Deloitte Cyber Attack – How many time does it need to be said

September 25, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on Deloitte Cyber Attack – How many time does it need to be said
Tags: , , , ,

Install Two Factor Authentication.

How often does it need to be said?

This afternoon it was announced that Deloitte has suffered a Cyber Attack earlier this year. Where a malicious attacker gained access to Deloitte’s infrastructure, and was able to read and access significant amounts of data of Deloittes data.

Specifically they gained access to the email systems/archive and were able to gain access to files and information that was sent to clients.

The investigation however, revealed that the way that the attacker gained access to the network was via an administration account into their Microsoft Azure Service. That was only protected by username and password.

There was no multi or two-factor authentication on this particular service.

This is a major lapse as multifactor authentication just makes it so much more challenging to gain access to a service or account if it is more than username and password.

Multifactor authentication should always be activated on any service/account you own.


CCleaner – Trusted Application Compromised

September 18, 2017 at 4:16 pm | Posted in Cyber Security | Comments Off on CCleaner – Trusted Application Compromised
Tags: , , , , , ,

Cisco’s cyber threat intelligence division TALOS released details today of a major exploit that it has discovered within popular PC clean up program CCleaner.

TALOS’s investigation began last week when they noticed that the latest installation of CCleaner was triggering Cisco’s Advanced Malware Protection systems indicating that the software was malicious.
Further investigations indicated that within the download for CCleaner there was a hardcoded commander and control request to download malicious software through a Backdoor.

Cisco immediately informed the manufacturers of CCleaner of the exploit and a fresh version has been released.

If you have CCLeaner 5.33 please do download the latest version immediately as this has fixed the potential issue.

The bigger concern is that millions of people could have downloaded this application from a trusted supplier since the exploit was installed by the attacker and shows the importance of cyber security in order to maintain brand reputation as like Neytra attack earlier this year this is a trusted application.

for further reading check out TALOS’ blog

Email remains the Top threat Vector – The Crown Prince of Nigeria has died

September 13, 2017 at 4:23 pm | Posted in Cyber Security | Comments Off on Email remains the Top threat Vector – The Crown Prince of Nigeria has died
Tags: , , , , ,

It is one of the oldest methods of attack that still functions on the internet. The email, you all know the email that I am referring too. The email stating that the Crown prince of Nigeria has died, that he was your long lost relative, and if you wire some money into a holding account you can inherit £123,456,789.00

This scam has been going for a long time even dating back to letters but it reinforces a point that the bad guys got smarter.

Many of the most prominent Data Breaches in the last decade have come from a compromised email. With Social Media it is incredibly easy to find out if someone is a HR manager and to email him or her a file called “Recruiting target Q3” while pretending to be their boss.

This is Phishing and it is one of the more common ways to compromise a network.

Email security is an area that not only requires diligence and protection but also vast resources, as the data from TALOS shows over 85% of all email traffic is still currently spam but that despite it being filtered there are still billions of emails that are legitimate.

August email report

That is still a large haystack in which to hide needles that are phishing emails.
And it only needs one for someone to get into a network and for the network to be compromised.

Equifax Compromised – Potential cost of $72 Billion

September 8, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on Equifax Compromised – Potential cost of $72 Billion
Tags: , , , , ,

Equifax, one of the big three Credit checking agencies announced last night that cyber criminals had gained access to its customer database and potentially about 143 Million of its customers have been compromised.

This is particularly concerning as the attackers had access to Equifax’s systems for almost two months and the level of information that was access, social security numbers, addresses, dates of birth, credit card numbers.

This is one of the worst data breaches I have seen in years and the response from Equifax has been poor.

For starters, they registered a new domain in order to respond to queries from 45% of the US adult population if they have been compromised in the breach. The Security companies promptly blocked it as potential phishing website as several have sprung up since.

Most damning of all, executives were allowed to sell millions in stock options after the breach was detected internally.

I cannot see this not going down the legal route.

However, this particular Data Breach allows us to put a potential cost of the Breach to it excluding the brand damage and any law suits.

Equifax is offering its Identity protection and credit monitoring services to all US residents who could have been affected by this breach.

That is around 300 million people, and the service costs $240 a year ($20 a month)

That is a potential cost of $72 Billion Dollars.

A good cyber security solution doesn’t cost that much.

The First Hack – 1903

September 5, 2017 at 4:15 pm | Posted in Cyber Security, Musings | Comments Off on The First Hack – 1903
Tags: , , ,

A Bit of a History lesson today, following a conversation with some of the recent graduates receiving a briefing on cyber security and hacking of communications in general. One of them asked a fateful question.

What was the first recorded hacking? Communications deception goes back millennia to the era and writings of Sun Tzu. In the modern parlance, however we need to go back to the dawn of Wireless communication in 1903 with John Fleming and Guglielmo Marconi and the rival to Marconi’s company Nevil Maskelyne.

Now Maskelyne’s company was struggling with the upstart Marconi company threatening market share and beginning to take the market in wireless communications with them able to demonstrate trans-atlantic wireless communication earlier in 1903. It in June 1903 that Fleming and Marconi set up a demonstration at the Royal Institution theatre in London of their secure wireless communication over long distance.

Fleming was presenting the lecture and Marconi was three hundred miles away in Cornwall getting ready to send the message.

Maskelyne however, learned that the demonstration would not be using specific tuned equipment and so he enacted his plan.

By setting up his on transmitter, a short distance from the Theatre he was able to overpower the communications from Cornwall and the printer in the Theatre began to print insults and limericks that had been sent by Maskelyne.

The First hack of radio communications has been completed.

The incident did little to harm Marconi and Fleming however, with Radio communication evolving to the modern internet of today.

August 2017 White Board Update

September 4, 2017 at 5:00 pm | Posted in Cyber Security | Comments Off on August 2017 White Board Update
Tags: , , , ,

So the White board has been wiped for the new financial month at work and now I can reveal the statistics behind the last financial month of the incidents recorded in August.

As a reminder the criteria to get on this list is that the Breach/Attack needs to be reported in major media outlet and be over 5000 records in size.

•             Average Time between Attack/Breach 2.25 Days.
•             Over a Million Records Compromised
•             7 Cyber Attacks & 12 Data Breaches.
•             Two Large Scale DDoS Attacks this month
•             One Data breach was undiscovered for 14 years.

Some of the more interesting cyber security incidents of the last month has been the attempted attack of the Scottish Parliament and the news that due to an insider threat a hospital in the United States suffered a data breach that went undetected for fourteen years.

There was also the HBO Data breach where a Cyber Criminal attempted to blackmail HBO in order not to leak the data of the latest Game of thrones series.

However, even though the UK has been on holiday for much of the month of August the Cyber security incidents have now slowed down or eased off and have remained consistent with July.

Kenya Election Result Overturned – Electronic voting Part 2

September 1, 2017 at 4:00 pm | Posted in Cyber Security, Musings | Comments Off on Kenya Election Result Overturned – Electronic voting Part 2
Tags: , , , , ,

It has been a month since I posted previously about electronic voting and my preference for pen and paper as it is more challenging to compromise that method.

Today it has been announced that the Supreme Court of Kenya has overturned the election result of the recent presidential election due to failures in the electronic voting system.

Now the court has not revealed if this was a result of a Cyber Attack or Data Breach and whether it was malicious or not. However, it has revealed that one of the reasons for the overturning of the result was the failures of the electronic voting system.

Given the history of “rigged” elections in some African countries I can understand the desire to go to electronic voting as it is easier than filling ballot boxes with false ballots and the mantra of “vote early, vote often.” It seems though in this case that this has failed to move by as well.

I will read the full report from the Court with interest.

US Navy Collisions – Was it a Cyber Attack that caused it?

August 31, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on US Navy Collisions – Was it a Cyber Attack that caused it?
Tags: , , ,

Short answer No.

The longer answer is more complicated as it goes back to what communications technology that warships use when on deployment. When a Warship is on an active deployment communications between the ship and the shore are on encrypted high band traffic.

This is a completely different system from the conventional communications used by Merchant ships and the public as a whole, which means that it is not a Hack in the traditional sense.
In order to compromise a warships system you would need to gain access to the communication systems themselves that are generally hardened technology not connected to the outside internet, which means that a physical connection is required.

As such, it is considerably more challenging and unlikely that a warship is hacked as unless someone physically got on-board or compromised the hardened communications and information then these ships were not subject to a cyber-attack.

More likely, these were accidents because of a lack of physical on the water training as opposed to anything malicious.

Monitoring Logins – Why have I logged in from the far east?

August 30, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on Monitoring Logins – Why have I logged in from the far east?
Tags: , , , ,

During my recent trip to the United States, I was logging onto email systems and other systems from a different country and outside normal expected times. As such the systems, I was logging into (both professional and personal) demanded additional levels of authentication beyond username and password.

Multifactor authentication has now advanced to the point that tracking user behaviour (location, MAC address and login times for example) can be used as an additional authentication layer as opposed to a traditional token code.

You can view your successful and unsuccessful login on most personal websites to confirm it Is you and it is important to do this.
Monitoring logins is an easy and effective method of mitigating Data Breaches as if you can identify that a user or account is logging in from an unexpected location when they are not expected to be there you can lock the account down and prevent potential data breach.

Many attacks and breaches have been caused by stolen credentials and by simply monitoring login activity then this particular avenue of attack can be mitigated and the threat reduced.

Returning to Normal Schedule – Intuitive Networks

August 29, 2017 at 4:17 pm | Posted in Cyber Security | Comments Off on Returning to Normal Schedule – Intuitive Networks
Tags: , , ,

For the majority of the last few weeks I have been abroad in the United States attending a conference with work to discuss strategies for the upcoming financial year but also to learn more about what is coming up.

There is a lot coming up in terms of technology and strategy from Cisco but for the time being I think the best way to see what is coming is to ask Peter Dinklage.

Innovation and intuition is the most human element of all, we learn and we adapt we go from there.

Next Page »

Blog at
Entries and comments feeds.