now browsing by tag


‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks

Source: National Cyber Security – Produced By Gregory Evans

‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks

‘The weakest part of security is us’

This was the message from ethical hacker Mike G.

Speaking at the Irish Independent annual Dublin Information Sec cyber-security event taking place in Dublin today, Mike G, who helps organisations in their fight against cyber security and hacking, said that humans are very easily hacked.

Citing the hacking of US actress Jennifer Lawrence’s Apple iCloud, Mike G said that the hacking was done through the actresses’ password for iCloud being her dog’s name, and the fact that Ms Lawrence had posted a picture of her dog on Instagram – the hacker went from there and leaked photos apparently showing her in the nude on the internet.

In addition, bad systems design and/or insecure security policies can leave people and organisations vulnerable to hacking.

Mike G, who describes himself as a pilot, engineer, and ethical hacker,  described the various was in which hackers can gain information about a person or a company, including through social media, certain types of jobs – “sales people often give out everything” – and even job listings.

In a sobering talk, he listed spoofing texts, calls and emails among the ways in which people and companies can get hacked.

In addition he said that anything can get hacked including pins, biometrics, TVs, and even our fitbits.

However when a person’s phone can be taken over, it’s “huge” he said.

In what was a stark message to businesses, Mike G asked those present at the event whether their company would be able to recover if the competition had all of their data?

However, the news from the ethical hacker was not all bad.

Mike G and his team do a lot of forensic planning, providing, among other services, cyber security awareness training, and impact penetrating testing to show companies their weak spots and how these can be overcome.

The post ‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures


Source: National Cyber Security – Produced By Gregory Evans


SSH private keys are being targeted by hackers who have stepped up their scanning of thousands of servers hosting WordPress websites in search of private keys. Since Monday, security researchers said they have observed a single entity scanning as many as 25,000 systems a day seeking vulnerable SSH keys to be used to compromise websites.

“What triggered our concern was a customer who notified us that they have been monitoring their live traffic and seeing scans for SSH keys,” said WordFence CEO Mark Maunder, in an interview with Threatpost. “When we examined our own honeypots we found that this was not an isolated case and that 25,000 scans were taking place in waves each day.”

Those scans began on Monday and are ongoing, Maunder said and reported in a blog post. Adversaries are using terms such as “root,” “ssh,” or “id_rsa” in hopes of finding web directories containing private SSH keys, most likely mistakenly stored on public directories.

SSH (Secure Shell) is a cryptographic network protocol most often used for secure remote logins to remote computer systems. Successful theft of a private key would give a threat actor access to any server or system where that private key is used for authentication. That risk, security experts note, is not just limited to WordPress but also Linux and Unix systems and embedded devices that also rely heavily on SSH for secure logins and connections.

“Scanning for private SSH keys in public directories is not new. But, the type of increase we are seeing is alarming,” said Justin Jett, director of audit and compliance for Plixer.

He said, seldom are good SSH security practices followed. Unlike digital certificates that expire, SSH have no expiration date and passwords are seldom changed.

“What we find is most businesses and enterprises have no idea what SSH keys are or how to manage them,” said Venafi vice president of security strategy Kevin Bocek. “SSH is unfortunately a secret of systems administrators who create them and tend to them.”

Bocek said Venafi has also seen a recent increase in scanning for SSH keys and not only on public directories, but also in Git or SVN, or subversion, repositories.

Private keys should never be stored in publicly accessible directories. However, too often admins lose track of SSH keys and host both the public and private keys online.

“Exposed SSH keys pose a serious threat to organizations. Anyone gaining access to them has the ‘keys’ to the kingdom,” Jett said.

Earlier this week a report by Venafi disclosed that companies lacked sufficient SSH security controls. A study of 410 IT security professionals by the company found 54 percent of respondents said they do not limit the locations from which SSH keys can be used. It also found 61 percent of respondents do not limit or monitor the number of administrators who manage SSH.

The post HACKERS TAKE #AIM AT #SSH KEYS IN NEW #ATTACKS appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

20 Million Confirmed #Attacks in 24 Hours: #Locky and Other #Ransomware

Source: National Cyber Security – Produced By Gregory Evans

20 Million Confirmed #Attacks in 24 Hours: #Locky and Other #Ransomware

A new variant of the aggressive “Locky” ransomware hits 20 million confirmed attacks in a single day, warns a cybersecurity firm.

Ransomware actors are sometimes incredibly sophisticated, demonstrating careful planning and methodical execution. Some hacker individuals or groups can launch large-scale attacks, casting the widest net possible to catch the maximum number of victims.

To protect yourself, it’s best to get familiar with the types of ransomware out there and how to avoid them.

Here are some figures to give you an idea of the massive scale on which ransomware operates:

Last year, ransomware spread increased by a staggering 500%, with email phishing as the most-used distribution method.
In a given month, ransomware infects 30,000-35,000 devices on average.
During the first 6 months of 2016, 300 new ransomware variants were developed. During the same period, an unknown ransomware actor made nearly $100 million USD in profits.
This year, profits generated through ransomware are expected to hit $1 billion USD.

Locky, a Sneaky Ransomware

First appearing in February 2016, Locky is ransomware, a type of malware that takes hostage all files by encrypting them and demanding a ransom from the victim to have their files returned unencrypted. Usually, with the proliferation of cryptocurrencies, hackers ask for ransoms to be paid in Bitcoin, for obvious reasons (learn more about Bitcoin anonymity here).

Like most ransomware, Locky infects a system via spam (email sent by a botnet), to which a .doc file is attached. These emails often come with a subject that reads: “ATTN: Invoice…”, with a message asking the payment of an invoice urgently.

If the victim clicks on the link, Locky will be quickly installed then it scrambles and renames all files with the extension “.locky” within a system, as well as files in other systems connected to the same network.

This ransomware also removes backup copies (shadow copies) of Windows which makes it impossible to recover files through this method.

Believed to be released by the same hackers who were behind Dridex ransomware in 2015, Locky has been spreading like wildfire across the web in 2017, evolving every now and then by using new sneaky distribution methods.

Just last month, it was revealed that a new version of Locky attacked millions of systems in just one day.

Locky’s Back With new Aggressive Variant

The threat, according to researchers at Barracuda Networks Advanced Technology Group, comes in the form of a new very aggressive version of the strain of ransomware known as Locky.

Per a Barracuda blog post, the attacks originate predominantly from Vietnam, but hotbeds include other countries across three continents, like India, Turkey, Colombia, and Greece, albeit in very low volumes as compared to those from Vietnam.

Barracuda analysts say that about 20 million of these attacks occurred in 24 hours, from the 18th to the 19th of September, and this figure was growing rapidly. Most of the spam emails claim to be from the “Herbalife company” or fake “copier file delivery”.

In an update, Barracuda said its researchers confirmed that the attacks use a variant of the Locky ransomware with a unique identifier. Identifiers are supposed to let hackers ID victims in order to send them tools to decrypt data after the ransom is paid.

This time, however, all victims have been assigned the same identifier, which means that even if victims pay the ransom they won’t receive decryption tools.

Barracuda also said its filters had blocked about 27 million Locky-related emails, adding that its researchers are actively monitoring the situation.

EdgyLabs readers, here’s what you can do if you fall a victim to a Locky or other ransomware attack:

Whatever you do, don’t pay the ransom because paying cybercriminals is tantamount to nourishing their behavior, unless of course there’s no other way to get your “critical” data back.

But in the case of this new vague of Locky attacks, as security researchers found out (same ID for all victims), just don’t bother, because you’re not getting decryption tools anyway whether the ransom was paid or not.

You can remove Locky ransomware using your average antivirus program. You can try to recover your encrypted data by restoring backup copies, but that’s not guaranteed with the new strain of Locky that deletes shadow copies.

Besides updating your antivirus and using spam filters, in the case of ransomware, remember to not open an attached file from suspicious emails of unverified origins and delete them.

But before all of that, make sure you use 3-2-1 data protection.

Use 3-2-1 Data Protection

3 copies of your data
2 separate types of media (tape, disk, deduplication)
1 offline and off-site copy
As always, whenever a hard data drive is compromised, it’s best to reformat the drive completely before using it again in the future.

The post 20 Million Confirmed #Attacks in 24 Hours: #Locky and Other #Ransomware appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Data Analytics: The #New Tool To Prevent #Cyber Security #Attacks

Source: National Cyber Security – Produced By Gregory Evans

Data Analytics: The #New Tool To Prevent #Cyber Security #Attacks

Cyber attacks and security breaches are now a constant threat for businesses. Costing the global economy $450 billion in 2016, they’re now occurring with increased regularity, which in turn has forced businesses to focus more on cybersecurity protocols to protect their key data.

A report issued by Malwarebytes showed that over one billion Malware-based incidents manifested between June and November of 2016, and it’s expected that most of those incidents actually went unnoticed until they had breached a network.

A primary target for cybercriminals are the gaps found when big data files are stored, and following the introduction of the cloud, with its unlimited storage facilities, a new avenue has been opened for hackers to penetrate a system. Allowing for the storage of larger datasets in one place, which can then be simultaneously accessed by numerous people, it’s this transition from data centre storage to the cloud that cybercriminals are looking to target. If security protocols of a business are not enforced and up-to-date then a system can be breached.

However, it isn’t only big data storage systems that now harbor potential threats. Cybercriminals have now begun to utilize smartphones and wearable technology to breach a company network. With statistics showing that four out of five UK adults now own a smartphone, many of which access secure work WiFi networks on a daily basis, it has opened up as the next route that hackers are choosing to exploit.

As the threat from cybercriminals increases, businesses can’t take data security lightly, as cybercriminals are constantly finding new ways to access a system.

Detecting a threat as soon as it penetrates a security firewall is not an easy task by any means, and when a breach does happen there’s no simple fix. They are, however, manageable, and it’s data analytics that has become the newest line of security to help stop threats and increase protection.

A recent survey found that 53% of businesses use data analytics to detect high-security threats to their business. This is a figure which should increase, as findings from a report by the Ponemon Institute shows that an organisation is 2.25 times more likely to recognise a threat within hours or minutes if they implement data analytics.

What is data analytics?

The process of data analytics involves data specialists examining large sets of data to uncover anomalies that are not normally seen by the naked eye. Analysts will sift through data searching for unknown correlations in figures or hidden patterns, and from the information collected, they’re able to perform a comprehensive analysis, and use their findings to identify and deter cyber attacks.

To identify if and when a security breach may happen, analysts will apply predictive analysis techniques to data when it’s under examination. Using statistical methods such as predictive modelling, it enables analysts to use statistics to predict potential outcomes. Partnered with data mining, in which analysts sift through large amounts of historical data, they are then able to cross-examine it with real-time data in order to firm up their predictions.

If a threat area is identified, security protocols will then be implemented, alongside algorithms relevant to the data type or structure which are placed in the development code. This should then close the vulnerability and stop firewall breaches instantaneously.

What can it do for your business?

Despite the ability for data analytics to offer a solution to a daily problem, it’s still something that hasn’t been put to full use by businesses. But with software now available that can be used to aid analysis of larger datasets such as Hadoop, it’s becoming a more mainstream solution.

The data gathered during the analytics process will provide a business with a better understanding of cyber attacks arming them with the correct tools to ultimately stop them from happening. It also allows IT security teams to protect businesses from the inside out.

Larger organisations often have an in-house team constantly monitoring security. But for smaller businesses, there are still options to increase your security protocols. Systems such as managed security service providers offer some network security management, which can be used if your business simply doesn’t have the resources to hire a large team of experts.

Data analytics can also help to quash the potential threats from inside your organisation. Using a security information and event management system (SIEM), businesses are able to monitor devices that are connected to the network, and through the data collected, if a security risk is identified it can be halted.

Implementing data analytics is a practice that every business can use to protect themselves against cyber attacks, increasing their front line of defence, the information collected can help improve security on a business network, and could – in the future – mean an end to the unpredicted breaches to security systems.


The post Data Analytics: The #New Tool To Prevent #Cyber Security #Attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

FormBook is the new malware from attackers targeting manufacturing, defense, and aerospace firms in the South Korea and the United States.

According to the expert FireEye researchers, Formbook was identified in numerous distribution campaigns attacking the U.S. with emails containing unauthentic XLS, DOC, or PDF files. Even similar attacks from FormBook have been identified in South Korea through emails containing malicious files in ZIP, ACE, ISOS, and RAR formats.

With functional payloads, Formbook creates grabber to steal the data, the same being advertised in various hacking forums since 2016. Keylogging, tracking HTTP/SPDY/HTTPS/HTTP2 forms, network requests, stealing passwords from the browsers, email clients, clipboard monitoring, and taking screenshots are some of the prominent capabilities of FormBook.

There have been wide assortments of distribution mechanisms leveraged by the attackers of such email campaigns to distribute the information from FormBook malware, as posted on 9th October 2017 on the

As confirmed by the FireEye experts, an important and exclusive feature of this malware is that is can read ‘Windows ntdl.dll module’ to memory from the disk. This is the exported function of the FormBook making ineffective the API monitoring and user-mode hooking mechanisms.

There is a self-extracting RAR file that delivers the payload execution to the FormBook. During the instigation of launch,an AutoIt loadersrun and compile the script. This script decrypts the files from FormBook payload into a memory and then carry the execution process, confirm the researchers.

But overtime the researchers have identified that FormBook can also download NanoCore, which is a remote access Trojan or RAT that was first witnessed in 2013 and readily sold on the web. Taylor Huddleston, the author of the same was arrested for this in March 2017.

Besides the United States and South Korea, the malware has targeted other countries, such as United Kingdom, France, Poland, Ukraine, Hungry, Russia, Australia, Germany, and Netherlands.Even the archive campaign has hit the prominent countries of the world like United States, Belgium, Japan, Saudi Arabia, France, Sweden, Germany, and India.

The FormBook holds the potential to hit Windows devices, and hence it has become an urgent need for the high-end institutions to look to a more secure solution and upgrade their Windows operating system. As for now, it is announced strictly to not open any suspicious emails or click on unidentified links or download any unknown attachments from any unrecognized email address.


The post CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Officials push cybersecurity education amid rise in malicious attacks

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans SALT LAKE CITY — Digital security breaches that impact megacompanies like Equifax, Sony or Yahoo tend to dominate headlines when they occur, but it’s far more common for small businesses to fall victim to cybercriminals and, when they do, the results are typically far more catastrophic. […] View full post on | Can You Be Hacked?

Understanding The Physical Damage Of Cyber Attacks

Source: National Cyber Security – Produced By Gregory Evans

Whilst some software systems completely change the game in a positive way, other software can do a lot of costly damage to any organization, including physical damage. Though some of the damage may only affect the transfer of sensitive data from one unauthorized location to another, there are some security…

The post Understanding The Physical Damage Of Cyber Attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Malware Attacks Reveal European Cybersecurity Gaps

Source: National Cyber Security – Produced By Gregory Evans

In the wake of two major malware attacks in Europe this past summer, contractors based in the region who wish to do business with the Pentagon and other U.S. government agencies need to ensure proper cybersecurity measures, according to one analyst.  In May, the United Kingdom’s National Health Service and…

The post Malware Attacks Reveal European Cybersecurity Gaps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Local cybersecurity concerns grow along with attacks

Source: National Cyber Security – Produced By Gregory Evans

Hacking. Phishing. Identity theft. They’re household words in this digital age. If it seems like you’re hearing about them more often, you probably are. “It’s going to get even worse before it gets better. We ain’t seen nothing yet,” says Sri Sridharan, Managing Director of the Florida Center for Cybersecurity…

The post Local cybersecurity concerns grow along with attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

10 Approaches You Can Take To Shield Yourself Against Ransomware Attacks

Source: National Cyber Security – Produced By Gregory Evans

The WannaCry attack earlier this year is one of the more notable ransomware attacks in recent memory. The attack, which hit everything from home users to the United Kingdom’s National Health Service, locked key data inside an encryption and then demanded bitcoins in exchange for the key to the data….

The post 10 Approaches You Can Take To Shield Yourself Against Ransomware Attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures