Accurate Translations of Important Texts
Most websites post warnings and precautions to help their users avoid malware attacks. However, if they are in a different language, most people will just ignore these warnings. Even if they try to translate the texts through free automated translations, the result could be inaccurate and may cause misunderstandings to users.

A professional translation of these warnings, labels, and precautions can ensure that the website’s messages are properly conveyed to the users. It is especially useful for large entities, organizations, and government institutions.

Protecting Critical Information
Most small to medium enterprises choose translation software because they are relatively cheaper than hiring professional translators. However, the sad truth about that is they’re putting their companies at risk for cyber attacks. This software uses artificial intelligence and machine learning that stores your information as you translate documents. They are free to use the acquired details however they want, and you can’t do anything with it.

Thus, for critical documents, emails, and company and health information, it is ideal to hire a trusted translation company to secure your details. They also use technology with tight security and privacy for the translated contents.

Tuesday, 4 May 2021

The Key to Cybersecurity is an Educated Workforce

The United Kingdom's National Cyber Security Centre (NCSC) handled a record number of cybersecurity incidents over the last year, a 20% increase in cases handled the year before. With the increasing number and more innovative nature of cyber attacks, businesses of all sizes must prioritise cybersecurity. However, the fundamental starting point of any organisation’s security infrastructure must be a trained and aware workforce, who understand their responsibility in keeping business data safe. Oliver Paterson, Product Expert, VIPRE Security Awareness Training and Safesend, explains.

Business Size Doesn’t Matter
Whether a business is a start-up or a larger corporate organisation, all companies are at risk of a cyber-attack. We often see million-pound enterprises on the news when they suffer from a data breach, such as Estée Lauder, Microsoft and Broadvoice. But, no organisation is too small to target, including small and medium-sized businesses (SMBs), who are the target for an estimated 65,000 attempted cyber attacks every day, according to new figures. Unfortunately, these types of businesses may not have the same infrastructure and resources in place to survive such attacks, as it is found 60% of small companies go out of business within six months of falling victim to a data breach or cyber attack.

No matter the size of an organisation, the effects of a cyber attack can be devastating financially, as well as having longer-term damage to business reputation. Small businesses remain at the same level of security risks as those which are larger, for example, Volunteer Voyages, a small single-owned organisation, did not deploy the right level of security and fell victim to $14,000 in fraudulent charges using its payment information. Similarly, the entrepreneur who owns Maine Indoor Karting accidentally clicked on a malicious email pretending to be from his bank warning him of unfamiliar activity, resulting in clearing out his account. Nevertheless, SMEs can safeguard their data and themselves from these types of attacks by investing in their cybersecurity and being conscious and informed of the threats they face.

Human Error
As the year-on-year number of cyber attacks continues to accelerate, hackers are also becoming more advanced and innovative in their tactics. They are able to spot weaknesses in workforces, particularly preying on those who are working from home as a result of the ongoing pandemic, away from their trusted IT teams. In fact, a recent survey found that 90% of companies faced an increase in cyber attacks during COVID-19.

It is no surprise that hackers use humans to their advantage, as according to data from the UK Information Commissioner’s Office (ICO), human error is the cause of 90% of cyber data breaches. Humans make mistakes – stressed, tired employees who are distracted at home will make even more mistakes. Whether it’s sending a confidential document to the wrong person or clicking on a phishing email, no organisation is immune to human error and the damaging consequences this can have on the business.

Yet, these risks can be mitigated by educating workforces on the modern threat landscape and the existing risks. Teamed with anti-malware solutions and technology, such as VIPRE’s SafeSend, employees can be alerted to double-check their email attachments and recipients, as well as any potentially malicious incoming emails.

Cybersecurity Training
Businesses cannot solely rely on digital tools to protect their operations, information and people. However, they cannot expect workforces to understand and identify existing threats, as well as avert them from taking place, without education. Particularly, small and micro-businesses lack the resources and knowledge to defend against an attack, with a concerning 81% of organisations not receiving any training on cybersecurity.

Without this cognisance, workforces cannot stay ahead of the persistently evolving threat landscape. It is therefore essential that businesses choose the correct training programmes to get the most value and retention out of this learning. While deploying an annual security awareness training programme may satisfy instant requirements, it does not equate to a continuous defence strategy for ever-changing threats.

The key considerations include the length of the programme, the level of engagement, having a variety of multimedia content and ensuring it is relevant and relatable to a global audience. Adding in real-life situations and intriguing employees with diverse content, including virtual reality and phishing simulations, helps to fortify crucial cyber threat prevention messaging and educates workforces on how to protect both the business and themselves. This, in turn, strengthens the workforce security culture, ensuring employees know what to do when faced with a cyber threat.

By working with a successful vendor, such as VIPRE, that has access to the appropriate security solutions and expertise, they can help CISOs create and foster a good security culture, making security part of the vision and values of everyone in the organisation.

A Responsible Workforce
Once workforces are trained and educated on the existing security risks, it is vital that they also understand their responsibilities when securing an organisation’s IT infrastructure. Traditionally, IT teams are often perceived to have a key role in ensuring the right security measures are in place, and it’s up to them to defend the business against hackers. However, this is not the case, particularly for SMBs who may not have a committed IT unit to rely on.

Especially now with dispersed workforces and social distancing restrictions in place, the help and support from those in IT is not so immediate. Now more than ever, the responsibility must be reinforced throughout the entire business. In order to combat imminent threats, employees who are on the front lines of the business’ cyber defence must understand that they have a key role to play in keeping data safe. After all, the final choice in sending sensitive information via email or downloading an external attachment is with them.

Forrester’s latest report re-iterates this, as it states that “Organisations with strong security cultures have employees who are educated, enabled, and enthusiastic about their personal cyber safety and that of their employer.” The combination of having a vigilant and empowered workforce, supported with regular training and innovative tools, allows businesses to benefit from a security-first initiative with an educated and responsible culture long-term.

Monday, 3 May 2021

Cyber Security Roundup for May 2021


A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021.

Think Before You LinkedIn!
Business social media platform LinkedIn is being exploited by nation-state threat actors to target UK citizens.  The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles. MI5 said the faked LinkedIn accounts are created and operation by nation-state spy agencies, with an intent to recruit individuals or gather sensitive information. MI5 released a campaign video called "Think Before You Link" to raise awareness of the threat.

The personal information of 11 million UK Facebook profiles were been found on a hackers website, with the social media giant seemingly dismissing the significance of the data within a statement, "This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019".  However, personal information is rarely historic data that losses significance to the person it is associated with. In this case, the leaked Facebook data included full names, locations, birthdates, email addresses, Facebooks IDs, and even phones numbers. Such personal data is unlikely to have changed for the vast majority of people in the last couple of years, therefore this data is of concern to its owners, and also remains of good value to scammers. You can check if your phone number or email address is part of this Facebook data leak and other data breaches on the Have I Been Pwned websiteFacebook faces a privacy regulation investigation over this data breach.

The Ransomware Scourge
The Institute for Science and Technology 'Ransomware Task Force' (RTF), which is a collaboration of more than 60 stakeholders, finally released its ransomware framework, which comprised of 48 strategies to tackle the ransomware problem. “Ransomware attacks will only continue to grow in size and severity unless there is a coordinated, comprehensive, public-private response,” the 80-page report says. “It will take nothing less than our total collective effort to mitigate the ransomware scourge.” 

The RFT listed its top-five priority strategies, which are:
  1. Co-ordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.
  2. The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. This must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.
  3. Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.
  4. An internationally coordinated effort should develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks. In some under-resourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption.
  5. The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading “desks” to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.
The RFT report concludes, “Despite the gravity of their crimes, the majority of ransomware criminals operate with near-impunity, based out of jurisdictions that are unable or unwilling to bring them to justice. “This problem is exacerbated by financial systems that enable attackers to receive funds without being traced.”

The UK Government have chipped in £3.68 million of a £10.4 million bill for Redcar and Cleveland Council on the back of a ransomware attack that took the Councils IT systems down in February last year. The ransom was said not to have been paid by the Council, in a statement, LibDem Council leader Mary Lanigan said "No money was handed over to these criminals and we continue to hope that they will eventually be brought to justice.".  

Meanwhile, on the other side of the pond, it was reported that Russian-speaking ransomware gang Babuk had infiltrated Washington D.C. Met Police, and with the gang threatening to disclose confidential information via Twitter, including suspected gang member informants. The REvil ransomware gang are also reported to be demanding a hefty ransom payment from Apple, else 15 unreleased MacBook schematics and gigabytes of stolen personal data would be leaked online. The ransomware gang said it was seeking a $50 million ransom to be paid by 27th April, else the ransom would increase to $100 million.

Millions in the UK Targeted by Malware via a DHL Scam Text Message
Millions of UK citizens received a scam text message (aka smashing) which impersonated DHL in April.  The message said "DHL: Your parcel is arriving, track here <link>". That link would attempt to install spyware called Flubot, malware designed to steal online banking data from Android devices. 

A Vodafone spokesman said, "We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it's something that needs awareness to stop the spread". 

If you receive any Text Message which includes a web link, "Think before you Click!", and if you have any doubt about message origin, always better to stay safe and delete it, or to report the message to your network provider, by forwarding to 7726.
How Strong is Your Password?
Millions of British people are using their pet's name as an online password, despite it being an easy target for hackers to work out, according to a National Cyber Security Centre (NCSC) survey. The NCSC said 15% of brits use their pets names, while 14% use a family member's name, and 13% pick a notable date. A favourite sports team accounted for 6% of passwords, while a favourite TV show accounted for 5%.  Most concerning is that 6% of people are still using "password" as all, or a part of their password.

"Millions of accounts could be easily breached by criminals using trial-and-error techniques," the NCSC warned. The NCSC urges people to choose random words that cannot be guessed instead. An example they give is "RedPantsTree", which is unlikely to be used anywhere else online.