Deloitte Cyber Attack – How many time does it need to be said

September 25, 2017 at 4:00 pm | Posted in Cyber Security | Leave a comment
Tags: , , , ,

Install Two Factor Authentication.

How often does it need to be said?

This afternoon it was announced that Deloitte has suffered a Cyber Attack earlier this year. Where a malicious attacker gained access to Deloitte’s infrastructure, and was able to read and access significant amounts of data of Deloittes data.

Specifically they gained access to the email systems/archive and were able to gain access to files and information that was sent to clients.

The investigation however, revealed that the way that the attacker gained access to the network was via an administration account into their Microsoft Azure Service. That was only protected by username and password.

There was no multi or two-factor authentication on this particular service.

This is a major lapse as multifactor authentication just makes it so much more challenging to gain access to a service or account if it is more than username and password.

Multifactor authentication should always be activated on any service/account you own.

Advertisements

CCleaner – Trusted Application Compromised

September 18, 2017 at 4:16 pm | Posted in Cyber Security | Comments Off on CCleaner – Trusted Application Compromised
Tags: , , , , , ,

Cisco’s cyber threat intelligence division TALOS released details today of a major exploit that it has discovered within popular PC clean up program CCleaner.

TALOS’s investigation began last week when they noticed that the latest installation of CCleaner was triggering Cisco’s Advanced Malware Protection systems indicating that the software was malicious.
Further investigations indicated that within the download for CCleaner there was a hardcoded commander and control request to download malicious software through a Backdoor.

Cisco immediately informed the manufacturers of CCleaner of the exploit and a fresh version has been released.

If you have CCLeaner 5.33 please do download the latest version immediately as this has fixed the potential issue.

The bigger concern is that millions of people could have downloaded this application from a trusted supplier since the exploit was installed by the attacker and shows the importance of cyber security in order to maintain brand reputation as like Neytra attack earlier this year this is a trusted application.

for further reading check out TALOS’ blog
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

Monitoring Logins – Why have I logged in from the far east?

August 30, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on Monitoring Logins – Why have I logged in from the far east?
Tags: , , , ,

During my recent trip to the United States, I was logging onto email systems and other systems from a different country and outside normal expected times. As such the systems, I was logging into (both professional and personal) demanded additional levels of authentication beyond username and password.

Multifactor authentication has now advanced to the point that tracking user behaviour (location, MAC address and login times for example) can be used as an additional authentication layer as opposed to a traditional token code.

You can view your successful and unsuccessful login on most personal websites to confirm it Is you and it is important to do this.
Monitoring logins is an easy and effective method of mitigating Data Breaches as if you can identify that a user or account is logging in from an unexpected location when they are not expected to be there you can lock the account down and prevent potential data breach.

Many attacks and breaches have been caused by stolen credentials and by simply monitoring login activity then this particular avenue of attack can be mitigated and the threat reduced.

July 2017 Cyber Incident Report

August 2, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on July 2017 Cyber Incident Report
Tags: , , ,

So the White board has been wiped for the new financial month at work and now I can reveal the statistics behind the last financial month of the incidents recorded in July.
As a reminder the criteria to get on this list is that the Breach/Attack needs to be reported in major media outlet and be over 5000 records in size.

  • There were Six Cyber Attacks and Thirteen Data Breaches.
  • Over 150 million records were compromised.
  • Financial Costs of the Cyber Incidents this month is estimated to be over $1.2 Billion.
  • Insider Threats continue to be a weakness of all organisations.
  • Average time between each incident is just 2.3 Days.

The largest and perhaps the most interesting was the UK Parliament attack and the Nyetya malware attacks of late June, the effects of which are still being felt today. Companies such as TNT are still trying to recover from the attack that compromised their network.

Insider Threat – Negligence or Deliberate?

July 18, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on Insider Threat – Negligence or Deliberate?
Tags: , , , ,

With the end of the financial year approaching at work time is becoming more of a premium with discussions with clients and prospects taking place all the time.

However, one area that has come to the attention of many conversations is the threats caused by insiders within an organisation.

Insider threats can come in three distinct areas and are one of the most common threats that companies face in cyber security terms, as the best security is only as strong as its weakest link. Usually human error plays a big part in security.

The first is the Accidental threat, where employees are not as well versed in cyber security practices and open up the Phishing emails or accidentally download a compromised file. Accidental data breaches caused 30% of all security incidents in 2016.

The second is the Negligent threat, where employees try to bypass data protection rules created by an organisation in order to make their jobs easier, such as sharing documents on unsecured cloud applications.

The final is the malicious or deliberate threat, where employees deliberately bypass data protection rules, not for ease of their job but for financial or malicious gain. A disgruntled employee did the recent leak of half a million records from BUPA.

Insider threats will also be a threat vector and the attacks are looking at these weakest links and more training is key on this but also diligence as there are increasingly concerning reports that cyber criminals are trying to recruit individuals to act as an insider for them to breach an organisation.

Create a free website or blog at WordPress.com.
Entries and comments feeds.