PC PORTAL

Experienced. Trusted. Solutions.

Computer Viruses

By

EU Cyber Security Month roundup – advice on staying secure

During October, BH Consulting has been sharing daily advice about digital security and privacy on its social media channels as part of EU Cyber Security Month. This blog gathers together all of these tips into a single place. As each week goes by, we will keep adding to the content, in descending order. By the end of October, it will be a single resource for security advice you can share with colleagues or friends and family.

EU Cyber Security Month – tips from week four

For week four of our campaign, we looked at ways to improve online security and privacy in our personal lives. With recent social media breaches still fresh in the memory – or at least they ought to be – it’s worth reviewing privacy settings on these sites. We shared a link to Europol’s page with excellent tips for adjusting the settings on some of the most popular social channels like Snapchat, Instagram, Twitter and Facebook.

Staying with social media, our following tip covered the risk of sharing misinformation. Sometimes we do it with good intentions, but it’s always worth checking the truth with a reliable source. As Brian blogged earlier this year, the internet is a breeding ground for urban myths and untruths. “Every time we unthinkingly share false news, we’re helping them to grow and spread.”

Our Wednesday warning covered the phenomenon of scam calls, which are still very prevalent. Apart from the nuisance value, they could be criminals tricking you into divulging bank details, or stealing your money. For this tip, we shared a link to the Office for Internet Safety, which has a range of guides on ensuring a safer online environment.

Our Thursday tip urged people to watch for suspicious web addresses and scam offers. Visiting fake websites could infect your tablet, mobile or laptop with malware – or steal your data. The consumer magazine Which has some excellent advice on how to spot fraudulent websites.

Continuing the theme from our previous message, our Friday post warned of face shopping websites. That’s a year-round risk but it’s especially true in the runup to the holiday season. As our blog from last year shows, if you plan to part with your money online, make sure you only visit safe, verified websites.

EU Cyber Security Month – tips from week three

Week three of EU Cyber Security Month began with a reminder about the importance of reading. Well researched, highly regarded reports like Europol’s IOCTA (internet organised crime threat assessment) and the Verizon Data Breach Investigations Report are valuable sources of intel.

Improving security culture is often a matter of taking some simple steps to improve readiness. The UK’s National Cyber Security Centre looks at 10 of these areas with a series of free guides. The advice includes making security a board-level responsibility, through to implementing secure configuration and managing user privileges to stop threats.

With threats and risks changing all the time – while your organisation also adapts and grows – it’s essential to stay on top of current best practice. Our Thursday tip reminded that it’s always worth refreshing your knowledge of network and information security. We linked to a quick-fire quiz from the organisers of EU Cyber Security Awareness Month. Taking the quiz might identify areas where you can up your game.

Our fourth tip of the week was aimed at organisations with mature security controls. For those with confidence in their defences but wanting to improve, a red team exercise can identify possible weak points. Here’s our blog about the benefits of red teaming.

Now that we accept that security incidents can lead to business downtime, what can we do about it? We start by making the organisation resilient. This happens through agreed processes and careful preparation so that if the worst happens, the business can keep operating. BH Consulting CEO Brian Honan has spoken about this very topic, and that was our link for the final tip of the week.

EU Cyber Security Month – tips from week two

We kicked off week two of EU Cyber Security Month with a reminder that information security covers more than just data. Having a clean desk policy at work can protect important information in physical documents, as well as computers. Here’s a good sample policy developed by SANS Institute.

Our second tip of week two covers a key starting point for any good security plan. Knowing what data you hold helps in making choices about what level of protection it will need. (This is also an important part of privacy and data protection strategy, too.) We recently blogged about classifying data in this way, referring to IBM’s recent decision to ban USB storage keys.

Day three was a reminder that data breaches and security incidents are crimes. By reporting these cases to police, victims not only help with the investigation of their own incident, they also contribute valuable information to help law enforcement tackle cybercrime.

Next, we explained how digital forensics capability can help in tracing internal security incidents. Companies with the security resources in place can set up their own digital forensics lab without needing a large investment. Having an in-house lab allows security teams to carry out inquiries into everything from a security breach to HR issues.

Rounding out our advice for the week, we focused on the importance of risk assessment. This is where security and business goals meet. The key to developing solid risk assessment is to have a repeatable approach that guides your decisions. For this tip, we linked to David Prendergast’s excellent blog with advice on developing just such a risk assessment framework.

EU Cyber Security Month – tips from week one

Our first tip raised awareness of the need to prevent CEO fraud and fake invoice scams in your business. This is easy to do and doesn’t need technical fix; it’s just a matter of changing your business processes. Anyone with access to payment systems should check with a colleague before paying money to unfamiliar accounts. Here’s a link to a recent blog we posted about this.

Tip number two covers ransomware, which is one of the most widespread security threats today. Regularly backing up your data can help you recover from a ransomware infection. You’ll find more details here.

For our third tip of the week, we looked at phishing: one of the most effective tactics in an attacker’s arsenal. One of the best investments you can make is in security awareness: train company staff to spot fake emails.

We use so many different online services and invariably, they all ask us for a password. It’s vital to use different pass phrases a password manager when logging in to these services as securely as possible. Here are our tips on what to do – and not to do – when choosing a password.

For our last tip of week one, we covered data breaches. Unfortunately, they’re all too common and there seems to be a new incident on an almost weekly basis. Planning and preparation in advance of a possible breach means you’ll be ready to react if the worst happens. In today’s climate, you’ll be judged not on having suffered a breach but how well you respond to it. Here’s our advice for putting that plan in place.

Be sure to check back as we update the page throughout October. You can also catch the daily tips as they land by following BH Consulting on Twitter or on LinkedIn.

 

The post EU Cyber Security Month roundup – advice on staying secure appeared first on BH Consulting.

By

Security newsround: May 2018

We round up reporting and research from across the web about the latest security news and developments. This month: police success against cyber villains, the value of personal data, IoT security, a new ransomware strain, a new security framework and Gmail goes for 2FA.

Law’s long arm collars cyber crooks

Police forces scored three big wins against various cybercrime operations recently. In late April, authorities took down WebStresser.org, one of the world’s most popular marketplaces for launching DDoS attacks. Reuters reported that WebStresser was behind attacks on seven of Britain’s largest banks last November. The service is also alleged to have been responsible for four million attacks since 2015 against governments, police services, and businesses.

The Dutch Politie and the UK’s National Crime Agency led ‘Operation Power Off’, supported by Europol and a dozen other law enforcement agencies. They arrested alleged WebStresser administrators in four countries, seized infrastructure, and took unspecified “further measures” against some of its top users.

Before police pulled the plug, WebStresser had amassed 136,000 registered users. Threatpost aptly described WebStresser as a “criminal fantasy dream site”. It reported that there are 6.5 million DDoS attacks per year on average, earning attackers $13 million in revenue.

In separate operations, a coalition of eight countries led by Belgium took down propaganda broadcasting infrastructure of the Islamic State. Authorities targeted web assets of Amaq News Agency, an online media outlet which authorities called “the main mouthpiece of IS”. The same action also took down other IS-branded media outlets.

Completing the hat-trick, cybercrime teams from Dutch police seized the Anon-IB forum in an investigation relating to criminal offences. Vice Motherboard described Anon-IB as “possibly the most infamous site focused on revenge porn – explicit or intimate images of people shared without their consent”.

We’re always pleased to see law enforcement prevail in the fight against cybercrime. BH Consulting has been a partner of Europol for years. In 2013, our CEO Brian Honan was appointed as a special advisor on internet security to Europol’s CyberCrime Centre (EC3).

What’s your data worth?

If data is the new oil, there’s no shortage of ways that criminals can refine it for profit. As this post from Dark Reading makes clear, stolen data has many purposes that security teams need to know about. Crimes range from stolen IP to filing fraudulent tax rebates to schemes for stealing money, Steve Zurier wrote. Once hackers hold an inventory of stolen data , they package up and sell personal information such as names, addresses, phone numbers, and email addresses. They usually sell this data in bulk to maximise their profits. The more recent the records, the more value they fetch on the black market, Zurier said.

The question of what our data is worth in the digital economy is especially resonant and relevant in light of the recent Facebook/Cambridge Analytica scandal. Not to mention a certain four-letter privacy regulation. In Medium, Rik Ferguson of Trend Micro wrote a thoughtful post that considers the value of our personal information in the online economy. Data, he wrote, “unlike oil … is not burned up when used, but can be sold and resold, mined and reused”.

There’s plenty to chew on for privacy and security professionals. Rik wrote: “Our data is cataloged and combined with the traces we leave behind in the physical world, correlated and mined to reach conclusions far beyond those we might perhaps be comfortable with publicising, and then sold as a commodity or a subscription-based service to any interested party. It is an industry based our ignorance and our nonchalance.”

Securing all the things

ENISA has developed a free interactive tool based on its baseline security recommendations for the Internet of Things. This lets anyone working on IoT projects search and identify good practices. The tool is available to download here, and this page also includes a help guide. It’s based on the agency’s original study on IoT security which it published last year. The new tool is timely, as criminals have apparently begun exploiting IoT as another way to profit from cryptocurrency mining. Trend Micro researchers identified malware that hijacks the processing power of IoT devices and smartphones to mine for cryptocurrency. As Lesley Carhart of Dragos jokingly tweeted: “Your router and your IOT thermostat should really beep like your smoke detector when it’s missing a critical security patch.”

Prepare for a summer of SamSam?

Researchers are warning of criminals taking a new approach to ransomware infections. Sophos analysed the SamSam variant and found criminals carefully choose target organisations. They then launch thousands of copies of SamSam onto that organisation’s computers all at once. Once the infection has hit, the criminals offer victims a volume discount to clean all machines. This differs from the usual spam-like scattergun approach to ransomware of sending one malware copy to multiple possible targets. “The cybercriminals behind SamSam use vulnerabilities to gain access to the victims’ network or use brute-force tactics against the weak passwords of the Remote Desktop Protocol (RDP)”, the researchers wrote. Here’s ThreatPost’s writeup of the research. Sophos’ own blog describes the findings, and here’s a link to the technical paper.

Guidelines in the NIST

The US National Institute of Standards and Technology (NIST) has released version 1.1 of its Framework for Improving Critical Infrastructure Cybersecurity. This updates the original version 1.0 which proved popular on its release in February 2014. Version 1.1’s updated guidelines cover authentication and identity, cybersecurity risk self assessment, supply chain security management, and vulnerability disclosure. NIST programme manager Matt Barrett said the framework is flexible enough to meet an individual organisation’s business or mission needs. It applies to a wide range of technology environments such as information technology, industrial control systems and the Internet of Things. Later this year, NIST will release an updated companion document, the Roadmap for Improving Critical Infrastructure Cybersecurity. NIST’s press release is here and the framework is available free in PDF at this link.

Google beefs up Gmail security

Two-factor authentication got a shot in the arm after Google added this security feature for its Gmail app last month. Also called two-step verification, this sends a prompt to a user’s phone when they access their Gmail account on another computer. Naked Security said this is more secure than sending an SMS code to the phone, which can be vulnerable to fraud. It also pointed out that ease of use will encourage more people to use it, as takeup of 2FA to date has been low. Why does this matter? Here’s how many Gmail users there are in the world: 1.2 billion, to be exact. Google has more details on its blog. If you or your users still prefer passwords, here’s our advice from last year on how to choose better ones.

 

The post Security newsround: May 2018 appeared first on BH Consulting.

By

Ransomware reminders force focus on prevention and planning

Ransomware reared its ugly head again recently, with some stark reminders that it’s still a serious business risk. A household name suffered what seemed a major infection, while it emerged that many victims never get their data back.

Last week, Boeing narrowly avoided a tailspin after a senior engineer alerted colleagues of a WannaCry infection. It appeared to threaten vital aircraft production systems, though after an investigation, Boeing described it as a “limited intrusion”.

Financial impact of ransomware

Boeing’s experience shows that companies face a financial impact beyond paying a ransom if criminals encrypt their data. Ransomware infections can also cause huge disruption as IT teams scramble to lock down the source and prevent further spread. At the time of writing, the city of Atlanta, Georgia was still restoring systems 10 days after an attack of the SamSam ransomware. The incident reportedly affected at least five municipal departments, disabling some city services and forcing others to revert to paper records.

According to SANS, in the past six months at least three other US companies suffered work stoppages due to WannaCry infections. Last year, more than 80 organisations in the UK National Health Service shut down their computers. All told, WannaCry led to 20,000 cancelled appointments, 600 GP surgeries using pen and paper, and five hospitals diverting ambulances.

Criminals don’t give money-back guarantees

Facing similar scenarios, many organisations might choose to pay up rather than risk prolonged disruption, lost revenue or angry customers. But recent surveys might cause them to pause before parting with their cash. A report from CyberEdge found that 51 per cent of ransomware victims who paid the ransom never got their files back. A separate study from SentinelOne had similarly depressing news. It found that 45 per cent of US companies infected last year paid at least one ransom, but only 26 per cent of them had their files unlocked afterwards.

BH Consulting advises victims not to pay the ransom. As the surveys above tell us, payment is no guarantee of recovering files. “Criminals prove to be untrustworthy” was The Register’s snarky but accurate take on the story. Paying also encourages criminals that a business is an easy mark. TechRepublic noted that 73 per cent of organisations that paid the ransom were targeted and attacked again.

Take preventative steps

The key with ransomware is to prevent it before it spreads. Last year, BH Consulting published a guide to preventing ransomware infections just as some of the biggest outbreaks took hold. The document includes technical and business-process steps to avoid further infection. Given the latest developments, now seems like a good time to revisit those recommendations. They include:

  • Review and regularly test backup processes – still the most effective way to recover
  • Establish a baseline of normal network behaviour – unusual activity will be easier to spot
  • Segment your network – this will limit the ability of worms and other infections to spread
  • Implement ad blocking – to stop compromised adverts from delivering malware
  • Review security of mobile devices – because ransomware is migrating to mobiles

You can download the free guide here. Another useful resource is the NoMoreRansom initiative, which is a partnership between law enforcement and industry. It provides free tools to decrypt  many common types of ransomware. BH Consulting is among the partners from across the private and public sectors.

Let’s wrap up with some encouraging news. The CyberEdge report found that just 13 per cent of companies that refused to pay lost their files. In other words, 87 per cent subsequently recovered their data. It bears repeating: prevention, not payment, is a better way to keep ransomware out of your business.

The post Ransomware reminders force focus on prevention and planning appeared first on BH Consulting.

By

Security newsround: March 2018

We round up reporting and research from across the web about the latest security news. This month: cryptomining attacks increase, data breaches rise in Ireland, the business cost of ransomware revealed, UK local authorities come under attack from cybercriminals, NotPetya blame laid at Russia’s door, and automated security makes inroads.

Tales from the crypto

A spate of cryptomining attacks are exploiting computing systems to make money for criminals. But is this just a nuisance or a worrying sign of something bigger? There are increasing reports of infections and some high-profile victims. A page on the LA Times’ site hosted hidden code that exploited visiting users’ system resources to mine for cryptocurrency. A Tesla cloud account was compromised, before the carmaker rectified the breach. eWeek reported a similar infection at an unnamed European water utility – apparently the first such occurrence on SCADA systems.

So is this mining software benign, or malicious? It hijacks devices, which potentially affects CPU performance and battery life. What’s more, mobiles and Macs are not immune. As this excellent summary by the UK National Cyber Security Centre notes, cryptojacking does not take any money from victims. “The only impact on affected users’ computers was that they temporarily had minor performance loss and reduced battery power,” it said. But as Brian Honan warned recently, this involves criminals infecting websites. They could easily have inserted ransomware or some other malicious code instead.

Once more unto the breach

The Data Protection Commissioner recorded 2,795 valid data security breaches, and lodged and handled 2,642 complaints in 2017. The number of breaches was up 25.7 per cent on the previous year, and complaints almost doubled on 2016 levels. Most breaches (59 per cent) related to unauthorised disclosures. The majority were in the financial sector, and 6 per cent of all reported cases were in the telecoms sector. The latter figure was 25 per cent higher than in 2016. Network security compromises increased from 23 to 49, and usually included ransomware and malware attacks, the Register reported. Last year, there were 19 data breaches involving multinational companies in Ireland.

The details come from the DPC’s annual report, which also includes results of an investigation into handling of confidential records in hospitals. That investigation will lead to a report with recommendations on better privacy controls, which the commissioner will give to every hospital in the State. The Government public services card project also came in for scrutiny. The annual report outlines concerns the DPC had over how Facebook and Twitter collect potentially sensitive location data. The DPC’s website has a summary of the main points, and the full report is available as a PDF.

Ransomware risk

No doubt ransomware was one of the highest-profile types of security incident over the past two years. A new survey from Datto puts this into perspective. It estimates that European SMEs lost a combined €80.5 million between 2016 and 2017 on downtime caused by ransomware infections. The average ransom request ranged between €395 and €1,589. Infosecurity Magazine led with the figure 5 per cent of all SMEs had a ransomware infection last year. Some 21 per cent of SMEs paid up, but 18 per cent said they never got their data back. Fewer than one-third of victims reported the  but to law enforcement. Possibly the most telling stat of all is that 94 per cent of victims were using antivirus products. The fact they succumbed to infection just the same suggests that training, not technology, remains one of the most effective deterrents.

Anarchy in the UK

Cyber attacks against local authorities in Britain are rising, with more than 95 million attacks over five years. This translates to 37 attempted breaches every minute. Between 2013 and 2017, at least a quarter of UK councils experienced an actual security breach. Big Brother Watch, a civil liberties and privacy watchdog, discovered this based on Freedom of Information requests. A high number of councils that had experienced an incident did not subsequently report it. Also troubling is the discovery that 75 per cent of local authorities do not give staff mandatory security awareness training, and 16 per cent provide no training at all. The 66-page report suggests it’s the growing volume personal data these agencies accumulate that makes them an attractive target.

The blame game

In an unprecedented move, US and UK governments have blamed Russia for last year’s NotPetya ransomware which caused an estimated €1.2 billion in damages worldwide. Originally targeting Ukrainian national infrastructure, the malware spread widely and affected many high-profile companies and public agencies across the world. The UK referred to its National Cyber Security Centre finding that Russia’s military was “almost certainly” responsible for the attack. The NCSC described the attack as “destructive” because it was never designed to be decrypted like common ransomware. It’s rare for Governments to make official statements like this. Attribution is a thorny problem in security research. It’s often very hard to prove because attackers have many technical means at their disposal for hiding their tracks.

Automatic for the people

Automation technology is finding its way into growing numbers of security operations. Cisco’s 2018 annual cybersecurity report found 39 per cent of organisations say they use it. Martin Roesch, Chief Architect in Cisco’s Security Business Group, told eWeek: “If you want to make use of a lot of security data quickly, you have to make use of a fair amount of automation.” Another finding is that organisations are using more products from a wider group of vendors, and that 53 per cent host more than half their infrastructure in the cloud. As for threats, the report said burst attacks grew in complexity and frequency during 2017, while insiders posed a disproportionately high level of risk. The full report includes these stats and more, along with recommendations for improving security, and is available to download here.

 

The post Security newsround: March 2018 appeared first on BH Consulting.