now browsing by tag


UK #businesses face #growing #threat from #cyber-attacks

Criminal cyber-attacks on UK businesses increased last year, according to the annual report of the National Cyber Security Centre.

Firms face a growing threat from ransomware, data breaches and weaknesses in the supply chain, according to the report, published on Tuesday. Emerging threats include theft from cloud storage, which the NCSC argues too many businesses put their faith in.

“Criminals are launching more online attacks on UK businesses than ever before,” a summary accompanying the report said.

The NCSC, in effect the shop window for the government surveillance agency GCHQ, was set up in late 2016 amid alarm over potential attacks on UK institutions, infrastructure and businesses.

The report, Cyber Threat to UK Business Industry 2017-2018, is published to coincide with the opening of a organised by the NCSC, which is expected to attracted 1,800 cybersecurity experts from law enforcement, government and the private sector.

Ciaran Martin, head of the NCSC, said: “The last year has seen no deceleration in the tempo and volume of cyber incidents, as attackers devise new ways to harm businesses and citizens around the globe.

“The NCSC’s aim is to make the UK an unattractive target to cyber criminals and certain nation states by increasing their risk and reducing their return on investment.”

The report was written in collaboration with the National Crime Agency. Donald Toon, director of economic and cybercrime at the NCA, said: “UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cybersecurity extremely seriously in the next year are risking serious financial and reputational consequences.”

Under-reporting of cybercrime by businesses means crucial evidence and intelligence about threats and offenders can be lost. Toon called for full and early reporting of cybercrime.

by the NCSC show 34 significant cyber-attacks took place between October 2016, when the agency was launched, and the end of 2017. A further 762 attacks were less serious. “2018 will bring more of these attacks,” the report said.

It does not break down the figures to distinguish which attacks were purely criminal and which were state-sponsored. The report said that the distinction can be blurred, making attribution difficult.

Among the surveys cited was one by , which recorded a 91% increase in ransom attempts between the first and third quarters of last year.

Vulnerabilities highlighted in the NCSC report included the spread of the , which includes the interconnection of household appliances and other devices. “The internet of things and its associated threats will continue to grow and the race between hackers’ and defenders’ capabilities will increase in pace and intensity,” the report said.

“Many internet-connected devices sold to consumers lack basic cybersecurity provisions. With so many devices unsecured, vulnerabilities will continue to be exploited.”

The NCSC has also issued a warning over cloud security: “As more organisations decide to move data to the cloud (including confidential or sensitive information), it will become a tempting target for a range of cyber criminals.

“They will take advantage of the fact that many businesses put too much faith in the cloud providers and don’t stipulate how and where their data is stored. This could lead to high profile breaches involving UK citizen information.”

The report warns that no matter how good a company’s cybersecurity, it is at risk if this is not matched by the management of service providers and software, which can offer a potential stepping stone into the networks of thousands of clients.

“It is clear that even if an organisation has excellent cybersecurity, there can be no guarantee that the same standards are applied by contractors and third-party suppliers in the supply chain,” the report said. “Attackers will target the most vulnerable part of a supply chain to reach their intended victim.”


The post UK #businesses face #growing #threat from #cyber-attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Computer #Hackers Are #Demanding #Money From #Cities, #States, And #Companies In The #U.S.

Computer hackers are getting more sophisticated. They are not afraid to hold cities, states, and companies’ hostage until they pay a ransom. Hackers are modern day tech pirates that disrupt computer programs and turn shareholders into anxiety-ridden puppets. Computer networks in Denver, Atlanta, and Baltimore, as well as a computer network of Boeing Airlines, are recent victims. Atlanta’s computers went down on March 22nd when a hacker locked important data behind an encrypted wall. The wall would stay in place, according to the hackers, until the city pays the hackers $51,000 in Bitcoins. Atlanta has a week to comply. If the city doesn’t pay, all that important data will vanish, according to the computer pirates. No one is sure if Atlanta paid the money, according to a Fox News report. But Mayor Keisha Lance Bottoms didn’t rule out payment.

The hacking group calls itself “SamSam.” SamSam is not new to the hacking world. The group pocketed more than $800,000 in 2017. The city of Leeds, Atlanta paid SamSam $12,000 in February 2018 to release their data. But Atlanta is not the only city that SamSam has in its hacking sights this month. Officials in Baltimore said their 911 dispatch system was under attack. The system was down for 17 hours recently to prove the hackers were serious. The hackers were able to get into the system after the city made an internal change to their firewall. But the Baltimore hackers didn’t ask for money, and that is concerning, according to Frank Johnson, Baltimore’s chief information officer.

Boeing, the world’s top aerospace company, is also under attack by the now famous WannaCry ransomware. WannaCry is the same ransomware that crippled Britain’s healthcare services in 2017. The Boeing attack is not as serious as the attack in Britain, according to Boeing’s head of communications Linda Mills. Mills also said the 777 jet program was not part of the hack. Mills said only a few company machines were under attack.

Denver also had a suspicious outage when and, as well as other online services, suddenly stopped in March. Some city staffers lost access to their email account. Denver officials claim the shutdown was the work of a computer bug, but Colorado’s Department of Transportation was a SamSam victim in February. The hackers said the information would come back to them if Colorado paid in Bitcoins, according to a news report by Denver7.


The post Computer #Hackers Are #Demanding #Money From #Cities, #States, And #Companies In The #U.S. appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Strengthening #Plans to Protect #California #Elections From #Hackers

Concerned about cybersecurity, California is inspecting and reinforcing its elections systems on a daily basis.

That’s what the Secretary of State told NBC Bay Area’s and Telemundo 48’s public affairs show, “Comunidad Del Valle.”

“In 2016 there is absolutely zero evidence that there was any hack, or breach, or compromise of any type, by the Russians or anybody else.“, said Secretary of State Alex Padilla. “Not that they weren’t trying.”

Padilla says California is already implementing some of the procedures suggested this week by the U.S. Senate’s Intelligence Committee. Committee member and U.S. Senator Kamala Harris said this week that the nation should implement a paper-only ballot system to avoid hacking by foreign entities.

Padilla says those threatening entities include Russia, North Korean and China.

“A lot of the recommendations you’re going to hear come out of Washington are from a national perspective… a lot of those recommendations are based on what California already has in place,” Padilla said.

In a wide-ranging interview, Padilla also said his office’s pre-registration program has seen a huge spike in sign-ups since the high school shooting in Florida.

The program allows teens to register to vote before they turn 18, so they can hit the ground running when they become of age.

Read More….


The post Strengthening #Plans to Protect #California #Elections From #Hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

More #countries are #learning from #Russia’s cyber #tactics

When British and US officials blamed Russian military hackers for last summer’s NotPetya ransomware attack, they were confirming long-held suspicions among western governments that Russia is stepping up its hostile cyber capabilities.

The announcement in February was consistent with the recent rhetoric of political and military leaders in the UK and the US as the two countries turn up the heat on Russia and other state adversaries they hold responsible for a string of aggressive cyber attacks. “I think we have been watching nation states grow steadily more aggressive in their use of cyber capabilities,” says John Hultquist, director of intelligence analysis at FireEye, a cyber security company.

February brought a second Russia-related cyber security controversy. On February 16 an indictment filed by Robert Mueller, the US special counsel who is investigating Russian meddling in the 2016 US Presidential elections, charged 13 individuals and three entities with conducting “information warfare” against America.

The work of the Internet Research Agency, a Saint Petersburg-based company accused of creating fake news and setting up phoney US social media accounts to attract online political audiences, may not be a cyber attack in the strictest sense. However, it fits a broader pattern of online warfare being waged by Russian president Vladimir Putin to disrupt the west and its institutions.

Read More….


The post More #countries are #learning from #Russia’s cyber #tactics appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How can you #protect your #website from #malware and #cyberattacks?

Source: National Cyber Security News

From defacements to backdoor files, what kinds of malware should you be aware of?

Cybersecurity is at the forefront of many businesses’ strategies for 2018, as the breaches, malware incidents and disclosure of many vulnerabilities last year showed just how weak the defences of some of the world’s largest firms really are.

Website owners are at an elevated risk of compromise and, with nearly every business required to have an online presence, the dangers could affect everyone from SMEs to large corporations.

Threats come in all shapes and sizes

Malware comes in a deceptive amount of incarnations, from phishing kits to simpler, flat HTML files. SiteLock was able to examine its categorisation data to find that cyber-criminals are seeking out long-term access to targets in order to facilitate complex malware that steals traffic, spreads more malware and lines the pockets of additional malware.

General malware

General malware or unique encoded malware accounts for 44.04pc of all instances detected by SiteLock’s scanners. Although this type of content can be heavily obfuscated and is often generated at random, there are key indicators that give it away, such as the context of the file’s location based on how the website is structured, file behaviours and how exactly the file is obfuscated.

Read More….


View full post on National Cyber Security Ventures

Hacker #stole £10k from #jazz #charity

Source: National Cyber Security News

A jazz centre, headed up by Westcliff musician Digby Fairweather, was targeted by an online fraudster, it has been revealed.

Hackers accessed an account belonging to the Southend-based Jazz Centre UK and stole £10,000.

Fortunately, the charity had its money refunded by the bank, but Mr Fairweather said people must be vigilant to rising cyber crime.

He said: “The Jazz Centre UK online account had two payees set up at the time for small sums. Someone hacked into the account and moved £4,950 twice in a day into these accounts. He then rang both firms saying he was from the jazz centre and the sums had been transferred by mistake and that we owed the money to someone else.

“He asked them to pay it back and then gave them his own account number.”

Mr Fairweather added: “It was virtually all the Jazz centre UK funds but after an inquiry it was the fault of the bank and all the money was refunded – apart from £216.

“It made us very wary of online banking. It could have left us in a great deal of trouble.”

The incident, which happened in October, came to light after it was raised in Parliament by Southend West MP Sir David Amess.

Read More….


View full post on National Cyber Security Ventures

Canada #build digital #Bitcoin vault to #protect investors from hacking

Source: National Cyber Security News

A CRYPTOCURRENCY vault aimed at protecting online currencies such as Bitcoin from hacking is about to be launched by a digital Canadian bank, it has been reported.

It comes after last month Japanese cryptocurrency exchange Coincheck announced it would have to pay back more than £300million to customers after their system was hacked, affecting 260,000 customers.

Now, Canadian bank VersaBank has announced they are setting up a “Blockchain-based digital safety deposit box” for digital currencies to protect investors from such attacks.

Announcing their brand new vault, VersaBank said: “Your digital assets are just as valuable as any family jewellery, property deed or stock certificate, but protecting them isn’t nearly as simple.

“No storage device or commercial cloud service is completely safe, and most blockchain-based secure storage is only for crypto-currency and offered by companies you’ve never heard of, in places you don’t know.

“Like a safety deposit box, only you have access to what’s inside, and like a safety deposit box, it’s been built by an institution you can trust to be there for the long run.”

President and CEO of the bank, David Taylor, has said he hopes his company’s latest offering to customers will help cement Canada as a cryptocurrency world leader.

Read More….


View full post on National Cyber Security Ventures

What is #cryptojacking? How to #prevent, #detect, and #recover from it

Source: National Cyber Security News

Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.

Either way, the cryptojacking code then works in the background as unsuspecting victims use their computers normally. The only sign they might notice is slower performance or lags in execution.

Why cryptojacking is on the rise

No one knows for certain how much cryptocurrency is mined through cryptojacking, but there’s no question that the practice is rampant. Browser-based cryptojacking is growing fast. In November, Adguard reported a 31 percent growth rate for in-browser cryptojacking. Its research found 33,000 websites running cryptomining scripts. Adguard estimated that those site had a billion combined monthly visitors.

“Cryptomining is in its infancy. There’s a lot of room for growth and evolution,” says Marc Laliberte, threat analyst at network security solutions provider WatchGuard. He notes that Coinhive, the most popular JavaScript miner that is also used for legitimate cryptomining activity, is easy to deploy and generated $300 thousand in its first month.

Read More….


View full post on National Cyber Security Ventures

4 #Digital Security #Principles for #2018 to #Protect Yourself from a #Cybersecurity #Nightmare

Source: National Cyber Security News

2017 was an exciting and terrifying year in cybersecurity news. The digital world saw an upsurge in headlining ransomware, disclosure of large-scale data leaks of personally-identifiable information, increased media coverage of nation-state-level cyberthreat activities, as well as the discovery of closer-to-the-metal issues such as various Intel Management Engine vulnerabilities, speculative execution vulnerabilities (Spectre) and the out-of-order execution vulnerabilities.

All of the above happenings represent a selection of newsworthy digital security discoveries that stood out against against the backdrop of an ever-growing body of known vulnerabilities in every layer of the modern computing stack.

The question for many enterprises in the midst of growing information insecurity might be “How can we navigate the cybersecurity threat landscape to preserve business continuity?”

As a small information security team at, a non-profit tech organisation that aims to drive sustainable improvements in global wellbeing, a strong set of principles to steer our organisation’s cybersecurity is key. Here are some we’ve identified that serve as good starting points:

1. Turn cybersecurity news into actionable information
After the wave of anger, frustration, and ridicule subsides for a digital security scandal subsides, internalising the learnings from the event can extend the value of this knowledge beyond the current news cycle.

Read More….


View full post on National Cyber Security Ventures

Top 10 #Tips to #Protect you from #Identity Theft

Source: National Cyber Security News

Identity thieves use your personal information without your knowledge. The thief may use your name to recover debt and even commit crimes. The following tips can help you reduce the risk of becoming a victim.

  1. Protect your social security number from identity theft.

Do not carry your social security card in your wallet. If your health plan (except Medicare) or another card uses your social security number, ask for a different number from the company. For more information, see your Social Security number: Key to controlling identity theft pages.

Prompt to protect your SSN and identifiable information

  • Keep your card and any other files showing your social security number in a safe place; do not always carry your card or other documents to display your number.
  • Be careful to share your number, even if you are required; share your SSN only when absolutely necessary.

Protect your personal financial information at home and on the computer.

  • Check your credit report once a year.
  • Check your Social Security income report annually,
  • Protect your PC by using firewalls, antispam / virus software, updating security patches, and changing the password for your Internet account.

    Read More….


View full post on National Cyber Security Ventures