Cisco Mid-Year Security Report – Exploits Down Spam Up

July 25, 2017 at 10:56 am | Posted in Cyber Security | Leave a comment
Tags: , , , ,

Cisco published its mid-year security report last week and I have spent my time over the weekend reading it when I have the time.
There are many interesting findings within it and this week’s blog posts will be focusing on some of the key findings within the report.
Exploiting software vulnerabilities are one of the more prolific avenues of attack within the media, with both Wannacry and Netyra making use of the eternal blue exploit found within Microsoft systems. The Easiest way for an attacker to find out if there are exploits within a system is to purchase a kit that scans a network and looks for exploits within a system. These Exploit kits are found on the dark web for a few thousand dollars.

Cisco’s report however, shows that this avenue of attack using exploit kits are decreasing after several of them being taken down in the last twelve months. However, the risk remains and they maybe down but they are not out yet.

At the same time, Cisco has seen a further increase in spam, and it is more dangerous than before. Rather than the traditional methods, attackers putting greater focus on attachments within spam emails with compromises built into the attachments.

Attack vectors are changing all the time and it is up to the industry and end users to work together to protect themselves.

why didn’t this post yesterday? oh well

White Board update 19th July

July 19, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on White Board update 19th July
Tags: , , ,

My white board at the office has gained a lot of respect and traction not only from the team but from those outside the team as well as due to its prominent place in the office it causes people to stop and look at it when walking by.

This afternoon I did a quick calculation and research into the costs and scale of the data breaches recorded on my white board. The Criteria for reaching the whiteboard is that it must be published in a large media outlet (The Times, BBC, CNN, Chicago Tribune, ABC etc) and be over a scale size of over 5000 records.

The numbers are quite astounding,

  • The Estimated cost of the Attacks and Breaches on my board is around $1 Billion Dollars.
  • Over 135 Million records have been compromised.
  • There have been six major Cyber Attacks and nine large Data Breaches.
  • Seven caused by Insider threats of some description.
  • 5 days between recorded events on Average

There are scores of other data breaches and attacks that did not meet the criteria of my white board and even more that do not go reported.

Insider Threat – Negligence or Deliberate?

July 18, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on Insider Threat – Negligence or Deliberate?
Tags: , , , ,

With the end of the financial year approaching at work time is becoming more of a premium with discussions with clients and prospects taking place all the time.

However, one area that has come to the attention of many conversations is the threats caused by insiders within an organisation.

Insider threats can come in three distinct areas and are one of the most common threats that companies face in cyber security terms, as the best security is only as strong as its weakest link. Usually human error plays a big part in security.

The first is the Accidental threat, where employees are not as well versed in cyber security practices and open up the Phishing emails or accidentally download a compromised file. Accidental data breaches caused 30% of all security incidents in 2016.

The second is the Negligent threat, where employees try to bypass data protection rules created by an organisation in order to make their jobs easier, such as sharing documents on unsecured cloud applications.

The final is the malicious or deliberate threat, where employees deliberately bypass data protection rules, not for ease of their job but for financial or malicious gain. A disgruntled employee did the recent leak of half a million records from BUPA.

Insider threats will also be a threat vector and the attacks are looking at these weakest links and more training is key on this but also diligence as there are increasingly concerning reports that cyber criminals are trying to recruit individuals to act as an insider for them to breach an organisation.

Cyber Expansion of NATO

July 11, 2017 at 4:14 pm | Posted in Cyber Security | Comments Off on Cyber Expansion of NATO
Tags: , ,

Last July the North Atlantic Treaty Organisation reaffirmed its commitment to the collective defence of the alliance. One newer addition however, was the inclusion of Cyber Security as an element of the core defence of NATO.

The Cyber Defence centre for NATO is based in Tallin Estonia, and has been a key element of NATO defence plans for the last decade.

Following the NYETRA attacks on the Ukraine that crippled Ukrainian infrastructure ranging from supermarkets to power station systems. Ukraine is now looking to formally join NATO. With the finger of blame for this attack right now being pointed at Russia another question has risen.

Would a Cyber Attack trigger Article 5 of the NATO treaty.

Article 5 has only been enacted once, that was after 9/11, and NATO secretary general has confirmed that a Cyber Attack of a certain scale and that could be proven would trigger Article 5.

The issue is the Scale and whether an attack could be proven to come from a specific vector.

Conflicts around the world are already being fought both on the virtual and real battlefield and all future conflicts will contain this element.

Further Data Breaches

July 10, 2017 at 5:00 pm | Posted in Cyber Security | Comments Off on Further Data Breaches
Tags: , , , , ,

Over the weekend there was further news of Data Breaches, with once again my number on the board of cyber security breaches has not gone above three thus far.

Last week the Guardian Australia revealed that the Australian Medicare records were compromised and available for purchase on the dark web. These records it now appear to have been stolen from an insider threat rather than a full scale Breach of the Medicare records system.

News also broke that one of India’s largest telecoms providers Reliance Jio had suffered a data breach with around 100 million of their customer’s records found online unencrypted. Investigations are ongoing but this is correct then this would be one of the largest on record.

The Largest data breach in history that is currently know is the leak of around 1.4 Billion records from River City Media. The Great Irony of this particular Data Breach Is that River City Media was one of the largest Spam Email providers on the internet.

Even the bad guys sometimes make mistakes.

What is a Trojan Virus – Beware of Ukrainians bearing Gifts?

July 6, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on What is a Trojan Virus – Beware of Ukrainians bearing Gifts?
Tags: , , ,

In the Cybersecurity industry, things have come a long way since the first Computer Viruses of the 1980’s and 1990’s. However, Malware (Malicious Software) in both scope and scale has changed dramatically. From about 1 Million new pieces of Malware created in 2006 to around 140 million created in 2015.

There are many times of different names and types of Malware, from Worms to Viruses and from Ransomware to Spyware.

One of the most common forms of Malware however is the Trojan Malware.

A Trojan Malware is, as its name suggests a piece of legitimate software that has been compromised by malicious actors in order to spread their malicious software.
Once a Trojan is installed, it can then be used to install Ransomware, Spyware or a Botnet in order to be used for monetary gain by the criminals.

Research has now concluded that the Netyra attack of last week spread from an accounting software program.  This is a classic example of a Trojan in action as legitimate software disguised a malicious piece of software within it.

Trojans account for about a quarter of all pieces of Malware that are currently seen by the industry and remain one of the most common methods of attack.

Another Day Another Data Breach – Will the clock ever reach double figures?

July 4, 2017 at 4:01 pm | Posted in Cyber Security | Comments Off on Another Day Another Data Breach – Will the clock ever reach double figures?
Tags: , , ,

As mentioned previously I have a white board in a corridor at work, where I put details of the latest data breaches and cyber-attacks reported in the press.

On the board, there is a “days since” number and that number was reset again to zero this morning.

News broke in Australia that following investigations by a journalist he was able to acquire his Medicare details from the dark web. This constitutes a massive data breach of potentially five million users in Australia in a Data Breach that is still being investigated as to its scale and cause.

Meanwhile in the UK it was revealed that the AA had also suffered a Data Breach of around 100,000 users personal identifiable information including email addresses and partial credit card details was found unencrypted on a public facing server.

The cause of the AA one looks to be human error sadly and reinforces the point that human error can account for more accidents than other causes. This is the same in Cyber Security.

I find it highly doubtful that in the current climate that my white board counter will ever get above 10 days.

NYETRA/PETYA/NOT PETYA – Cyber Attack Update

July 3, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on NYETRA/PETYA/NOT PETYA – Cyber Attack Update
Tags: , , , , ,

Last Week a new Cyber Attack began to make itself known. Originating in the Ukraine this particularly vicious piece of Malware managed to take down numerous Ukrainian organisations before spreading outside of Ukraine and affecting other companies around the globe.

The impact was significant on several levels with Cargo ships unable to unload at ports around the globe and entire companies taken off line. Rather than encrypting individual files, NYETRA encrypted the operating system.

The Spread however, was not as wide scale as WannaCry.

The reason was the delivery method, while both NYETRA and WannaCry used the same exploit system their original delivery and latter spread was different. As Netyra only spread from a compromised application on the internal network as opposed to also spreading on the external network like WannaCry did.

There is also currently debate as to whether this was a Ransomware attack or was an attacked designed to wipe data from targets. The Ransom and clean-up elements of NYETRA were considerably weaker than WannaCry.

I am leaning towards the Wiper opinion on this latest Cyber Attack personally.

Once again I urge readers to ensure that their PC’s are up to date as this attack could once again been prevented if the march update from windows had been installed.

WannaCry should have been a warning.

Fool me once shame on you, Fool me twice shame on me.

For further in depth reading on this latest attack, do check out Cisco Talos’ Blog
http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html

Note: This Blog is my own thoughts and are in no way associated to those of my current employer.

The Clock never reset – Nuclear Cyber Security & SCADA

June 29, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on The Clock never reset – Nuclear Cyber Security & SCADA
Tags: , , , ,

I will be writing about the Cyber Attack that affected many global companies later and I spent my Wednesday dealing with the fallout with clients in keeping them informed.

However, it seems that my Clock was not going to be reset as news broke that several US Nuclear Power-Plants had been compromised. On top of that, the ongoing Cyber Attack from Tuesday had taken offline some of the Chernobyl radiation detection facilities .

Security experts have been concerned about attacks on Supervisory control and data acquisition (SCADA) systems for many years as these controls are what keeps power and manufacturing plants online and operating safely.

The first piece of Malware discovered on SCADA systems controlling Iran’s nuclear program in 2012 but the concerns that these previously isolated systems are now being connected to the outside internet opening up a new vector of attack.

The US is investigating this code named Nuclear 17 attack but it seems that for now, no critical systems were compromised and hopefully this will serve as a wake-up call.

Reset the Clock – Cyber Security Attack in Progress

June 27, 2017 at 4:07 pm | Posted in Cyber Security | Comments Off on Reset the Clock – Cyber Security Attack in Progress
Tags: , , ,

We are entering the final few weeks of the quarter at work and it was month end last Friday. As part of an experiment my Whiteboard at work has been cleaned and I did a “Days since last Cyber Attack/Breach”

The number reached the dizzying height of 3 days before I wiped it down to zero a few hours ago.

There is currently a major cyber security attack in progress that has been code named PETYA. Much like WannaCry this is a piece of Ransomware that is spreading across the globe.

Organisations hit include a shipping firm, the Ukrainian government and marketing companies. With one company ordering its staff to shut down computers and go home.

The Cyber Security industry has mobilised and is now working to contain the outbreak.

More to come.

« Previous PageNext Page »

Blog at WordPress.com.
Entries and comments feeds.