A Newer Threat Emerges – Destruction of Service

July 27, 2017 at 9:38 am | Posted in Cyber Security | Comments Off on A Newer Threat Emerges – Destruction of Service
Tags: , , ,

Another theme that emerged from the cisco mid-year cybersecurity report is the rise of destruction as a service.

Now many DDoS (Distributed Denial of Service) as a Service already exist and are can be purchased from the dark web for as little as $7 an hour and used to shut down any website you want by flooding their servers for an hour or so. These attacks are usually deployed against the various console systems over the Christmas period (Xbox live etc) in order to disrupt their services.

However, now attacks are not only seeking to disrupt and deny services but to destroy them.

Attackers are now seeking to remove the safety net that organisations rely on to restore systems following cyber incidents that disrupt their services. By wiping data instead of locking it and also compromising back-ups it is entirely possible for these new attacks to completely wipe out an organisation.

An example was the Netyra attack from a month ago which wiped out data across many industries and continues to impact companies affected. TNT for example is still trying to recover and is reporting that they still have parcels that they cannot deliver in their warehouses due to the destroyed records.

These attacks are a startling new trend in cyber security and Cisco and the rest of the industry’s strategy to try to combat these attacks is to reduce the time that it takes to detect a breach of systems before it can spread.


What is a Trojan Virus – Beware of Ukrainians bearing Gifts?

July 6, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on What is a Trojan Virus – Beware of Ukrainians bearing Gifts?
Tags: , , ,

In the Cybersecurity industry, things have come a long way since the first Computer Viruses of the 1980’s and 1990’s. However, Malware (Malicious Software) in both scope and scale has changed dramatically. From about 1 Million new pieces of Malware created in 2006 to around 140 million created in 2015.

There are many times of different names and types of Malware, from Worms to Viruses and from Ransomware to Spyware.

One of the most common forms of Malware however is the Trojan Malware.

A Trojan Malware is, as its name suggests a piece of legitimate software that has been compromised by malicious actors in order to spread their malicious software.
Once a Trojan is installed, it can then be used to install Ransomware, Spyware or a Botnet in order to be used for monetary gain by the criminals.

Research has now concluded that the Netyra attack of last week spread from an accounting software program.  This is a classic example of a Trojan in action as legitimate software disguised a malicious piece of software within it.

Trojans account for about a quarter of all pieces of Malware that are currently seen by the industry and remain one of the most common methods of attack.

NYETRA/PETYA/NOT PETYA – Cyber Attack Update

July 3, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on NYETRA/PETYA/NOT PETYA – Cyber Attack Update
Tags: , , , , ,

Last Week a new Cyber Attack began to make itself known. Originating in the Ukraine this particularly vicious piece of Malware managed to take down numerous Ukrainian organisations before spreading outside of Ukraine and affecting other companies around the globe.

The impact was significant on several levels with Cargo ships unable to unload at ports around the globe and entire companies taken off line. Rather than encrypting individual files, NYETRA encrypted the operating system.

The Spread however, was not as wide scale as WannaCry.

The reason was the delivery method, while both NYETRA and WannaCry used the same exploit system their original delivery and latter spread was different. As Netyra only spread from a compromised application on the internal network as opposed to also spreading on the external network like WannaCry did.

There is also currently debate as to whether this was a Ransomware attack or was an attacked designed to wipe data from targets. The Ransom and clean-up elements of NYETRA were considerably weaker than WannaCry.

I am leaning towards the Wiper opinion on this latest Cyber Attack personally.

Once again I urge readers to ensure that their PC’s are up to date as this attack could once again been prevented if the march update from windows had been installed.

WannaCry should have been a warning.

Fool me once shame on you, Fool me twice shame on me.

For further in depth reading on this latest attack, do check out Cisco Talos’ Blog

Note: This Blog is my own thoughts and are in no way associated to those of my current employer.

The Clock never reset – Nuclear Cyber Security & SCADA

June 29, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on The Clock never reset – Nuclear Cyber Security & SCADA
Tags: , , , ,

I will be writing about the Cyber Attack that affected many global companies later and I spent my Wednesday dealing with the fallout with clients in keeping them informed.

However, it seems that my Clock was not going to be reset as news broke that several US Nuclear Power-Plants had been compromised. On top of that, the ongoing Cyber Attack from Tuesday had taken offline some of the Chernobyl radiation detection facilities .

Security experts have been concerned about attacks on Supervisory control and data acquisition (SCADA) systems for many years as these controls are what keeps power and manufacturing plants online and operating safely.

The first piece of Malware discovered on SCADA systems controlling Iran’s nuclear program in 2012 but the concerns that these previously isolated systems are now being connected to the outside internet opening up a new vector of attack.

The US is investigating this code named Nuclear 17 attack but it seems that for now, no critical systems were compromised and hopefully this will serve as a wake-up call.

Reset the Clock – Cyber Security Attack in Progress

June 27, 2017 at 4:07 pm | Posted in Cyber Security | Comments Off on Reset the Clock – Cyber Security Attack in Progress
Tags: , , ,

We are entering the final few weeks of the quarter at work and it was month end last Friday. As part of an experiment my Whiteboard at work has been cleaned and I did a “Days since last Cyber Attack/Breach”

The number reached the dizzying height of 3 days before I wiped it down to zero a few hours ago.

There is currently a major cyber security attack in progress that has been code named PETYA. Much like WannaCry this is a piece of Ransomware that is spreading across the globe.

Organisations hit include a shipping firm, the Ukrainian government and marketing companies. With one company ordering its staff to shut down computers and go home.

The Cyber Security industry has mobilised and is now working to contain the outbreak.

More to come.

Zero Day Attacks- What are they?

June 19, 2017 at 9:07 pm | Posted in Cyber Security | Comments Off on Zero Day Attacks- What are they?
Tags: , , ,

Last week news broke that the university college London was under a Cyber Attack and that they were being targeted with Ransomware. As a precaution, they locked down all storage drives and began clean up exercise.

The work to restore the systems is ongoing five days later.

However, one area that they suggested is that it was a Zero Day Attack.

A Zero Day Attack is perhaps one of the most dangerous types of Cyber Attack, unlike WannaCry where the attackers used an exploit that is already known to the Cyber Security community and manufactures. A Zero Day attack is an unknown not previously discovered vulnerability.

Once Attackers are aware of an exploit that is not known to manufactures they have the ability to execute an attack on an organisation and steal/ransom their target by using this exploit.

It is then up to security organisations, end users and manufactures to identify that a zero day attack is taking place and begin the process to close the vector of attack.

The rise of Zero Day attacks has caused a change in thinking for Cyber Security companies and end users alike as now they are looking at behaviour of the network and end point communications to establish whether an attack is in progress.

It is the behavioural analytics and the ability to detect a potential Zero Day attack that security companies now pride themselves on.

Why is my Kettle Attacking me? Internet of Things Vulnerabilities.

June 12, 2017 at 4:30 pm | Posted in Cyber Security | Comments Off on Why is my Kettle Attacking me? Internet of Things Vulnerabilities.
Tags: , , , ,

Today everything is “Smart” from Televisions, Fridges, Washing Machines, Central Heating controllers and Kettles.
These devices connect to local WiFi and the internet as a whole and enable people to boil the kettle from the comfort of bed when they first wake saving them time (providing it has been filled up with water.)

These devices are becoming more and more common, Science fiction is becoming Science Fact, and already your Fridge can potentially tell you when the milk is expiring and ask if you want to order more. This is the Internet of Things.

However, as proven by WannaCry that not everyone keeps their primary internet connected devices up to date, what about devices we do not think about updating. Like our Internet Modems, TV’s and Kettles?

These are a fresh attack surface for malicious actors to exploit.

They generally do not hold as much Personal Identifiable Information as your primary Computer but they can be used to great effect in a simpler manner by Cyber Criminals.

The most basic and brute force attack used is a Distributed Denial of Service (DDOS) attack where by using internet-connected machines to make requests to a specific site or service. By overloading capacity, servers are unable to cope with demand and in effect, a website shuts itself down to fresh requests.

By compromising Internet of Things devices and enabling them to be used in a DDOS attack this allows Criminals to create vast networks of devices to attack sites and services as what happened with an attack last Autumn on a principle Address holding location for the Internet taking down sections of the Internet with it.

Both Manufacturers and Customers need to ensure that their IoT devices are up to date as that is the most simple method of protecting your devices from being used maliciously against both yourself and others.

WannaCry, Uniting the World?

May 25, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on WannaCry, Uniting the World?
Tags: , ,

One of the more interesting pieces fallout’s from the WannaCry attack has not been the clean-up but also its scale of attack.

Unusually for an attack of this scale, fingers are not pointed at the usual suspects for the origin of these sorts of attacks China and Russia. The Russian interior ministry was compromised and the vast majority of the Chinese state petrol company was attacked.

Recent analysis is indicating that around 50% of the machines compromised by Wannacry were in China.

There is unprecedented levels of cooperation between Security companies, analysts and national governments to stop this attack and clean up after it hit.

It makes me suspect that this might not be as organised as first thought as whoever set this attack in motion appears to have created a global firestorm overnight and caused normally arguing companies and governments to work together to find the origin point.

Whoever set this in motion is now an international pariah and most likely has gone to ground, as there are quite a few people who would like a word.

The Value of Cyber-Crime

May 22, 2017 at 8:25 pm | Posted in Cyber Security | Comments Off on The Value of Cyber-Crime
Tags: , , , ,

The Days of mobsters demanding extortion or protection money is long gone.
Or has it? The reality is it has moved to a more virtual space.

The WannaCry attack from last week is a prime example of one of the more common types of Cybercrime on the internet and it is extortion. The ransomware takes possession of something you own and demands payment for release.
Just like the criminal gangs of the past. They are virtual now.
It was estimated that the value of the Crimes on the internet are around $500 Billion dollars (roughly the value of Microsoft) and are growing annually.

It has also become a commodity market for criminals as well, with botnets and malware being created on demand from a Cyber Criminal Ebay.
Latest intelligence is that a piece of Malware like WannaCry can be created for around $2000 to $5000.

WannaCry has so far acquired around $100,000 in paid ransoms that is a return of around twenty times the original investment.

This is the challenge facing the cyber-security industry as the era of individuals hacking computers for the fun of it in their parents basement is over, we are now in the Era of organised criminal gangs operating in Cyber Space.

WannaCry-The Ransomware that woke up the world

May 15, 2017 at 9:05 pm | Posted in Cyber Security | Comments Off on WannaCry-The Ransomware that woke up the world
Tags: , , , ,

The last 72 hours have been one of the most interesting in the Cyber-Security industry for a long time.

As discussed last week when my last blog post went up, we were in the midst of a Cyber-Security attack that was affecting NHS trust across the UK together with numerous other organisations across the globe. The latest view is that over 100,000 devices across 74 countries across the globe were compromised.

Wannacry Map

Once the scale of the attack became apparent, the cyber security industry and Analysts across the world sprang into action to deal with the remediation process in order to try to stop the spread of this particularly nasty worm.

This is what is known so far.

WannaCry itself is a self-populating Worm containing both exploitation elements and then encryption elements.
The exploitation elements are backdoors into the system that had been uncovered months previously with the disclosure about NSA backdoors. Microsoft issued patches closing these back in March.
The Encryption elements use RSA 2048 encryption keys to lock down the files of the infected machines.

The Malware upon installation on the machine then scans for a web address and if the answer was No it begins the process of installation and encryption of the compromised device. If the answer was Yes the malware uninstalled itself as a kill code.
At the same time it is looking for other hosts on the network by inspecting the SMB protocols (Used for file sharing on networks between computers, printers etc.) and looking for the un-patched computers that it can install onto.

This automated process explains why it was possible for the malware to spread so quickly.

Thankfully, a researcher from the UK together with Cyber Security organisations, including Cisco TALOS across the world were able to find a Kill-Switch encoded within WannaCry.

Cisco Umbrella Security Platform quickly recognised the web requests coming from compromised machines as malicious and began to display warning pages informing users. This was enough to trigger the kill code in the malware and prevent further spread.

At the same, time a researcher from the UK was able to identify the kill code within the malware code and in order to active the web address and have it respond as Yes he bought and activated the domain listed in the malware in order to trick it to activating the kill code.

This work stemmed the infection in its tracks and the Cyber Security industry began pushing out patches and signatures to stop the infections further spreading together with advising people to install the latest Microsoft security patches.

However, this is a wake-up call, to governments and industries across the world. This stop is only temporary and new variations may come out soon but also shows the importance of ensuring that your devices are up to date.
Microsoft issued the patch fixing this exploit back in march.

Microsoft also took the unprecedented step of issuing the Patch closing the exploit to Windows XP machines, the first security patch for these no longer supported operating systems. The response from the Cyber-Security industry was fast but the infection was still massive.

There is a lot of work still needing to do.

For Further Reading please do check out the blogs of Cisco TALOS, MalwareTech and the National Cyber Security Centre.


There will be further updates on Wannacry over the coming weeks as more of the story gets revealed, for the time being ensure your devices are up to date.

Note: This Blog is my own thoughts and are in no way associated to those of my current employer.



Next Page »

Blog at WordPress.com.
Entries and comments feeds.