Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts By :

Stuart O'Brien

Ramnit Trojan resumes attacks on European financial institutions

960 640 Stuart O'Brien

The Ramnit banking Trojan has returned to its old hunting ground after recent forays into the e-commerce space,

The discovery follows analysis by F5 Labs and F5’s EMEA-based F5 Security Operations Center (SOC) examining active Ramnit banking Trojan Malware configurations in February and March 2019.

All signs indicate that Ramnit’s authors are —once again—largely targeting financial services websites to coincide with Tax return activity, primarily in Italy.

Ramnit was previously hitting the headlines during the 2018 holiday season for shifting its attack focus to US e-commerce sites1.

In the most recent studied Ramnit sample active in March this year, the Trojan’s authors were primarily focused on financial services and financial tech sites in Italy (40% of all attacks). 9% of attacks were aimed at the UK and 8% at France2. Overall, 70% of all Ramnit targets in March were European, 27% American and 3% were located across the rest of the world3.

Interestingly, while social networking sites made up a smaller portion of targets observed in February and March, some of the biggest social networking platforms in the world were still under fire, including Twitter, Facebook, Tumblr, and YouTube. 

In other notable developments, F5 Labs was able to discover how this March’s Ramnit configurations are continually adapting, including scaling web injection tactics4 to attack websites5. An interesting innovation in this respect entailed going after targets with no link to a specific company or website.

Instead, several words in French, Italian, and English were added to the mix in the hope of catching random websites. Along with the simple word targets, Ramnit also included the name of an Italian Opera and a few misspelled domain names. 

“Ramnit is a persistent banking Trojan that first emerged in 2010 as a less sophisticated form of a self-replicating worm. Today, both its tactics and targets have evolved to include many other industries. It is highly adaptable, as we can see with this recent shift back to the financial sector, as well as its authors’ new attempt to expand the attack surface,” said Roy Moshailov, head of security and malware research, F5 Networks.

“It is critical for banks and financial institutions to implement web fraud protection solutions to protect their customers and to help ease the burden of fraud expenses—especially banks that are actively being targeted. Other industries also need to be aware of attackers’ increasingly clever techniques so they can take similar precautions. The main thing is not to be complacent. Because Trojan malware is typically installed through phishing or malicious advertising, it’s also vital that all organisations to provide security awareness training to employees and clients.”

Image by dawnfu from Pixabay

Petition launched for mandatory IT security levels in business

960 640 Stuart O'Brien

A petition has been launched urging the Government to establish a mandatory minimum level of IT security for all businesses.

Cyber crime among UK businesses no costs over £21 billion each year. The petition, launched by Evaris, aims to make the currently optional National Cyber Security Centre’s (NCSC) Cyber Essentials Scheme compulsory for businesses to protect them in the event of a cyber attack and reduce the cost of cyber crime to the UK economy, as well as the public.

According to the recent Cyber Security Breaches Survey, less than three in 10 (27 percent) businesses have a formal cyber security policy in place, while large companies reported an average of 12 attacks per year that they knew about. Six attacks per year were reported by medium-sized companies.

As a result, Evaris is calling for all businesses to take steps to prevent such attacks from occurring.

The petition aims to ensure small organisations with up to 50 employees and medium-sized firms with between 51 and 250 staff should meet at least the criteria for certification for the Cyber Essentials scheme. Large businesses (those with more than 250 employees) should at least meet the criteria for the Cyber Essentials Plus scheme.

Terry Saliba, Solutions Architect at Evaris, said: “Data shows that more than four in ten businesses experienced a cyber security breach in the past 12 months, and these are becoming increasingly sophisticated and costly for businesses across all industries.

“Unfortunately, we still see that many firms are failing to understand the extent of this issue, and so we believe this petition is vital for establishing a compulsory baseline adhered to by all businesses.

“We’re extremely pleased to see our campaign to make Cyber Essentials compulsory for all companies has gained the support of industry bodies. These organisations see the extent of the damage caused by a lack of IT security and training on a daily basis.”

Vince Warrington, CEO of Protective Intelligence, said: “I’m supporting the petition because I’ve had to deal with the consequences of cyber attacks and seen the destruction they can cause.

“At the moment, far too many companies still see cyber security as a ‘nice to have’ rather than an essential part of everyday business, or feel they don’t understand what they need to do to protect themselves. But cyber attacks are not going to simply disappear – the criminals behind them will target your business if you haven’t taken even the most basic steps to keep them out.

“By driving all companies to adopt Cyber Essentials the government can not only create a good level of basic cyber hygiene across UK Plc, but also create a regular flow of work small cyber security businesses can themselves bring onboard new staff and train them up, thus reducing the predicted shortfall in qualified cyber security experts that the country will need in the decades to come.”

In order to be certified by the Cyber Essentials Scheme, applicants must, as a minimum:
· Use a firewall to secure their internet connection
· Choose the most secure settings for their devices and software
· Control who has access to data and services
· Have protection against viruses and other malware
· Keep devices and software up to date

Saliba continued: “We would urge all businesses to sign our petition and seek Cyber Essentials accreditation to ensure they are protected against the increasing threat of cyber attack. It is time for action to be taken to help businesses remain protected from infiltration.”

Image by Stefan Coders from Pixabay

Time running out to claim your FREE VIP ticket

960 640 Stuart O'Brien

Time is running out for you to claim your free place at the Security IT Summit – We have just 3 free VIP tickets left!

This unique event takes place on July 2nd at the Hilton London Canary Wharf.

Register here for the following benefits:

  • Meet with innovative suppliers for a series of face-to-face, pre-arranged meetings based on your own requirements.
  • Network with like-minded senior cyber security professionals.
  • Attend a series of insightful seminar sessions.
  • Enjoy complimentary lunch and refreshments

Our seminar programme includes:

  • Assessing and improving the maturity of your security operations – by Kev Eley, Enterprise Client Director
  • 4th Industrial Revolution – Globalisation 4.0 – by Alfred Rolington, Joint CEO, Cyber Security Intelligence
  • Weaponising data: the dark nexus of hacking, leaking, journalism and information warfare – by Geoff White, Journalist

Would you like to join 60 other senior professionals? – Register here!

Accountancies take lion’s share of cyber security recruitment

960 640 Stuart O'Brien

The UK’s so-called ‘Big Four’ accountancy firms account the for majority of cyber security recruitment in the country.

Job search site Indeed.com has released data that shows PwC, KPMG, EY and Deloitte take the top four places in its Top 10 ranking, ahead of the likes of Vodafone, Aviva and Barclays (see table below).

Indeed says the introduction of regulations such as GDPR have driven much of this demand, with the accountancies being asked to consult on the implications for many firms.

As an illustration of this growth, Indeed it has seen an increase of 14.58% for job postings for security roles per one-million vacancies on its site.

Bill Richards, UK MD at Indeed, said: “Every aspect of a modern company relies on its IT and the growing threat of cyber attack and tightening of privacy laws means demand is rising fast for professionals who are able to protect companies’ most precious information.”

“The critical importance of their work, the skill and discretion it requires, and strong demand from employers have combined to drive up cyber professionals’ salaries. Cyber security is both a hot topic and a lucrative profession right now.”

Cyber roles as % of job postings 2018

1 KPMG 5.95
2 PwC 5.08
3 EY 1.99
4 Deloitte 1.47
5 Vodafone 1.46
6 Hastings Direct 1.43
7 Aviva 0.78
8 Capita 0.75
9 Barclays 0.66
10 Capgemini 0.66

Source: Indeed.com

Survey reveals increasing IT investment in containers

960 640 Stuart O'Brien

87 percent of IT professionals are now running container technologies, with 90 percent of those running in production and 7 in 10 running at least 40 percent of their application portfolio in containers.

That’s up considerably from two years ago, when just 67 percent of teams were running container technologies in production, according to the 2019 Annual Container Adoption Survey from Portworx and Aqua Security.

The report features insights from over 500 IT professionals across a variety of industries and company sizes. The survey, conducted in April and May, asked questions about the state of container usage, tooling, environments and barriers to adoption, to get a snapshot of the container market landscape today and its evolution over time.

Yet despite their pervasiveness, the report highlights that containers aren’t without hurdles: when asked to name their top challenges to container adoption, respondents most frequently cited security (51%), data management (40%) and cross-cloud/multiple cloud support (36%). 

Other Key Findings:

  • Organisations are making bigger investments in containers. In 2019, nearly one in five organisations is spending over $1 million annually on containers (17%). Compare this to just four percent in 2016.
  • Data security tops the list of security challenges with a super majority of respondents (61%) listing this as their top security challenges, followed by vulnerability management (43%) and runtime protection (34%).
  • For the third year in a row, increasing developer speed and efficiency is the primary driver of container adoption with 37 percent of respondents listing it as the top benefit.
  • When asked which team bears the main responsibility for container security, most (31%) named the organisation’s security team, with a joint responsibility or DevSecOps in second place (24%). However, respondents’ own roles influenced their answer, with 47% of DevOps respondents naming DevSecOps as the main owner and 54% of Security respondents named Security as the main owner. 

Download the full 2019 Portworx & Aqua Security Container Adoption Survey Report here.

INDUSTRY SPOTLIGHT: CurrentWare AccessPatrol

960 640 Stuart O'Brien

Use the latest technology to prevent employees causing data breaches 

Data theft can rob you of thousands of dollars and countless hours of hard work and effort. So how should a company protect itself from cyber threats?

CurrentWare’s AccessPatrol helps secure company endpoints like USBs, DVDs, Bluetooth devices.

AccessPatrol allows you to generate comprehensive reports that highlight endpoint device usage by computer and by user.

In essence, you can identify errant employees and take immediate action to prevent data pilferage.

It endpoint device usage is necessary for business operations, AccessPatrol allows you to track and generate PDF and Excel reports of all data transfer activity.

Can you join 60 peers at the Security IT Summit?

960 640 Stuart O'Brien

There’s a free VIP place reserved for you at the Security IT Summit. Claim yours today!

2 July 2019 – Hilton Canary Wharf, London

This unique event is entirely FREE for you to attend – simply reserve your place here to secure these benefits:-

  • Source new innovative and budget-saving suppliers
  • Attend inspirational seminar sessions from industry thought-leaders
  • Network with like-minded peers
  • Enjoy complimentary lunch and refreshments

RSVP now to avoid disappointment!

Or visit www.securityitsummit.co.uk for more information.

Do you specialise in Browser Security? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in June we’re focussing on Browser Security solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Browser Security solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here are the areas we’ll be covering, month by month:

Jun – Browser/Web Security
Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

For information on any of the above topics, contact Chris Cannon on c.cannon@forumevents.co.uk.

The YubiKey: Setting the global standard for two-factor and passwordless authentication

960 640 Stuart O'Brien

How do you currently authenticate and manage users within your organisation?

Discover how your business compares against the industry standard with our free self-assessment and get a relevant, actionable, executive report! 

Our assessment takes less than 4 minutes and the first 10 people to complete it will receive a £5 Amazon Voucher!

Click here for your FREE assessment.

Digital skills shortages ‘costing UK £63bn a year’

960 640 Stuart O'Brien

A lack of technical expertise has fuelled skills shortages across the UK for the last two decades.

That is according to comparative analysis of the professional jobs market by The Association of Professional Staffing Companies (APSCo).

A 1999 report from University College London said almost half (47%) of all ‘skill-shortage vacancies’ that year could be attributed to a lack of technical expertise.

For ‘associate professional and technical’ roles, the need for ‘advanced IT’ skills was responsible for 31% of vacancies, while a lack of ‘other technical and practical skills’ were responsible for a further 49% of all open roles.

A separate report published the same year by Computer Weekly revealed that C++ developers were the most in-demand professionals with Java the second most sought-after skill in the IT recruitment market.

Now, research from The Edge Foundation suggests that around half of all employers (51%) have been forced to leave a role open because there are no suitable candidates available, and that tech job vacancies are costing the UK economy £63 billion a year.

LinkedIn data indicates that cloud and distributed computing is the most valued skill among employers, with user interface design, SEO/SEM marketing and mobile development also featuring in the top 10.

Commenting on the analysis, Ann Swain, Chief Executive of APSCo, said: “While the specific skills that employers are seeking have changed dramatically over the past two decades, the fact that talent gaps continue to be aligned with technical competencies suggests that we need to do more to boost Britain’s digital capabilities.

“Our members have long reported shortages of talent across the IT and digital fields. For this reason, it is crucial that we ensure that we retain access to the STEM professionals that businesses need in the short term – through maintaining access to global talent and retaining our flexible labour market.

“However, perhaps more importantly, we must pipeline the calibre and volume of skills we need for the future so that we break free from this perpetual skills shortage. As this data indicates, for the past 20 years we have been playing catch-up – and we must break the cycle if individual businesses, and the wider UK economy, are to fulfil their full potential.”