Time to Detection – Going Down but still a Gap

July 28, 2017 at 3:00 pm | Posted in Cyber Security | Leave a comment
Tags: , , ,

Another area discussed within the Cisco Mid-Year cyber security report is the time to detection of a breach.

In Security terms, the time taken from a breach happening to it being detected is now one of the key metrics that the industry prides itself in. In order to ensure that the attackers have as little time as possible in order to cause damage the time to detect needs to be as low as possible.

In immature security environments, it is entirely possible for attacks to remain undetected for months before it is realised that there has been a breach at all. Alternatively, even worse another party informs a company of a breach after discovering data on the internet.

In more mature security environments the time to detection is down to weeks rather than months but it is the cyber security industry and cisco in particular’s goal to get this number down to hours.

The most mature security environments are now down to around three and a half hours, which is a dramatic improvement of the nearly forty hours when Cisco started this research. However, there is still work to do as four hours is a long time for attackers to compromise a network and get what they want.

Leaving Burglars four hours to ransack your home is unacceptable and the same applies in cyber security.

Cisco Mid-Year Security Report – Exploits Down Spam Up

July 25, 2017 at 10:56 am | Posted in Cyber Security | Leave a comment
Tags: , , , ,

Cisco published its mid-year security report last week and I have spent my time over the weekend reading it when I have the time.
There are many interesting findings within it and this week’s blog posts will be focusing on some of the key findings within the report.
Exploiting software vulnerabilities are one of the more prolific avenues of attack within the media, with both Wannacry and Netyra making use of the eternal blue exploit found within Microsoft systems. The Easiest way for an attacker to find out if there are exploits within a system is to purchase a kit that scans a network and looks for exploits within a system. These Exploit kits are found on the dark web for a few thousand dollars.

Cisco’s report however, shows that this avenue of attack using exploit kits are decreasing after several of them being taken down in the last twelve months. However, the risk remains and they maybe down but they are not out yet.

At the same time, Cisco has seen a further increase in spam, and it is more dangerous than before. Rather than the traditional methods, attackers putting greater focus on attachments within spam emails with compromises built into the attachments.

Attack vectors are changing all the time and it is up to the industry and end users to work together to protect themselves.

why didn’t this post yesterday? oh well

NYETRA/PETYA/NOT PETYA – Cyber Attack Update

July 3, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on NYETRA/PETYA/NOT PETYA – Cyber Attack Update
Tags: , , , , ,

Last Week a new Cyber Attack began to make itself known. Originating in the Ukraine this particularly vicious piece of Malware managed to take down numerous Ukrainian organisations before spreading outside of Ukraine and affecting other companies around the globe.

The impact was significant on several levels with Cargo ships unable to unload at ports around the globe and entire companies taken off line. Rather than encrypting individual files, NYETRA encrypted the operating system.

The Spread however, was not as wide scale as WannaCry.

The reason was the delivery method, while both NYETRA and WannaCry used the same exploit system their original delivery and latter spread was different. As Netyra only spread from a compromised application on the internal network as opposed to also spreading on the external network like WannaCry did.

There is also currently debate as to whether this was a Ransomware attack or was an attacked designed to wipe data from targets. The Ransom and clean-up elements of NYETRA were considerably weaker than WannaCry.

I am leaning towards the Wiper opinion on this latest Cyber Attack personally.

Once again I urge readers to ensure that their PC’s are up to date as this attack could once again been prevented if the march update from windows had been installed.

WannaCry should have been a warning.

Fool me once shame on you, Fool me twice shame on me.

For further in depth reading on this latest attack, do check out Cisco Talos’ Blog
http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html

Note: This Blog is my own thoughts and are in no way associated to those of my current employer.

The encryption traffic conundrum solved?

June 22, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on The encryption traffic conundrum solved?
Tags: , , , ,

A challenge that has risen in recent years is the rise of encryption on internet communication traffic. Many websites are now HTTPS, especially if you submit any private details.

It also means that many cyber criminals have also adopted encrypted traffic communication in order to protect themselves and make it harder for traditional security solutions to spot malware meaning that Malware spread through encrypted traffic has become a major source of data breaches.

Currently in order to deal with this threat vector the solution is to decrypt all files resulting in a potential trade-off between security and privacy.

Cisco however, has just announced a new approach by using analytics to analyse the intent of encrypted traffic and assess whether an encrypted file is in fact malicious. This is achievable by using Cisco Talos’ intelligence of current and suspected attack vectors.

Early trials are showing it to be extremely effective and I look forward to seeing it in person and in action soon as this could solve several issues that currently are challenges to the security industry.

Blog at WordPress.com.
Entries and comments feeds.