Monday 13 September 2021

Prevention is Better Than Cure: The Ransomware Evolution

Ransomware tactics have continued to evolve over the years, and remain a prominent threat to both SMBs and larger organisations. Particularly during the peak of COVID-19, research by IBM found that ransomware incidents ‘exploded’ in June 2020, which saw twice as many ransomware attacks as the month prior, taking advantage of remote workers being away from the help of IT teams. The same research found that demands by cyber attackers are also increasing to as much as £31 million, which for businesses of any size, is detrimental for survival.

In recent months, ransomware attacks have not left mainstream media headlines. And with the number and frequency of ransomware attacks increasing, not to mention the innovation in distribution methods, this should be a wake-up call for organisations to strengthen their defences. Jack Garnsey, Product Manager Security Awareness Training and SafeSend, VIPRE explains that by taking a preventative approach, businesses can take the necessary steps to strengthen their cybersecurity posture. This includes a combination of education, processes, hardware and software to detect, combat and recover from such attacks if they were to arise.

Ransomware in the 21st Century
Ransomware is not a new phenomenon, but its use has grown exponentially and has led to the development of the term ‘Ransomware as a Service' (RaaS), which is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute attacks.

As ransomware incidents become more sophisticated and frequent, such as the increase in fileless attacks which exploit tools and features that are already available in the victim’s environment, the level of potential damage to a business is heightened. These types of attacks can be used in combination with social engineering targeting, such as phishing emails, without having to rely on file-based payloads. And unfortunately, ransomware is extremely difficult to prevent – all it takes is one employee clicking on the wrong link in an email or downloading a malicious attachment.

No matter the size of an organisation, the effects of ransomware can be devastating financially, as well as inflicting longer-term damage to business reputation. The Irish Department of Health and Health Service Executive (HSE) was recently attacked by The Conti ransomware group, who reportedly asked the Health Service for $20 million (£14 million) to restore access. This attack caused substantial cancellations to outpatient services, part of a system already stretched to the max due to COVID-19. Some ransomware gangs operate by a flimsy code of "ethics", stating they don't intend to endanger lives, but even if a minority of ransomware organisations are developing a sense of conscience, businesses are not exempt from the damage that can be done from such attacks.

Additionally, in the US, Colonial Pipeline paid the cyber-criminal group DarkSide nearly $5m (£3.6m) in ransom, following a cyber-attack that took its service down for five days, causing supplies to tighten across the US. Unfortunately when under attack, a majority of businesses, such as the major pipeline, often pay the ransom. Luckily for Colonial Pipeline, some of the money was later recovered by the American Department Of Justice's Ransomware and Digital Extortion Task Force. But if they pay once – they will pay multiple times. A successful ransomware attack can be used various times against many organisations, turning an attack into a cash cow for criminal organisations offering Ransomware as a Service. So much so, that there is now an ongoing debate around whether it should be illegal for businesses or an individual to pay a ransom in order to try and deter the attackers, or at the minimum, to at least report it to the necessary regulators.

Contain and Report It
If a ransomware attack were to take place, it is important that the organisation works with local authorities to try to rectify the issue and follow the guidance. Often, many ransomware attacks go unreported – and this is where a lot of criminal power lies.

Prevention is always better than cure, and damage limitation and containment are important right from the outset. As the United States President, Joe Biden, highlighted in his recent letter to business leaders around ransomware: “The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world is that companies that view ransomware as a threat to their core business operations, rather than a simple risk of data theft will react and recover more effectively.”

Most organisations should have a detailed disaster recovery plan in place and if they don’t, they should rectify this immediately. The key to every disaster recovery plan is backups. Once the breach has been contained, businesses can get back up and running quickly and relatively easily, allowing for maximum business continuity.

As soon as the main threat has passed, it is recommended that all organisations conduct a full retrospective audit, ideally without blame or scapegoats, and share their findings and steps taken with the world. Full disclosure is helpful – not only for the customer, client or patient reassurances but also for other organisations to understand how they can prevent an attack of this type from being successful again.

The Support of Digital Tools
When it comes to ransomware, the importance of getting security foundations right must be emphasised. These attacks are not likely to stop or slow any time soon, but their success can be prevented with the right security armoury.

Particularly to mitigate the threat of ransomware, it is crucial to have secure endpoint protection in place which protects the files, application and network layer across a number of devices, and respond to security alerts in real-time. This has never been more important than during the ongoing pandemic, where employees are dispersed and working from home in order to ensure all devices are protected and comply with the same standards.

Additionally, solutions such as email attachment and URL sandboxing are also vital, as these digital tools provide vital protection against malicious emails. They can help prevent dangerous links, attachments or forms of malware from entering the user's inbox by examining and quarantining them. By filtering out this traffic and automatically restricting dangerous content, businesses can maintain greater control over email and the access points to the network.

The Human Layer
The users themselves are a key part of any security strategy. Those who are educated about the types of threats they could be vulnerable to, how to spot them and the steps to take in the event of a suspected breach, are a valuable and critical asset to any organisation.

Employees need to be trained to be vigilant, cautious, suspicious and assume their role as the last line of defence when all else fails. The final decision to click send on an email or a link lies with the human, but this one click could mean the entire organisation falls prey to a ransomware attack. The key is to change the mindset from full reliance on IT, to one where everyone is responsible. In order to strengthen a business’ human layer protection, security awareness training and education must be implemented across the board.

These programmes are designed to support users in understanding the role they play in helping to combat attacks and malware. Using phishing simulations, for example, as part of the wider security strategy, will help to give employees insight into real life situations they may face at any point. The importance of testing your human firewall was also outlined in Joe Biden’s ransomware letter: “Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.”

Conclusion

Cyber security is a multi-faceted, complicated area, and one which must receive investment in each layer, from the technology to the people, to the tools we give to the users. Nevertheless, businesses of all sizes can safeguard their data and themselves from these types of ransomware attacks by investing in their cybersecurity and ensuring their workforces are conscious and informed of the threats they face.

Both detection and prevention play a key role in stopping ransomware, but it shouldn’t be one or the other. The essence of a solid cybersecurity strategy is a layered defence that includes endpoint detection and response, email security, advanced threat protection, web security and a business-grade firewall for the security of your network – at its most basic. But even with the most sophisticated software in place, hackers make it their mission to stay one step ahead of IT defences. That is why regular training, in addition to complementary security tools which reinforce security best practices, can provide a fortified strategy for users to mitigate the threat of a cyberattack.

Friday 13 August 2021

How Businesses Can Utilise Penetration Testing

Understand your security vulnerabilities
Article by 
Beau Peters

The basic approaches like phishing simulations are good, but they tend to have limited reach. This is why more agile methods, penetration testing among them, have been getting increasing attention. In essence, this sees experts with a background in ethical hacking utilizing the techniques of cybercriminals to breach a business’ systems. This also receives a certain amount of hesitancy — business owners are often unsure about the idea of letting somebody hack their systems in the name of cybersecurity.

As always, there is more to this issue. So, let’s explore what penetration testing is, why businesses should engage with it and how they can do so to get the most impact.

What are the Benefits?
Penetration testing requires a significant amount of trust. Therefore, it’s important to look at what the payoffs of this approach are as opposed to ostensibly safer techniques.

Some of the key benefits include:
  • Ascertaining Vulnerabilities
Penetration testing tends to be the most direct and reliable approach to identifying what parts of a company’s systems are vulnerable to attack. In general, testers will go through each aspect of the network architecture, the website and software code, applications, and hardware to identify where weaknesses lie. This doesn’t just apply to external threats but internal issues, too.

These experts are also approaching their review of a business’ systems with the creative, outside-of-the-box thinking cybercriminals are likely to use. As such, companies benefit from perspectives not usually offered by in-house information technology staff. Once points of vulnerability have been identified, the tester will often provide information about what issues are the highest priority to handle based on the severity of the risk and the consequences. 
  • Maintaining Trust
Perhaps above all else, the benefit of penetration testing is the opportunity to maintain and strengthen trust between a business, its customers, and its supply chain. This is vital given the amount of consumer and partner data companies are gathering and storing. Security is particularly vital in cases when companies are undergoing data democratization — where important data is not just accessible to analysts and leadership but to all members of the organization.

This can be an empowering use of data, helping workers to understand how best to use and protect such information. However, alongside practical obstacles like deficient tools and siloed data, there is a need to prevent breaches. Penetration testing identifies where risks are throughout democratization practices, giving businesses the tools to strengthen their approaches. In turn, consumers and suppliers are assured their data is used to its best purpose and kept safe.

Understand the Needs
While penetration testing utilizes curious, creative ethical hackers, businesses shouldn’t be mistaken in thinking this means it’s a simple process. It requires technological experts who usually go through at least five stages of protocols — from planning the right approach for the goals of the test to analyzing the data they’ve received and compiling a detailed report. The testing methodologies, too, can vary depending on the circumstances. As such, to make the most out of the process, businesses need to have a clear idea of what their needs are.

Some of the common tests and the relevant needs they serve include:
  • Application Testing
Many brands are producing their own apps to improve customer engagement. However, consistent data security can be difficult to achieve, particularly when working across multiple operating systems. Application penetration testing is used to spot flaws in the current security systems, as well as how they interact with user’s devices and represent vulnerabilities to consumers.
  • Physical Testing
Businesses often think cybersecurity attacks will originate remotely. But when a company keeps its servers and equipment on-site, there is potential for criminals to break into the premises and cause a breach. Hacks may even come from staff. Physical penetration testing should, therefore, be sought to understand whether the equipment is vulnerable to the types of tools and methods in-person hackers may use.
  • Wireless Testing
Businesses are increasingly utilizing wireless tools for integral parts of operations. This includes capturing sensitive data, through contactless payment machines or sensors on devices in the Internet of Things (IoT) that track and control the supply chain. Wireless penetration testing can be used to understand how easy it is to illicitly collect data or even disrupt operations through the connected ecosystem. They’ll also confirm where stricter measures need to be in place to prevent access.

Finding the Right Expert
Having established what pen testing is and how it can fit in with a business, how can companies find the right people for the job? After all, one of the key concerns companies have in this area is that they are essentially hiring hackers — there’s a lot of social and legal baggage accompanying this activity.

When bringing on a consultant or hiring an in-house tester, the best approach is to look for relevant certification. Some of the most recognized examples here include the Certified Ethical Hacker licenses issued by the International Council of E-Commerce Consultants (EC-Council), and the Certified Penetration Tester course offered by the Information Assurance Certification Review Board (IACRB). Global Information Assurance Certification (GIAC) also provides various specialized qualifications that are considered to be reliable. These courses are designed to provide knowledge not just about the technical skills to positively impact a business, but also the ethical standards to help make sure testers are staying on the right moral and legal track throughout their activities.

Conclusion
Penetration testing is an agile tool offering various benefits for businesses, including maintaining trust and highlighting points of vulnerability. However, it’s important to remember that getting the most out of the process requires clarity on the company’s challenges and goals for testing, alongside sourcing the relevant certified tester to collaborate with.

Wednesday 28 July 2021

Payment Security: Understanding the Four Corner Model

Introduction
Online shopping digital payment transactions may seem quite simple, but in reality, just one single transaction sets off multiple, long-chain reactions. The Payment Card Industry comprises debit cards, credit cards, prepaid, e-purse/e-wallet, and POS payment transactions that enable easy payment transactions for consumers. However, the card scheme is a popular payment transaction process which is also a central payment network that uses credit and debit cards to process payments. 

The card scheme comes in two variants namely the Three-Party Scheme and the Four Party Scheme payment model. The Four Corner Model also popularly known as Four-Party Scheme is the model under which most of the payment systems in the world operate. It is used in almost all standard card payment systems around the globe. So, explaining in detail the payment model, we have shared details on how the Four Corner Model works while also explain the role of every entity involved in it
The Payment Network: Four Corner Payment Security Model
The Four Corner Model of Payment Security and How it Works
The card payment network, often called the Four Party Scheme, comprises multiple entities involved in an online transaction. The entities involved would include the Cardholder, the Merchant, the Issuer, and the Acquirer. So, before moving on to understanding how the Four Corner Model works, let us briefly learn about the entities involved and their role in the process.

Cardholder
Cardholders are the consumers who are issued a debit or credit card by a financial institution, such as a bank. The cardholder is a client of the issuing financial institution and may have an account directly linked to the payment card. The cardholder uses the card to make financial transactions for products or services they avail from businesses.

Merchant
Merchants are organisations that accept card payments from cardholders for the products or services they offer to them. These can be merchants offering “Card Present Payment” digital payment options such as card swipe terminals and/or “Card Not Present” digital payment options such as online portals or even using modes such as UPI at the POS itself.) For instance, the e-commerce platforms, restaurants, hotels, and shops equipped with POS payment terminals, etc. can be termed as merchants. For that matter even an ATM can be termed as a Merchant as the primary role of the merchant is to “accept” payment cards.

Issuer/Issuing Bank
The issuer is the Financial Institution that issues the payment card to the cardholder. It is generally the bank that issues a payment card which could be a debit card, credit card, or prepaid card. However, it is important to note the issuing bank on behalf of various payment card brands like Visa, Mastercard, American Express etc provides customers with payment cards. This can even be a private payment brand or network like a domestic scheme. But it is the issuing bank that is responsible for the security of the payment card, the cryptography, and the other relevant security controls.

Acquirer
An acquirer is basically a software and hardware vendor who provide a medium or a tool for accepting payment cards to the Merchants. They are a third-party system and not the bank where the merchant has an account. So, an acquirer provides hardware or a software application to the merchant for accepting card payments and process the transactions. That said, the acquirer is responsible for managing the final return authorization codes from a transaction and ensures the merchant delivers the goods or services based on the payments received. Examples for this can be Razorpay, PayU, Paytm, etc.

How the Four Corner Model Works
The Four Corner Model triggers when a consumer makes a payment online with a payment card for products or services purchased from the merchant. This triggers the event or flow of payment authentication and processing with various entities involved in the process. However, for this to happen a cardholder needs to have a payment card while the POS terminal of the merchant must be able to accept the payment card.

So, when a customer makes a payment with the card, an authorization request transmits from the merchant's POS terminal to the acquirer, and then to the issuer who either returns a positive or negative response which then again goes back to the merchant and then to the cardholder. The authorization process and response can be obererved on the POS terminal screen. It is important to note that the authorization requests and associated responses are transmitted via the card networks like VISA and MasterCard or a vast network of switches, gateways, and servers by card scheme network. On receiving a positive response from the issuing bank, the merchant processes the delivery of the goods or services to the client. At this point, it is also important to note that the Four Corner Model can also be a Three Corner Model if the Acquirer bank is skipped in the process, and the switches and gateways route the authorization flow directly to the Issuer. This makes the payment process less hassle on the payment network and also speeds up the transactions.

While this is just one side of the payment process, now there is the clearing and settlement process that requires the merchant to transmit the transaction details to the acquirer. On receiving the transaction details, the acquirer collects the funds from the cardholders’ account by transmitting the corresponding payment flows to the issuing banks. So finally the merchant bank receives the money only after there is an interbank settlement of funds.

Conclusion
The Four Corner Model is a popular model for online payment transactions. It is a systematic payment transaction process that facilitates end-to-end secure transactions that are ciphered and protected at every stage of the information or payment transmission process. That said, such payment transactions often need HSM and automated key management to prevent hacks or criminal activity during the processing of online payment transactions. It provides the framework for managing numerous keys throughout their life cycles and ensuring secure payment transactions.

Author Bio
Narendra Sahoo (PCI QSA, PCI QPA, CISSP, CISA, and CRISC)
is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2,

PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.

Tuesday 13 July 2021

Free Coventry University Course to Help Everyone Protect their Online Privacy

Now everyone can learn what privacy means, how your privacy is impacted when using the web and mobile apps, and how to protect your privacy online thanks to a free course from Coventry University.

The UK university has worked closely with experts including Pat Walshe at PrivacyMatters to create an informative online course, offering participants easy access to key information about how to keep their online privacy safe.

Coventry University has a strong reputation for its digital education provision and online offering after it was ranked number 1 in the world for the delivery of Massive Online Open Courses (MOOCs) by MOOCLabs for 2021.

With people's information and digital footprint becoming increasingly sought after, the university hopes the course will build further awareness while helping people stay protected online. Typically, data is collected through cookies and pixels on websites or other means such as browser fingerprinting and trackers embedded in mobile apps. Tracking techniques allow multiple parties to learn about the pages you visit, what you click and view, what devices you use and your location, all of which has data protection and privacy implications.

Citizen Scientists Investigating Cookies and App GDPR compliance (CSI-COP), an EU Horizon2020 funded project led by Coventry University, has facilitated the free informal education course, called ‘Your Right to Privacy Online’. The project has already seen the creation of a privacy-by-design, no-tracking website.

The course is designed to help people gain the knowledge and skills to turn off tracking by disabling cookies on websites and changing app permissions on mobile devices. It features an introductory video, practical tasks and activities, a knowledge test and recommended reading to help participants stay safe online.

Huma Shah, Assistant Professor and Researcher in Artificial Intelligence at Coventry University, said: “We’re delighted to be able to tap into the university’s expertise in digital education to deliver this new, accessible and really useful course. The hope is that we can help as many people as possible to protect their online privacy and personal data while using the internet as well as giving them the tools and knowledge to better understand their rights to online privacy.”

Beyond the MOOC, members of the public can join the CSI-COP team as citizen scientists to explore the extent of tracking across the internet. Citizen science is a great way for volunteers to collaborate with research teams, raising awareness of issues impacting society and increasing trust between the general public and scientists.

Pat Walshe, Director for PrivacyMatters, said: “It’s never been more important to help people understand how their privacy is impacted when using websites and mobile apps and to help them protect their rights under data protection and ePrivacy law. I’m glad to see Coventry University working hard to achieve this with the development of this course which I’m sure will help greatly."

Find out more about this new course and the CSI-COP project.

Sunday 4 July 2021

Cyber Security Roundup for July 2021

    

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, June 2021.

How was UK Government Building CCTV Leaked?
The Sun newspaper published CCTV workplace footage of Health Secretary Matt Hancock, kissing aide Gina Coladangelo on 6th May 2021, the fact both are married to different people fuelled several days of sensational headlines. Given Matt Hancock has led the charge on directing the UK's COVID rules, his position in government quickly became untenable, resigning a few days later after the story broke. However, the big security concern here, is how was internal UK government building CCTV footage obtained by an external reporter?  
CCTV Leaked from UK Gov Buildings is a security concern
The Northern Ireland secretary, Brandon Lewis, summed up the security concern when he said “the security and privacy of government business mean ministers need to understand how someone was able to access and record the footage and then share it with a newspaper. What happens in government departments can be sensitive, important and people need to have confidence that what is happening in a government department is something that allows the government to be focused on these core issues, and the sensitivity sometimes in the security sense of those core issues."


Multiple media reports seem to point to a Department of Health and Social Care (DHSC) employee that was behind the leak. The Mail on Sunday reported that the leaker sent messages via Instagram to the unnamed anti-lockdown activist. One said: “I have some very damning CCTV footage of someone that has been recently classed as completely f***ing hopeless. If you would like some more information please contact me.And a further message said, “I have the full video … it’s now been deleted off the system as it’s over 30 days.”

The government announced it will be launching an internal investigation and inquiry into how the CCTV footage was leakedHopefully, this inquiry's findings will be publicly shared, I say hopefully as they don't have to make their findings public.

There was another security own-goal for UK Gov after classified Ministry of Defence (MoD) documents about the HMS Defender was found at a bus stop in KentThe MoD said it is investigating "an incident in which sensitive defence papers were recovered by a member of the public".

Pandemic Homeworker Employee Spying

Sticking with the workplace spying theme, a French court has ordered Ikea to pay a fine of €1m after the Swedish furniture chain was found guilty of spying on staff in France. Ikea France was accused of using private detectives and police officers to collect staff's private data.

 

With so many more people working from home during the pandemic, employers have stepped up the extent to which they are monitoring their staff online. Not so many years ago, employees were having to adjust to having their work emails monitored, but that seems almost quaint compared to the digital surveillance we are seeing today. Dr Evronia Azer, from Coventry University’s Centre for Business in Society, says surveillance at work can make employees feel vulnerable, leading to reduced productivity. In a recent blog, she offers solutions to curb this trend


FIFA 21 Source Code Stolen

Game publishing giant, Electronic Arts (EA), reported a hack involving the theft of several of their games source-code, including FIFA 21, the source code of which has been offered for sale on an underground forum. While some 780Gb of EA data was stolen, EA said no player data had been stolen. "We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen," an EA spokesperson said in a statement. "No player data was accessed, and we have no reason to believe there is any risk to player privacy," she added. 

FIFA 21 Source Code Stolen
EA said it had already improved security and stated that it did not expect "an impact on our games or our business". The "network intrusion" was not a ransomware attack and had happened recently, EA added.

Ransomware Update

JBS, the world's largest meat processing company, had some of its global meat production operations ground to a halt after its computer systems were attacked by ransomware. It was reported JBS paid a £7.8m ($11m) Bitcoin ransom payment to the REvil, a Russian linked cybercriminal group.  REvil had initially demanded $22 Million, and after paying the ransom, the attackers provided JBS with the decryptor.

REvil Ransomware Decryptor

The United States recovered most of the £3.1m ($4.4m) ransom paid to the DarkSide group, responsible for taking the Colonial Pipeline offline last month, an attack which caused several days causing fuel shortages in the United StatesDarkSide is thought to operate out of eastern Europe and possibly Russia. Deputy Attorney-General Lisa Monaco said investigators had “found and recaptured” 63.7 Bitcoin worth $2.3m – “the majority” of the ransom paid. Since the ransom was paid thought, the value of Bitcoin has fallen sharply, so a hit has been taken on the recovered amount given the new poorer exchange rate.

 

Stay safe and secure.

BLOG

VULNERABILITIES AND SECURITY UPDATES

Friday 11 June 2021

Why Freelancers Should Prioritise Cybersecurity

Article by Beau Peters

As a freelancer in any industry, you are likely more susceptible to hackers and cybercrime than many other professions. Not only are you pulling in a constant stream of customer data, but as a worker on the go, you likely work exclusively in the digital realm with all of your information in the online space. That means that you are basically presenting data on a silver platter for cybercriminals to find and use for malicious purposes.

If you take your business seriously, then cybersecurity needs to be your top priority, not only for your clients but also for the stability of your own enterprise. Luckily, you can stay out of the way of cybercriminals by implementing a few basic security features along with an understanding of common threats. We’ll explain both solutions below.

Protect Client Data
It is important to remember that just about any piece of client data can be used by cybercriminals to cause havoc. Credit card and social security numbers are especially dangerous, as they can be used to take out fraudulent loans and commit identity fraud that could lead to financial and emotional issues as your customers frantically try to get their life back together.

Keep in mind that it is not only the data you acquire from customers that need to be protected. As a freelancer, you are likely working on many different websites with many different companies, and the cookies and browsing breadcrumbs you leave behind are also loaded with customer data as well as your own. If you don’t protect your systems, that data can be easily extracted by hackers.

If you think you are safer because you have a smaller business, think again. Hackers tend to go after smaller targets often because they know that freelancers and new organizations often don’t have the resources or security procedures in place to protect their data, and even if the hackers only get away with a small amount of private customer data, that information is just as valuable to hackers and dangerous on the black market.

If you do have a client who becomes the victim of cybercrime and it is connected back to you, it could mean a hit to your reputation that you may not be able to come back from, and as a smaller business, you may not want that type of heat. Recent statistics show that the cost of a breach could be as much as £285k ($200k) in penalties and repairs, so if you don’t bring in that kind of money, caution is of the utmost importance.

Avoid Common Scams and Sketchy Characters
Since you are likely a one-person company that doesn’t have an IT team to detect issues and solve problems, you will need to be extra cautious of the companies and clients with which you interact. Part of that is being aware of common scams that could spell big trouble. Phishing emails are often sent by a hacker and they continue to be a constant threat. If you are contacted by a freelance client that seems too good to be true or asks for private information upfront, you may be dealing with a hacker.

You must complete your due diligence when it comes to finding and accepting freelance clients. Before you start sharing with them, get their contact information and look them up online to see if they have a digital footprint. A first step in determining if they are legitimate is by searching online with the keywords “company’s name + scam” or “company’s name + lawsuit,” and see what comes up. Also, use your network of writers and on LinkedIn to ask if your associates have heard of the company and if they have a good reputation.

Another common scam that you should be aware of has little to do with who you work with, but instead, where you do your work. The man-in-the-middle attack is when a hacker sets up a fake Wi-Fi network in a public place and tries to gain the victim’s attention by saying that it is free or by attempting to mimic the real Wi-Fi at the establishment. When you connect to this fake network, you are really connecting directly to the hacker’s computer, and from there, they can take any data they want from your machine. To avoid this scam, always take the time to ask the proprietor of the establishment for the correct Wi-Fi, so you know it is legitimate.

Securing Your Work at All Times
To have the best chance of avoiding these issues now and in the future, you will want to build your computer network like a fortress. Not only will taking the proper precautions keep you out of financial trouble, but you could also advertise in your job pitches how secure your business really is. Start with smart passwords. Every program you use should have a strong password that utilises a combination of letters, numbers, and special characters, and every password you use should be unique.

The next step in setting up your security fortress is installing software that will keep cybercriminals at bay. Start by installing antivirus software and use it to scan your system every week for malware and viruses. Always make it a point to update your antivirus software whenever a new version is available so you get the latest protection. On top of that, you should install a virtual private network (VPN), which will disguise your location and encrypt all of your precious information.

Along with keeping your data secure, you will also want to keep all-important personal and client data stored on a dependable backup server. This will come in handy if you ever lose your computer or if you are the target of ransomware, which is an attack where hackers try to take control of your system until you pay them money to release it. If you have a backup, you can recover the data without playing into the hacker’s game.

You’ve worked hard to create your freelance business, so you should do everything in your power to protect it. Try the solutions described above and your business will remain strong and secure.

Tuesday 8 June 2021

Top Cyber Security Challenges Post Lockdown

By Sam Jones | Cyber Tec Security

Not too long ago things were looking bleak for the world, still under the dark cloud of the COVID pandemic, but with vaccine rollouts now taking place worldwide, there is finally a light at the end of the tunnel. It’s important to remember, however, as we slowly transition back into some semblance of normality, that there will be new challenges to face in all facets of life, and the Cyber Security sector is no exception.

The Rise in Cyber Threat
While the COVID pandemic loomed, the world was simultaneously dealing with a slightly different type of pandemic - a cyber one. The number of cyber attacks on businesses rose dramatically over the course of the last year, with estimated increases as high as 90%.

Organisations were forced to quickly adapt and move operations out of the office and into home environments, often bypassing best practices for a secure migration. Hackers took advantage of this confusion and chaos and focused on exploiting the vulnerabilities of those at home, who were working more independently and potentially on devices that did not align with critical security controls.

The pandemic offered new opportunities for cybercriminals to develop more sophisticated attacks, with the number of novel attack techniques rising to 35%, 15% greater than pre-pandemic. The good news is that the increase in cyber attacks has likely brought to light the importance of cyber security and implementing effective measures to protect against these threats.

Hybrid Working
The pandemic has proved that remote working is indeed possible and it is probable that not all businesses will return to the office post lockdown, at least not full time. There may be more leniency with employees wanting to work from home more frequently, but this new world of hybrid working could create challenges for cyber security.

Organisations will have to be wary that employees may be moving from a secure office environment to vulnerable home environments where they could be operating with inadequate security measures in place. In the rush to home working, companies were forced into being less restrictive with security policies and plenty of staff were using their own personal devices and network. But with such little visibility and control, there was no way of knowing what vulnerabilities there may have been - devices may not have been patched, home networks were potentially insecure, and company policies and processes ignored.

This is all about understanding how we control an environment that is now a bigger risk because our network has increased from perhaps one or two locations to potentially hundreds.” CTO, Cyber Tec Security

If businesses are going to operate effectively in this hybrid working style, they will need to bear in mind certain security considerations. Many will find it beneficial to introduce a home working policy or alter other company security policies to reflect new vulnerabilities. While employees will still need to access company data at home, it is imperative that this is done securely, with data protection tools and policies put in place and the use of a VPN for secure communication channels. Companies might consider providing company hardware to remote employees, but if personal devices are used at home to access data, they will need to be securely set up and regularly audited.

Human error is still the number one cause of cyber attack and home working could make this even more prominent. In 2020, Verizon found that 67% of cyber attacks were down to phishing and Business Email Compromise. Phishing links are still clicked on and while this is likely due to poor cyber awareness, the situation could be worse in a home environment with greater dependence on email for work requests and less support and supervision.

Ultimately, organisations will need to cultivate a culture of security awareness and provide employees with relevant cyber training and resources to help minimise cyber risk and ensure individuals are fully equipped as they transition to this hybrid working style.

A Shift in Priorities
After a hard-hitting 12-14 months and a spike in cybercrime, businesses that may have not considered their cyber security before will now have it on their radar. Certain advancements can and should be made internally post-pandemic, such as developing new policies to incorporate home working and BYOD, and ensuring an incident response plan is in place.

Recent Supply Chain attacks like SolarWinds should also compel businesses to start looking at managing the security of their third parties, which are a common way for cybercriminals to gain access and cause disruption to multiple organisations in a supply chain.

Although some businesses will have the luxury of investing big money into more advanced security solutions and cyber insurance as a response to the pandemic, others will be facing budget limitations after a hard year. Regardless, no business can afford to ignore the cyber threat post-pandemic, but for most, it will be a case of identifying and prioritising risk reduction strategies to best fit your company’s funds and resources.

The pandemic has forged a new security landscape and businesses have been forced to see the importance of being able to quickly adapt to changes in our working styles and environments. Cybercrime is not going anywhere in the post-pandemic world but by being well prepared in the face of these new security challenges, businesses can stay secure and successfully protect against the cyber threat.

Tuesday 1 June 2021

Cyber Security Roundup for June 2021

   

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, May 2021.

UK Smarties Cities Cybersecurity Warning
The UK National Cyber Security Centre (NCSC) published its Smart Cities (connected places) guidance for UK local authorities. NCSC warned UK Smart Cities will be highly targeted by hackers, and as such, councils need to ensure they are properly prepared as they rollout increasingly connected and technology-reliant infrastructure. The NCSC said critical public services must be protected from disruption, while sensitive data also needs to be secured from being stolen in large volumes. Smart cities and connected rural environments promise a host of benefits for UK society, for instance, sensors will monitor pollution, real-time information on parking spaces, while cameras will track congestion and smartly manage traffic flow. However, another concern is the large volumes of personal information that will likely be collected by smart cities technology, which could erode privacy by allowing citizens to be tracked in greater detail than ever, or could be stolen by criminals or hostile states.

The NCSC's technical director, Dr Ian Levy, referred to Hollywood depictions of cyber-attacks on critical city infrastructure. He picked out the 1969 classic movie 'The Italian Job', where a computer professor switches magnetic storage tapes running traffic in the Italian city of Turin, which causes utter gridlock, enabling a haul of gold to be stolen by mini cars weaving through the traffic chaos. "A similar 'gridlock' attack on a 21st-century city would have catastrophic impacts on the people who live and work there, and criminals wouldn't likely need physical access to the traffic control system to do it" Dr Levy warns in a blog.

Is your Home Router a Security Risk?
Which? report claimed millions of UK people could be at risk of being hacked due to using outdated home routers. The consumer watchdog examined 13 router models provided to customers by internet-service companies such as EE, Sky and Virgin Media, and found more than two-thirds had security flaws.

Use of weak passwords was a common theme with the investigation, which concluded:
  • weak default passwords cyber-criminals could hack were found on most of the routers
  • a lack of firmware updates, important for security and performance
  • a network vulnerability with EE's Brightbox 2, which could give a hacker full control of the device
The routers found lacking in security updates included:
  • Sky SR101 and SR102
  • Virgin Media Super Hub and Super Hub 2
  • TalkTalk HG635, HG523a, and HG533
Which? computing editor Kate Bevan said that a proposed UK Smart Device legislation which would ban default passwords on routers "can't come soon enough. Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to update devices that pose security risks".

Eight Arrested in UK Smishing Fraud Bust
Eight UK men were arrested in an investigation into scam text messages. These scam text messages are known as "smishing" within the security industry, where text messages entice victims with a web link to either malware or malicious website, in a bid to steal personal data or bank details or to have the victim make a bogus payment. The suspects, in this case, were allegedly involved in sending fake messages posing as the Royal Mail, asking people to pay a fee to retrieve a parcel.

Colonial Pipeline DarkSide Ransomware Attack
A Russian cybercriminal group called DarkSide was said to be behind a devasting ransomware cyberattack that shut down a major fuel pipeline in the United States for several days. The cyberattack took down Colonial Pipeline's IT systems which manage a 5,500-mile pipeline network that moves some 2.5 million barrels of fuel a day from the Gulf of Mexico coast up through to New York state.  The cyberattack dominated media headlines in the United States, with US drivers warned not to panic buy petrol amid shortages in eastern states. DarkSide released a statement following the publicity, stated didn't intend to take the pipeline offline - "Our goal is to make money and not creating problems for society". CNN, the New York Times, Bloomberg and the Wall Street Journal all reported Colonial Pipeline paid $5 (£3.6) million in Bitcoin to Darkside

DarkSide is a ransomware-as-a-service platform, first seen advertised in August 2020 on Russian language hacking forums.  The service can be purchased by pre-vetted cybercriminals to deliver ransomware and to perform negotiations and accept payments from victims.  Following this attack, which garnered the focus of United States President Joe Biden and the FBIDarkSide promptly shut down its ransomware-as-service operations.

UK Foreign Secretary Dominic Raab also issued a warning to Russia on ransomware attacks, "Russia can't just wave their hands and say it's nothing to do with them", he said. "Even if it is not directly linked to the state they have a responsibility to prosecute those gangs and individuals." 

It was reported DarkSide had made at least $90m in ransom payments from about 47 other victims according to Bitcoin records. DarkSide is one of at least a dozen prolific ransomware gangs making vast profits from holding companies, schools, governments and hospitals to ransom.

Conti Ransomware takes down Ireland's Health Service
Ireland's national health service (Health Service Executive (HSE)) closed down its computer systems after reportedly being hit by the Conti ransomware group, with the cybercriminals initially asking for £14m ($20m) to restore IT systems. Ireland's Health Minister Stephen Donnelly said "the incident was having "a severe impact on health and social care services".   However, the ransomware group has since handed over software to release HSE systems for free, with the Irish government insists it did not, and would not, be paying the hackers.

Conti typically steals victims' files and encrypts the servers and workstations in an effort to force a ransom payment from the victim. If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors.  The FBI issued a warning in the United States about the Conti gang targeting at least 16 healthcare networks there. More than 400 organisations have been targeted by Conti worldwide.

The BBC news website debated whether paying ransomware should be made illegal in the UK, given it is not currently explicitly illegal for UK firms, and their insurers, to pay ransoms out to cybercriminals.

More Big Data Breaches
At least 4.5 million individuals had their personal information compromised after Air India was subjected to a cyber attack. Stolen details including names, passport information and payment details stretching back 10 years were accessed by the cybercriminals.

Check Point researchers reported Amazon Web Services System Manager (SSM) misconfigurations led to the potential exposure of more than 5 million documents with personally identifiable information and credit card transactions on more than 3,000 SSM documents. Check Point said they have worked with AWS Security to provide customers with the necessary information to help them resolve any configuration issues with the SSMs. Developers did not adhere to the AWS best practices.

Check Point researchers also reported that in analysing Android apps on open databases they discovered serious cloud misconfigurations that led to the potential exposure of data belonging to more than 100 million users. Check Point explained how the misuse of a real-time database, notification managers, and storage exposed the personal data of users, leaving corporate resources vulnerable to bad threat actors.

Stay safe and secure.

BLOG

Friday 28 May 2021

Keeping Phishing Simulations on Track


The West Midlands Train service has come under fire after workers discovered that an email promising them a bonus payment after running trains during the pandemic was actually a phishing simulation test.

Around 2,500 employees received a message which appeared to come from Julian Edwards, Managing Director of West Midlands Trains, thanking them for their hard work over the past year under COVID-19, and that they would get a one-off payment as a thank you.

However, those who clicked through on the link were then emailed back with a message telling them it was a company-designed ‘phishing simulation test’ and there was to be no bonus. The email warned: “This was a test designed by our IT team to entice you to click the link and used both the promise of thanks and financial reward.”

Since the test has been revealed, the train service has received media backlash for promising a fake financial reward to well-deserved teams. However, the modern threat landscape is constantly evolving, and it’s vital that businesses prepare their workforces against any type of threat. So was this a good test of resilience? Andrea Babbs, UK General Manager, VIPRE, explains.

Fight Fire with Fire
In order to be successful in the fight against cybercrime and protect the network, businesses should not be afraid to fight fire with fire and sometimes stoop as low as the phishers themselves – who have no morals. By using a powerful message and incentive such as the suggestion of a bonus provided by West Midlands Train Service, businesses can gain valuable insight into how their employees could be tricked into clicking on a phishing link, and why they need to ensure their staff are trained for any type of attack.

However, the test has clearly upset West Midlands’ employees and could have been done in a less dramatic way so that it wasn’t either ethically or morally questionable. Particularly during a pandemic where our frontline workers, like those in the transport industry, have continued to put themselves at risk over the last year. The idea of a bonus in the current challenging environment seems deserving as an act of recognition for their above and beyond service – but for this to be a test, rather than the promised reward, is particularly hard-hitting for those involved.

Finding the Balance
It is vital that organisations take the time to train and educate their staff so that they become an additional line of defence in an organisation’s cybersecurity strategy. However, IT teams also need to rely on users’ goodwill to encourage them along the cybersecurity journey. This test by West Midlands Train service may have damaged that goodwill and could disillusion some members of staff.

Rather than mentioning a bonus, the train service could have mentioned a change to pay, or the date of payroll. Both of these statements would have had the same instinctual reaction in employees, without having heightened emotions surrounding the letdown of a non-existent bonus.

Importance of Education
Regardless of the incentive behind the West Midlands phishing test, the fact that employees clicked on the link highlights the need for businesses to perform these types of tests in the first place.

Cybercriminals will stop at nothing to get users to click on a phishing link, download a malicious attachment or fill in their details on a forged website, and will use personal or professional information to lure them into doing this.

Therefore, employees need continuous training to identify and avoid these attacks. Going forward, businesses who are looking to deploy such phishing tests should try using less exciting topics to trick their users in order to avoid any bad will or backlash from their employees and the media.

One way to achieve this is to implement Security Awareness Training programmes that incorporate real-life situations, including phishing simulations - that are less emotive. This educational material will help organisations to fortify crucial cyber threat prevention messaging and educates workforces on how to protect both the business and themselves.

Wednesday 26 May 2021

How Hidden Vulnerabilities will Lead to Mobile Device Compromises

Your mobile device can be hacked very easily without your knowledge. Even if an attacker can’t get into your device they can attempt to gain access to the sensitive information instead that is stored inside such as your places visited, emails and contacts. It's not just consumers who are targeted by cybercriminals, the rise of smartphones and tablets in the workplace and the increase in remote working has resulted in hackers targeting businesses via their mobile device vulnerabilities.

Most individuals and organisations with very sensitive information, still do not take basic mobile security measures, even with the rising threats to our smartphones. According to a study by Intertrust on mobile security, the cost of mobile app hacks and violations will hit $1.5 billion by the end of 2021. Yet, network systems or even our desktop computers get more attention, with mobile device security continuing to be ignored by organisations across the globe every day.

Three Ways a Mobile Device can be Compromised
Unsecure Wi-Fi
When out and about, the free wifi sign is always something we’re looking out for, but it's best to ignore these networks the next time you come across a public Wi-Fi network that doesn't need a password. When using unsecured Wi-Fi networks, eavesdroppers will see all unencrypted traffic. Wi-Fi could be insecure in public places, such as cafes and airports, allowing malicious actors to visualise everything you do while connected.

Make sure you're connecting to websites using HTTPS. HTTPS ensures that correspondence to and from a specific website is encrypted, while a VPN service encrypts anything you send. Look at the address bar of your browser window to see if you're linked via HTTPS; you should see "HTTPS" at the start of the web address (or, on some web browsers there is a lock icon). Hackers have been able to obtain valid SSL certificates for sites with names that are slightly different from those of major financial institutions, as well as the HTTPS prefix.

Finally, using public Wi-Fi exposes you to session hijacking, which occurs when a hacker tracking your Wi-Fi traffic tries to hijack an open session you have with an online service (such as a social networking site or an email client) by stealing the browser cookies the service uses to identify who you are. Once hackers have your cookies, they can use it to impersonate you on these pages or even track you down.

Pay attention to the warning message your device is sending you to see if you're on an unsecured connection. An alert will pop up on iPhones saying that the identity of the server can not be checked and asking if you still want to connect. Before you can access Wi-Fi, you will be asked to press "continue". Despite this warning, 92% of users click continue on the screen. In fact, your phone has a lot of very good technology built in to alert you when you are going to make a bad security decision. Be vigilant when connecting to free Wi-Fi, and avoid exchanging personal information, to protect yourself.

Malicious Apps
There has been a rise of 54% of mobile users who have got attacked through malicious apps over the past year. Apps add mobile functionality, but also increase the risk of a data breach, particularly if they are downloaded from websites or tweets instead of a secure app store. Malicious code that allows hackers to steal data could be hidden within apps, even ones that work.

The mobile technology ecosystem is enormous. Neither Apple nor Google will look at every single app in their store and decide whether or not it is malicious. You should restrict the number of applications you install in order to protect yourself - MDM security solutions can include computer implementations that require workers to use a VPN or a private Wi-Fi hotspot to connect to public Wi-Fi networks. Due to the increasing number of sophisticated cybersecurity threats. MDM is the key to a healthy, effective, and reliable mobile workforce.

What we call the attack surface on your phone increases the more applications you have. What this suggests is that there are more code lines and thus there is a greater occurrence of a security-sensitive flaw in that amount of code.

Operating System Flaws
Vulnerabilities are identified as what lets attackers in, despite the best efforts of smartphone manufacturers. To protect users, device manufacturers release operating system updates frequently. All of those updates have very important security patches in them and people are concerned that maybe this will affect how they use their phone or if their phone will not be compatible with it.

As soon as the new updates are released, they need to enforce those changes. Hackers know about vulnerabilities after updates are issued and try to hack out-of-date devices. Nobody recovers from being hacked quickly. Although computers have always been vulnerable to attack, mobile devices are becoming a larger target for criminals to attack. Secure yourself by identifying the risks and making attempts to minimise them ahead of time.

Author
This article was provided by SaltDNA, a provider of secure mobile message and voice call communications. You can sign up for a free trial of SaltDNA or talk to a member of their team at info@saltdna.com or by visiting saltdna.com.