Email remains the Top threat Vector – The Crown Prince of Nigeria has died

September 13, 2017 at 4:23 pm | Posted in Cyber Security | Comments Off on Email remains the Top threat Vector – The Crown Prince of Nigeria has died
Tags: , , , , ,

It is one of the oldest methods of attack that still functions on the internet. The email, you all know the email that I am referring too. The email stating that the Crown prince of Nigeria has died, that he was your long lost relative, and if you wire some money into a holding account you can inherit £123,456,789.00

This scam has been going for a long time even dating back to letters but it reinforces a point that the bad guys got smarter.

Many of the most prominent Data Breaches in the last decade have come from a compromised email. With Social Media it is incredibly easy to find out if someone is a HR manager and to email him or her a file called “Recruiting target Q3” while pretending to be their boss.

This is Phishing and it is one of the more common ways to compromise a network.

Email security is an area that not only requires diligence and protection but also vast resources, as the data from TALOS shows over 85% of all email traffic is still currently spam but that despite it being filtered there are still billions of emails that are legitimate.

August email report

That is still a large haystack in which to hide needles that are phishing emails.
And it only needs one for someone to get into a network and for the network to be compromised.

Advertisements

Importance of Multi-Factor authentication

August 16, 2017 at 4:00 pm | Posted in Cyber Security, Musings | Comments Off on Importance of Multi-Factor authentication
Tags: , , , ,

Yesterday it was announced that the Scottish Parliament was under a cyber-attack similar to the one that targeted Westminster earlier in the year.

The Attackers were trying to gain access to the email systems of MSP’s and Staff members of the parliament for their own gains. This time it looks as if the attack was stopped in its tracks.

I am fortunate enough to have worked with the Scottish Parliament closely in a previous role and I know a bit more about their security infrastructure than most. And, I am assuming that their methods of security have not changed to radically in the last three years.

The Scottish Parliament does use multifactor authentication for the majority of its users.

The importance of multifactor authentication is key to as to why this particular brute force attack was not as successful as previous one that hit Westminster as there was an added layer of security beyond that of username and password.

It still affected the Scottish Parliament but it is better to have some minor disruptions as opposed to having data stolen.

Cisco Mid-Year Security Report – Exploits Down Spam Up

July 25, 2017 at 10:56 am | Posted in Cyber Security | Comments Off on Cisco Mid-Year Security Report – Exploits Down Spam Up
Tags: , , , ,

Cisco published its mid-year security report last week and I have spent my time over the weekend reading it when I have the time.
There are many interesting findings within it and this week’s blog posts will be focusing on some of the key findings within the report.
Exploiting software vulnerabilities are one of the more prolific avenues of attack within the media, with both Wannacry and Netyra making use of the eternal blue exploit found within Microsoft systems. The Easiest way for an attacker to find out if there are exploits within a system is to purchase a kit that scans a network and looks for exploits within a system. These Exploit kits are found on the dark web for a few thousand dollars.

Cisco’s report however, shows that this avenue of attack using exploit kits are decreasing after several of them being taken down in the last twelve months. However, the risk remains and they maybe down but they are not out yet.

At the same time, Cisco has seen a further increase in spam, and it is more dangerous than before. Rather than the traditional methods, attackers putting greater focus on attachments within spam emails with compromises built into the attachments.

Attack vectors are changing all the time and it is up to the industry and end users to work together to protect themselves.

why didn’t this post yesterday? oh well

Further Data Breaches

July 10, 2017 at 5:00 pm | Posted in Cyber Security | Comments Off on Further Data Breaches
Tags: , , , , ,

Over the weekend there was further news of Data Breaches, with once again my number on the board of cyber security breaches has not gone above three thus far.

Last week the Guardian Australia revealed that the Australian Medicare records were compromised and available for purchase on the dark web. These records it now appear to have been stolen from an insider threat rather than a full scale Breach of the Medicare records system.

News also broke that one of India’s largest telecoms providers Reliance Jio had suffered a data breach with around 100 million of their customer’s records found online unencrypted. Investigations are ongoing but this is correct then this would be one of the largest on record.

The Largest data breach in history that is currently know is the leak of around 1.4 Billion records from River City Media. The Great Irony of this particular Data Breach Is that River City Media was one of the largest Spam Email providers on the internet.

Even the bad guys sometimes make mistakes.

The Weakness of Passwords – Parliament Cyber Attack

June 26, 2017 at 4:30 pm | Posted in Cyber Security | Comments Off on The Weakness of Passwords – Parliament Cyber Attack
Tags: , , , ,

News broke last week that the Parliament email services were under a sustained cyber-attack and that in order to prevent further compromise the service was disabled for all users.
Initial reports indicate that only 1% of accounts were compromised.

Users are getting back online today, for around 48 hours parliamentarians and staff were not able to get access to emails and respond to constituents.

In Business this would be unacceptable and could result in significant loss to both income and brand reputation.

However, one thing that is clear from the initial reports of this attack is that the attackers were using simple usernames and passwords to gain access to the accounts.
This highlights the weakness of username and passwords.

Passwords continue to be the weak link of security as human nature is that we use passwords that are easy to recall. This in itself can be used against individuals when passwords are repeated across websites as when one website is compromised your password can be used elsewhere in most cases.

Multifactor authentication (MFA) is necessary for protecting yourself from this sort of attack and it is perhaps one of the simpler authentication solutions on the market with many companies including Microsoft and Google implementing their own branded MFA options for personal email accounts.

John Glenn used RSA Multifactor Authentication (SecurID) on a space shuttle mission in 1998.

If Parliament is not using Multifactor Authentication and Identity Services for access to Parliamentary Services then some serious questions, need asking of Parliament’s cyber security strategy.

Blog at WordPress.com.
Entries and comments feeds.