hackers Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :


Just one crack – That’s all a hacker needs…

960 640 Guest Post

By Michael Oldham, CEO of PortSys, Inc.

Just one crack. That’s all a hacker needs to find to cripple your organization. Here are three essential steps to take to stop that crack from blowing your infrastructure wide open for bad actors:

Multi-factor authentication (MFA) that includes device validation, certificate checks, Geo IP intelligence and other security policies makes it much harder for hackers to get inside your infrastructure by stealing, guessing or buying credentials.

Close ports across your legacy infrastructure that you opened for cloud, web services, Shadow IT and other applications. This will minimize your exposure to hackers through the internet. Every open port – such as VPN, RDP, MDM, Web Servers, cloud services or infrastructure – is another point of attack hackers gleefully exploit.

A single crack in just one port increases your exposure dramatically.  And your IT team already fights a losing battle trying to manage, maintain, patch and install updates for all those security solutions for those open ports. Closing ports to better secure your organization has a real, direct, significant, long-lasting business benefit.

Segmentation of resources limits the damage anyone can do inside your infrastructure in the event you are breached. Everyone is committed to keeping hackers out, but the truth is they still get in, or you may even be a victim of an insider attack.

Segmentation prevents bad actors from pivoting once they are inside to gain access to other parts of your infrastructure, where they can steal or lock up data. With segmentation, those compartmentalized resources aren’t accessible without proper authentication.

Another benefit of segmentation is that it doesn’t have to just be at the network level. Segmentation can be done at the resource level through intelligent policies that provide access to resources only under specific circumstances.

These three steps help prevent just one crack – or several – that puts your infrastructure at risk to ensure much greater security across your enterprise. And that’s good for any business.

Michael Oldham is CEO of PortSys, Inc., whose Total Access Control (TAC) Zero Trust solution is used by enterprise organizations around the world to secure their infrastructure.

How hackers get caught

960 640 Guest Post

Cyber criminals are intelligent, elusive individuals, making it difficult for law enforcement to track them down. Not all hackers manage to escape retribution, however. Here, Joanne Newton, deputy head of the school of computing at Arden University, explores the traps they fall in to, and how they get caught…

Cyber criminals go to many lengths to hide their identity and cover their tracks. The use of proxy servers, VPNs and encryption can mean it is incredibly difficult to track down and bring a hacker to justice. Because of this, according to industry data only four to five percent of hackers are actually caught, but high-profile cases showcase how even the most skilled can make simple mistakes which lead to them being apprehended.

In 2016, for example the capture of Guccifer 2.0, a hacking persona who became famous for leaking data from the Democratic National Committee, was possible because the hacker failed to activate a VPN before logging on, allowing investigators to trace the IP address back directly.

There was also the high-profile case of Hector Monsegur, leader of the Lulzsec Group that hit organisations such as Playstation, Fox News and the FBI. He was caught after forgetting to use the Tor system to hide his location when accessing a chat room.

There are a number of human flaws and traits that can lead to arrest, from the need to show off and gain credit for crimes – which is more common than you might think – to the inherent ability of humans to make the most basic errors and mistakes.

In July 2019 Paige A. Thompson, a former Amazon employee, was arrested and accused of stealing personal data of millions of Capital One customers.

She was tracked down after she posted online about possessing knowledge of multiple companies and was found to have files and information on Capitol One and Amazon, as well as social security numbers and bank account details from more than 30 different organisations on multiple devices in her bedroom.

There are many types of hackers carrying a range of different risk levels, from hacktivists – who look to raise awareness of a specific issue – to full-scale cyber terrorists. Of those operating, script kiddies tend to be the least experienced, leaving them most likely to face capture. This type of hacker typically tends to rely on tools developed by other attackers to penetrate a network or system, using these tools to target easy-to-penetrate systems which are vulnerable to widely-known threats.

According to industry data, ransomware attacks almost doubled in 2021. The market for ransomware is becoming increasingly professional – with cybercriminal services-for-hire creating an environment in which ransomware is offered as a service.

There is also a diversification of approaches when it comes to extorting money – with threats to publicly release data, or inform their victims’ families about an incident, all of which adds to the danger levels and increases the risks of being caught.

Much can be learned from hackers’ previous mistakes, and organisations globally should consider how they can take real-world observations and apply them to their own business to reduce the threat level.

Knowledge bases of adversary tactics and techniques exist, which can help organisations to plan for all eventualities using real-world observations. The aim of these frameworks is to improve detection by identifying the actions the cyber-criminal may take allowing the organisation to identify gaps in defences.

Forward-thinking organisations should be using this kind of system to help develop a framework for defence developing, penetration testing and threat modelling, to ensure their businesses are as protected as they can be from these threats.

Joanne Newton is Deputy Head of the School of Computing at Arden University.

Third of C-Suite execs would pay hacker’s ransom demands rather than invest in more security

960 640 Stuart O'Brien

One third of global business decision makers report that their organisation would try to cut costs by considering paying a ransom demand from a hacker rather than invest in information security.

In the UK, this figure drops to a fifth (21 per cent) of respondents. The findings from the 2018 Risk:Value Report, commissioned by security specialist NTT, show that another 30 per cent in the UK are not sure if they would pay or not, suggesting that only around half are prepared to invest in security to proactively protect the business.

Examining business attitudes to risk and the value of information security, NTT Security’s annual Risk:Value Report surveys C-level executives and other decision makers from non-IT functions in 12 countries across Europe, the US and APAC and from multiple industry sectors.

The findings are particularly concerning, given the growth in ransomware, as identified in NTT Security’s Global Threat Intelligence Report (GTIR) published in April. According to the GTIR, ransomware attacks surged by 350 per cent in 2017, accounting for 29 per cent of all attacks in EMEA and seven per cent of malware attacks worldwide.

Levels of confidence about being vulnerable to attack also seem unrealistic, according to the report. 41 per cent of respondents in the UK claim that their organisation has not been affected by a data breach, compared to 47 per cent globally. More realistically, of those in the UK, 10 per cent expect to suffer a breach, but nearly a third (31 per cent) do not expect to suffer a breach at all. More worrying is the 22 per cent of UK respondents who are not sure if they have suffered a breach or not.

Given that just four per cent of respondents in the UK see poor information security as the single greatest risk to the business, this is unsurprising. Notably, 14 per cent regard Brexit as the single greatest business risk, although competitors taking market share (24 per cent) and budget cuts (18 per cent) top the table.

When considering the impact of a breach, UK respondents are most concerned about what a data breach will do to their image, with almost three-quarters (73 per cent) concerned about loss of customer confidence and damage to reputation (69 per cent). This is the highest figures for any country.

The estimated loss in terms of revenue is 9.72 per cent (compared to 10.29 per cent globally, up from 2017’s 9.95 per cent). Executives in Europe are more optimistic, expecting lower revenue losses than those in the US or APAC.

The estimated cost of recovery globally, on average, has increased to USD1.52m, up from USD1.35m in 2017, although UK estimates are lower at USD1.33m this year. Globally, respondents anticipate it would take 57 days to recover from a breach, down from 74 days in 2017. However, in the UK, decision makers are more optimistic believing it would take just 47 days to recover, one of the lowest estimates for any country.

Kai Grunwitz, Senior VP EMEA, NTT Security, said: “We’re seeing almost unprecedented levels of confidence among our respondents to this year’s report, with almost half claiming they have never experienced a data breach. Some might call it naivety and perhaps suggests that many decision makers within organisations are simply not close enough to the action and are looking at one of the most serious issues within business today with an idealistic rather than realistic view.

“This is reinforced by that worrying statistic that more than a third globally would rather pay a ransom demand than invest in their cybersecurity, especially given the big hike in ransomware detections and headline-grabbing incidents like WannaCry. While it’s encouraging that many organisations are prepared to take a long-term, proactive stance, there are still signs that many are still prepared to take a short-term, reactive approach to security in order to drive down costs.”

According to Risk:Value, there is no clear consensus on who is responsible for day to day security, with 19 per cent of UK respondents saying the CIO is responsible, compared to 21 per cent for the CEO, 18 per cent for the CISO and 17 per cent for the IT director. Global figures are very similar.

One area of concern, however, is whether there are regular boardroom discussions about security, with 84 per cent of UK respondents agreeing that preventing a security attack should be a regular item on the Board’s agenda. Yet only around half (53 per cent) admit it is and a quarter don’t know.

UK respondents estimate that the operations department spent noticeably more of its budget on security (17.02 per cent) than the IT department did (12.94 per cent). This compares to the global figures of 17.84 per cent (operations) and 14.32 per cent (IT), on average.

Each year the NTT Security Risk:Value report shows that companies are still failing when it comes to communicating information security policies. An impressive 77 per cent in the UK (compared to 57 per cent globally) claim to have a policy in place, while 10 per cent (26 per cent globally) are working on one. While 85 per cent of UK respondents with a policy in place say this is actively communicated internally, less than a third (30 per cent) admit that employees are fully aware of it.

In terms of incident response planning, the UK is the most well prepared with 63 per cent of respondents saying their organisation has already implemented a response plan, well above the global figure of 49 per cent, while 18 per cent are in the process. Just 1 per cent in the UK say they have no plans to implement an incident response plan.

“The UK is leading the pack when it comes to planning for a security breach or for non-compliance of information/data security regulations,” added Kai Grunwitz. “Given that the GDPR has just come into force, this is encouraging. However, while the majority claim their information security and response plans are well communicated internally, it seems it’s only a minority who are ‘fully aware’ of them. This continues to be an area that businesses are failing on time and time again and needs to be addressed as a priority.”

For further information on NTT Security’s 2018 Risk:Value report and to download a copy, visit: https://www.nttsecurity.com/en-uk/risk-value-2018