just

now browsing by tag

 
 

Just half of #UK #business confident of #cybersecurity skills as #GDPR nears

more information on sonyhack from leading cyber security expertsAt this time of unparalleled cyber danger, it has been found that only half of companies in the UK believe they are equipped with adequate cybersecurity skills. The root of this shocking lack of confidence may be in another finding that just 51 per cent of IT workers in the UK said that cybersecurity has […] View full post on AmIHackerProof.com | Can You Be Hacked?

Cybersecurity #risks just part of #captain’s #job

Source: National Cyber Security – Produced By Gregory Evans

The view from the 128-foot M/VGrand Floridian in the center of the Fort Lauderdale International Boat Show overlooked hundreds of yachts rigged with intricate electronics. For this month’s Triton From the Bridge lunch we gathered 11 captains to learn how they handle these yachts’ potential cybersecurity risks.

Large yachts, like other businesses, try to stay ahead of hacks, spams, viruses, intrusions or otherwise compromised electronics. Yacht captains respond to these threats in the same way they handle a yacht fire, accident or flooding: They focus on prevention and implement solutions when there is a problem.

Each of the captains tries to stay educated, but most have had a cybersecurity incident related to the yacht.

“My experience has been with vendors and contractors being hacked,” a captain said. “Someone duplicating the invoice and following up for payment. They are very slick. It will even have the picture of the vendor and the full thread of all previous correspondence.”

In this case, the vendor called the captain to say he had been hacked. Fortunately, the payment was not sent.

“It never got to that point, but it was headed that way,” the captain said. “I could have paid a rather large invoice to a source that was mimicking as someone else.”

Individual comments are not attributed to encourage candid discussion; attending captains are identified in the  accompanying photograph.

Most of the group had experience with emails from a friend or contact that had been hacked. And there were other common themes.

“We were locked out of our computers in Mexico; someone had tried to log in too many times,” a captain said.

Several yacht credit card numbers had been stolen. One was charged $27,000 and another was hit for $5,000 at Target. One captain switched credit cards after frequent small unauthorized purchases.

Most anyone connected to a computer is exposed to cybersecurity problems. Captains are aware of global incidents, as well as issues that may be tailored to yachts, and implement policies to try to prevent them on board.

“We are proactive,” a captain said. “We try not to log into any open source marina Wi-Fi; that’s usually where the trouble comes into play. The crew are required to use the boat system. And I cut down on opening of attachments and things that are recognizable as problems.”

Another captain protects yacht business by connecting via hardwire instead of wireless or bluetooth, and he requires crew to use their own laptops for personal emails. Several captains protect the owners by separating their access from the yacht business and crew.

“The owner has his own network,” a captain said. “It is important to separate bands and sites to monitor and set controls for everyone. I can block and set timers on the crew.”

By isolating each IP address, which identifies specific users, this captain can monitor and protect crew bandwidth use,  and he can block specific internet sites such as social media. When crew use is too high, this captain has gone to extremes to make a point.

“Sometimes I’ll walk to the rack and turn it off,” he said.

“Crew should be careful with their social media anyway,” another captain said. “Most crew agencies check Facebook and those sites.”

Another captain uses different emails and changes passwords on a regular basis.

Several captains said well-defined crew confidentiality agreements address privacy issues in regard to electronics.

“But it can be contentious,” a captain said. “Crew live and work on board. It is hard to shut everything down.”
Confidentiality agreements vary by yacht, but one common clause is that no pictures of crew on board or pictures of the yacht are allowed for the public, a captain said.

“As captains, we have to define clearly what the owner wants,” he said.

Charter guests present a challenge. Celebrity guests are common on some yachts, and several captains had stories of fans and paparazzi waiting at the dock.

“If it’s a charter, you have to figure out how to handle the guests because they do not have a nondisclosure,” a captain said.

“You can watch TMZ [celebrity news] and see the boats, so I don’t know how you can control that,” another captain said. “They can check online and see who’s on board.”

One yacht owner said to a captain, “If Google can find my name, it doesn’t matter – there’s nothing you can do.”

There are other systems on board that link yachts to the cloud of information. Automatic Identification System (AIS) is required on many yachts to display vessel location through a satellite system. This can include ship name, course and speed, classification, call sign and registration number.

The captains agreed that AIS is vital to navigation, but is typically turned off when not underway. But the system is popular with yacht owners who follow their yacht’s locations through a public website that shares AIS information.

“The boss calls when he’s using it,” a captain said. “I can see you are using a lot of fuel, can you throttle back?”

Another owner was watching the yacht online and called when he saw it had not moved for several hours.

Basically captains don’t have a choice because the system is helpful and often mandated. But there are a few precautions available.

“AIS yachts are allowed to turn it off in dangerous situations,” a captain said.

“There is a stealth mode where the yacht does not broadcast,” another captain explained.

And there is a delay with Marine Traffic, the online private version of AIS. A captain said yachts can pay for premium services to increase security on the program.

Several captains were familiar with a 2013 experiment in which a yacht was taken off course by GPS spoofing.

“I read about that,” a captain said. “There can be transmitters that confuse the signal to navigation.”

Spoofing and loss of power or electronic contact are a couple of reasons why several captains have the crew plot a course on a paper chart.

“I had a crew say, ‘The electronic navigation is down, how are we going to get into port?’” a captain said. “They had no idea.”

“If something looks wrong, they should check,” the first captain said. “It’s important to teach them how to use the charts.”

Many yacht electronic systems are complex and not under crew expertise; that is why two of the yachts have remote information technology companies.

“We have an IT guy in Indiana who controls the boat,” one captain said. He said the technician recommended that the yacht’s satellite service run through the United States instead of other countries so he could better monitor service.

So much of the technology frequently changes, it’s difficult to keep current. A captain recommends people ask for help.

“When techs are on board servicing your sat system, make sure to have the security checked,” this captain said.

Many yachts have monitoring systems and most have camera security systems. Many captains receive messages when the bilge runs or an alarm sounds. One captain logs in and monitors the systems remotely. Another captain recommended that all systems be evaluated by a trusted technology company to confirm systems cannot be compromised.

We asked what the future holds for cybersecurity risks in yachting.

“There’s nothing different in yachting than in other industries,” a captain said.

So, like anyone in business or using personal electronics, the captains seek good technical advice and try to stay alert to what could happen.

“I’ve heard of many different things that can happen, and it doesn’t take long,” a captain said. “I think it’s going to be a concern from here moving forward. All our information is out there anyway.”

“I think in the future there could be a meltdown,” another captain said. “Maybe everyone is hacked all at once.”

“We were in the Bahamas with no communication for two days; the cell towers were down,” another captain said. “We could use our old sat phone but we really could see the limitations.”

“The government can shut down the satellite system, but we have other nations’ satellites to use,” a third captain said.

“Or we can use our Stargazer app,” another captain said with a laugh as he held his phone to the sky.

“Yes, maybe sometime in the future, whether weather- or terror-related, we will have to function without,” a captain said. “But for now, it’s a tool.”

It is a reason to know celestial navigation, and one captain noted yachts still need their compasses.

“If it turns out our power is completely out and everything is down, we can’t make it to shore anyway,” a captain said. “Everything runs on power now.”

“We’ve been careful,” another captain said. “But lucky is probably the real word.”

The post Cybersecurity #risks just part of #captain’s #job appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity should be a #strategic issue, not just an #IT #investment

Source: National Cyber Security – Produced By Gregory Evans

Part of the problem in managing cybersecurity challenges revolves around the fact that security isn’t seen as a critical business problem by senior executives and board members alike.

The recent 2017 global survey on the changing attitudes towards cybersecurity in business by Fortinet reveals that cybersecurity does not rank amongst the high focus areas for board members of organisations.

Surveying over 1,800 IT decision makers, Fortinet found that almost half of respondents believe that security is still not a top priority discussion for the board. At the same time, they also strongly contend that cybersecurity should become a top management priority, with 77% of respondents indicating that the board needs to put IT security under greater scrutiny, says Paul Williams, Country Manager for Southern Africa at Fortinet.

“One would assume there would have been a substantial uptick in interest by boards as a result of some of the most recent security attacks—and the dire implications they had on the targeted businesses,” says Williams. “However, even though boards do react when security attacks occur, their actions are generally reactive rather than prescriptive. Specifically, boards appear more involved in post-breach management than prevention.”

For example, the survey reveals that 77% of boards demand to know what happened after a security event occurs, and 67% review or increase security budgets. Security leaders obviously still have much work to do in up-levelling security to the board level.

Williams says findings from the survey corroborates the statement that no organisation is immune from the threat of breaches, ransomware attacks, or operational disruptions. Companies of all sizes and shapes as well as all industry segments are targets as 85% of respondents indicated that they suffered a security breach in the past two years, with almost half reporting a malware or ransomware attack.

There are a number of factors driving boards, executives, and IT decision makers to make cybersecurity a top priority in 2018.

According to Williams the more significant ones are:

Security Breaches and Global Attacks. The vast majority of organisations have experienced some type of security breach or attack in the past two years. 49% of survey respondents said their organisations increased their focus on security following a global attack such as WannaCry. Increased publicity and attention, along with implications on brand reputation and business operations makes these board-level issues rather than IT operational undertakings.

Attack Surface. The adoption of the cloud, emergence of IoT, and growth in big data expands both the circumference of the attack surface as well as its complexity. 74% of survey respondents indicate cloud security is a growing priority for their organisations. Half say their organisations plan cloud security investments over the next 12 months. IoT is just as big a factor when it comes to the ever-expanding attack surface. The number of connected IoT devices is predicted to balloon to more than 8.4 billion by yearend according to Gartner. Of these, 3.1 billion belong to businesses. As many IoT devices are difficult to protect, experts concurrently predict that more than 25% of all security attacks will target IoT devices by 2020.

Regulatory Compliance. New government and industry regulations are also increasing the importance of security. 34% of respondents indicated that these regulations heighten the awareness of security at the board level. Passage of the General Data Protection Regulation in the EU, which goes into effect in 2018, is one such example.

“These trends are forcing cybersecurity to be seen as a strategic issue, within an organisation’s broader risk management strategy, rather than a simple IT investment. To succeed in their digital transformation efforts, IT security leaders must rethink their cybersecurity approach with a view to extending visibility across the attack surface, shortening the window between time to detection and mitigation, delivering robust performance, and automating security intelligence and management.”

The post Cybersecurity should be a #strategic issue, not just an #IT #investment appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #Attack Global #Banks with Just Found ‘Silence’ #Banking #Trojan

Source: National Cyber Security – Produced By Gregory Evans

One fresh banker Trojan has been detected and found employing techniques resembling ones that the Carbanak employed. The Trojan has been targeting financial institutions mostly in Russia.

According to security researchers from Kaspersky Lab, the new Trojan called “Silence” is used for acquiring continuous access of certain online banking network even as it makes video recordings of computer operations by bank employees, identifies the software they use and the operational activities of the bank. Once equipped with all this knowledge, the attackers controlling the malware apply that knowledge for grabbing cash out of the banks’ customer accounts. Scmagazine.com posted this, November 1, 2017.

By monitoring victims’ activities in the bank, the attackers get all the necessary details from them for sniffing the bank’s networks while escape unnoticed with stolen money. The victims get an e-mail containing one malicious attachment masquerading as ‘Windows help.’ The attachment contains a CHM file with a JavaScript embedded that by default downloads one Visual Basic programmed script and runs it that thereafter pulls down the Trojan installer via its command-and-control (C&C) server.

The researchers state that the controllers of ‘Silence’ possibly are a Russian-speaking group that has targeted no less than ten financial institutions with some inside Malaysia and Armenia although the majority is inside Russia. This is unlike Russian cyber-criminals who usually spare attacking domestic targets.

Like Carbanak, first victims of Silence are duped with spoofed electronic mails that enable the hackers to gain entry inside the network. The hackers then hang around for as long as it needs them to get all the information for striking attack and stealing huge amounts of funds.

The spoofed e-mails are highly personalized to craft them as spear-phishing e-mails. Kaspersky researchers point out that the hackers had previously attacked to infect banking infrastructure so they could dispatch the malicious messages via the ids belonging to genuine bank employees thus making the e-mails appear inconspicuous while trapping the victims.

The Carbanak gang too was the discovery of Kaspersky Lab back during 2015. According to a particular report then, the infamous hackers managed filching a maximum of $1 billion from over a hundred banks globally.

The post Hackers #Attack Global #Banks with Just Found ‘Silence’ #Banking #Trojan appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Ethereum #heist: New #phishing scam sees #hackers rake in over $15,000 in just two hours

Source: National Cyber Security – Produced By Gregory Evans

Ethereum #heist: New #phishing scam sees #hackers rake in over $15,000 in just two hours

A new Ethereum phishing campaign, targeting users of the online Ethereum wallet website Myethereumwallet.com, has been uncovered. The scam saw hackers make away with over $15,000 (£11,308) in just two hours.

According to security researcher Wesley Neelen, who identified the campaign when he received a phishing email from the cybercriminals, the scam involved hackers sending out phishing emails purporting to be from the Myetherwallet.com website. The email was designed to trick victims into clicking on malicious links that would redirect them to a fake version of the website. The victims would then be prompted into divulging their account passwords, which the hackers would later use to transfer out all the coins in the victims’ wallet.

Although the fake Myetherwallet.com site was designed to look similar to the legitimate site, keen observers would likely notice that the fake site contained a small comma beneath the “t” in the site’s address. According to Neelen, the cybercriminals used a Unicode trick that allowed them to register domains that looked like Latin characters. This ploy in turn, allowed the hackers to create fake sites that can convincingly look like legitimate sites to unsuspecting users.

According to Neelen, some people have unfortunately already fallen victim to the scam. Neelen and his colleague Rik van Duijn, discovered a log file that contained a list of all the wallets stolen by the hackers. The security experts determined that the cybercriminals had stolen a total of $15,875.65 in Ethereum and had then proceeded to transfer the stolen coins to three different wallets operated by the hackers.

Ethereum’s growing popularity has made it an attractive target for cybercriminals. So far, there have been around four incidents involving hackers stealing millions of dollars worth of ether from various wallets. Oddly, in one such Ethereum heist, a hacker who stole nearly $7m of Ethereum from CoinDash later returned around $3m in stolen funds, sparking further mystery about the heist.

The post Ethereum #heist: New #phishing scam sees #hackers rake in over $15,000 in just two hours appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity Needs to be Seen as a Strategic Issue, Not Just an IT Investment

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans As organizations embark on their digital transformation journeys, they are seeking to tap new business opportunities, improve operational efficiencies, and deliver better services to customers. Digital transformation is driving businesses to embrace the cloud, the Internet of Things (IoT), big data, and other digital initiatives in […] View full post on AmIHackerProof.com | Can You Be Hacked?

Just because you want to be glamorous…..

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Just because you want to be glamorous, don’t be a sheep about your eye makeup. Loretta Young The post Just because you want to be glamorous….. appeared first on Dating Scams 101. View full post on…

The post Just because you want to be glamorous….. appeared first on Become007.com.

View full post on Become007.com

Parents just don’t understand: Why kids love LaVar Ball

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ LAS VEGAS — After Big Baller Brand’s 111-102 win over Play Hard Play Smart on Thursday afternoon at the Adidas Uprising Summer Championships ended, a brood of teens and tykes flooded a back hallway and waited…

The post Parents just don’t understand: Why kids love LaVar Ball appeared first on Become007.com.

View full post on Become007.com

Hackers have made just 3.7 bitcoin – or less than $10,000 – with the latest cyberattack

Source: National Cyber Security – Produced By Gregory Evans

Those behind the recent cyberattack affecting businesses around Europe have successful received a total of nearly 4 bitcoins, worth around $9621 at today’s price. On Tuesday, reports emerged of a ransomware virus affecting businesses and governments throughout Eastern Europe. Ukraine and Russia have been particularly affected. The malware, which has…

The post Hackers have made just 3.7 bitcoin – or less than $10,000 – with the latest cyberattack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Christie just signed executive order to beef up N.J. cybersecurity. Here’s what it does.

Source: National Cyber Security – Produced By Gregory Evans

Christie just signed executive order to beef up N.J. cybersecurity. Here’s what it does.

TRENTON — Gov. Chris Christie appeared at the state’s information technology offices on Thursday to sign an executive order that takes authority over information technology away from bureaucrats and confers them on his handpicked tech guru. “I am tired of having each department have their own I.T. center,” said the…

The post Christie just signed executive order to beef up N.J. cybersecurity. Here’s what it does. appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures