Defence minister opens £3m cyber security centre in

UK minister for defence procurement has opened a new cyber security centre aimed at boosting UK cyber defence capability and skills.

UK minister for defence procurement has opened a new cyber security centre aimed at boosting UK cyber defence capability and skills.

The Cyber Works centre, which employs 90 people, will enable Lockheed Martin to work more closely with UK partners to share knowledge and best practice, undertake research and develop new cyber defence capabilities.

In February 2017, Lockheed Martin announced that it would support the UK government’s CyberFirst scheme to inspire and support young people considering roles in cyber security.

The Cyber Works centre is designed to deliver cyber capabilities to UK government as well as support the development of skills and careers in cyber security and intelligence.

Harriett Baldwin, UK minister for defence procurement, said that with its £1.9 billion National Cyber Security Strategy, the country is a world leader in the field.

“The opening of today’s cutting-edge centre is a great example of how partnerships with industry are at the heart of that strategy,” she said. “Together, we are developing solutions to national security risks.”

A key part of the Cyber Security Strategy is partnerships with industry, with £10 million being invested in a new Cyber Innovation Fund to give startups the boost and partners they need

Baldwin said the UK is already leading Nato in its support for offensive and defensive operations in the fight against Islamic State (IS) and complex cyber threats. “This centre will further boost the UK’s cyber capabilities,” she said.

Lockheed Martin is the world’s largest aerospace and defence company and a longstanding leader in the fields of cyber security and intelligence.

The company pioneered the development of the cyber kill chain, an analysis method for cyber network defence that has been broadly adopted across industries and sectors.

Lockheed Martin is also a top provider of capabilities to defence and intelligence communities around the world and operates facilities to defend its own networks across 70 countries.

As well as investing in the new facility, Lockheed Martin plans to take part in the National Cyber Security Centre’s £6.5 million CyberInvest scheme to support cutting-edge cyber security research in the UK.

With National Offensive Cyber Planning allowing the UK to integrate cyber into all of its military operations, defence plays a key role in the country’s cyber security strategy, according to the Ministry of Defence (MoD).

Offensive cyber is being routinely used in the war against IS, not only in Iraq but also in the campaign to liberate Raqqa and other towns on the Euphrates, the MoD said.

In defence, the MoD said the £800m Innovation Initiative has already boosted investment in UK research and business, with multimillion-pound competitions to develop artificial intelligence and automated systems.

In January next year, the ministry will open a dedicated state-of-the-art Defence Cyber School at Shrivenham, bringing together all military joint cyber training into one place.

The MoD also has a key role to play in contributing to a culture of resilience, which is why the Defence Cyber Partnership Programme was set up to ensure its industrial partners protect themselves and meet robust cyber security standards, the ministry said.

 

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

 

UK businesses urged to prepare for GDPR a year to day

With exactly one year to the compliance deadline, the Information Commissioner’s Office has urged UK firms to seize the business benefits of being GDPR-ready

With exactly one year to the compliance deadline, the Information Commissioner’s Office has urged UK firms to seize the business benefits of being GDPR-ready

There is no time for businesses to delay in preparing for the General Data Protection Regulation (GDPR), says the UK information commissioner.

In a video address to UK business leaders, Elizabeth Denham called on businesses to see the benefits of sound data protection and act now to prepare for what she termed “the biggest change to data protection law for a generation”.

It is not just western countries such as the US and the UK that are being targeted by hackers, as the rapidly developed and wealthy nations of the Middle East become targets of both politically and financially driven attacks.

“If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance.

“But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit,” she said.

Deputy commissioner Rob Luke also highlighted the business benefits of GDPR compliance at a discussion about the legislation hosted by IT industry body TechUK.

The best outcome, he said, would be where organisations take an approach to data protection that earns the trust of consumers in a more systematic way, and where that trust translates into competitive advantage for those who lead the charge.

Luke said that while the GDPR presents some opportunities for organisations, the ICO recognises that there are some challenges too, noting that the GDPR is an indicator of change as much as it is an instigator.

“The GDPR is part of the response to the challenge of upholding information rights in the digital age; of protecting the rights and interests of the individual in the context of an explosion in the quantity and use of data and in an environment of extremely rapid technological change,” he said.

Luke said that GDPR is going to be an important part of the global data protection landscape over the years ahead, with great relevance to UK organisations, the public and their data.

“The moment at which GDPR takes effect in the UK on 25 May 2018 will, of course, mark a change. In delivering legislation fit for the digital age GDPR confers new rights and responsibilities, and organisations need to be working now to prepare for them,” he said.

Luke said he hoped that UK organisations have already deployed the ICO’s 12 steps to take to prepare for GDPR and were familiar with the ICO’s Overview to GDPR, and were drawing on the ICO’s wider resources.

The ICO, he said, is working at pace to produce detailed guidance, both at a national and a European level, through the Article 29 EU Working Party.

While this guidance will continue to be developed, Luke said organisations should not wait for definitive guidance on every aspect of the GDPR before taking action.

“I urge you not to wait, nor to take a reactive approach to your GDPR preparations, motivated solely by a mindset of compliance or risk management. Those organisations which thrive under GDPR will be those who recognise that the key feature of GDPR is to put the individual at the heart of data protection law.

Thinking first about how people want their data handled and then using those principles to underpin how you go about preparing for GDPR means you won’t go far wrong,” he said.

Preparation for compliance with the GDPR can be boiled down to transparency and accountability, said Luke.

“It is about being clear with individuals how their personal data is being used, and placing the highest standards of data protection at the heart of how you do business,” he said.

As a result, said Luke, this means GDPR compliance is a board-level issue for every size of organisation, not only because under the GDPR the ICO can fine companies up to €20m or 4% of a company’s total annual worldwide turnover for the preceding year, whichever is greater, but also because of potential brand damage.

“As we’ve seen in well-publicised examples, the cost to business of poor practice in this area goes above and beyond any fine we can impose. Losing your consumers’ trust could be terminal for your reputation and for your organisation,” he said.

The ICO recognises that data is the fuel that powers the digital economy, said Luke, and the GDPR is a response to this evolving landscape. The GDPR builds on previous legislation, he said, but brings a 21st century approach and delivers stronger rights in response to the heightened risks.

These new rights include individuals’ rights to:

Be informed about the use of their data;
Access their information and move that information around;
Rectify and erase data where appropriate;
Revoke consent;
Challenge automated decisions.

“Good practice tools that the ICO has championed for a long time, such as privacy impact assessments and ensuring privacy by design, are now legally required in certain circumstances,” said Luke.

Being transparent and providing accessible information to individuals about how you will use their personal data is another key element of the new law and our privacy notices code of practice is GDPR-ready, said Luke.

Luke also noted that data breach reporting would also change under the GDPR. Organisations will be required to notify the ICO, within 72 hours, of a breach where it is likely to result in a risk to the rights and freedoms of individuals.

The widespread availability of personal data on the internet and advances in technology, coupled with the capabilities of big data analytics, mean that profiling is becoming a much wider issue, he said.

According to the ICO, the GDPR is a principles-based law well equipped to take on the challenges of 21st century technology.

“It aims to be flexible – protecting individuals from harm while enabling you to innovate and develop services that consumers and businesses want,” said Luke.

In addition to gearing up the GDPR compliance within the ICO and the higher volume of activity that is bound to come as a result of mandatory breach notifications, Luke said the ICO is looking at how it might be able to engage more deeply with companies as they seek to implement privacy by design.

The ICO is also looking at how it can contribute to a “safe space” where companies can test their ideas and at how it can recognise good practice.

“We should be able to find ways to give credit where credit is due without that translating into a free pass for an individual organisation or practice. GDPR explicitly foresees wider use of tools such as codes of conduct and certification schemes, which potentially have an important role to play,” said Luke.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

WannaCry biggest incident to date for National Cyber Security Centre

The WannaCry ransomware attack that started on 12 May 2017 is the biggest single incident that the new UK National Cyber Security Centre (NCSC) has faced.

The WannaCry ransomware attack that started on 12 May 2017 is the biggest single incident that the new UK National Cyber Security Centre (NCSC) has faced.

Although the global ransomware attack that heavily affected the NHS was unwelcome, it has provided an opportunity to test systems and raise awareness on key issues, according to Alex Dewdney, director for engagement and advice at the National Cyber Security Centre (NCSC).

“If you wanted to mount a national communications programme to make people sit up and take notice, you couldn’t have designed one better than this,” he told the Security Innovation Network (Sinet) Global Cybersecurity Innovation Summit in London.

“I never thought I would hear so many ministers using the word ‘patch’, which has now become part of everyday conversation, so we need to take that opportunity and to build on that.”

Dewdney emphasised that the NHS was not targeted specifically, although NHS networks were affected significantly in the UK. Other UK organisations were affected, but the diversity of victim organisations was much greater in other countries around the world, including Russia.

Although the spread of the ransomware has slowed, it spread initially very quickly by using a specific vulnerability in the Microsoft file sharing protocol sever message block known as SMB to propagate in and between networks.

“In March 2017, Microsoft issued a patch for supported operating systems, and following the attack they issued emergency patches for unsupported operating systems as well,” said Dewdney, noting that while these patches prevent the spread of the infection, they do not help organisations to get back encrypted data.

Dewdney confirmed that the attackers behind the ransomware are still unknown, but he said the level of sophistication is well within the reach of “criminal entities” requiring the NCSC to work at an extremely high tempo. “It is easily the biggest and most complex cyber incident the NCSC has had to manage so far,” he said.

In response to the attacks, the NCSC’s incident management function was called into action. The initial focus was on understanding the technical characteristics of the attack, how it was spreading, and who the victims were.

The incident management team was also working to establish who was behind the attack and what the initial attack vector was, but these questions remain unanswered to a high level of confidence five days after the attack.

The NCSC also started looking at ways to protect victims and potential victims in terms of publishing advice on how to immunise against the ransomware and contain its spread, as well as what to do if already a victim. The NCSC was also working directly with some victim organisations to help put guidance into practice and help remediate.

The incident underlined the importance of partnerships for the NCSC, said Dewdney, including partnerships that were formed to scale the response and make inroads into this problem in a way that the NCSC could not have done on its own.

“We are still working very closely with the National Crime Agency (NCA), which has staff embedded in our teams. The NCA was able to deploy on the ground with victims at scale. They are also a vital source of information and forensic data, as well as analytic and investigative effort,” he said.

The NCSC is also still working with NHS digital and Care Cert. “The size and complexity of the health sector meant that we needed that central docking point to work with, and they did a fantastic job under very difficult circumstances,” said Dewdney.

The role of the NCSC’s industry partners was also absolutely critical, he said. “I cannot emphasise enough how grateful we are for the extent to which our partners in the cyber security industry really leaned in to help and pool the information they were gathering.”

According to Dewdney, the Cisp cyber information sharing platform “really came into its own”, both as a platform for sharing information and for discussion. “We need to build on that as a really key way of getting stakeholders to have live discussions about this kind of problem,” he said.

There was an international aspect too, said Dewdney, including the information that was provided to the international computer emergency response network and collaboration with the US.

At the same time, he said it was a truly national response, with the NCSC quickly establishing contact with authorities in Northern Ireland, Wales and Scotland.

Dewdney also highlighted the importance and the challenges of the media. “I think we did pretty well at pace in briefing senior politicians to speak, preparing ourselves directly in broadcast media, and using our web presence and social media to get the right messages across at the right time.

“LinkedIn proved to be a really important and useful platform, but we didn’t really engage in that, and that is an important lesson for us,” he said.

Overall, Dewdney said the NCSC bringing various organisations together under one roof also really proved its worth.

“There was a lot of consistency in what government was saying – officials, ministers and across our platforms. We achieved a greater consistency and therefore a greater sense of authoritativeness in what we were saying than we would have achieved before the NCSC was set up. We were able to get the messages out quite quickly and provide the assurance that patients’ confidential data had not been stolen,” he said.

However, he admitted that producing specific, usable and helpful guidance was a challenge. “How do you get messages across that are sufficiently technically detailed to be of practical use, but also easy to understand and follow.”

The NCSC decided therefore to publish a set of guidance for enterprises and another set for small to medium-sized enterprises (SMEs) and consumers, which is continually being refined and updated in response to feedback from those communities.

“We are really in the market for feedback around how we are getting those messages across and how they can be improved and made more useful,” said Dewdney.

One of the key lessons learned, he said, was about the power as well as the limitation of advice and guidance.

Dewdney said people are continually told to patch and update the systems, “but the fact is that people don’t always do it, so what we have got to realise as cyber security practitioners is that advice and even instruction is much easier to give than it is to follow”.

“We have to recognise that in the real world competing pressures and hard choices can easily get in the way. So we will continue with those exhortations, but as we mobilise campaigns to really make this happen across government, business, critical infrastructure and for consumers, we need to find the right mix of the ‘stick’ on the one hand and help to overcome those hurdles on the other,” said Dewdney.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Russian cyber espionage highlights need to improve email security

Security experts are advising political parties and businesses to pay more attention to email security after the latest revelations about a Russian cyber espionage group.

Security experts are advising political parties and businesses to pay more attention to email security after the latest revelations about a Russian cyber espionage group

Email’s renewed popularity as a means of attack is driven by the fact that it does not rely on vulnerabilities and uses simple deception to lure victims into opening attachments, clicking links or disclosing credentials, according to Symantec’s latest threat report.

In particular, credential phishing has been a key part of many cyber attacks by Pawn Storm on armed forces, the defence industry, news media, politicians and dissidents, according to a report by security researchers at Trend Micro.

They have found that the group is creating phishing emails that are highly sophisticated, almost perfectly replicating legitimate URLs and using a technique called “tabnabbing” which swaps inactive open tabs with a phishing site.

Pawn Storm was widely linked to cyber attacks on the Democratic National Committee and Hillary Clinton’s campaign in the 2016 US presidential election, and more recently was found to be targeting French presidential candidate Emmanuel Macron, the report said.

Pawn Storm is also believed to have targeted the German political party Christian Democratic Union (CDU), the Turkish parliament, the parliament in Montenegro, and the World Doping Agency (WADA).

These activities have raised concerns about the cyber security of political parties, with several elections due across Europe in 2016, including the UK in June.

At a minimum, there is no excuse not to implement the Dmarc (domain-based message authentication, reporting and conformance) email authentication policy to help identify and block malicious emails impersonating trusted domains.

Implementation of Dmarc is mandatory for public sector bodies as part of the active cyber defence programme led by the National Cyber Security Centre (NCSC).

However, other advanced precautions also need to be taken, with an emphasis on verifying the identity of the sender.

Candidates for public office and political parties, like businesses, create and store a lot of data in vulnerable places, he said.

According to the 2017 Varonis Data Risk Report, on average organisations have 20% of folders open to every employee, and 47% have at least 1,000 or more files containing sensitive personal or financial data accessible to every user.

One compromised account or system can compromise a massive amount of data, and possibly an election.

If the highly targeted phishing attacks on French presidential candidate Emmanuel Macron’s campaign had been successful in stealing credentials, the attackers would have become virtual “insiders”, gaining access to files and emails that could influence the election.

The Trend Micro report on Pawn Storm recommends that organisations improve the security of their email and defend against credential theft by considering the following:

Even though two-factor authentication improves security, it does not make social engineering impossible because all temporary tokens can be phished by an attacker.
Even when two-factor authentication is used, an attacker only has to phish for the second authentication token once or twice to get semi-permanent access to a mailbox. They can set up a forwarding address or a token that allows third-party applications full access to the system.
Mandatory logging in to a company VPN network does raise the bar for an attacker. However, VPN credentials can also be phished, and targeted attackers may specifically go after VPN access credentials.
Authentication with a physical security key makes credential phishing virtually impossible unless the attacker has physical access to the target’s equipment. When a target uses a physical security key, the attacker either has to find an exploit to get unauthorised access, or has to get physical access to the security key and the target’s laptop.
To add to authentication methods that are based on what you know and what you have, authentication can be added is based on what you are: fingerprints or other biometric data. Biometrics have already been used by some laptops and phone suppliers, and have also been a common authentication method in datacentres for more than a decade.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

What to do first when hit by a cyber attack

At some point, the chances are growing that your business will have to deal with a cyber security incident.

At some point, the chances are growing that your business will have to deal with a cyber security incident.
But when you are under pressure and your team is stressed, people make mistakes.

Crisis patterns over the past decade have changed dramatically. 10 years ago elements such as civil war and oil prices were the top global risks to take into account. Now we see water crisis and extreme weather events taking control of keeping us up at night.

Delaying too long in making critical response decisions may exacerbate the impact of the incident but, conversely, making knee-jerk decisions can cause further damage to the business or hinder a complete response.

There are many ways you may suspect that a security incident has happened, from detecting unusual activity through proactive monitoring of critical systems or during audits, to outside notification from law enforcement and compromised data located in the wild.

However, indicators such as unusual CPU (central processing unit) and network usage on a server may have multiple potential causes, many of which are not information security incidents. So it is vital to investigate further before jumping to conclusions.

Do you have any corroborating evidence? For example, if the IDS (intrusion detection system) detects a brute force attack against the website, do web logs support this having occurred? Or, if a user reports a suspected phishing attack, has this email been received by other users and did the user click on links or open documents?

You also need to think about answering questions about the nature of the incident. Is it a generic malware infection, or an active system hack? Is there an intentional denial of service (DoS) attack in progress and is this an incidence of deliberate insider action?

Once you have confirmed an incident has occurred, you need to take time out from initial response activities to prioritise your actions and decide, definitively, what the business objectives are for the response operation. Incident triage generally consists of classifying the incident in terms of impact and urgency and how it should be handled. The incident response team can then use the impact, urgency and priority evaluation to define the objectives for the incident response operation and assign actions or further investigation, as required.

Impact classifications defined by the National Cyber Security Centre’s (NCSC) GovCertUK and adopted by Crest, the body that represents the technical security industry, may provide a useful point of reference for initial classification based on the perceived or established impact.

Many minor types of incident can be capably handled by internal IT support and security. All events should be reported back to the information security team who will track occurrences of similar events. This will improve understanding of the IT security challenges and may raise awareness of new attacks.

It is not necessary to report on incidents with little or no impact or those affecting only a few users, such as isolated spam or antivirus alerts, minor computer hardware failure and loss of network connectivity to a peripheral device, such as a printer.

The urgency of an incident should also be assessed along with the impact. Some incidents are unlikely to worsen over time, such as the discovery of a historical compromise by a former employee. But in other cases, such as a ransomware outbreak, it may be absolutely critical to respond rapidly to isolate the infection.

Mobilising full emergency incident response capabilities may not be applicable or appropriate in every situation. You need to understand as much about what you are dealing with as you can. For example, who is the attacker? How was the attack introduced? When did the attack occur? What data or systems have been compromised? Is the attack ongoing? Why were we the target of the attack?

The goal of triage is to understand the methodology and the extent of the attack as fully as possible, in the shortest possible time.

Information about the incident, the impact, urgency and business impact analysis for the affected data or systems will guide the incident response operation. If possible, the business priorities should be pre-determined and documented in incident response plans.

Objectives for the incident response team could include:

Resumption of service as quickly as possible, where the affected system is critical in terms of availability for the business.
Rapid ring-fencing and protection of confidential information, where the affected system or network is critical in terms of confidentiality for the business.
Integrity checking of the affected systems, where integrity of data is critical for the business.
Preservation of evidential integrity, where criminal activity is suspected and prosecution is likely to be an outcome of the incident, or where culpability must be established definitively.
Identification of the origin of the threat and gathering intelligence about the activities being conducted during the incident.

For organisations with known advanced threat actors, continued covert observation of an attacker to determine their goals and modus operandi may be an objective of the incident response operation for intelligence-gathering purposes, even if the urgency for containment is high. Experienced internal or external incident handlers should be used to inform these decisions.

Once the priority of the incident and the objectives of the response have been defined, it is time to act and allocate activities to the incident response teams.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Average DDoS attacks fatal to most businesses, report reveals

Criminal activity is top motivation for DDoS attacks as average attacks become strong enough to down most businesses.

Criminal activity is top motivation for DDoS attacks as average attacks become strong enough to down most businesses.

Average intensity distributed denial of service (DDoS) attacks are now great enough to knock most businesses offline, a report has revealed.
According to Arbor Networksí annual Worldwide Infrastructure Security Report, the largest attack reported in the past year was 500Gbps, representing a 60 times increase in 11 years.

There were also reports of attacks of 450Gbps, 425Gbps and 337Gbps, but these are fairly rare, said Gary Sockrider, principal security technologist at Arbor Networks.

Another significant change, he said, is that for the first time in several years criminal activity has replaced hacktivism and vandalism as the top motive for DDoS attacks.

DDoS attacks are being used mostly by cyber criminals to demonstrate attack capabilities, mainly for extortion purposes.
A growing number of businesses are also seeing DDoS attacks being used as a distraction or smokescreen for installing malware and stealing data.
Arbor Networksí survey of more than 350 network operators, including service providers and enterprises, also revealed that complex attacks are increasing.
More than half of respondents reported multi-vector attacks that targeted infrastructure, applications and services simultaneously, up from 42% the previous year.
A third of respondents saw attacks targeting their cloud-based services, up from 19% in 2013 and 29% in 2014, while just over half of datacentre operators saw DDoS attacks saturate their internet connectivity. There was also a 10% increase from 2014 in datacentres seeing outbound attacks from servers within their networks to 34%.
According to the report, firewalls continue to fail during DDoS attacks, with more than half of enterprise respondents reporting a firewall failure as a result of a DDoS attack, up from a third the year before.
Firewalls add to the attack surface and are prone to becoming the first victims of DDoS attacks as their capacity to track connections is exhausted, the report said.
The proportion of enterprise respondents seeing malicious insiders is up on the previous year, from 12% to 17%, and the proportion of respondents reporting security incidents relating to employee-owned devices more than doubled from the previous year to 13%.
However, nearly 40% of all enterprise respondents still do not have tools deployed to monitor employee-owned devices on the network, the report said.
Response to attacks improving
On the positive side, the survey showed an increasing focus on better response, with 57% of enterprises looking to deploy systems to speed the incident response process.
Also, a third of service providers have reduced the time taken to discover an advanced persistent threat (APT) in their network to under one week, and 52% stated their discovery to containment time has dropped to under one month.
Advanced threats are one of the top concerns for enterprise organisations, the survey revealed. Loss of personal information and/or disruption of business processes are perceived as the top business risks from an advanced threat.
2015 also saw an increase in the proportion of enterprise respondents who had developed formal incident response plans, and dedicated at least some resources to respond to such incidents, up from around two-thirds to 75%.
However, it remains a challenge for companies to recruit people with the right cyber security skills to enable them to improve incident preparedness and response, with only 38% of respondents looking to expand their internal teams, down from 46% the year before.
As a result, the report showed an increasing reliance on managed services and outsourced support, with 50% of enterprises and 60% of service providers having contracted an external organisation for incident response and 74% seeing more demand from customers for managed services.

Hackers follow the money too

Deepthroat suggested during the Watergate investigations to “follow the money”- for Nixon then, read hackers now.

Deepthroat suggested during the Watergate investigations to follow the money- for Nixon then, read hackers now.Now hackers are going after law firms for exactly the same reason. This month, US prosecutors charged three Chinese traders with securities fraud, saying they had made more than $4m trading on information allegedly stolen from two of the US’s best known law firms.

Though prosecutors did not identify the firms, the descriptions of them and the work they had done match Cravath, Swaine & Moore and Weil, Gotshal, two firms routinely hired by Fortune 500 companies to help run their big deals. Both firms have declined to comment.

Though prosecutors did not identify the firms, the descriptions of them and the work they had done match Cravath, Swaine & Moore and Weil, Gotshal, two firms routinely hired by Fortune 500 companies to help run their big deals. Both firms have declined to comment.

The US Securities and Exchange Commission said the hackers targeted seven firms known for their mergers and acquisitions work, hitting them with more than 100,000 attacks over a three-month period. They then struck gold with two

They then struck gold with two organisations. After installing malware on each law firm’s computer network, they gained access to their IT departments and from there broke into the files and emails of senior M&A lawyers. They ended up stealing nearly 60 gigabytes of data related to at least 10 potential deals.

In several cases, the information bore fruit — the hackers gained early word of Pitney Bowes’ 2015 offer for ecommerce group Borderfree and Intel’s 2015 purchase of Altera, and were able to trade ahead of them.

“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking because you have information valuable to would-be criminals,” said Preet Bharara, the US attorney for Manhattan.

Other professional services firms should take note- your reputation and organisation are at risk from hackers.

This is not the first time the industry has been hit by hackers who specialise in what is becoming known as “outsider trading”. Last year federal prosecutors charged nine people in the US and Ukraine with trading ahead of earnings press releases that had been provided to Marketwired, PR Newswire and Business Wire. That case inspired other Ukraine-based hackers to try their luck with law firms, according to intelligence firm Flashpoint, which put out a warning in March.

Accounting firms that provide tax advice on mergers, boutique advisory firms, and consultants who weigh in on synergies and downsizing plans are almost certainly on the criminals’ hit list. Retailers, telecoms groups and internet companies, including Target, TalkTalk and Yahoo, have already had to pay the price for weak defences.

But in some ways, they got off easy. Most of the stolen passwords were old and the account details rarely included immediately usable information. At most, the hacks involved theft of credit card numbers, which come with fraud defences. So customers have rarely felt much need to hold hacked companies accountable. Yahoo, for example, seems to have suffered very little drop off in customer loyalty after announcing the first of two giant hacks, although the jury is still out after the second one.

Professional services firms will not be so lucky. Banks and companies pay extremely high prices for outside advice. They expect professionalism and confidentiality in return. Getting hacked by a bunch of Chinese traders is hardly a strong recommendation of either.

Faced with a choice of five law firms that invested in cyber defences that were strong enough to withstand a pointed attack, and two who did not, which would you choose?

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139From: https://www.ft.com/content/f52f6fee-ccf4-11e6-864f-20dcb35cede2

Glos Police warn cyber crime is more dangerous than streets at midnight

Gloucestershire Police said in Dec 2016 that within our county 54 % of all reported crime was cyber related.

Glos Police warns cyber crime is more dangerous than streets at midnight.In other words, you have a much higher chance of being mugged online in your home or work place than you do wandering around any of our high streets at midnight at the weekend.

According to the latest report by the Office of National Statistics (ONS), there were 5.8 million incidents of cyber crime and fraud in the 12 months up to March 2016, affecting one in 10 people in England and Wales.

The Federation of Small Businesses (FSB) found last month that small firms are unfairly carrying the cost of cyber crime in an increasingly vulnerable digital economy being collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.

Despite the vast majority of small firms (93%) taking steps to protect their business from digital threats, two thirds (66%) have been a victim of cyber crime in the last two years. Over that period, those affected have been victims on four occasions on average, costing each business almost £3000 in total.

The types of cyber crime most commonly affecting small businesses are phishing emails (49%), spear phishing emails (37%), and malware attacks (29%).

Small firms are also concerned about hacking and fraud when the card is not present, with the average information breach setting them back 2.2 days.

However just a quarter of smaller businesses (24%) have a strict password policy, but only four per cent have a written plan of what to do if attacked online, and just two per cent have a recognised security standard such as ISO27001 or the Government’s Cyber Essentials scheme.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Camelot’s National Lottery accounts are hacked

It could be you- as tens of thousands of online lottery Camelot players’ accounts are hacked.

It could be you- as tens of thousands of online lottery Camelot players' accounts are hacked.National Lottery operator Camelot says the login details of thousands of people who do the lottery online have been stolen.

There are 9.5 million national lottery players registered online, but Camelot said only around 26,500 accounts were accessed. It added that fewer than 50 accounts have had suspicious activity, such as personal details being changed, since the breach.

The company said it unearthed “suspicious activity on a very small proportion of our players’ online National Lottery Accounts” during its online security monitoring on 28 November 2016.

It added that there has been no unauthorised access to core systems. “In addition, no money has been deposited or withdrawn from affected player accounts,” said Camelot.

“However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed.”

The company said it is now trying to find out what happened, but it believes that “the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details”.

The affected accounts have been suspended and Camelot will contact the account holders to re-activate them. Camelot added that it is working with the National Cyber Security Centre on the incident.

Are you an online lottery player?

If so, just crossing your fingers is not enough. To mitigate risks in the short term, account holders should update passwords and avoid using the same password across multiple sites.

No final fix for cyber security

There really is no final fix solution endgame when it comes to cyber security.

There really is no final fix solution endgame when it comes to cyber security, according to security industry veteran and chief research officer at F-Secure Mikko Hypponen.The claim was made by security industry veteran and chief research officer at F-Secure Mikko Hypponen and two of the most valuable lessons in cyber security are to know your enemy and not to rely on users to be secure.

“We will always have cyber security problems because we will always have bad people, which means job security in security is likely to continue for ever,” he told the Wired Security conference in London.

Cyber attackers are continually evolving their techniques and capabilities to steal and monetise data in new ways, which means the goalposts are continually moving.

“If we were still fighting the enemy of 10 years ago, we would be in great shape,” he said, alluding to the security tools that have been developed since then, as well as the security improvements in software.

“Attackers will always have the upper hand because they have the luxury of time to study our defences, while defenders do not have that luxury, so it is an unfair contest – a never-ending race.”

Reflecting on lessons learned over his 25 year career in information security, Hypponen said the most important thing is to understand the adversary.

However, he said the days of being able to do that easily are long gone, with most organisations finding themselves faced with a whole range of attackers.

They are all looking to gain something, said Hypponen, whether they are hacktivists supporting a cause, nation state actors or criminals.

“But for most organisations, criminals are the most likely to be attacking them,” he said, noting that of the 350,000 to 450,000 new malware samples that F-Secure sees on a daily basis, 95% comes from organised cyber crime groups.

“It is different when you get targeted by foreign intelligence agencies, because they are really bad, but most organisations are not targeted by foreign spies because most organisations are of no interest to them,” he said.

Although these cyber criminals like to portray themselves as Mafiosi, Hypponen said most are just “geeks” looking to make money from selling things such as hacked PayPal accounts and credit card details along with step-by-step guides on how to use them to make money.

Ransomware most popular form of cyber crime

Ransomware that encrypts victims’ data and demands payment in return for restoring it is fast becoming the most popular way for cyber criminals to make money.

“This is a simple business model based on the principle of selling data to the highest bidder, which is often the person or organisation that owns the data in the first place,” said Hypponen.

F-Security is currently tracking more than 110 different ransomware groups operating around the world and competing for market share.

“Ransomware has become very competitive, with the result of some groups seeking to expand into new markets by translating ransomware campaigns into 26 different languages,” said Hypponen.

Another evolution of ransomware attacks is the shift away from consumers to target enterprises.

“As soon as an infected computer is connected to the corporate network, the attackers enumerate and mount all the file shares the user can access and dynamically set the ransom based on how many files they manage to encrypt on the network,” said Hypponen.

The biggest concern about ransomware for enterprises is that it will stop business operations. With continuity in mind, some enterprises are even setting up bitcoin wallets to be able to pay ransoms quickly and minimise the impact on business continuity.

“This idea of continuity is really backwards, because it does not address the problem,” said Hypponen. “The more enterprises pay these ransoms, the greater and more entrenched this problem will become.”