Email remains the Top threat Vector – The Crown Prince of Nigeria has died

September 13, 2017 at 4:23 pm | Posted in Cyber Security | Comments Off on Email remains the Top threat Vector – The Crown Prince of Nigeria has died
Tags: , , , , ,

It is one of the oldest methods of attack that still functions on the internet. The email, you all know the email that I am referring too. The email stating that the Crown prince of Nigeria has died, that he was your long lost relative, and if you wire some money into a holding account you can inherit £123,456,789.00

This scam has been going for a long time even dating back to letters but it reinforces a point that the bad guys got smarter.

Many of the most prominent Data Breaches in the last decade have come from a compromised email. With Social Media it is incredibly easy to find out if someone is a HR manager and to email him or her a file called “Recruiting target Q3” while pretending to be their boss.

This is Phishing and it is one of the more common ways to compromise a network.

Email security is an area that not only requires diligence and protection but also vast resources, as the data from TALOS shows over 85% of all email traffic is still currently spam but that despite it being filtered there are still billions of emails that are legitimate.

August email report

That is still a large haystack in which to hide needles that are phishing emails.
And it only needs one for someone to get into a network and for the network to be compromised.

Advertisements

Cisco Mid-Year Security Report – Exploits Down Spam Up

July 25, 2017 at 10:56 am | Posted in Cyber Security | Comments Off on Cisco Mid-Year Security Report – Exploits Down Spam Up
Tags: , , , ,

Cisco published its mid-year security report last week and I have spent my time over the weekend reading it when I have the time.
There are many interesting findings within it and this week’s blog posts will be focusing on some of the key findings within the report.
Exploiting software vulnerabilities are one of the more prolific avenues of attack within the media, with both Wannacry and Netyra making use of the eternal blue exploit found within Microsoft systems. The Easiest way for an attacker to find out if there are exploits within a system is to purchase a kit that scans a network and looks for exploits within a system. These Exploit kits are found on the dark web for a few thousand dollars.

Cisco’s report however, shows that this avenue of attack using exploit kits are decreasing after several of them being taken down in the last twelve months. However, the risk remains and they maybe down but they are not out yet.

At the same time, Cisco has seen a further increase in spam, and it is more dangerous than before. Rather than the traditional methods, attackers putting greater focus on attachments within spam emails with compromises built into the attachments.

Attack vectors are changing all the time and it is up to the industry and end users to work together to protect themselves.

why didn’t this post yesterday? oh well

Further Data Breaches

July 10, 2017 at 5:00 pm | Posted in Cyber Security | Comments Off on Further Data Breaches
Tags: , , , , ,

Over the weekend there was further news of Data Breaches, with once again my number on the board of cyber security breaches has not gone above three thus far.

Last week the Guardian Australia revealed that the Australian Medicare records were compromised and available for purchase on the dark web. These records it now appear to have been stolen from an insider threat rather than a full scale Breach of the Medicare records system.

News also broke that one of India’s largest telecoms providers Reliance Jio had suffered a data breach with around 100 million of their customer’s records found online unencrypted. Investigations are ongoing but this is correct then this would be one of the largest on record.

The Largest data breach in history that is currently know is the leak of around 1.4 Billion records from River City Media. The Great Irony of this particular Data Breach Is that River City Media was one of the largest Spam Email providers on the internet.

Even the bad guys sometimes make mistakes.

Large Scale Cyber-Security incident in Progress

May 12, 2017 at 8:48 pm | Posted in Cyber Security | Comments Off on Large Scale Cyber-Security incident in Progress
Tags: , ,

This Afternoon News broke that a piece of Ransomware had begun attacking NHS organisations in England and Scotland and began to effect the operations of these organisations.

As time went on however, it has become clear that this is current attack is part of a much larger global attack. Many organisations and countries across the globe have already been victims.

It is early days yet and there is a lot of speculation but the Cyber Security industry and the UK National Cyber Security Centre are hard at work investigating this.

I will post more on this in the future as right now it is too early to say anything for certain.

In the Mean-time if you see any emails or suspicious files arrive into your email box delete them immediately it is better safe than sorry.

No One is too small to be the victim of Cyber Crime

May 2, 2017 at 9:33 am | Posted in Cyber Security | Comments Off on No One is too small to be the victim of Cyber Crime
Tags: , , , , ,

This past two weeks I have been hard at work with the company I work for busy closing out our Quarter.

Working with the Cybersecurity industry is both a fascinating and terrifying experience as we get to see the “good guys” hard at work, but we also see the “bad guys” win.

Sadly, this weekend news broke locally for me that once again reinforced the story that needs repeating by the cybersecurity industry. That no one is small enough to be a victim of cybercrime.

A local youth football club revealed that they had been a victim of a Phishing Scam and had lost tens of thousands in savings when what looked like legitimate emails containing invoices turned out to be fraudulent.

Always being vigilant is a key action for preventing cybercrime that needs to adhere to by everyone, if you question those suspect emails and demands that appear in your email box delete them and report them to your email-hosting provider.

Another Action is to ensure that any confidential data you are inputting in a website is on a secure website (HTTPS= Secure, HTTP=Not Secure) and do not give out confidential data over the phone unless you initiated the call.

These simple steps can help prevent cybercrime.

Create a free website or blog at WordPress.com.
Entries and comments feeds.