July 2017 Cyber Incident Report

August 2, 2017 at 3:00 pm | Posted in Cyber Security | Leave a comment
Tags: , , ,

So the White board has been wiped for the new financial month at work and now I can reveal the statistics behind the last financial month of the incidents recorded in July.
As a reminder the criteria to get on this list is that the Breach/Attack needs to be reported in major media outlet and be over 5000 records in size.

  • There were Six Cyber Attacks and Thirteen Data Breaches.
  • Over 150 million records were compromised.
  • Financial Costs of the Cyber Incidents this month is estimated to be over $1.2 Billion.
  • Insider Threats continue to be a weakness of all organisations.
  • Average time between each incident is just 2.3 Days.

The largest and perhaps the most interesting was the UK Parliament attack and the Nyetya malware attacks of late June, the effects of which are still being felt today. Companies such as TNT are still trying to recover from the attack that compromised their network.

Electronic Voting – It’s Hard to Hack a piece of Paper

August 1, 2017 at 3:00 pm | Posted in Cyber Security | Leave a comment
Tags: , , , , ,

One topic of conversation that comes up quite regularly for me is when people discuss electronic voting machines or voting online. With arguments in favour such as it will increase turnout and that it is more accessible. However, while I work In Cyber Security I will always be against electronic voting for the simple reason of, nothing is 100% secure.

Anyone in the security industry who says that a technology is 100% protected is lying.

There are still accusations that the US elections were tampered with and those rumours will continue for many years unless evidence is found. While it is possible to commit fraud using the UK’s traditional methods of pen plus paper and postal voting. The scale and the difficulties of doing it on a large scale is incredibly difficult.

This past week has reinforced my opinions on the weaknesses of electronic voting machines. At the Ethical hacking conferences in the USA this past week, various ethical hackers and researchers were invited to try and compromise the electronic voting machines used in past elections as recent as 2015.

Within 30 to 90 minutes, every machine type gifted to them was compromised with the researchers able to change hypothetical votes, play minesweeper and have the machines play videos.

Some of the machines could even be compromised remotely via wireless networks. It has been a pretty damning set of research and reinforces the point that with current technology no electronic voting machines cannot be 100% secure.

The ability to change thousands of votes just by messing with a spreadsheet and given the risk all organisations have against insider threats these machines cannot be considered physically secure either when not used in election season.

I’ll stick to my pen and paper for the time being.

Is a Data Breach going to bring down a Government?

July 29, 2017 at 8:30 pm | Posted in Cyber Security | Leave a comment
Tags: , , , ,

Earlier this week news came to light that information from the Swedish Transport Agency that a database containing the registration numbers of hundreds of thousands of Swedish citizens had been subject to a data breach.

Within this data was details of if people were in a witness protection program, armed service personal and police information. In short information that should never have been accessible by non-authorised parties.

However, unlike many data breaches this was not the result of a Hack but due to a lack of awareness and proper safeguards and oversight of an outsource project. The former head of the Agency has been found guilty and fined for negligence in the handling of this project and the data by the courts.

(The Maximum penalty in Sweden is just half a months’ Salary)

Now, this has taken on a political field.

This is one of the largest data breaches ever taken please in Sweden and it has emerged that Government ministers were aware of the breach happening last year but did not inform the Prime Minister for months and that when the PM did find out, this was also kept from both Parliament and other ministers.

Now the news has broken the Ministers responsible have been fired, resigned or moved. However, the threat of no confidence remains in both the Prime Minster and the ministers still in situ as it is going to be months before the data is fully secure.

This story will rumble on over the next month or so as the Swedish parliament is in recess at the moment but it is entirely possible that as more information becomes clear then a no confidence motion in the Swedish government might pass.

Time to Detection – Going Down but still a Gap

July 28, 2017 at 3:00 pm | Posted in Cyber Security | Leave a comment
Tags: , , ,

Another area discussed within the Cisco Mid-Year cyber security report is the time to detection of a breach.

In Security terms, the time taken from a breach happening to it being detected is now one of the key metrics that the industry prides itself in. In order to ensure that the attackers have as little time as possible in order to cause damage the time to detect needs to be as low as possible.

In immature security environments, it is entirely possible for attacks to remain undetected for months before it is realised that there has been a breach at all. Alternatively, even worse another party informs a company of a breach after discovering data on the internet.

In more mature security environments the time to detection is down to weeks rather than months but it is the cyber security industry and cisco in particular’s goal to get this number down to hours.

The most mature security environments are now down to around three and a half hours, which is a dramatic improvement of the nearly forty hours when Cisco started this research. However, there is still work to do as four hours is a long time for attackers to compromise a network and get what they want.

Leaving Burglars four hours to ransack your home is unacceptable and the same applies in cyber security.

A Newer Threat Emerges – Destruction of Service

July 27, 2017 at 9:38 am | Posted in Cyber Security | Leave a comment
Tags: , , ,

Another theme that emerged from the cisco mid-year cybersecurity report is the rise of destruction as a service.

Now many DDoS (Distributed Denial of Service) as a Service already exist and are can be purchased from the dark web for as little as $7 an hour and used to shut down any website you want by flooding their servers for an hour or so. These attacks are usually deployed against the various console systems over the Christmas period (Xbox live etc) in order to disrupt their services.

However, now attacks are not only seeking to disrupt and deny services but to destroy them.

Attackers are now seeking to remove the safety net that organisations rely on to restore systems following cyber incidents that disrupt their services. By wiping data instead of locking it and also compromising back-ups it is entirely possible for these new attacks to completely wipe out an organisation.

An example was the Netyra attack from a month ago which wiped out data across many industries and continues to impact companies affected. TNT for example is still trying to recover and is reporting that they still have parcels that they cannot deliver in their warehouses due to the destroyed records.

These attacks are a startling new trend in cyber security and Cisco and the rest of the industry’s strategy to try to combat these attacks is to reduce the time that it takes to detect a breach of systems before it can spread.

Cisco Mid-Year Security Report – Exploits Down Spam Up

July 25, 2017 at 10:56 am | Posted in Cyber Security | Leave a comment
Tags: , , , ,

Cisco published its mid-year security report last week and I have spent my time over the weekend reading it when I have the time.
There are many interesting findings within it and this week’s blog posts will be focusing on some of the key findings within the report.
Exploiting software vulnerabilities are one of the more prolific avenues of attack within the media, with both Wannacry and Netyra making use of the eternal blue exploit found within Microsoft systems. The Easiest way for an attacker to find out if there are exploits within a system is to purchase a kit that scans a network and looks for exploits within a system. These Exploit kits are found on the dark web for a few thousand dollars.

Cisco’s report however, shows that this avenue of attack using exploit kits are decreasing after several of them being taken down in the last twelve months. However, the risk remains and they maybe down but they are not out yet.

At the same time, Cisco has seen a further increase in spam, and it is more dangerous than before. Rather than the traditional methods, attackers putting greater focus on attachments within spam emails with compromises built into the attachments.

Attack vectors are changing all the time and it is up to the industry and end users to work together to protect themselves.

why didn’t this post yesterday? oh well

White Board update 19th July

July 19, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on White Board update 19th July
Tags: , , ,

My white board at the office has gained a lot of respect and traction not only from the team but from those outside the team as well as due to its prominent place in the office it causes people to stop and look at it when walking by.

This afternoon I did a quick calculation and research into the costs and scale of the data breaches recorded on my white board. The Criteria for reaching the whiteboard is that it must be published in a large media outlet (The Times, BBC, CNN, Chicago Tribune, ABC etc) and be over a scale size of over 5000 records.

The numbers are quite astounding,

  • The Estimated cost of the Attacks and Breaches on my board is around $1 Billion Dollars.
  • Over 135 Million records have been compromised.
  • There have been six major Cyber Attacks and nine large Data Breaches.
  • Seven caused by Insider threats of some description.
  • 5 days between recorded events on Average

There are scores of other data breaches and attacks that did not meet the criteria of my white board and even more that do not go reported.

Insider Threat – Negligence or Deliberate?

July 18, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on Insider Threat – Negligence or Deliberate?
Tags: , , , ,

With the end of the financial year approaching at work time is becoming more of a premium with discussions with clients and prospects taking place all the time.

However, one area that has come to the attention of many conversations is the threats caused by insiders within an organisation.

Insider threats can come in three distinct areas and are one of the most common threats that companies face in cyber security terms, as the best security is only as strong as its weakest link. Usually human error plays a big part in security.

The first is the Accidental threat, where employees are not as well versed in cyber security practices and open up the Phishing emails or accidentally download a compromised file. Accidental data breaches caused 30% of all security incidents in 2016.

The second is the Negligent threat, where employees try to bypass data protection rules created by an organisation in order to make their jobs easier, such as sharing documents on unsecured cloud applications.

The final is the malicious or deliberate threat, where employees deliberately bypass data protection rules, not for ease of their job but for financial or malicious gain. A disgruntled employee did the recent leak of half a million records from BUPA.

Insider threats will also be a threat vector and the attacks are looking at these weakest links and more training is key on this but also diligence as there are increasingly concerning reports that cyber criminals are trying to recruit individuals to act as an insider for them to breach an organisation.

Further Data Breaches

July 10, 2017 at 5:00 pm | Posted in Cyber Security | Comments Off on Further Data Breaches
Tags: , , , , ,

Over the weekend there was further news of Data Breaches, with once again my number on the board of cyber security breaches has not gone above three thus far.

Last week the Guardian Australia revealed that the Australian Medicare records were compromised and available for purchase on the dark web. These records it now appear to have been stolen from an insider threat rather than a full scale Breach of the Medicare records system.

News also broke that one of India’s largest telecoms providers Reliance Jio had suffered a data breach with around 100 million of their customer’s records found online unencrypted. Investigations are ongoing but this is correct then this would be one of the largest on record.

The Largest data breach in history that is currently know is the leak of around 1.4 Billion records from River City Media. The Great Irony of this particular Data Breach Is that River City Media was one of the largest Spam Email providers on the internet.

Even the bad guys sometimes make mistakes.

What is a Trojan Virus – Beware of Ukrainians bearing Gifts?

July 6, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on What is a Trojan Virus – Beware of Ukrainians bearing Gifts?
Tags: , , ,

In the Cybersecurity industry, things have come a long way since the first Computer Viruses of the 1980’s and 1990’s. However, Malware (Malicious Software) in both scope and scale has changed dramatically. From about 1 Million new pieces of Malware created in 2006 to around 140 million created in 2015.

There are many times of different names and types of Malware, from Worms to Viruses and from Ransomware to Spyware.

One of the most common forms of Malware however is the Trojan Malware.

A Trojan Malware is, as its name suggests a piece of legitimate software that has been compromised by malicious actors in order to spread their malicious software.
Once a Trojan is installed, it can then be used to install Ransomware, Spyware or a Botnet in order to be used for monetary gain by the criminals.

Research has now concluded that the Netyra attack of last week spread from an accounting software program.  This is a classic example of a Trojan in action as legitimate software disguised a malicious piece of software within it.

Trojans account for about a quarter of all pieces of Malware that are currently seen by the industry and remain one of the most common methods of attack.

Next Page »

Blog at WordPress.com.
Entries and comments feeds.