Head

now browsing by tag

 
 

#comptia | #ransomware | What’s in store for cybersecurity as we head into the ’20s

Source: National Cyber Security – Produced By Gregory Evans

In 2020 we will see more and more sophisticated attacks perpetrated by a larger number of threat actors, including many who are backed by organised crime or nation-states. According to the 2019 Verizon Data Breach Investigations Report (DBIR), organised criminal groups were behind 39 per cent of breaches in 2019, and actors identified as nation-state or state-affiliated were involved in 23 per cent of breaches.

These attacks may leverage side-channel attack techniques (similar to Spectre, Meltdown and the slew of other discovered hardware-related vulnerabilities that are so hard to address purely through software fixes), attacks living in firmware and others going beyond a traditional file-based or even living-off-the-land (aka fileless) malware. While the industry is still struggling with old known malware, these types of attacks will proliferate mostly unchecked.

For the first time, we may see an attack that results in death(s). Internet of Things (IoT) devices incorporated into critical infrastructure systems (e.g. electric grid, water treatment, communications), as well as life-critical medical devices, will see a slew of new disclosed vulnerabilities that could prove deadly, particularly to the most vulnerable patients in intensive care units (ICU). Attackers will become more specialised in different areas of IoT device types.

The evolution of ransomware

Ransomware has been around since 1989, yet it will remain a very effective malware type for attackers in 2020. McAfee’s researchers found that ransomware attacks have more than doubled this year, including a Q1 increase of 118 per cent.

“After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach,” said Christiaan Beek, lead scientist and senior principal engineer at McAfee.

To that point, we can not only expect the number of ransomware attacks to increase in 2020, but as the discovery of the RIPlace evasion technique demonstrates, they will become more difficult — if not impossible — to detect.

All organisations across all industries are potential targets, but healthcare and government organisations appear to have the biggest targets on their backs. CNN reports 140 attacks targeting public state and local governments and health care providers this year (and counting).

The attacks hit schools, local government offices and hospitals, wreaking havoc and costing victims hundreds of millions of dollars. The victims included:

A network of Alabama hospitals had to stop accepting new patients.

The city of Baltimore, which ended up spending more than $18 million recovering from an attack.

Louisiana schools – Governor John Bel Edwards was forced to activate a state of emergency after ransomware took down three school districts’ IT systems

Three Florida cities – Key Biscayne, Lake City and Riviera Beach – were unable to provide residents with access to many vital government services while officials scrambled to spend hundreds of thousands of dollars to bring downed IT systems back online. The attackers collected ransoms totaling over $1.1 million.

The most recent victim (as of this writing) was the city of Pensacola, Florida, was hit by ransomware that took phones, email, electronic “311” service requests, and electronic payment systems offline.

As Dave Hylender, a senior risk analyst at Verizon and one of the authors of the 2019 Verizon Data Breach Investigations Report said, “There’s an impression that ransomware has sort of run its course. It hasn’t. I don’t think ransomware is ‘back’ this year because I don’t think it ever left.”

Gone phishing

An organisation’s employees will continue to initiate some of the most devastating losses. Companies rely on awareness training to educate users on how to avoid falling victim to attacks,  but that cannot eliminate user error entirely.

Consider that nearly a third of all breaches in 2019 were the result of phishing attacks, according to the Verizon DBIR. Worse, it’s easy for attackers to secure and use well-built, off-the-shelf tools, lowering the skill required to launch a phishing campaign. According to the IDG Security Priorities Study, 44 per cent of companies will increase their security awareness programs and make staff training priorities is a top priority.

Attackers will respond by improving the quality of their phishing campaigns by minimising or hiding common signs of a phish. Expect greater use of business email compromise (BEC), too, where an attacker sends legitimate-looking phishing attempts through fraudulent or compromised internal or third-party accounts.

Organisations in 2020 need to prioritise strengthening the environment around users to reduce the opportunity for them to be presented with attacks, strengthening the technology around the user to ensure that users cannot initiate losses, and then proactively anticipating the losses that users can initiate and putting technologies in place to mitigate the resulting losses.

Look for both the bad and the good

The reason for ransomware and other malware so easily being able to inflict damage is our continued reliance on security tools that chase badness (rather than ensuring good). It is impossible to detect all badness with a high degree of confidence by relying on the enumeration of badness approach.

Organisations should complement their existing security layers with an approach that does the exact opposite – ensuring what’s good. The emphasis is on the word “complement.” Do not rip out your existing solutions. When you combine your existing tools focusing on the bad with ones that track the good, by applying a whitelisting-like approach, you create the most effective defense in depth posture.

Rene Kolga, CISSP, heads Product Management and Business Development for North America, Nyotron

Source link

The post #comptia | #ransomware | What’s in store for cybersecurity as we head into the ’20s appeared first on National Cyber Security.

View full post on National Cyber Security

Understand #cyber security, don’t fear it, says #NCSC head

Source: National Cyber Security – Produced By Gregory Evans

Understand #cyber security, don’t fear it, says #NCSC head

The head of the UK’s National Cyber Security Centre (NCSC) has urged organisations to ensure they understand cyber risks, as a survey reveals mid-sized firms have inadequate cyber protection

The head of the UK’s National Cyber Security Centre (NCSC) has urged organisations to ensure they understand cyber risks, as a survey reveals mid-sized firms have inadequate cyber protection

The most important thing leaders of organisations can do is to stop being afraid of the problem and try to understand it, according to Ciaran Martin, chief executive of the NCSC.

“For too long, cyber security has been shrouded in mystique and fear – that’s not helpful,” he said in the annual KPMG lecture, hosted by Queen’s Management School and the Chief Executives’ Club at Queen’s University Belfast.

“Attacks are about return on investment, and cyber defence is about risk management and harm reduction,” said Martin.

“When you put it like that, it doesn’t seem so completely daunting. There’s plenty we can do to manage the risk. So simplify, simplify, simplify. Understand the risks and take action that you understand to manage them,” he said.

Digital attacks are a real risk to economic wellbeing in Northern Ireland and its citizens, warned Martin, because they can cause widespread disruption to individuals, companies and public services.

“There’s some great work going on around Northern Ireland, for example at Queen’s, and we need strong partners across the whole of Northern Ireland society to combat the threat. That’s the way to make Northern Ireland one of the safest places to live and do business online,” he said.

Facing the challenge

Given that cyber attack is about return on investment (ROI) for the attacker and risk management for the defender, Martin said the NCSC’s job as the national authority for cyber security is to do what it can to help take away as much of the harm from as many of the people as often as possible.

“Doing that isn’t as glamorous as Hollywood makes out. Instead, it’s about a relentless focus on getting these basic defences right,” he said, adding that defences have to be useable by people.

“By focusing not just on technology, but also on behaviours and economic incentives, the government can help create the right framework where that improvement in basic cyber security can take place.

“Success is possible. We are not claiming that we’ve cracked the problem. I’ve already said that we expect serious attacks with significant public impact, but that doesn’t mean we can’t make progress.

“In the 12 months to September of this year, we saw a 47% increase globally in detected phishing attacks. But the UK’s share of those attacks fell from 5.1% to 3.3%,” he said.

By breaking the problem down into manageable chunks, and looking objectively at what is and is not working, Martin said some improvements can be achieved.

“Please don’t let anyone tell you that the problem is unfixable, or that the right skills can’t be developed. Skills are indeed a very significant challenge, but there is no reason at all we should see it as an insurmountable one,” he said.

“My final message to you as chief executives is that the most important thing you can do is not to be afraid of the problem. Work out what you care about protecting the most, treat it as you would any major corporate, and engage with us and with other partners to work out what the best protections are for you. Cyber security is a team sport and we should be optimistic about our ability to make a real difference.”

John Hansen, partner in charge, KPMG in Northern Ireland, said KPMG’s recent CEO outlook report revealed that cyber security is a key issue for business leaders in Northern Ireland.

“CEOs are moving beyond a generic view of cyber risk and are taking steps to become more cyber resilient by developing risk, resilience and mitigation plans in the parts of their business that could be most seriously affected,” he said.

Nola Hewitt-Dundas, head of Queen’s Management School, said: “Cyber security threats are fast becoming a major global and national issue for all organisations and businesses.

“This annual lecture series is one way that the Management School is working in partnership with KPMG to equip businesses to respond to serious technological challenges,” she said.

Seek out dedicated teams to fight cyber crime

According to a recent survey by UK-based IT managed services provider (MSP) CORETX, mid-sized companies in the UK are not adequately protecting themselves from cyber security threats.

The survey revealed this is not due to lack of investment in technology, but through a lack of the dedicated, skilled resource needed to make the most of those tools.

The survey of 100 IT decision makers shows that 72% have implemented a security and information event management (Siem) system, which combines data sources and presents security-related information in an accessible form. Organisations also regularly refresh other security systems, such as firewalls, which 83% of respondents had replaced with more modern technology in the past three years.

However, only 4% had staff dedicated to monitoring, analysing and reporting security information created by a Siem or other sources, and only 6% had staff dedicated to acting on security reports.

With day-to-day security management falling to multi-tasking, generalist IT resources, the survey report said it is not surprising that just 19% of organisations monitor all IT logs that might contain security information. When potential threats are identified, only 13% of organisations are communicating the intelligence to someone able to deal with it.

“Many organisations must be spending a lot of money on the latest technology and then failing to recruit the people they need to use it,” said Merlin Gillespie, group strategy director at CORETX.

“Analysing live data feeds to identify cyber attacks is something general IT staff are unlikely to be appropriately skilled for. It’s also a relentless task. There’s a lot of data to analyse and cyber criminals don’t respect nine-to-five working patterns. Non-specialists may struggle to be consistently effective at the level required, which seems to be born out in our survey results,” he said.

Three-quarters of survey respondents said their organisations had recently fallen victim to a cyber attack, with 40% occurring in the past year.

“It’s clear that many organisations’ security practices leave very large gaps in their protection,” said Gillespie.

“In our view, creating actionable intelligence on the threats organisations faces can only be handled by a dedicated team. A business can either recruit and support that function in house or outsource it, engaging a service provider that specialises in security. Whatever option is taken, the result can only be significantly more credible protection,” he said.

 

The post Understand #cyber security, don’t fear it, says #NCSC head appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Huawei Australia appoints former NBN security head as cybersecurity officer

Source: National Cyber Security – Produced By Gregory Evans

Huawei Australia appoints former NBN security head as cybersecurity officer

Former head of security for NBN and Telecom New Zealand Malcolm Shore, who has also worked in NZ Defence security, has been appointed Huawei Australia’s cybersecurity officer. Huawei Australia has announced appointing former Australian National Broadband Network (NBN) and Telecom New Zealand head of security Dr Malcolm Shore as its…

The post Huawei Australia appoints former NBN security head as cybersecurity officer appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

It’s Crucial To Talk To Kids About Bullying Before They Head Off To Camp

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ It’s almost time for summer camp for kids around the tri-state area. As you pack and plan for the perfect summer, there’s a conversation you may want to have about bullying. …

The post It’s Crucial To Talk To Kids About Bullying Before They Head Off To Camp appeared first on Become007.com.

View full post on Become007.com

Don’t bury head in sand on cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

Don’t bury head in sand on cybersecurity

Cybersecurity is not always top of mind for companies. Sometimes it takes a heavy-hitting news story with details about a massive breach for leaders to stop and assess their internal controls. Sometimes it takes an employee opening a hacker’s phishing …

The post Don’t bury head in sand on cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

When the Govt Says Cybersecurity, Get Your Head Down, Cos the Koreans Are Coming

Source: National Cyber Security – Produced By Gregory Evans

When the Govt Says Cybersecurity, Get Your Head Down, Cos the Koreans Are Coming

Hey folks. Just spent the past week investigating potential sites for my post-nuclear apocalypse survival camp and, uh, “recruiting” nubile young cult… I mean commune members. East Africa is a touch too close to the Korean Peninsula for my liking, in light of the little palaver that’s going on between Donald Trump and Kim Jong Un. I hope that you …

The post When the Govt Says Cybersecurity, Get Your Head Down, Cos the Koreans Are Coming appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Mum raises awareness of bullying after seven-year-old son is hospitalised with head wounds

The mum of a seven-year-old boy who was continuously bullied at school has taken to Facebook to raise awareness after he was hospitalised with head wounds.

Seven-year-old Jak had complained of bullies at his school in Telford to his mum, but despite talking to the school she had been unable to stop the latest attack happening.

On a Facebook page called ‘Justice for Jak’, his mum has posted an upsetting account of what she has already been through to get help for her son, who was left with a serious head injury after ‘the bully was hitting my son in school and pushed him so hard he hit his head on a metal pole’.

Read More

The post Mum raises awareness of bullying after seven-year-old son is hospitalised with head wounds appeared first on Parent Security Online.

View full post on Parent Security Online

Colorado Teen Allegedly Found with Rodeo Star Ex-Girlfriend’s Body After He Shot Her in the Head

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ A Colorado teen allegedly found with the body of his ex-girlfriend in the back of his truck has pleaded not guilty to murdering her, PEOPLE confirms. Tanner Flores, 19, appeared in … View full post on Become007.com

Thunder Light with Pivoting Head

Source: National Cyber Security – Produced By Gregory Evans

Thunder Light with Pivoting Head

GF Thunder Light Cap Light features a 135 lumen LED light housed in a tough black ABS plastic body with slide zoom and aluminum pivoting head. The super bright LED light easily slides over the brim of your cap or …

The post Thunder Light with Pivoting Head appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Man in New York Narrowly Escapes Death after His Cheating Wife Shot Him in the Head While He Was Asleep

A New York father, Kenneth Dearden woke up in the early morning of 14 November 2013 to find his pillow covered in blood. The confused man had a “agonizing pain in his jaw” and his wife, Emily Dearden, a former NYPD psychologist was nowhere to be seen. According to CBS News, as his children slept nearby, Kenneth wandered the house in search of his wife. He soon found her sprawled on the living room floor. When he got her up, she said that she had been hit in the head and knocked unconscious by an intruder. Read More….

The post Man in New York Narrowly Escapes Death after His Cheating Wife Shot Him in the Head While He Was Asleep appeared first on Dating Scams 101.

View full post on Dating Scams 101