Deloitte Cyber Attack – How many time does it need to be said

September 25, 2017 at 4:00 pm | Posted in Cyber Security | Leave a comment
Tags: , , , ,

Install Two Factor Authentication.

How often does it need to be said?

This afternoon it was announced that Deloitte has suffered a Cyber Attack earlier this year. Where a malicious attacker gained access to Deloitte’s infrastructure, and was able to read and access significant amounts of data of Deloittes data.

Specifically they gained access to the email systems/archive and were able to gain access to files and information that was sent to clients.

The investigation however, revealed that the way that the attacker gained access to the network was via an administration account into their Microsoft Azure Service. That was only protected by username and password.

There was no multi or two-factor authentication on this particular service.

This is a major lapse as multifactor authentication just makes it so much more challenging to gain access to a service or account if it is more than username and password.

Multifactor authentication should always be activated on any service/account you own.

Advertisements

Equifax Compromised – Potential cost of $72 Billion

September 8, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on Equifax Compromised – Potential cost of $72 Billion
Tags: , , , , ,

Equifax, one of the big three Credit checking agencies announced last night that cyber criminals had gained access to its customer database and potentially about 143 Million of its customers have been compromised.

This is particularly concerning as the attackers had access to Equifax’s systems for almost two months and the level of information that was access, social security numbers, addresses, dates of birth, credit card numbers.

This is one of the worst data breaches I have seen in years and the response from Equifax has been poor.

For starters, they registered a new domain in order to respond to queries from 45% of the US adult population if they have been compromised in the breach. The Security companies promptly blocked it as potential phishing website as several have sprung up since.

Most damning of all, executives were allowed to sell millions in stock options after the breach was detected internally.

I cannot see this not going down the legal route.

However, this particular Data Breach allows us to put a potential cost of the Breach to it excluding the brand damage and any law suits.

Equifax is offering its Identity protection and credit monitoring services to all US residents who could have been affected by this breach.

That is around 300 million people, and the service costs $240 a year ($20 a month)

That is a potential cost of $72 Billion Dollars.

A good cyber security solution doesn’t cost that much.

The First Hack – 1903

September 5, 2017 at 4:15 pm | Posted in Cyber Security, Musings | Comments Off on The First Hack – 1903
Tags: , , ,

A Bit of a History lesson today, following a conversation with some of the recent graduates receiving a briefing on cyber security and hacking of communications in general. One of them asked a fateful question.

What was the first recorded hacking? Communications deception goes back millennia to the era and writings of Sun Tzu. In the modern parlance, however we need to go back to the dawn of Wireless communication in 1903 with John Fleming and Guglielmo Marconi and the rival to Marconi’s company Nevil Maskelyne.

Now Maskelyne’s company was struggling with the upstart Marconi company threatening market share and beginning to take the market in wireless communications with them able to demonstrate trans-atlantic wireless communication earlier in 1903. It in June 1903 that Fleming and Marconi set up a demonstration at the Royal Institution theatre in London of their secure wireless communication over long distance.

Fleming was presenting the lecture and Marconi was three hundred miles away in Cornwall getting ready to send the message.

Maskelyne however, learned that the demonstration would not be using specific tuned equipment and so he enacted his plan.

By setting up his on transmitter, a short distance from the Theatre he was able to overpower the communications from Cornwall and the printer in the Theatre began to print insults and limericks that had been sent by Maskelyne.

The First hack of radio communications has been completed.

The incident did little to harm Marconi and Fleming however, with Radio communication evolving to the modern internet of today.

August 2017 White Board Update

September 4, 2017 at 5:00 pm | Posted in Cyber Security | Comments Off on August 2017 White Board Update
Tags: , , , ,

So the White board has been wiped for the new financial month at work and now I can reveal the statistics behind the last financial month of the incidents recorded in August.

As a reminder the criteria to get on this list is that the Breach/Attack needs to be reported in major media outlet and be over 5000 records in size.

•             Average Time between Attack/Breach 2.25 Days.
•             Over a Million Records Compromised
•             7 Cyber Attacks & 12 Data Breaches.
•             Two Large Scale DDoS Attacks this month
•             One Data breach was undiscovered for 14 years.

Some of the more interesting cyber security incidents of the last month has been the attempted attack of the Scottish Parliament and the news that due to an insider threat a hospital in the United States suffered a data breach that went undetected for fourteen years.

There was also the HBO Data breach where a Cyber Criminal attempted to blackmail HBO in order not to leak the data of the latest Game of thrones series.

However, even though the UK has been on holiday for much of the month of August the Cyber security incidents have now slowed down or eased off and have remained consistent with July.

Is a Data Breach going to bring down a Government?

July 29, 2017 at 8:30 pm | Posted in Cyber Security | Comments Off on Is a Data Breach going to bring down a Government?
Tags: , , , ,

Earlier this week news came to light that information from the Swedish Transport Agency that a database containing the registration numbers of hundreds of thousands of Swedish citizens had been subject to a data breach.

Within this data was details of if people were in a witness protection program, armed service personal and police information. In short information that should never have been accessible by non-authorised parties.

However, unlike many data breaches this was not the result of a Hack but due to a lack of awareness and proper safeguards and oversight of an outsource project. The former head of the Agency has been found guilty and fined for negligence in the handling of this project and the data by the courts.

(The Maximum penalty in Sweden is just half a months’ Salary)

Now, this has taken on a political field.

This is one of the largest data breaches ever taken please in Sweden and it has emerged that Government ministers were aware of the breach happening last year but did not inform the Prime Minister for months and that when the PM did find out, this was also kept from both Parliament and other ministers.

Now the news has broken the Ministers responsible have been fired, resigned or moved. However, the threat of no confidence remains in both the Prime Minster and the ministers still in situ as it is going to be months before the data is fully secure.

This story will rumble on over the next month or so as the Swedish parliament is in recess at the moment but it is entirely possible that as more information becomes clear then a no confidence motion in the Swedish government might pass.

White Board update 19th July

July 19, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on White Board update 19th July
Tags: , , ,

My white board at the office has gained a lot of respect and traction not only from the team but from those outside the team as well as due to its prominent place in the office it causes people to stop and look at it when walking by.

This afternoon I did a quick calculation and research into the costs and scale of the data breaches recorded on my white board. The Criteria for reaching the whiteboard is that it must be published in a large media outlet (The Times, BBC, CNN, Chicago Tribune, ABC etc) and be over a scale size of over 5000 records.

The numbers are quite astounding,

  • The Estimated cost of the Attacks and Breaches on my board is around $1 Billion Dollars.
  • Over 135 Million records have been compromised.
  • There have been six major Cyber Attacks and nine large Data Breaches.
  • Seven caused by Insider threats of some description.
  • 5 days between recorded events on Average

There are scores of other data breaches and attacks that did not meet the criteria of my white board and even more that do not go reported.

Further Data Breaches

July 10, 2017 at 5:00 pm | Posted in Cyber Security | Comments Off on Further Data Breaches
Tags: , , , , ,

Over the weekend there was further news of Data Breaches, with once again my number on the board of cyber security breaches has not gone above three thus far.

Last week the Guardian Australia revealed that the Australian Medicare records were compromised and available for purchase on the dark web. These records it now appear to have been stolen from an insider threat rather than a full scale Breach of the Medicare records system.

News also broke that one of India’s largest telecoms providers Reliance Jio had suffered a data breach with around 100 million of their customer’s records found online unencrypted. Investigations are ongoing but this is correct then this would be one of the largest on record.

The Largest data breach in history that is currently know is the leak of around 1.4 Billion records from River City Media. The Great Irony of this particular Data Breach Is that River City Media was one of the largest Spam Email providers on the internet.

Even the bad guys sometimes make mistakes.

Another Day Another Data Breach – Will the clock ever reach double figures?

July 4, 2017 at 4:01 pm | Posted in Cyber Security | Comments Off on Another Day Another Data Breach – Will the clock ever reach double figures?
Tags: , , ,

As mentioned previously I have a white board in a corridor at work, where I put details of the latest data breaches and cyber-attacks reported in the press.

On the board, there is a “days since” number and that number was reset again to zero this morning.

News broke in Australia that following investigations by a journalist he was able to acquire his Medicare details from the dark web. This constitutes a massive data breach of potentially five million users in Australia in a Data Breach that is still being investigated as to its scale and cause.

Meanwhile in the UK it was revealed that the AA had also suffered a Data Breach of around 100,000 users personal identifiable information including email addresses and partial credit card details was found unencrypted on a public facing server.

The cause of the AA one looks to be human error sadly and reinforces the point that human error can account for more accidents than other causes. This is the same in Cyber Security.

I find it highly doubtful that in the current climate that my white board counter will ever get above 10 days.

Create a free website or blog at WordPress.com.
Entries and comments feeds.