Community Contributions

By Nick Duley.

As technology is becoming an increasing part of our lives. It’s important to protect our privacy and security from online trolls and hackers. Facebook is one of the most common social networks out there and by default, the privacy features for one’s account are very limited. Leaving your personal information open. In this article, I’ll go over 3 simple and effective ways to protect your privacy on
Facebook.

Change who can look you up using your phone number and email address.

Putting up personal information such as your phone number and email address for anyone to see is extremely dangerous. If someone has your phone number, they can send you spam messages and track down your location. And if a hacker has your email address and if you already have poor security practices for your email account, a hacked email address allows a hacker to view your banking statements, the activity of other online accounts you have, etc.

To rectify this, go into Facebook settings, click privacy and for “Who can look you up using the email address you provided?” and “Who can look you up using the phone number you provided?, choose from the dropdown menu “Only me”.

Turn off Search Engines Linking your Facebook Profile.

If you’re not comfortable with employers or random people looking you up you may want to turn this feature off. Someone who doesn’t have Facebook can look up your name on Google or any search engine, find your Facebook profile and can see the information you made public on your profile.

However, this is very simple to fix. Go into Facebook settings, click privacy and where it says “Do you want search engines outside of Facebook to link to your Profile?” untick the box “Allow search engines outside of Facebook to link to your Profile”.

Hide your Friends List.

You may not feel that your Friends list is a big threat to your privacy, but if you keep it open, it’s easier for a malicious user to contact people who know you. For example, if someone has a grudge against you, they can go through your friends list and send your friends malicious messages about you.

Like all my other tips, this can be resolved through Facebook settings. Go into Facebook settings, click privacy and where it says “Who can see your friends list?”,  choose from the dropdown menu “Only me”.

By Eve Ferguson

Most grandparents are now joining the world of smartphones, social media, internet banking and following the global pandemic, online shopping. So, how do you explain to a trusting generation that some people on the internet are just plain evil?

My Nan, who is quite tech savvy – probably more tech savvy than my Mum, experienced many electronic hurdles throughout the lockdowns. Pre-Coronavirus these could’ve been solved by family members, popping in to sort the issue.  Of course, the Covid restrictions over 2020-2021 made this very difficult – leading to frustrating facetime calls, which usually involved that classic question: ‘how do I flip the camera, again?’

One of the issues that sticks out the most are communications she got from her mobile provider. They texted, emailed and even wrote to her saying they were sending her a new sim card in the post and that she had a few days to transfer all of her data from the current sim in preparation. This deadline and the style of the emails and texts – containing clickable links and phone numbers to call – led me to believe it was your classic phishing attempt as she hadn’t requested a new sim, and she wasn’t due an upgrade. But surely sending emails, texts and written letters was a lot of effort just to try and get one lady to give over a few details and possibly some cash?

I obviously told her not to click on any of the links or use any of the phone the numbers provided, but to use trusted numbers from the internet.  Whenever she phoned her mobile provider, she was left on hold for ages and didn’t really make any progress. She was worried that because she hadn’t complied with the instruction, she would lose all of her phone contacts and other data.  

We weren’t even sure the ‘new’ sim card was coming, we had not requested it, Nan was not due an upgrade so there was every possibility it was a scam.  We were left with the dilemma; Should she just wait to see what happened? Should she try phoning the provider again? Should she just do as instructed on the emails, texts and letter?

Eventually, my Nan finally made progress with the customer care call centre and found out this was all legitimate, the sim did come, and nothing was lost.

But what if it hadn’t been legitimate? What if it was all just some big, elaborate scam?

Many elderly people aren’t as lucky as my Nan, she has children and grandchildren, not necessarily with cyber security knowledge but with enough exposure to social media to know what to do and what not to do.

In 2015, it was reported that 43% of elderly people believed they had been targeted by a scammer. This makes the elderly the most vulnerable to fraudster attacks. Lonely pensioners may be more willing to talk and listen to fraudsters as well as being more trusting towards what fraudsters have to say. 

Following my Nan’s personal experience and my education in Cyber Security, I believe these tips to be helpful when teaching your Nanna about cyber security.

Steps to help your Nanna:

1. Use simple terminology. Most people over the age of 55 don’t know what a tweet, friend request or virus is. This means using scary words such as ‘phishing’, ‘malware’ and ‘hackers’ may worry your Nanna unnecessarily. Try using anecdotes and simple stories to explain a situation.

2.  Teach her why someone might want her information. Psychologists have found that we have clearer memory of information when we can put meaning towards it. When teaching your Nanna try to explain why someone might want her information, if she understands what you are saying then she will find it easier to remember and for her to understand why you’re teaching her these things.

3. Give her tips for things to look out for. Yes, not all scams are the same but a lot of them are built around the same layout. Teach her not to click links or share sensitive information online. If an email tells her to click a link to check her account, teach her to open a new window and log in through a web browser.

4. If it’s too good to be true, it probably is. Teach her this classic. If a deal online or something being sold over the phone is just too amazing, teach her that it’s probably a scam. 

5. Passwords are important. My Nan’s passwords are as random as British weather – none of them are remotely similar, so much so she has a little book with all of them written down, to help her remember. This little book is far from good practice but it’s more likely that she’ll get scammed online than burgled and her ‘little book of passwords’ being stolen. Teach your Nanna that strong, hard to guess passwords are winners – especially if they aren’t reused. It’s important too that she should know that she shouldn’t share them with anyone. ANYONE. 

6. Take your time with her. Cyber Security is not easy, even for the younger generations, so cut your Nanna some slack. Don’t be tempted to take the device from her and do it yourself because she won’t ever learn herself. Teaching your Nanna cyber security techniques may take time and she may ask you on multiple occasions to go over something you’ve already shown her, but she’ll learn with practice. 

7. Write down step-by-step instructions. This could help her with other technology-based activities too. As well as her little password book, my Nan has a book of things I’ve taught her, like copying photos off her phone and renaming them in a different folder. I also have a little book of instructions I’ve learned and can’t quite remember from my degree course, so there’s no shame in having written instructions – especially if it helps keep you safe. 

8. Celebrate the little wins with her. Like I said before, this stuff is hard. Even if your Nanna has completed something incredibly basic and mundane, to you, celebrate her success.  

So, those are a few of my tips for educating your Nanna on Cyber Security. I haven’t exhausted the list of possible tips, not at all, but hopefully these will help you help your Nanna.   Good Luck! 

References: 

www.acfe.com/fraud-examiner

www.ourwatch.org.uk/crime-prevention/crime-prevention-toolkits/scams/scams-older-people 

www.quora.com/What-is-a-good-method-for-elderly-people-to-manage-their-passwords

By Mustafa Obousy

Employees are proposed to be possibly the weakest link in a business in terms of its’ security system, as they are most liable to hacking schemes – as they are usually targeted through emails and attachments which could potentially bring down the reputation of a business eventually leading to organisation failure.

A liability to the system

Employees could be considered a threat to the security system in businesses, as they are most liable to fall for hacking and phishing scams, which substantially are distributed through emails containing vast links or attachments. Although workers have been proven to be a great asset, they can also be deemed a liability due to the loosely affiliated cybercriminals that have made a business off of scamming individuals – thus the amount of data breaches has been exponentially increasing over the years, as in 2017 there have been 1,000 data breaches – compromising just under 2 billion records compared to only 784 data breaches in 2016 (Ismail, 2018), by 2019 the number of data breaches had expanded to 5,134 (Henriquez, 2019).

Hacking and Phishing scams

Phishing scams are essentially a fraudulent method of obtaining information such as account credentials and credit details through disguising themselves as a trusted entity over electronic communication, hence with the use of employee information the hacker can get into the users’ network and hence possibly sabotage the system. There has been an upsurge in scams over the years – whom certain individuals have made a profit out of vulnerable users – with the rise of the internet in recent times this has become more common. The most common types of phishing methods are spearfishing and whaling. Both including manipulating user information. Whaling includes targeting anyone in an organisation, and harpooning their information – if this attack is proven successful then they can conduct CEO fraud – this is when they can abuse the compromised email account to authorise fraudulent wire transfers to the institution. In spearfishing, this includes impersonating your target user including his name and address, subsequently to expedient the victim into clicking on a malicious URL or attachment to hand over potential data for the company – this can lead to a sabotage of the system or the theft of intellectual property or money.

How to protect your employee

An employee has the potential to be a security asset to a company, however, some tools are needed to be obtained to protect your company and fight cybercrimes. Thus, the employee must receive training to detect emails to preserve the organisation from malicious software; such as, carrying out authorised penetration testing which can be used to help alert the user for potential threats and how to spot them, authorised penetration testing include an attack assessment, in which a penetrator sends a genuine phishing email impersonating a well-known social media company, using their name, email etc. – the email is designed to impersonate the trusted corporation or third party, the targeted phishing user must observe whether or not this is a genuine email or a phishing attempt. Emails with malicious intentions usually have inaccurate domain names, typos in their email/username; such as misused capital letters or full stops when unnecessary, which is rarely done by professional companies (King, 2019 ). However, if there are further suspicions of authenticity- you can detect phishing attempts within the email by identifying dodgy links, or you will receive threats to spur you into action, such as threatening to close your account or ban you if you do not click on the link provided.

Security systems impact on business

The breaching of a security system can compromise a business – bringing up issues such as business disruption and reputation damage, potentially damaging an organisation significantly. Business disruption is an innovation creating a new market and value network which eventually disrupts the current market and network and hence a possible displacing of current brands, firms and alliances. This is a problem for the business as different types of disruption requires different types of strategic approaches. Thus if we handle this incorrectly, such as a failure of integrating insights from subsequent research the manager may use the wrong tools for the problem, thus reducing the success chances. The failure to sort out business disruption could bring up issues such as reputation damage. Reputation damage is essentially how a business responds to a disruption, it is important to respond to disruption appropriately to protect the reputation of the business and avoid damage to your organisation. This may include a loss of customers or products and services – To circumvent this, you could provide extra protection to your cybersecurity system such as to educate your employee on cybersecurity practices and constantly update your security system. Further methods to deal with reputation risk is to have a plan when disruption takes place – to meet a requirement, such as how to deal with your employee and changes to made to a business, with intentions to prevent further damage to the organisation and prevent encompassing the risk of organisation failure.

However, despite the drawbacks of the employee towards a company, they do also make an important asset in business – hence, to maintain company security they would have to undergo further staff training to protect themselves from phishing, as these scams could endanger the company and its assets.

Henriquez, M. (2019). The Top 12 Data Breaches of 2019.

Ismail, N. (2018). Why Employees are a Businesses Weakest Link.

By Bhaskar Deep.

Let’s think like this, Storing our data at an unknown place. Is our data secure? can they access our business data? And the question chain continues…

Who is Using it?  

Modern technologies play a crucial role in the challenging IT world, many companies like Netflix and Adobe started using serverless applications. Many businesses are considering using serverless technologies and the growth of serverless applications has been vastly increased. According to Datadog, 80% of AWS container users adopted AWS lambda.

Why are They using it?

Serverless technology works on two services that explain the architecture. Firstly Back-end as a service where it operates the backend of the cloud which is mostly operated by a third party and functions as a service where code starts running using event triggers. 

The main reason that big industries started using serverless is because of the fast deployment of Products without a customer lock-in but from the developers’ aspect it’s easy to use and deploy, low cost, scalability, flexibility, efficiency, and most importantly better UX for best customer experience.

Security Threats 

For any type of technology, the main concern is data security. Traditional computing or serverless computing are facing cyber threats, to understand this let’s see the top threats of serverless architecture.

·      Function data event injection.

·      Broken authentication.

·      Insecure serverless deployment configuration.

·      Over-privileged function permissions and roles.

·      Inadequate function monitoring and logging.

·      Insecure third-party dependencies.

·      Insecure application secrets storage.

·      DDoS attacks.

·      Serverless function execution flow manipulation.

·      Improper exception handling and verbose error message.

Serverless applications are secure to use by continuous monitoring and most important usage of secure coding for your application. We can test a serverless environment by different patterns using a damn vulnerable application that is available in GitHub, which teaches us a secure way to launch our application in serverless 

Is it safe to use serverless?

We can never say that any application is safe, we can make it safe by following security policies. Yes, we can use serverless applications with the practice of secure coding and continuous monitoring of security risks that are already provided by cloud platforms. The main motto of going live with serverless is #Secure coding.

By Amelia McGuigan (Cyber Security Student).

After the fifth text message this week inviting me to click on a suspicious link, I decided to dig a little deeper into how to avoid phishing attacks. We are continuously warned not to click on mysterious links in emails and texts, yet it only takes a momentary lapse of judgement or a well put together phishing email to trip us up. Phishing emails come in trends, fraudulent government tax rebates, phony bank messages and most recently, false coronavirus vaccination offers. They rely on the messages having some relevance to our recent online activity or scaring us into making snap decisions.

Phishing vs Spear Phishing

Phishing is varied and sometimes targeted. Attackers send out messages to thousands of recipients aiming to mislead individuals into giving away bank details, personal information or to infect our devices with malicious software. On your work device you may find similar emails, but the motive is different. Spear-phishing is a targeted attack, a hacking organisation may try to gain access to a company’s network via an employee device or trick you into paying a fake invoice.

Tips to avoid being a Phishing Victim

Here are 3 tips to avoid phishing attacks on your personal devices.

Tip 1: If you are sceptical, go directly to the website. For example, if you receive a message from your bank stating you have made a transaction or from an online retailer asking for a confirmation of a payment method, open a new tab and log in to the official website directly. Never click the link, even if it looks legitimate.

Tip 2: Check the ‘sent from’ email address. If an email address starts with a long list of numbers and letters followed by an irrelevant domain (the name after the ‘@’ symbol), it’s highly unlikely the sender is genuine. Sometimes phishing attackers hide their email address by modifying their contact name to be more believable, but a closer inspection of contact information can reveal a lot more about a sender.

Tip 3: If you click a link do not panic! It is rare for the link itself to infect your device immediately, its usually the actions you make afterwards that can cause a problem. Even if you have mistakenly entered your personal or bank details, call the bank and change any relevant passwords to help rectify the situation. But make sure to monitor your accounts afterwards and notify work if you were using a company device.

By Atul Periwal.

What is Magecart?

Magecart is the name assigned behind the world’s biggest cyber attacks to a multinational consortium of at least 8 criminal organizations. They’re best known as Magecart attacks, also known in the tech landscape as front-end attacks. These hacker groups who attack shopping cart networks online, typically the Magento scheme, to steal data from user payment cards. This is regarded as an assault on a supply chain (Supply chain attack).

The concept behind such attacks is to hack or compromise an industrial process unfamiliar to IT with a third-party piece of software from a VAR or device integrator. It has been in existence since 2016 and is liable, among others, for data abuses at British Airways, Ticketmaster, Forbes Magazine, and Newegg so far.

Magecart working

The attacker uses the browser on the client-side to view any data entered by a user. Through inserting malicious Javascript code, the attacks threaten confidential consumer details (email accounts, credentials, and credit card details).  Concerningly, Magecart is also able to insert entirely new fields into a form to obtain further data. Users don’t know that they are viewing a compromised page, while the organization finds about the changes months after the damage has happened. Users have no means of understanding that a hacked website is being viewed, although organizations typically only find out more about the update months after the damage has happened.

More than 40 malicious code injections that can steal data have been found by researchers. Line by line analysis is required to identify the gap between both the original code and the updated code. Attacks by Magecart are also difficult to identify as hackers insert their malicious code into scripts that are trusted by protection tools by design.

Magecart’s Evolution

RiskIQ and Flashpoint researchers joined forces last year and released a paper dissecting the code of Magecart and its compromise procedures. They keep monitoring at least six separate hacker groups who are aggressively creating variants of the malware, incorporating new modifications and trickery. In this malware family, researchers found several enhancements made by attackers.

These enhancements are:

Apart from Magento, Magecart attackers have begun to threaten new plug-ins.

A new way of infecting advertisement banners on websites is being used by attackers. They insert the Magecart code on a web server and the malicious code is downloaded to their device when a user opens the compromised ad in their device.

Instead of spraying ransomware, attackers from Magecart use social engineering tactics to research the IT network of their targets.                                         

Influential Magecart Attacks

British Airways: Due to a successful assault by Magecart, British Airways suffered almost $230 million. The hackers were able to acquire 380,000 user’s payment card data. As soon as the customer presses the Submit button, the inserted code gathers payment card details.

Trickmaster: Trickmaster used a payment system from Inbenta that was custom designed. Hackers were capable of putting malicious code on the resources of Inbenta, and for five months the threat stayed unnoticed. The payment card information of 40,000 clients was compromised as a result of this assault.

Forbes Magazine: Aside from payment card information, Forbes Magazine gathered contact details and subscriber emails. A security researcher confirmed that Forbes had been a target of hackers at Magecart, but never shared specific details.

Newegg: It took Newegg five days to detect the corrupted code on its website. The hackers obtained more than 500,000 clients’ payment card data.

Shoppers Approved: For collecting feedback and ratings, many websites use third-party features such as Shoppers Approved. Shoppers Accepted has thousands of clients using its facilities. The inquiry found, however, that only a limited number of clients were affected.

Prevention

Engender a cyber security philosophy, where, on their first day on the job, you inspire and encourage staff to follow sound security standards.

To monitor where scripts are loaded, use the Content Protection Policy (CSP) and Sub-Resource Integrity (SRI).

Audit the current code daily for improvements and enhancements.

Conduct risk control with widgets, software, and tools from third parties.

Track the correspondence of third-party tools with external domains closely.

Conclusion An effective sequence of attacks by Magecart demonstrates how hackers try to manipulate multiple attack vectors. Organizations must be able to spot modifications in their code within a period of a few seconds rather than weeks or months. To identify threats in real-time, it’s time for e-commerce sites and related service providers to scale up their defence steps. Besides, they should not have an uninspiring mindset and brace for security issues to arise for service providers whose client base is thousands and millions. Constructive steps must be taken to ensure that security risks are identified in real-time to have a limited effect on their operations.

By Anton Scott.

Major operating systems such as Windows, Mac and Linux have never been as secure as some may believe them to be. As with any system, the main point of vulnerability is often the user; opening the wrong link/attachment, vising the wrong site, and installing suspicious software can open the floodgates for malware. These are all examples that a non-aware user can fall prey to, and in a world of growing cyber-threats, individuals & companies alike must take more precautions to avoid being targeted and taken advantage of.

Virtualisation is becoming a standard for many corporations as it provides an extra, solidified layer of defence in the event of a breach. Whilst most files or programs you open will run on your “Host” machine, virtualisation provides an isolated bubble for your OS to run in, by dedicating sectors of your hardware to create a virtual machine (VM).

Containment

This is a highly effective method of elevating your device’s security as any rogue programs running on the system will be limited to and only to the virtualised environment. Take this analogy for example. When a virus invades your body, your immune system triggers a response for white blood cells to encapsulate and isolate the foreign entity in order to prevent the spread and further damage the virus could cause to your body. This is exactly the case in the event of a virus, worm or type of malware infecting your computer system; The threat is contained within the VM and can therefore not spread or damage your host machine, which may contain your important files & personal data.

Resilience

VM’s also provide a convenient feature called “snapshotting”, where the state of the system can essentially be saved at any chosen time (known as taking a snapshot), then restored to a previous snapshot when required. This is specifically useful following a mishap such as a system failure or type of breach, as the machine can be reverted to its last known working state. Your presets & files will remain intact and your future self will thank you for it.

Privacy

Furthermore, if you are concerned with the growing issue of your online data being collected and sold by devious conglomerates (a sad but inevitable truth), you may be able to put your mind at ease by utilising a VM. “Fingerprinting” or “profiling” is a common way in which services online tie your devices and data to your identity and is used to predict your online habits, log your preferences and recommend you products/services. An entire online profile is built uniquely for you, hence the name “fingerprinting”.  Although quite impossible to avoid once you already have an online presence, operating systems like ’Whonix’ can run in a VM to promote anonymity online by relaying your network traffic through anonymous networks such as Tor.

Such setups require time to configure but can be useful if you’re serious about masking your identity online & giving a middle finger to the prying data harvesters. Ultimately, VMs are very practical systems which can offer the everyday user an elevated level of security which in turn can promote ease of mind. They are not compulsory by any means, but the growing use of them is a step in the right direction to limiting the damage caused by cyber-threats. And of course, it always helps to remember – if you protect your system, you protect yourself.

By Atul Periwal.

Women play a key role in transformative cultural, environmental and social changes essential for sustainable development. Occupying a critical function, any mistreatment or subjugation of her reputation was seen as disrespectful, not just to her but to society as a whole. Yet the same doesn’t seem to be the case a few millenniums later. 

Whereas the world is struggling with the COVID-19 pandemic, it is evident that the expansion of the internet and the growing number of internet users have somewhere directly contributed to the increase in cyber space crime against women. Cyber crime is a criminal offence where the computer, computer network or networked device is being targeted or used as a tool to commit any offence. Cybercrime is often perpetrated but not always by cybercriminals or hackers who want to make money. Cybercrime can be carried out by individuals or organizations. If we speak about prosecuting these offenders, we have various cyber crime laws and even though they are backed by several other legislation, they do not have a clear mechanism to deal effectively with cybercrimes against women. 

Cyber crimes against women: Classification 

1. Harassment via E-mail – Harassment through email involves blackmailing, intimidating and persistent sending of anonymous identities of love letters or daily sending of humiliating mails. 

2. Cyber stalking: Stalkers are encouraged by the privacy provided by the Internet. Criminals can be on the other side of the earth, or a neighbour next door, or a relative close by! It includes tracking the movements of a person over the Internet by posting messages on the victim’s frequently visited bulletin boards, attempting to enter the victim’s visited chat rooms, continuously inundating the perpetrator with emails, etc. The stalker aims to inflict emotional harm in general and has no clear motive for his communications. 

3. Cyber pornography: It refers to sexually explicit material being circulated, made, edited, published or posted. 

4. Cyber defamation: Also known as cyber smearing, can be understood as a deliberate violation of the right to ‘another person’s good name. ‘Cyber Defamation takes place with the aid of computers and/or the Internet. Because of its speedy existence, it is deemed more of a hazard. 

5. Cyber grooming: Cyber grooming is when a person develops an online relationship with a new person and bribes or forces him/her into sexual acting. 

6. Cyber bullying: A type of abuse or abuse caused by the use of electronic or communication devices such as computers, cell phones, laptops, etc. 

Separation of some types of cyber crimes is very difficult because constituent acts involving one type can correlate with actions involving another type. However, the following guidelines are applicable when we address cybercrimes against women.

Criminal Offence Provision (India, UK, USA) 
Harassment –       Section 354A of the Indian Penal Code, 1860  –       Harassment Act 1997  –       The Civil Rights Act of 1964    
Cyber Stalking –       Section 354D of the Indian Penal Code, 1860  –       Harassment Act 1997  –        Violence Against Women Act 
Child pornography –       Section 67B of the Information Technology Act, 2000  –       2003 Communications Act  –       Section 2251 of Title 18 of the United States 
Defamation –       Section 499 of the Indian Penal Code, 1860  –       Defamation Act 2013  –       Section 230 of the Communications Decency Act of 1996 
Cyber grooming –       Section 67B(c) of Information Technology Act, 2008  –        s.15A of the Sexual Offences Act 2003  –        18 U.S.C. § 2422 
Cyber bullying –       354A and 354D of Indian Penal Code  –        Harassment Act 1997  –         

Did COVID-19 worsen the situation for women? 

Cyber crime is more horrific and devastating for women than men according to a Pew Research Centre survey in the US. The increased prevalence of cybercrimes toward women is not an issue for a particular country. A study of more than 9000 German Internet users (between the ages of 10 and 15) revealed that women are particularly susceptible than men to cybercrimes such as online sexual harassment and cyber stalking. According to the survey, women between the ages of 18 and 24 experience cyber-harassment disproportionately. It is assumed that the average screen time has grown dramatically with work from home and being restricted to limited physical space. Besides, the CSC e-Governance Services observed an increase in internet services use from 2.7 TB (March 10) to 4.7 TB (March 30) respectively. 

Suggestion 

–       Encourage women to consider cyber security as a discipline, and our school system will deliver the educational process from middle school at least. 

–       Conducting qualitative and quantitative research to recognize victims’ issues and recommend suitable solutions. 

–       Formulation and enforcement of a policy to avoid the exposure of the identity of the victims in these cases. 

–       Give them the experience: hire a female intern. 

–       Scholarships and role models for women in this field. 

–       Render constructive discrimination by consciously hiring. 

–       Leverage the role models of women leaders and those coming into cyber security today.

By Diana Ion.

Too many times overlooked by common security measures, side channels can offer attackers new avenues for information gathering and possibly much more. 

A simple definition of a side-channel is something that enables you to find out something about a thing without directly observing that thing.   

Think of a quiet neighborhood during wintertime.  All roofs are covered by snow, except for one. Naturally, you would think about something shady going on there and you could be right. Meth labs release a lot of heat and the effect of this on the snowy roof gives you information about what is possibly happening inside without you needing to actually look. This is an example of a thermal channel. 

Another example that should be familiar to you from one of the spy movies you have watched, is the classic trick of using a stethoscope to listen to a safe’s mechanism while rotating the dial with the obvious aim of opening the safe. The side channel in this case is the sound. 

Up to this point, it should be clear that a side-channel constitutes a consequence of a particular action. Now it comes the most interesting part.  Cryptographic implementations are based on computations at the bit/byte level. While performing these computations, computers are using electric power. If you are observing the power trace from a chip running AES or DES on an oscilloscope, you will see discernable patterns coming from the number of rounds, the memory access, or other algorithmic detail. This process is called simple power analysis and is a type of direct implementation attack.  

An implementation attack targets faults in the hardware/software implementation of an algorithm and not in the design of the algorithm per se.  

A more advanced attack that can also be used to find the key used in AES encryption is differential power analysis. Here, the attacker needs access to the device for collecting power traces during normal AES encryptions. With an available set of measurements, the attacker creates a model of the side-channel, inputs a hypothetical key, takes the given output, and performs a statistical analysis between his output and the real output. Perseverance and patience must be employed.  

I am curious sometimes and, during one lazy quarantine day, I decided to give it a try myself and break AES encryption with power analysis. I found a dataset of measurements online and wrote a Python script. The key size was 128-bits, meaning 16 bytes. Probably you know that AES-128 consists of 10 rounds with each round, except the last one, performing some particular operations (SubBytes, ShiftRows, MixColumn, AddROundKey). If these are unfamiliar to you, please do a Google search for AES rounds. To make my life easier and prove that the key is breakable, I only attempted to break the first byte of the key, after the SubBytes operation.  This means running through all the possible key values for the first byte (0 through 255), encrypting the plaintext with each one and compare the end results.

I will not go further into detail as I do not want you to get bored. My point here is that faulty implementations can leak sensitive.  Do not underestimate the ingenuity of attackers when talking about methods for speeding up computations. There are profile attacks and deep learning techniques that need only a small number of measurements to break the encryption. Common methods of combating side-channel attacks are usually divided into ‘hiding’ and ‘masking’.  These can be done at any level: transistor level, program level, algorithmic level, or protocol level. We will explore these in a future article. 

By Farhan Subhan.

Throughout our time on planet Earth, there have been major developments in nearly all aspects of life; from the industrial revolution to the events revolving around Y2K. Even with the doubts of the year 2000, and how calendar storage data was going to be affected due to the transition into the new generation, technology has undoubtedly grown exponentially into being a very integral part of our personal and business lives. However, in nearly all cases of growth, there are some struggles. In this case, data breaches. Data breaches can be found in many forms e.g. phishing, loss or theft of hard copy notes, ransomware, and unauthorized access. Concerning the extent of the data breach, this can vary from losing your credit card information to huge multinational corporations with employee and customer data at risk.

The actual data breach does not have to be in a digital form in order to be considered a data breach. But as we have transitioned into a digital society, these breaches have also evolved from classified papers in a brief case being stolen to online pirates procuring over a million credit card details and being sold on the black market. A breach does not necessarily mean that it is stolen per se, but if said protected data was to become accessible then it is considered to be a breach. The question that we ask now is, what do these attackers do with these pieces of data? One answer is: capitalize on the data. Attackers will either want to take advantage of credit card information instantly, or they hold onto it and then start to slowly take advantage of said persons information for many years. 

Since the start of the Millennium there have been many, yet unsurprising, data breaches within huge multinational corporations. The nature of the data that was exposed is varied amongst these companies, for e.g. if we look at companies like Yahoo and MySpace we can see that the type of attackers who were responsible for these breaches were in fact identity thieves. We will now look at examples of the biggest data breaches within multinational corporations since the start of the 21st century:

 MyFitnessPal

In February 2018, MyFitnessPal was subject to a data breach where 617 million customers had their accounts leaked and offered for sale on the black market, around the same time that Dubsmash. The company did acknowledge this breach and then advised customers to then change their passwords and help them improve their security. However, they did not share how many were affected nor did they explain how their data was compromised.

 Adobe

In October 2013, Adobe reported that hackers had stolen nearly 3 million customer credit cards as well as login data for an undisclosed amount of user accounts. Consequently, later during that month, they mentioned that ID’s and encrypted passwords for 38 million users were included in the compromised data. Unfortunately, this amount surpassed 150 million users resulting in Adobe to pay $1.1 million in legal fees and an undisclosed amount to user for violation of the Customer Records Act. 

LinkedIn

This major social networking platform for business professionals had become a target for social engineering attacks but in 2012 the site also had user data leaked. 6.5 million passwords were stolen and posted onto a Russian hacker forum, but it took four years for the incident to be revealed. The hacker was then found to be selling the data for 5 bitcoins, which resulted in LinkedIn resetting the passwords of the affected accounts. 

As with most errors, these breaches could have been prevented if the companies mentioned above had taken the correct steps in order to prevent these breaches. If the companies had undertaken regular risk assessments then they could have made sure that the procedures used to deal with data were in fact correct but if there were any errors, then they could have made sure this was rectified in order to prevent the data from being leaked. After these leaks, the company could invest more money in staff training for cyber security so that employees are taught more about data breaches and the common mistakes which can lead to a data breach. Incorporating this within the company’s culture will be beneficial for the foreseeable future. 

To conclude, data breaches still do exist in many forms ranging from phishing attacks to huge data losses by corporations. These breaches will still continue to exist in our society unless people are made aware of what cyber security has to offer and actually be inclined to learn more about it which can then be incorporated into their personal and work lives, so that data breaches can be brought to a minimum.

By Diana Ion.

It is common knowledge in the security community that it is not a question of “IF a system fails” but more of “WHEN a system fails”. Having 100% coverage against attacks is impossible since your controls can never fail while an attacker needs only one lucky strike to succeed.

Always aiming for better security features and taking better mitigations steps is something each company needs to do. A crucial part of staying ahead is having a system for monitoring your network. The goal of security monitoring is to give you an actionable and comprehensive insight and alerts that indicate required actions to mitigate the potential impact on your company.

A Security Operations Center (SOC) is not only a room full of screens, but it is also a team of people with very specific tools, skills, and processes.

To better imagine how a SOC would fit into a company’s security landscape, we will discuss the case of a fictional financial company X with 50.000 employees. In order to stay in business and continue to earn billions, the company must update its traditional security perimeter and create a security awareness culture at the workplace. Because X is a financial institution and it is 2020, the biggest threats are the cyber ones. The company understands the danger and is willing to invest as much as it’s necessary to be one step ahead of the adversary. In addition, there are certain requirements and standards that a financial company needs to meet in terms of security. Until now, there were no serious security breaches or attempts to steal sensitive data.

The company aims for a permanent internal SOC with full-time employees. The SOC team should have around 80-100 members in accordance to the company size of 50.000 employees. Ideally, the company will have a huge room with walls full of large screens where only SOC employees have permission to enter. State of the art physical and cybersecurity has to be deployed for this room.

Initially, the company starts with a dedicated SOC and will shortly transition to a multifunctional SOC/NOC, hiring more specialists to perform both functions. The main features of the new SOC will be concentrated around the following areas:

-control and digital forensics

-monitoring and risk management

-network and system administration

In terms of what tools are needed in order to perform the aforementioned functions in an efficient manner, the best solution is to use a next-generation Security Information and Event Management (SIEM) system which gathers data from different sources across the company and uses Machine Learning combined with behavioral analytics to identify security incidents with 99,99% accuracy. It will then try to isolate and contain these threats using built-in capabilities.

Because the SIEM system will be so advanced and accurate in identifying threat events, the traditional SOC staff hierarchy will change. The role of Tier 1 Analyst whose responsibilities were to monitor and prioritize the alerts will slowly disappear. The new Tier 1 will be represented by the Incident Responder who will assist the system in containment, remediation, and recovery.

The most fun job will be of course the threat hunter whose duties are to conduct penetration tests and hunt for yet undiscovered threats. This is an individual who reads every day about new cyber emerging threats and makes sure the company is not a victim of one of them.

The first step is data gathering, this data consists of system logs and events from other security tools. The next-generation SIEM has pre-built connectors so that it can access logs and event data directly from the cloud. Data collection is enabled via an agent installed on devices across the company. This data is stored in an ElasticSearch data lake and is being normalized in a format that enables analysis. A huge advantage of harnessing the power of data lake technology is that it gives analysts fast and easy access to unlimited volumes of historic data. This is extraordinarily useful for threat hunting.

Complex Machine Learning algorithms and behavioural analytics are used to make correlations and discover suspicious activities like lateral movement, insider threats, and data exfiltration. An event is marked as suspicious when tested against established baselines. The “normal” behaviour for groups of users or devices is determined by the system using Data Science capabilities after monitoring the operations for a certain time. This increases the accuracy of threat detection.

Real-time alerts are sent immediately and the screens in the room light up red. The analysts will now try to dig deeper and understand how the threat is affecting the company systems. The SIEM system can provide context around the incident and help analysts. For remediation and mitigations, the analysts need to have a view of the status and activity of critical security and IT systems. Once again, the SIEM system can give analysts visibility and can even use Security Orchestration and Automation to automatically perform containment actions.

Because the management and other regulatory bodies need to check the performance of the company’s security, SIEM will produce reports and audits describing each incident or breach as well as providing a comprehensive overview showing the exact activity levels and how well the staff deals with the current workload. The most relevant metrics are the following:

·       Mean time to detection (MTTD) which represents the average time until SOC detects an incident. It shows the effectiveness in processing the alerts and identifying real incidents

·       Mean time to resolution (MTTR) which represents the average time until the threat is totally neutralized. It shows the effectiveness in response coordination and taking appropriate measured to isolate and neutralize the threat.

·       Total cases per month which represent the number of detected and processed incidents. It shows the workload level and the scale of action the SOC is managing. It could be an important metric in hiring decisions.

·       Types of cases which classify the incidents by type. It helps to focus on security measures towards the most dominant threats

The ultimate goal of the company regarding cybersecurity is to be mature. This will require continuous innovation and improvements. Of course, the proposed solution has some limitations: skilled employees are hard to find, high costs, and hard integrations with legacy systems.

The lack of skilled staff in cybersecurity is a real problem and the company can choose to create its own training programs for selected candidates.

By Atul Periwal.

You might be thinking of how a wallpaper can be a medium of malware? There might be an error but no, a wallpaper on android phone can be used as a medium of malware to crash your android mobile phone.

The image above, which can be directly downloaded from Google images, causes certain android phones to crash.

What is malware?

Before I explain to you about wallpaper as a medium of malware, I will explain about malware first. So basically malware is a paragliding word for malware that includes viruses, Trojan, ransomware, keyloggers, spyware, adware, worms, and so on. The exact motive can differ depending on the specific malware. The mutual interest among all of them is that they are all created with the goal of d and destruction.

Malware Wallpaper: What is it?

A member of Twitter i.e. Ice universe issued a warning on Twitter which states, “Never set this picture as wallpaper, especially for Samsung mobile phone users! It will cause your phone to crash! Don’t try it! If someone sends you this picture, please ignore it.”

When you download this image and set is as a wallpaper, an android phones tend to crash that make us to assume the maker of an image can have malicious intent. While some mobile phones after the crash can be rebooted and used in safe mode, some mobile phones can’t be recover. In such a scenario, it is natural to think that the picture has inserted some code that has caused the phone to crash.

To create this, the attacker has used the method called steganography. Using steganography, an attacker can insert malicious code in image and can send the image through different forms. Once the image is downloaded and opened, malicious code will automatically run on the device and perform its actions.

Malware Wallpaper: Causes

The investigation took place for this image and it was found that the image color changed when it was uploaded to Weibo. After the further investigation, they looked into the metadata of the image and discovered that Google Skia has a peculiar ICC colour profile-E3CADAB7BD3DE5E3436874D2A9DEE126. The investigation lead to the following:-

            Dimension: 1440 * 2560

            Colour space: RGB

            Colour profile: Google/Skia/ E3CADAB7BD3DE5E3436874D2A9DEE126

The colour profile for some Android devices tend to trip Google Skia’s graphics engine forcing them to reboot.

Technically while attempting to load the wallpaper with the embedded color profile, com.android.systemui.glwallpaper. ImageProcessHelper crashes from an ArrayIndexOutOfBoundsException.

When Android UI loads, the wallpaper loads which triggers another reboot. Due to that, the smartphone get stuck in a boot loop – which keep on rebooting when the wallpaper start loading.

Malware Wallpaper: Solutions

We can use a photo editor (like Photoshop) to remove the ICC color profile from the image and save the image without embedded color profile. It won’t trigger the malware, when we take a screenshot of the image and set it as a wallpaper. Another way is to use an EXIF software or app to remove the metadata from it which will also remove the colour profile. The only problem if we remove the colour profile is that it will make the image look less vivid.  

Conclusion

This wallpaper looks aesthetically beautiful but is it really important to download a wallpaper from an unknown sites or get it from a known or an unknown person? You might have a question as to what the problem is in transferring a picture from a known person. How would you know about the main source from where the wallpaper has been downloaded?

Don’t just get attracted to such wallpapers and download it from an unknown source. If you like to download it and set it as a wallpaper, download it from credible source like your phone company’s official Website/App. Please be safe and alert from the different methods that are used by attackers which causes harm to your digital systems as well as from Coronavirus that can harm your body system.

By Atul Periwal.

The outbreak of coronavirus (Covid-19) has halted the entire world for months and it’s not ended yet. In this pandemic as the figure of infected people is rising due to a virus, simultaneously cybercrime threats are increasing at a rapid rate. It is pointless to mention, there are thousands of examples showing how hackers are taking the advantage of current situation and exploiting people. According to statistics, it shows that the average amount of time spent on the internet has increased by 2 hours after many countries around the globe have imposed the lockdown. Not only that but work culture has also changed in this pandemic, people used to work in their firms but now they have started working from home due to which cyber threat has increased rapidly.

During the outbreak, the most serious cybercrimes that are identified include phishing, ransomware, fake news, etc. Criminals have started using innovative techniques to harm people such as creating a fake advertisement for goods and services that is not available easily or not available in discounted rates or using fake challenges that are posted on social media. Due to their selfish nature, people get excited and end up in problems.

According to statistics, cyber threat has increased by more than 500 % as compared to last year’s. According to the FBI, cybercrime occurrences seem to have jumped by as much as 300 % since the start of the coronavirus pandemic. UK’s National Cyber Security Centre had reported that coronavirus-related fraud and scams rased by 400 % in March, indicating that this is due to the rapid move to remote work. Recently, the office’s Internet Crime Complain Centre (IC3) said it receives around 3,000 and 4,000 reports a day.  To better appreciate COVID-19’s effect on customers, 9,215 adults in the United States, Canada, Colombia, Hong Kong, India, South Africa, and the United Kingdom where surveyed in the week of April 13. The result stated that approximately 3 out of 10 respondents (29%) said they were targeted by COVID-19-related cyber fraud, with Millennia’s (those between 26 and 40 years of age) being the most affected at 34%. Besides, consumers who say that their household income is being negatively affected by the COVID-19 pandemic are more likely to experience digital fraud with 32 % reporting being targeted by online COVID-19 scams compared to 22 % of people who are not financially affected.

Popular cybercrimes during this Pandemic

  1. Phishing

Phishing is a malicious effort to acquire personal information or data such as usernames, passwords, and credit card details by disguising yourself in an online message as a trusted person. According to statistics, phishing has increased by more than 600% in the pandemic time.

According to Computer Misuse Act 1990 (in police and justice act) and Fraud Act 2006 in the UK, it states that if phishing and another form of cybercrimes take place, the attacker has to pay compensation to the victim and up to 10 years of imprisonment. The Anti-Phishing Act of 2004 and the Anti-Phishing Act of 2005 would impose more stringent penalties on those convicted of phishing.

Examples of phishing crime taking place during the pandemic:- Netflix and Amazon Prime fraud states that you get a free subscription. Users have to add their bank details on these movies and series streaming apps but are unaware of the background process that’s taking place.

Typical phishing or smishing message.

2. Malware/Ransomware

Software primarily designed to disrupt, damage or gain unauthorized access to your computer network. That software can be ransomware, viruses, Trojan horse, worm, spyware, adware, etc. COVID-19 is used in several malicious campaigns including spam mail, BEC, malware, ransomware, and malicious domains. While the number of those infected continues to grow by thousands, promotions often increase that use the disease as a lure. According to the statistics, the ransomware attack has been spiked by 148% in this pandemic. 

The attacker took advantage of COVID-19 and created a lot of ransomware namely being COVID-19 Tracker among the few.Once the system is attacked by the ransomware, the attacker asks for a ransom of $100 in bitcoins within 48 hours and failing to do so while result in loss of personal data and information and shared on the social media platform. Another malware called AZOrult was found to be concealed inside a downloadable program for monitoring Coronavirus. It is a Trojan horse and aims at stealing usernames, passwords, and other sensitive data.

3. Fake news

Fake news is a problem not for months but years and its increasing gradually in this pandemic. Attackers are taking advantage of the current situation and bringing out false information and sharing that information on social media. Posting information on social media is easy but controlling them is very difficult. One of the fake news that came out stated that WHO requires funds for COVID-19 and donate in bitcoins. When investigation took place for this news it came out that WHO doesn’t have any bitcoin account. It’s not only fake news but also a scam. The attacker uses to send the link in message and opening that link will display the exact copy of WHO’s website and will ask for a donation which goes to the attacker.

Using current events to scam

Conclusion

These days about COVID-19 a multitude of scams and phishing campaigns are being carried out to target the general public at massive scale. It is important as an end-user to be aware of any potential attack. It is a fact that false information spread faster than the virus. During this pandemic, we are not only fighting against COVID-19 but also against an infodemic. Individuals and organizations need to take care of security and should take steps to protect against threats. We shouldn’t open malicious sites, links, software, etc. It is important to know why attackers ask ransom in bitcoins because tracing is very difficult and if the attackers exchanges Bitcoin into Dogecoin or Litecoin and then exchange back to bitcoins which would screw everything up making it untraceable. So please be careful while you are in a digital world especially during this period. Till then stay home, stay safe, and be careful from both viruses, one which enters your body and the other which enters your digital world

By Chloe Wood.

It has been 99 days since Boris Johnson announced to the UK that we will be going into lockdown due to Covid-19. This lockdown saw us swap our offices, to make-shift home set ups. Although lockdown rules are starting to be eased in the UK, (I’m sure we all can’t wait for a pint in the pub on the 4th), it would appear working from home is going to be our new normal, for the foreseeable future. During the pandemic, naturally our focus has been on staying safe, and protecting the NHS. However, with a 600% increase in phishing alone, a lot of us are working remotely making ourselves and our data vulnerable to cyber criminals.

So, before we get into how to protect our digital assets, let’s see why cybercrime has increased. Naturally, to work remotely we need some sort of internet connection, which of course opens a huge range of vulnerabilities. We are away from the security infrastructure of the office environment. Yes, you cannot really see the cyber security within your office but taking your device away from the office infrastructure means you no longer have the security provided by things such as firewalls and IP blacklists.

Cyber security can be hard to implement completely, even for the professionals, so this post will address the 5 common threats to remote workers and outline some simple techniques to mitigate against them.

PHISHING

As I mentioned before, phishing scams have skyrocketed since the end of March 2020. This includes traditional scams and the introduction of new scams exploiting our fear and worry of Coronavirus.

To mitigate against phishing, if possible, all work should only be carried out on corporate devices – especially if a Bring Your Own Device (BYOD) policy has not yet been thoroughly designed and delivered. Not only will this ensure you have the protection of the security controls implemented by your organisation, but it will help your IT guys manage this new, remote digital infrastructure the lockdown has created. This means the IT team can manage the corporate devices as normal, allowing them to monitor all activity on the network, which is vital if anything malicious starts appearing.

To really adopt a defence-in-depth approach against phishing we cannot just rely on the technical side of security, we can also use our own knowledge and education. It is so important to stay updated on what type of scams are going around, which can easily be done by visiting IT Governance “Catches of the Month”. By educating ourselves about this, we can stay alert when we go through our inbox. Alongside knowing the specific scams about at the moment, its always best practice to become suspicious of any emails asking to input sensitive data, such as your card details, no matter how legitimate the email appears. If you receive an email like that, always try and verify it before clicking on anything included in the email, such as messaging the person its claiming to be from in another way which is not email (phone call, skype message). Phishing scams play on a sense of urgency, forcing us to make quick decisions with huge consequences, so always take your time to verify the authenticity of the email. 

UNAUTHROISED ACCESS TO CORPORATE NETWORKS

To ensure you are not allowing anyone unauthorised to access the network, it’s best to use an encrypted network. Now, I know this can sound quite technical, but you are probably already doing it. Most up-to-date home Wi-Fi networks provide this type of security, in the form of allowing you to set up a password to your Wi-Fi connection. Make sure you have changed your password to something different than the default one you were given. This can be done simply by logging into your router, which can be done by inputting your routers IP address (usually you can find this somewhere on your router) into the address bar of your web browser and logging in. Then go to the wireless settings tab and input your desired password in the password field. Remember it is always best practice to change passwords regularly.

As you are working remotely, it would make sense to use remote access security controls, specifically two-factor authentication. This is super easy to implement, I personally like to use the Google Authenticator app on my smartphone to generate one-time codes for all my logins.

ENSURE PRIVACY WITH A VPN

To create an encrypted network connection that authenticates the user and encrypts data in transit between the user and the network, a Virtual Private Network (VPN) should be used. Most corporate devices should have this set up for you already, but do not worry if your organisation does not have a state-of-the-art tech team, most business routers and some small home routers have built in VPN capabilities.

The two VPN technologies you should be interested in are OpenVPN and IPsec. OpenVPN is for those of you still accessing a business router, whereas IPSec is supported by lower cost, home routers. Both technologies can be configured by logging into your router and, most often than not, clicking a few boxes.  Once you have OpenVPN configured, you should install apps on the device that will access your brand-new VPN. These can be found on the OpenVPN website, then install and configure them with the files generated while setting up OpenVPN on your router. If you are using IPSec VPN, this is usually built into most devices, so you won’t have to go through the same app installation process as OpenVPN.

UNAUTHORISED ACCESS TO SENSITIVE INFORMATION

With modern day laws and regulations, such as the General Data Protection Regulation (GDPR) not taking any prisoners when it comes to dishing out fines and the current economic situation not looking too great, it’s probably best we all scrub up on our data protection techniques to avoid those hefty fines.

Information leakage can be easily avoided if we take the right precautions, especially when it comes to emailing information. You should try and avoid emailing sensitive information, instead adopt the use of corporate intranet resources, perhaps a SharePoint team site, to share working files – this is also super convenient at making sure files stay up to date! Obviously, when we’re all working from home adopting a new method isn’t the ideal situation, so if using the intranet is not possible and you do have to email sensitive information make sure you apply email sensitivity classifications in your email subject.

Alongside, these preventive measures we also need to adopt detection techniques. This can be achieved by installing updated anti-malware and anti-virus software. It is always best practice to keep any software on your device updated. To do this turn on your auto-updates and regularly restart your device. I know updates often do not seem to make any different to the app, but they regularly patch against vulnerabilities found in older software versions.

STAYING SAFE DURING VIDEO CALLS I’m sure now we’re all very used to Zoom calls both for our professional and personal lives, so I don’t need to give you a run down on how easy that is to use. However, the one bit of security advice I can offer is do not share the virtual meeting URL’s on any public facing platforms, such as social media.

By Anton Scott.

The issue with universal passwords

We have all been there, midway through creating a new account for a streaming site, subscription service, or online store and have been met with the daunting “Choose a Password” screen, with an endless list of criteria to follow to ensure a strong password.  But you haven’t got time for this, so like 65% of all other people, you choose to reuse your universal password that has served you well for the last few years. Piece of cake you think. You know this password is ingrained in your mind because you use it all the time, you won’t forget it. You know it’s slightly risky to indulge in these lazy password practices, but you disregard your inner critic, after all, who would care enough to hack you anyway? You’re just being paranoid right? So you log in with ease and go about with your day.

The next week you wake to find that you cannot log in to your email, that’s odd you think. You retry your universal password numerous times with no avail. You send a reset link to your backup email; after all, you never bothered to set up 2 Factor Authentication (2FA), who needs that anyway? Attempting to login to this other email, you are met with the same message: “Incorrect Password”.

Now here is where you begin to get worried, you begin to put the pieces together and arrive at the conclusion that you may have a security breach. Hopefully, it is just your email accounts. But unfortunately, this is only the tip of the iceberg, for your online banking, online shopping, insurance and all other essential sites that you have used this favoured universal password for have been swiftly compromised. Your payment info has been swiped; your personal details have been extorted and are now in the hands of a cybercriminal who wishes to use these credentials for personal gain. But I suppose you were just being paranoid.

As unlikely as it seems, this is a very real threat that many of us face in the digital age and not enough of us are doing enough to ensure that our passwords are truly impenetrable. According to the NSA, there are 300 million hacking attempts per day, at this rate, it is sheer luck if you have not yet been targeted. With the threat on the rise, it is essential that we begin to implement more robust password practices.

Vulnerabilities & How to protect against them

A weak password falls vulnerable to brute force crackers where multiple combinations of characters are tested repeatedly until the password is cracked. The shorter and less complex the password, the faster the software cracks the credentials. A longer password can & will deter a hacker from using this type of attack as it will take an immense amount of time to crack. Lengthen your password.

A dictionary attack involves the program sifting through a preset list of common words frequently used in passwords. The more standardized the word ie. “ballistic” the more likely it is to appear in the wordlist and result in a crack. Therefore, diversify your use of characters: “Ba11i$tiC” would be a much more secure choice due to its blend of capitals, numbers & symbols.

Phishing attacks are common but easy to spot if you know what to look for. They often attempt to set a narrative such as “You are eligible for [Insert offer here]” or “There is an issue with your personal info that needs updating” or “You have won a [Insert valuable object]”. All with the intention of luring you in to enter your personal information. Steer clear of emails, texts or even letters like these; the only thing you will be eligible for is identity theft. Ensure you verify that your received communications are from a trusted & legitimate source and sever any correspondence with suspicious ones.

Here are some general principles that you can follow to ensure the security of your credentials:

  • Use a lengthy password with a diversity of characters, capitalization, symbols and numbers.
  • Do not include your names, birthdays, addresses or phone numbers in your passwords.
  • Use abbreviations for phrases e.g “I Would Not Like To Be Hacked” = “IWNL2BH”
  • Change your passwords regularly, every 30-90 days is good practice.
  • Do not share your passwords. Sharing creates more liabilities.
  • Educate yourself on what phishing looks like, and know how to avoid/deal with it.
  • Always use 2 Factor Authentication, this provides an additional layer of security in the event of a breach.
  • Use trusted password manager programs that store your passwords securely and auto-generate random & complex ones every time you create a new account. Examples include LastPass, DashLane & 1Password. Make sure your master password is the Fort Knox of passwords and follows all the above criteria or there is no point in using these types of software.

I hope that you have been able to draw some valuable knowledge out of this article and can work towards securing your online identity. Remember, if you ever doubt your credentials, that feeling alone is enough to constitute a reason for fortification. A little paranoia is good in the long run, your digital profile will thank you for it.

By Shameer Sabar.

As technology advances, and organisations incorporate more and more IT systems into their business in order to aid and facilitate their functions and processes, it becomes necessary for them to test the safety and security of these IT systems. Small and medium-sized enterprises also known as SMEs, are especially vulnerable to cyber attacks. According to the Cyber Security Breaches Survey of  2020, 68% of all medium size businesses in the United Kingdom found at least one cyber security breach or attack in the past 12 months. This is partly due to many SMEs not considering themselves targets and so many do not do enough to protect themselves, but even those aware of the risks usually do not have sufficient resources to defend themselves. This is not to say large businesses remain unaffected. The survey also highlighted that 75% of large businesses have also been affected.

Ethical hacking or penetration testing, allows organisations to seek out and correct vulnerabilities and flaws in the security and safety of their computer systems, networks and databases. While malicious hackers or black hat hackers penetrate databases and IT systems of an organisations with ill intent and personal gain, ethical hackers or white hat hackers are hired by the owner of the company and given permission to penetrate the network and computer systems using the same tools and knowledge of a criminal hacker but with the intention to determine vulnerabilities and weaknesses to the security of such systems and networks. Their work is conducted in a lawful and legal manner. by doing so, they can then recommend preventatives and corrective countermeasures to the organisation to prevent cyber attacks.

Ethical hackers use many methods of sourcing vulnerabilities. they use port scanning tools such as Nmap, Wireshark or Nessus to scan a company’s systems, analyse open ports, study the vulnerabilities of each port and take corrective measures. They also critically test patch installation processes to make sure no new vulnerabilities are introduced to take advantage of software updates and exploit them. Using the right tools, they also perform network traffic analysis and sniffing. Ethical hackers also rely on social engineering techniques to manipulate end users and find information about an organisation’s computing environment.

Like black hat hackers, ethical hackers look through activity on social media or GitHub, engage employees in phishing attacks through email or roam through premises with a clipboard to exploit vulnerabilities in physical security. However ethical hackers are given limitations restrictions to their social engineering techniques such as making physical threats to employees or other types of attempt to extort access or information in order to keep their hacking ethical and lawful.

Despite being a term on everyone’s lips and an increasing wealth of information becoming available online, cybersecurity remains somewhat of an abstract concept. This may have something to do with its intangibility or perhaps more simply because most us don’t feel the need to gain knowledge of the topic and apply it to our everyday lives.

The fallout from that way of thinking, however, can be catastrophic. Unfortunately, the ever-expanding number of businesses being hacked says a lot about what we can expect in the future.

As a small to medium-sized company in the virtual data room space, security has always been a top priority for Drooms. We sat down with Rosanna Woods, Country Head UK of Europe’s leading VDR provider, to discuss cybersecurity in 21st-century business and how you can minimise risk.

So first and foremost, introductions: what does Drooms stand for and what are some of the key strategic objectives of the business?

 

What role does cybersecurity play in Drooms’ business practices?

 

The GDPR has shaken things up big time. What are some of its implications for business?

Still on the topic of data protection, is Drooms GDPR ready?

Drooms has always taken the security of its customers extremely seriously and has been GDPR ready for a while now. Several factors have made the road to compliance rather straightforward. Certainly, being a European provider historically compliant with strict German data protection standards has helped.

When it comes to a cyber threat, are there some sectors more at risk than others? Any tips for those wanting to minimise risk?

Sharing business-critical information in the era of cyber threat is risky with a lot of platforms out there. Security should be a major area of focus for providers who ought to be able to explain the various measures adopted to protect data from modification, unsanctioned processing or loss.

To learn more about Drooms and their business, visit https://drooms.com/.

 

A collaboration between Ivan Seifert from Demystify Security and Leonora Staines from Drooms. Thanks to India Lewis for providing video editing support.

 

 

1. Techplomacy

First came the creation of a U.S. Government ambassador to the Silicon Valley, then came the world’s first national technology ambassador, Casper Klynge of Denmark.

The Danish government recognised the lacuna in communication between politics and the private sector tech giants like Facebook and Google that are shaping the global internet. “If you look at what impacts us in our daily lives and how much data they can pull on all of us… (the firms) are truly influential players”, Klynge said. Like diplomacy between nation states on cybersecurity matters, it is becoming increasingly important to discuss policy issues like counter-radicalisation, propaganda, and internet sovereignty with these companies.

 

2. Threat alliances

Organisations like the Cyber Threat Alliance headed up by a former Obama administration advisor, Michael Daniel. The unique organization aims to increase information sharing and change the rules of the road in cybersecurity competition. Instead of a field dominated by “my inadequate pool of data is bigger than your inadequate pool of data”, thinking as Daniel puts it, they aim to communicate about and minimise threats. Despite the size of any given company’s IT department, or cybersecurity team, all can benefit from the new vision of information sharing that includes government resources.

 

3. Anti-cybercrime collaboration

International Law Enforcement organisation INTERPOL is teaming up with Palo Alto Networks, an American network and enterprise security company, to combat the global phenomenon of cybercrime. Palo Alto became the first private cybersecurity company to sign a Data Exchange Agreement with the organisation, marking an important advancement in cross-sector data sharing for the purposes of protecting networks, information and, by extension, citizens. Their integration extends to the presence of members at operational briefings at both INTERPOL HQ and at Palo Alto’s flagship in Santa Clara, CA.

 

By Kate Dinnison

 

The FBI, DEA and Europol are celebrating the successful take-down of AlphaBay and Hansa, two of the Dark Web’s largest marketplaces. There are consequences for one marketplace closing, however, other Darkweb sites are finding significant spikes in membership, new vulnerabilities, and a wave of market saturation. In the week following the bust, similar sites saw their number of listings rise by as much as 28%, according to the BBC.

After Silk Road and its 2.0 version were taken down in 2013 and 2014, AlphaBay quickly emerged as the forerunner in its field and grew to be ten times its size according to acting FBI Director Andrew McCabe. When Alphabay went dark, it hosted 40,000 vendors, 200,000 users, and over 350,000 listings for illicit goods and services.

The Dark Web is accessed through Tor Hidden Protocol Service and is known for its sinister products – child porn, illegal drugs, sex workers, and even hit-men. Customers are attracted to such sites because the monetary exchange is untraceable using blockchain technologies to exchange crypto currency.

The movement of users and increased attention to such sites is being used as an opportunity to exploit and Phish new users. Additionally, this “refugee crisis” is causing a drop in product quality according to some customers.

This event has sparked an interesting debate about the ramifications of a seemingly desirable outcome for law enforcement. The joint operation to restrict interfaces enabling illegal activities was indeed a success, but demand does not disappear overnight. The Alphabay saga begs the question: what role should governments and business play in providing a safer internet experience on illicit sites? Or does an individual assume all the risk when engaging in illegal activity?

To make the story ever-more thriller-like, the 20-year-old Canadian founder of the site was found hanging in a Thai prison, spurring internet conspiracy theories, despite evidence of suicide. Federal agencies will continue to play whack-a-mole with these types of sites with the hopes of suffocating the illicit economy it facilitates. While the aim in shutting down these sites is to protect citizens from malware, dangerous drugs, identity theft and the like, there will continue to be a demand, and inevitably a supply elsewhere in the shadows of the internet.

By Kate Dinnison

 

 

 

Recently, we chatted with Dr. Tim Stevens, a lecturer in Global Security at King’s College London. His most recent publication titled ‘Cyberweapons: an emerging global governance architecture’ discusses the already-existing structures in place that oversee the use and regulation of offensive cyber capabilities. Our Communications Manager, Kate Dinnison, discusses with Dr Stevens what constitutes as ‘weaponised’ computer code and the Chinese view of internet sovereignty, among other topics. You can follow his Twitter @tcstvns and his blog at https://assemblingsecurity.wordpress.com.

 

KD: Firstly, tell me a bit about how you found your place in academia and how you would define your field of research, because I don’t want to try to define it for you.

 

TS: I came to academia through a rather circuitous route. I had a previous career as an archaeologist, that was my first degree. I worked in archaeology for 10 years in the field. I was a field archaeologist doing excavations both in the U.K. and abroad. I was also a stone tool technologist, so I used to look at flint, tools and artifacts from thousands of years ago.  That always reflected in me an interest in technology, in ancient technologies. But I also got very interested in information technologies, so I decided I wanted to go back to college to study that more extensively. I got caught up in the foreign security-conflict relation between information technology and politics. And I did a PhD at King’s and ended up teaching at King’s as well, so now I look at cybersecurity.  And for the last ten years I’ve been looking at cybersecurity. What I do now really is thinking more about the global aspect of cybersecurity rather than the technical aspect. And by the global, I mean international politics. How information technology, security, affect the way that states interact, the way that global governance operates in that space with respect to the internet, and lots of issues surrounding those two main areas of research.

 

KD: That leads perfectly into my second question which is related to the article you recently published. So obviously all eyes are generally on Russia when you’re talking about changing the current, as you put it, global internet sovereignty architecture. But you just published an article on China’s view of Cyber Governance in Politics & Policy. And I was wondering if you could explain a bit about your assessment of their views and their intentions.

 

TS: I think what we’re seeing at the moment is potentially the beginning of what a lot scholars have been suggesting for years which is that when we talk about the global internet, we shouldn’t get too excited about the fact that it’s going to flatten traditional political hierarchies, that it’s going to need some form of transnational governance automatically, just because the internet exists. These same scholars have argued for a long time that what we may be witnessing, what we’re about to witness, is a fragmentation of the global internet, roughly along national, sovereign, territorial lines. The recent resurgence in this term internet sovereignty or what’s sometimes called cyber sovereignty is exactly what these scholars have been suggesting is that we’re seeing countries attempting to throw up borders in cyberspace, if you’d like, roughly contiguous with their territorial borders, and therefore exert control over the internet in a much more complete and total sense based upon sovereign lines. So when the Chinese talk about internet sovereignty, we’re not entirely sure quite what it means yet, which is the point of the article, but it’s very much about trying to exert sovereignty at particular points and lines in the internet that don’t actually exist in a physical fashion. The internet does cut across borders, but the Chinese are trying to develop the idea, as are the Russians, as indeed are many Western countries as well, about how to exert control of the internet in their borders, about how to control what comes in, about how to control what goes out, how to control what happens within national cyberspace.

 

KD: Again, that’s perfect segway to talk about the current debate in the U.K. After that attacks of last month, Theresa May came out with this statement, saying the internet must be regulated and we must find a way to get rid of these safe spaces for terrorists to communicate etc, etc. What nuances is the UK debate missing, for those who read this in the Daily Mail and don’t really understand the opposing sides? Going off of that, should the brunt of the responsibility, like she said, be placed on these social media companies, or should it be somewhere else?

 

TS: There’s a lot of issues packed in there. The first thing to say, clearly, that any regulation of the internet is difficult. The internet is developed, primarily as a fairly lightly regulated space, which has mainly been driven by private actors, corporates, and the like who, by nature of them being high-tech companies, have tended to be lightly regulated, because governments don’t always quite know how to regulate them. Or the fact that they’re seen as great economic drivers, therefore we don’t want to regulate them. And the tech companies know this. The other interesting thing about the U.K. example is that in 2008, then Labour home secretary Jackie Smith said precisely the same thing when she said that the internet is not a no-go area for governance. This is not the first time we’ve been here in the U.K. Theresa May is articulating the same thing that Jackie Smith was. You know, one of her predecessors as home secretary. Jackie Smith’s comments were in the context of exactly the same debate – about terrorism, about online radicalization, about internet terrorism, if you like. And we haven’t progressed an awful lot further. It is not clear precisely how you would go about these measures short of really cracking down on any form of internet content or expression that you deem problematic. And that notion in itself is problematic in a democracy.

Ostensibly, we do have, if not in constitutional terms, at least in international legal and in human rights terms, the right to freedom of speech and expression on the internet or wherever it happens to be. And putting the onus of responsibility on social media companies, while I understand that impulse, because they are effectively these days publishers of content as much as they are just platforms for content. I think it’s going to take a much more cross-government cross-sector approach to this. And what worries me about this is that there’s actually not a lot of public debate about this issue. Maybe that’s because everyone knows intuitively that the internet is so difficult to regulate that whatever governments suggests social media companies do, simply won’t work. Or whether it’s that people don’t care. I really don’t know. Lots of these supposedly technical issues tend not to attract much public attention, but this is not just a technical issue, it’s a political issue. So if you can choose to restrict freedom of expression by one group of people, how do you stop it being applied to another? I think it’s a real thorny issue for government, and I haven’t seen an awful lot of public consultation on this issue. All governments like to think big, talk big, but it remains to be seen what sort of concrete measures the U.K. government is going to actually put in place.

 

KD: Next one is related to the recent assessment of Crash Override. I was reading into your article on cyberweapons a little bit. I was wondering if any of these recent attacks, in your mind, qualify, with that idea of intentionality and harm, as such?

 

TS: The whole term cyberweapons is absolutely fraught because when you use it, it brings connotations of military, hardware, of national intent, of them being somehow strategic. So I try to use the term very very sparingly, but it is a term that’s being used. In direct answer to your question, no I would not. I would suggest that this is malware. The WannaCry example may well be something to do with North Korea, a lot of people think it is. In which case, there is intent there, in terms of creating disruption. But what’s the strategic goal? There doesn’t seem to be any kind of clear political aim to releasing malware like that on the internet. It may have just been a test. It may have been to disrupt. We simply don’t know. But I hesitate these days to call many things cyberweapons unless there’s a military, perhaps intelligence context.

 

KD: I got the feeling that many people were comparing crash override to Stuxnet, saying that this was the second public occurrence of something of this kind, of something this far-reaching. They’re saying it’s a dry-run for something larger, perhaps an attack on American infrastructure.

 

TS: It really depends on how you define weaponry. And there is no international legal definition of weaponry. When you use the term weapon it comes loaded with all manner of connotation and resonances with conventional weapons, and of course nuclear weapons too. I think there would be a case for calling targeted malware weaponry, but whether I agree with it or not is lute. I’m not going to stake my house on it.

 

KD: This is more for my personal curiosity. In doing some research for Demystify and for your course as well, there are so many fantastic code names, operation names, kind of hacking aliases and things like this. Do you have a favorite you’ve come across over the years.

 

TS: I’m quite a fan of Moonlight Maze. I know that Thomas Rid has done an awful lot to unpack precisely what happened and so on, and he’s done brilliant work. But it still has this mysterious, early history of internet war if you like, of espionage, of intelligence. And when I hear that name, it resonates in so many different ways when we look back 20 years. And were thinking now again about the Russians and precisely what they’re up to. And what the Americans are doing, because that quite often drops out of the conversation. It’s all about the darn Ruskis, when we’re forgetting of course the main center of expertise and cyber operations is American, not Russian. All these things come to mind when I think about Moonlight Maze.

 

KD: And our tools are coming back to bite us!

 

TS: Yes they are, you can thank Shadow Broker for that.

 

KD: Last one – what are your go-to blogs, sites, podcasts, twitter pages, to keep up to date on all of these cybersecurity matters.

 

TS: I think the best one, even if I don’t agree with him all the time, is Stewart Baker.

 

KD: It’s not the Steptoe Cyberlaw podcast?

 

TS: Yeah it’s that one. I think because they have such a weight of expertise when they’re discussing these issues. And they’re deeply embedded in the security establishment as well. They can get anyone they want to talk about anything they want, they have that kind of draw. They’re quite hawkish in many respects, but they really kind of cut issues open and analyse them forensically, and sometimes come to rather surprising conclusions. It’s great to hear people doing that kind of forensics, very intellectualised, but practically focused work. So I’d definitely recommend the Steptoe Blog and Podcast.

 

Last December, hackers targeted an electric transmission station in Ukraine, causing approximately one-fifth of the city to go dark. Earlier this month, Cyber security firms DSET and Dragos Inc. released a report on the malware, suggesting an alternative utility for the event.

They’re calling the attack a potential “dry run” for the malware to be adapted and used on a larger scale. “Nothing about this attack looks like it’s singular,” said Robert M. Lee of Dragos.

Nicknamed “Industroyer” or “Crash Override”, it is only the second known malware that targets industrial control systems in order to disrupt their functioning. Stuxnet captured the attention of cyber security exerts after its existence was made public in 2010. The US-Israeli worm however was released for military purposes, to delay the enrichment of uranium needed for the production of nuclear weapons in Iran. The world of nuclear weapons and the world leaders who wield them operates somewhat outside the civilian sphere. Malware that affects public infrastructure, however, has the potentiality to be wide-reaching.

Ukraine is not a stranger to Russian-initiated blackouts. In 2015 hackers remotely controlled power grids to deprive 225,000 people of power. This specific malware functions by scanning industrial systems, manipulating their settings, and opens circuit breakers to cause the power cut.  Once the malware infects a Windows machine on the target’s network, it can map and obtain network logs and send the information back to the proverbial mothership.

Crash Override’s newfangled ability to both physically affect power grids and serve the function of an information-driven computer network operation should serve as a wake-up call. The successful one-hour long operation in Ukraine could serve as a springboard for affecting infrastructure in Europe or North America.

Some nations have built their critical infrastructure to be more resilient to disruption, however. The United States and many coast-bearing nations prepare themselves for natural disasters and for operating infrastructure manually, instead of relying on software.

Politicians often spout imaginary disaster scenarios to encourage funding resilient infrastructure, but it seems a real weapon is looming over the West. “It’s the culmination of over a decade of theory and attack scenarios,” Caltagirone told the Washington Post. “It’s a game changer.”

By Kate Dinnison

 

 

 

 

 

 

 

 

 

 

 

 

We recently interviewed Misha Glenny, journalist and author of DarkMarket: How Hackers Became the New Mafia. His 2011 book explores the world of organized crime on the internet, including spearphising, carding, hacking, and how the UK government is responding to this phenomenon. In the interview, our Communications Manager, Kate Dinnison, asks him to discuss his own personal cyber hygiene, trends in cyber security today, and how technology is aiding traditional organised criminals.

 

Dinnison: After doing research for Dark Market, what personal cyber security practices do you now find important?

Glenny: There are very basic things to do. I still have an antivirus program as standard, even though I use a Mac. Increasingly I use a VPN as well. But the most important I think for me is approach to email. Two things: the first one is simply that I don’t consider email to be a private form of communication. I consider it a public form of communication and so I am polite, courteous, and above all else I don’t put anything sensitive in there. This is the big lesson from Podesta and the DNC hacks. Everyone’s going on about how it was appalling they were hacked. And what’s really appalling is that they are sending sensitive material over email. If anyone has got that message after the Sony hack of 2014, then they shouldn’t really be using a computer. The second thing about emails is that you have to know how to read your messages. And that means being able to read a header. That means automatically being able to detect the type of language that is being used and is that language appropriate to the type of person that is sending it to you. And if there are any links and if they’re disguised links, run your cursor over it and see what that link really is. If you have any doubt about it, you just don’t go for it for attachments or links. There are some things you cannot avoid. You should have within your antivirus software a browser scanner built in as well so that anything that looks at all dodgy is blocked by your antivirus programme or that they at least ask you if you want to the site or not.

And those are the major things that I do. Because I am a member of a family I make sure that everyone else is also taking some of these security measures. Because you can be as careful as you like but if you get a bug on your network then you’re vulnerable. And also I change passwords on routers so it’s not the default password. Another thing I do is I use a master password, basically a password accumulator so that I don’t have to worry about that. Now there are problems with those programs. For logins that are not important, where you’re not storing personal data, where you’re not storing debit or credit card data, where there’s nothing sensitive, you can then use ’password’ or ‘123456’ or whatever it is you want as an easy password provided you don’t use that password on any sensitive things. I suggest basic domestic hygiene really.

 

Dinnison: I imagine the same as in a family, the same goes for when you’re operating in a business environment. Everyone must practice these security measures.      

When it comes to corporate, it’s very different. There you need active engagement from the Infosec department and the risk management department. Some companies will have a fraud department and above all else you need the board to be fully engaged with it. If the board is not fully engaged, then what usually happens is that InfoSec and IT security are unable to spread a culture of appropriate cyber hygiene through the company and that means you’re riddled with potential vulnerabilities. I keep track of various surveys that are made of IT security and board members on what their engagement with cyber security is. And what we see, even now, in 2017, we still see something the range of 50% of CEOs and other board members not engaged with the issue of cyber. This means you don’t get the vertical and horizontal communication that you need in organizations. These are corporations that have the type of money to invest in this. You have other things like government institutions but also NGOs and charities are extremely vulnerable because they don’t have the cash to put in any digital solutions and often don’t understand the culture required that all employees or members should be working with.

 

Dinnison: That was the excuse of the DNC.

Glenny: It’s not an excuse, it’s a failure. It’s a complete management failure.

 

Dinnison: The industrialization of cybercrime poses a big challenge to not only individuals but law enforcement. You illustrate this in your book through different case studies. After interviewing these subjects for DarkMarket are there any simple policy suggestions you would pass on to the UK government?

There are a number of things. You have a problem that arises from the development of secondary markets and off the shelf malware. This means that because you can either buy malware to deploy or you can hire out botnets to launch DDOs attacks. Or you can request a team of hackers to create your own botnet, which is becoming particularly dramatic with the Internet of Things. What this means is that the government really needs to step up. Here in the UK I suspect the National Centre for Cybersecurity in Victoria, which is an offshoot of GCHQ, could be a very useful thing. Britain has been pretty advanced in terms of coordinating government, business and the public sector in terms of security. I’m a little worried that the National Cyber Security Centre has absorbed too much of the culture of secrecy that necessarily defines GCHQ. So I’ve talked to a few people who have tried to approach it for advice and media requests and they have been very, very unhelpful. And I think that’s a mistake – you need to enable and encourage people. That was the whole point of putting the National Cybersecurity Centre in the middle of London so that it would be accessible, they wouldn’t be locked up in the donut in Cheltenham.

The other thing is of course resources. This is going to require more money. The British government has been channelling a lot into cyber defences and I think that’s the right thing to do. But it also requires explaining to people why you need to take police resources away from where people feel comfortable with the old syndrome we have here in the UK of ‘the bobby on the beat’. It’s necessary to shift some of those resources toward active cyber defence because many, many people are now subject to attacks whether its credit card fraud or identity theft or the use of the computer power as a botnet. People don’t know what to do when it happens. If you ring up the police and they don’t know how to proceed if you are a victim of crime online, it starts to unnerve people. One of the things I discovered talking to victims of chronic fraud or indeed identity theft is that psychologically it is perhaps not quite as devastating as finding someone has been in your home but it really does frighten people. It triggers extreme anxiety to find out that what you thought was entirely intimate, private sphere has been violated by an unknown outsider. So you really need your enforcement officers who are capable of dealing with these victims but with a degree of psychological understanding as to what victims are going through when they report crimes. You need support for that and support requires resources. And that means these days taking it away from somewhere else.

 

Dinnison: Do you anticipate any changing trends in cybercrime due either to reliance on new technologies or any societal change?

Well IOT (Internet of Things) is the greatest concern. Because in a short space of time thanks largely to the mirror botnet we have seen just how powerful the IOT can make sophisticated hackers, people with real technical ability. It basically multiplies computing power by an incalculable amount and if that computing power is in the hands of competent criminals then that can be very dangerous indeed. The problem here is quite simply that innovation, our resistance to boredom, our delight of convenience drives products coming to the market and security is never thought of. And even if people start thinking of security now, the situation with routers around the world is so vulnerable. Basically, products need to come on the market with full security requirements already built-in. And that only happens in maybe 10% of the products.

The second thing that is happening is that up until now traditional organized crime and cybercrime have tended to be two very different things. If you’re involved traditional organized crime, then a sine qua non of your activity is your ability to threaten or deploy violence. And in cybercrime that is not a sine qua non. You don’t need to have a capacity for violence. This is a unique development where an entire raft of crimes will attract socioeconomic groups that are very different from what we understand by organized crime historically. The only thing which connects the two of them in terms of their makeup is the gender issue. That is about 92-93 percent of organized crime syndicates are male, and 95-96 percent of hackers are male. So this is a huge marker. But other than that, class, intellectual capability, age, because hackers start much younger as a whole, are very different. You’re dealing with a different set of motivations, different psychology. You’re dealing with different modi operandi as well.

However, the reason why these two groups have been separate up until now is because traditional organized crime is still dominated by a generation who are frightened or even dismissive of tech. The new generation of organized criminals growing up are digitally literate. This means first of all they understand how cyber can be used to make their business more efficient and accelerated in all sorts of ways. The forerunner of that were the Nigerian 419 scammers who understood the scalability of their operation through email. But now what you’re beginning to see are entire tribe organizations assuming a cyber capacity to make their work more efficient. You can see that in the accounting capability of someone like the PCC, the first capital command of Sao Paulo, the largest organized crime group in South America. You can see it in the Mexican cartels. You can see it really wherever you go in Europe.

The latest Europol organized crime threat assessment makes it very clear that organized crime is being digitalised. Now for example you now get organized crime involved in burglary. They’ll do two things before they attack a street of houses; they’ll send drones over first of all to ascertain where the vulnerabilities are in terms of breaking in. At the same time as scoping it physically though drone technology, they’ll be checking everyone’s social profile on the street so they identify who lives there, when they go to work, when they go on holiday, what sorts of things they’re involved in. Whether they have lots of computers or cameras. Then they will coordinate the actual break-in very carefully and they’ll take six to eight houses all in one go in the space of about an hour or so, and they’ll be gone across borders before anyone gets home. So that is using cyber to increase your capacity but then there is also the industrialization of cyber malfeasance. I use the word malfeasance because attribution is a big problem. You don’t know if you’re dealing with espionage, intellectual property theft or whether you’re dealing with bulk standard ransomware criminals and credit card fraudsters.

In terms of the current threat the two fastest-growing cybercrimes are ransomware and what’s called CEO fraud. It’s basically when a CEO gets a message from someone he or she knows asking for a payment to be made. It’s a very targeted attack where they authorize the transfer of money which is in fact going to fraudsters. There were two cases last year in which single transfer where a CEO of a large German electronics company called Leone and a large aerospace manufacturer in Austria called FACC. Both of them authorized the transfer of 4 million euros. This led to the FACC CEO having to resign. This is a huge industry now against American companies increasingly and the European Union as well.

 

Dinnison: Lastly, where do you go to keep up-to-date on cybercrime related subjects?

Glenny: I track websites like Brian Krebs’ website. I met Brian when I was researching DarkMarket and he does a fantastic job. Bruce Schneier has a fantastic blog. What Bruce does is link cybersecurity to larger security issues and geopolitical issues which is what really interests me. I’ll also look at The Register and various tech-security websites to see what’s happening and then talk to people in the industry.

Developed in 2009 by an unknown individual or group under the pseudonym Satoshi Nakamoto, Bitcoin was the first ever crypto-currency to be used in the world. Bitcoin is a decentralised digital currency, which means it can be transferred instantly to anyone in the world without having to rely on a central authority such as a government or a bank.

Instead, it uses cryptography and block chain technology to control the creation and transfer of money therefore giving it an advantage over other traditional currencies that we use. Other benefits of using Bitcoin include being free from government interference and manipulation (e.g. inflation), reduced transaction costs, faster transactions and inability to commit credit card fraud.

Consequently, there has been a rise in many online services and retailers in different industries that now use and accept Bitcoin. A few examples include Amazon, Paypal, Bloomberg and Microsoft. It’s also worth mentioning the rise of Bitcoin usage within the Darkweb. Did you know that the selling of illegal drugs on the Internet make up a large proportion of transactions made using Bitcoins today? Due to its powerful encryption protections, it’s no wonder that other illegal activities such as selling of arms, weaponry and illegal services or tax evasion take advantage of this impressive technology.

It’s true that when scaled to a global and mass level of consumption, major issues such as criminality, security and price volatility concerns need to be addressed, and like any new financial technology, the use of a decentralised online currency introduces many uncertainties and risks that we haven’t had to face before.

However, our society is slowly transitioning towards a digital age and this provides us with more opportunities to liberate ourselves from old traditional concepts such as bank-controlled currencies. It may take several decades or even a lifetime before we see the Bitcoin become a global currency but as the world is evolving towards new technologies, we should make an effort to embrace Bitcoin with open arms. I imagine it won’t be long before we see a digitally rich economy that includes Bitcoin, other crypto-currencies and a working coalition between central banks and digital currencies.

So when it comes to using Bitcoins, here are a few ways you can keep safe and prevent these risks when making transactions online.

Make sure to secure your wallet:

Unfortunately once Bitcoin is stolen it is almost impossible to recover. There is no refund or guarantee against fraudulent charges so we cannot emphasise how important it is to make sure to secure your Bitcoin wallet. There are several security features and good practises that you can read up on to prevent theft (see link below). A few examples include enabling two-factor authentication, phone number verifications and multi-signatures.

 

Read up on scams:

Online scams and fraud are on the rise and scammers are becoming increasingly sophisticated, especially when it comes to new technology. The best way to stay safe and avoid them is to know what to look for. This can be done by spending time learning about some common scam traps to prevent you from falling into them. A few can be found on these websites:

https://www.weusecoins.com/bitcoin-scams-how-stay-safe/

https://www.cryptocoinsnews.com/bitcoin-scams/

 

Price volatility:

The price of a Bitcoin can be volatile and in the past, has shown to unpredictably increase or decrease quite rapidly. An important risk factor for the future of Bitcoin is whether it can achieve a stable value. Stable prices are an important quality of a successful currency but due to Bitcoin’s young economy and novel nature, it’s important to be wary of the risks when storing money with Bitcoin.

 

Protect your privacy:

Although a Bitcoin transaction is often perceived as an anonymous payment, in reality, all transactions are public, traceable and permanently stored in the Bitcoin network. A Bitcoin address holds all the information about where Bitcoins are sent and once an address is used, it becomes tainted by the history of all transactions used with it. The address history, along with the revealing of user identity during a purchase, shows that trading Bitcoins is not at all anonymous. It’s therefore vital to only use a Bitcoin address once, and users must be careful not to disclose their addresses.

 

Bitcoin is new:

Bitcoin is still a relatively new technology and there are a lot of potential risks associated with investing in it. There is still a lot of room for development and ‘unknown unknowns’ and with each improvement there is a liability of revealing new challenges and issues. Make sure to be prepared for problems and if they arise, consult a technical expert before making any major investments.

For more information on how to stay safe please visit https://bitcoin.org/en/you-need-to-know

 

Written by Melissa Liow; MSc in Physics, interested in outer space, artificial intelligence and Elon Musk!

If you’ve watched the news lately you will see ransomware, ransomware, ransomware all over the place. Some of you may ask: what is ransomware? Ransomware is simply a program that encrypts your hard drive and or files and asks for a sum of money in return for a decryption key. Ransomware can spread very easily and can cripple a network in matter of minutes, if not seconds.

 

How To Defend Short Version

Literally the short way to defend against ransomware is to simply follow best practices.

 

Detailed Version

Well if you made it this far, I guess you really want to know what you can do to help yourself and your organization. Here is a list:

1. Train Everyone – Training is essential. Every employee of your organization needs at the very least awareness training. They need to know how to spot hazards and how to avoid them. Please include higher ups such as the CEO and other non-technical management staff in your training because they will be vulnerable to Spear Phishing attacks.

2. Install and Keep Your Anti-Virus Updated – In this day and age people still avoid updating their anti-virus and some even worse have none at all. This puts you and your organization at serious risk. Ransomware can also infect your mobile devices from phones to tablets so get to it. Some protection is better than none.

3. Stay Away From Sketchy Websites – A seasoned internet user may not fall for this and some know when to get out because it just doesn’t feel right. For those of you who have trouble identifying sketchy websites you can use an anti-virus such as Avast. It has a feature called Real Site. There is no free version available, but it helps a lot.

4. Don’t Torrent Anything – Many people don’t know this but a lot of torrents are infected with malware that can more than encrypt your hard drive and files. Black hat hackers use torrents to secretly steal people’s login information for websites like your bank, PayPal etc.

5. Implement a Paranoid Web Usage Policy – Network administrators: this one is for you. You can do a lot to protect your network. Ban everything except for what are known to be a safe sites. Even then you can’t fully protect your network because legitimate sites if their security is not up to par they can become infected and spread malware also. A good idea also is to set a rule to automatically delete web attachments in email once they hit your server. Email still is and will always be a popular infection vector. As network admins you can hold people accountable if you train them how to recognize and avoid threats. Perform a sting operation. Send out some prank malware and when they call you for help you say you didn’t do what you needed to do. Make sure you retrain them. Training is essential.

6. Keep Your Systems Updated – Time and time again people just don’t update their PC’s phones and tablets. It simple guys. As a network admin or security professional it is your job to make sure that all the PC’s are updated. Remember that Microsoft and other vendors and makers of software release updates that could potentially save you and your organization from disaster.

7. Perform Vulnerability and Penetration Testing – Sometimes you may feel like you’re safe when you really aren’t. If you perform this type of testing on a regular basis you can stay on top of things. It may be costly but would you rather lose a little money or A LOT OF MONEY? Just a little? I thought so.

8. Keep Up With The News – Yes this one might be a little boring but this could be the difference between your company losing millions of dollars or you just losing a few minutes of your time daily.

9. Log Monitoring – This one is hard to do I must admit. Combing through logs day after day will probably drive anyone insane but it’s a must. Many hackers try for months or even years to break into a system. If you can notice a pattern like failed admin login attempts after works hours – bingo.

10. Browse Forums – I would never tell anyone to browse the deep web but sometimes black hats know about vulnerabilities and ways to exploit them way before security experts. If you do decide to go there make sure you know what you’re doing but for the average Joe STAY FAR AWAY !!!

 

Conclusion

No system is ever secure 100% of the time. If you keep up with all that I have mentioned here in this blog you can rest assure that you have a relatively safe system. Remember to be forever a student and keep learning. The more you know, the better you can protect yourself.

 

Written by Joel Chang; Cyber Security Professional and forever a student of learning (CEH,Security+,Network+)

 

We’ve selected some celebrated books in the world of cyber security you should check out this Summer to expand your knowledge of contemporary issues.

 

A cautionary tale: Spam Nation by Brian Krebs

In an exposé delving into a dark side of the online world, Krebs, a former Washington Post journalist and cybersecurity expert, pulls back the digital curtain to reveal the secrets behind email spam, botnets, rogue pharmacies, and other Internet threats. Armed with reams of information sent to him by feuding hackers and cybercrooks, Krebs explores just how and why these spammers get away with so much—how they make millions by flooding our email in-boxes with ads for cheap (and often unreliable, dangerous, or illegal) drugs, and how they stay one step ahead of the authorities. He traces many of them back to cabals taking refuge in the relatively laissez-faire former Soviet states, where the so-called Russian Business Network flourishes somewhat openly. Krebs plays the role of fearless crusader and hard-nosed investigative journalist, his crusade costing him his job at the Washington Post and his curiosity taking him to meet Russian spamlords face-to-face. By exposing our digital weaknesses and following the money, he presents a fascinating and entertaining cautionary tale. Krebs’s work is timely, informative, and sadly relevant in our cyber-dependent age.

Review from Publisher’s Weekly

Buy at your local bookstore or online here.

 

 

A holiday read: Zero Day by Mark Russinovich

If you’re looking for something less complex that still provides an accurate picture of what’s going on in cybersecurity, this novel can give you that mental break. Although the story is fictional, the scenario it depicts of a cybersecurity attack on an airplane’s on-board computer isn’t at all unrealistic. Several references to real cyberattacks are included, and descriptive language brings the mechanics of these threats to life in a way that a wide audience can understand and appreciate. You won’t get any technical knowledge from this book, but its subject matter is timely enough to make you think more critically about current cybersecurity issues.

Review from Homeland Security Degree

Buy at your local bookstore or online here.

 

 

A comprehensive cyber security guide: Cybersecurity and Cyberwar: What Everyone Needs to Know by P. W. Singer and Allan Friedman

“I found Cybersecurity and Cyberwar: What Everyone Needs to Know to be an enjoyable read, filled with engaging (funny) stories and illustrative anecdotes. Readers are taken on an entertaining tour of the important issues, history and characters of cybersecurity, from the Anonymous hacker group and the Stuxnet computer virus to the cyber units of the Chinese and U.S. militaries.

For readers without a military or public policy background this book will provide a common base of knowledge around cybersecurity issues. As cybersecurity practitioners, having a common base of knowledge will allow us to cooperatively engage in a dialogue and much-needed conversation around how to approach, understand and deal with the important policy implications of cybersecurity and cyberwar.

Cooperation is a key theme and takeaway from the book, focusing on how difficult, yet necessary, cooperation is for addressing cybersecurity issues. Today we talk in terms of “threat intelligence sharing.” The authors suggest that a governance model based on the U.S. Centers for Disease Control and Prevention could serve to encourage cooperation, disseminate information and recommendations, and mobilize rapid responses as needed. Understanding, communication and cooperation in cybersecurity are truly what everyone needs to know.”

Review from Palo Alto Networks

Buy at your local bookstore or online here.

 

 

For some state-on-state political intrigue: The Cybersecurity Dilemma by Ben Buchanan

Why do nations break into one another’s most important computer networks? There is an obvious answer: to steal valuable information or to attack. But this isn’t the full story. This book draws on often-overlooked documents leaked by Edward Snowden, real-world case studies of cyber operations, and policymaker perspectives to show that intruding into other countries’ networks has enormous defensive value as well. Two nations, neither of which seeks to harm the other but neither of which trusts the other, will often find it prudent to penetrate each other’s systems. This general problem, in which a nation’s means of securing itself threatens the security of others and risks escalating tension, is a bedrock concept in international relations and is called the ‘security dilemma’.

This book shows not only that the security dilemma applies to cyber operations, but also that the particular characteristics of the digital domain mean that the effects are deeply pronounced. The cybersecurity dilemma is both a vital concern of modern statecraft and a means of accessibly understanding the essential components of cyber operations.

Review from the Belfer Center

Buy at your local bookstore or online here.

 

Click here for the Cyber Security Cannon, a longer list of books that every cyber security professional should read, according to Palo Alto Networks.