Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

hacking

£36m public funding for hack-resistant chips

960 640 Stuart O'Brien

The UK government has partnered with Arm to develop chip technologies that are more resistant to cyber threats, backed by £36 million in funding.

The move kicks off the the next phase of the government’s Digital Security by Design initiative, which is also backed by Google and Microsoft.

Official figures say the average cost of a cyber-attack on a business – where a breach has resulted in loss of data or assets – has increased by more than £1,000 since 2018 to £4,180.

In addition to robust software, the government says innovative hardware and systems solutions are critical to defend advanced technology and our defence systems.

This project is aiming to prevent hackers from remotely taking control of computer systems as well as targeting cyber-attacks and breaches, meaning more businesses providing online services are better protected. It will also create new business opportunities and help boost productivity.

A further project, backed by £18 million government investment through the Strategic Priorities Fund (SPF), will tackle some of the dangers of the online world from privacy abuses and wrongful use of data like disinformation and online fraud.

The initiative will help provide solutions to some of the issues identified in the government’s Online Harms white paper, which sets out plans for world-leading legislation to make the UK the safest place in the world to be online. The project will help understand what businesses and individuals need to reduce the harm they are exposed to by using online platforms and will aim to develop more trustworthy technology.

This, the government says, will help to prevent incidents of online fraud, phishing emails, impersonating organisations online and viruses or other malware like ransomware, which cost the UK economy millions of pounds in lost productivity.

Business Secretary Andrea Leadsom said: “Cyber-attacks can have a particularly nasty impact on businesses, from costing them thousands of pounds in essential revenue to reputational harm.Cyber-criminals operate in the shadows, with the severity, scale and complexity of breaches constantly evolving. It’s critical that we are ahead of the game and developing new technologies and methods to confront future threats, supporting our businesses and giving them peace of mind to deliver their products and services safely. Investing in our world-leading researchers and businesses to develop better defence systems makes good business and security sense.”

Minister for Digital and Broadband Matt Warman added: “The government wants the UK to be the safest place to be online and the best place to start and grow a digital business. As these investments show, we are determined to create the right environment to foster our thriving digital economy while giving people renewed confidence and trust in online services.We will always be firm in our support for the UK’s tech sector. Thanks to our work with the UK’s world-leading academic institutions and our business-friendly environment, we are helping entrepreneurs use technology to improve people’s lives and find solutions to future challenges.”

Hiscox reveals results of staged ‘real world’ Brompton cyber attack

960 640 Stuart O'Brien

Hiscox recently collaborated with iconic bike manufacturer Brompton to stage a ‘real world’ cyber attack, simulating the effects by constructing a complete clone of Brompton Bicycle’s east-London store overnight, hiring ‘staff’ and stocking shelves with counterfeit merchandise.

The fake store, called ‘3rompton,’ opened its doors to the public on the opposite side of the road and subsequently launched a series of cyber attack simulations on the genuine Brompton store in Shoreditch, with reactions of staff and passers by captured on video (https://www.youtube.com/watch?v=Y1b8865GOHU&feature=youtu.be).

Common hacking techniques such as ransomware and phishing were brought to life through a series of simulated offline attacks; the real store was boarded up, displaying a ransom note demanding Bitcoin in exchange for re-entry; genuine stock deliveries were diverted to the fake ‘3rompton’ store, highlighting the potential effects of a phishing scam; finally the real Brompton store was flooded with imitation customers overwhelming staff, simulating a denial-of-service (DDoS) attack.

According to the insurer, one in three (33%) UK small businesses have suffered a cyber breach and this simulation is the latest initiative in its cyber awareness campaign, set-up to highlight this risk. 

The firm says cyber security incidents cost the average small business £25,7003 a year in direct costs (e.g. the costs of IT experts in response to the incident, lost revenue and replacement systems), but this is just the beginning. Indirect costs such as damage to reputation, the impact of losing customers and difficulty attracting future customers, means the true figure can be significantly higher.

Robert Hannigan, former Director of GCHQ and Special Advisor to Hiscox, said: “Cyber crime is one of the biggest security risks facing businesses today but many aren’t taking it seriously and many more are underprepared. It’s a less tangible risk than burglary or a fire which can make it hard for businesses to grasp, so bringing cyber crime to life with an exercise like this is a useful way of conveying an important message. 

“The hacking techniques being simulated such as ransomware and phishing are extremely commonplace and have been for many years. At the same time, new types of cyber crime continue to emerge, which makes staying on top of cyber security an ever-evolving challenge.”

Will Butler-Adams, CEO Brompton Bicycle, added: “Our business is about our bike; the design, function and support we give to our customers over the life of the product. We have spent forty years developing the Brompton brand and continue to take risks to innovate and improve the design. When people copy us, with little understanding of the engineering and care behind the design, they are trying to fool our customers who may go on to buy a potentially dangerous product. We wanted to work with Hiscox to highlight these risks, as it is a serious issue and is not limited to the product but also to online cyber fraud, spam emails and viruses, that hurt businesses and their customers alike.”

NCSC outlines case against Russian military hackers

960 640 Stuart O'Brien
The National Cyber Security Centre (NCSC) says it has identified that ‘a number of cyber actors’ widely known to have been conducting cyber attacks around the world are, in fact, the GRU – the Russian military intelligence service.

It says the attacks have been conducted ‘in flagrant violation of international law’, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.

The statement came as part of a joint message coordinated with the likes of the US and France.

Specifically, the NCSC says cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.

It says the campaign by the GRU shows that it is working in secret to undermine international law and international institutions.

The Foreign Secretary, Jeremy Hunt said: “These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens.  This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.

“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

The statement from the NCSC used the strongest language possible, saying: “Given the high confidence assessment and the broader context, the UK government has made the judgement that the Russian Government – the Kremlin – was responsible.”

The body says the GRU are associated with the following names:

  • T 28
  • Fancy Bear
  • Sofacy
  • Pawnstorm
  • Sednit
  • CyberCaliphate
  • Cyber Berkut
  • Voodoo Bear
  • BlackEnergy Actors
  • STRONTIUM
  • Tsar Team
  • Sandworm

Don’t click if you receive any of these emails…

960 640 Stuart O'Brien

Hackers are getting smarter and now know how to leverage psychological triggers to get the attention of victims, according to a new report.

KnowBe4, a provider of security awareness training an simulated phishing platform has published its Top 10 Global Phishing Email Subject Lines for Q2 2018. The messages in the report, which were compiled from analysing KnowBe4 user data, are based on simulated phishing tests users received or real-world emails sent to users who then reported them to their IT departments.

Ironically, the top three messages for Q2 2018 show that hackers are playing into users’ commitment to security, all tricking users with clever subject lines that deal with passwords or security alerts.

Hackers continue to take advantage of the human psyche. A recent report from Webroot validates this notion with IT decision makers believing their organisations are most vulnerable to phishing attacks – more so than new forms of malware. Some 56 per cent of IT decision makers in the US believe their businesses will be most susceptible to phishing attacks, while 44 per cent of IT decision makers in the UK are most concerned with ransomware attacks. By playing into a person’s psyche to either feel wanted or alarmed, hackers continue to use email as a successful entry point for an attack.

“Hackers are smart and know how to leverage multiple psychological triggers to get the attention of an innocent victim,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “In today’s world, it’s imperative that businesses continually educate their employees about the tactics that hackers are using so they can be savvy and not take an email at face value. Hackers will continue to become more sophisticated with the tactics they use and advance their utilisation of social engineering in order to get what they want.”

The Top 10 Most-Clicked General Email Subject Lines Globally for Q2 2018 include:

  1. Password Check Required Immediately
  2. Security Alert
  3. Change of Password Required Immediately
  4. A Delivery Attempt was made
  5. Urgent press release to all employees
  6. De-activation of [[email]] in Process
  7. Revised Vacation & Sick Time Policy
  8. UPS Label Delivery, 1ZBE312TNY00015011
  9. Staff Review 2017
  10. Company Policies-Updates to our Fraternisation Policy

NCSC warns of growing cyber security threat to UK business

960 640 Stuart O'Brien

Criminals are launching more online attacks on UK businesses than ever before, according to a new report published by the the National Cyber Security Centre (NCSC).

The NCSC, which is part of GCHQ, released the report to coincide with its flagship CYBERUK 2018 summit, which is taking place this week in Manchester.

The Cyber Threat to UK Business‘ was jointly authored by the NCSC and the National Crime Agency (NCA) in collaboration with industry partners, and details some of the biggest cyber attacks from the last year and notes that risks to UK businesses continue to grow.

Emerging threats are also highlighted, such as theft from cloud storage and cryptojacking, in which computers are hijacked to create crypto currencies such as bitcoin.

The report acknowledges that a basic cyber security posture is no longer enough and most attacks will be defeated by organisations which prioritise cyber security and work closely with government and law enforcement.

Ciaran Martin, Chief Executive of the NCSC, said: “We are fortunate to be able to draw on the cyber crime fighting expertise of our law enforcement colleagues in the National Crime Agency.

“This joint report brings together the combined expertise of the NCA and the NCSC. The key to better cyber security is understanding the problem and taking practical steps to reduce risk.

“This report sets out to explain what terms like cryptojacking and ransomware really mean for businesses and citizens, and using case studies, shows what can happen when the right protections aren’t in place.”

The report also notes that firms are under increasing threat from ransomware, data breaches and supply chain weaknesses which it says can mean serious financial and reputational damage.

It sites real-life case studies from businesses damaged by cyber crime, including ransomware attacks that have affected companies ranging from multi-national firms to independent restaurants.

Furthermore, the report states that while law enforcement and government have successfully battled many cyber threats this year, under-reporting of cyber crime by businesses means crucial evidence and intelligence about cyber threats and offenders is being lost.

Donald Toon, director of the NCA’s Prosperity Command, said: “UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cyber security extremely seriously in the next year are risking serious financial and reputational consequences.

“By increasing collaboration between law enforcement, government and industry we will make sure the UK is a safe place to do business and hostile zone for cyber criminals.

“Full and early reporting of cyber crime to Action Fraud will be essential to our efforts.”

 

UK Hacking Fines

UK firms to face fines of up to £17m if they fail to protect against hackers

960 640 Stuart O'Brien

The UK Government has committed to updating and strengthening data protection laws through a new Data Protection Bill.

The aim is to give consumers the confidence that their data will be managed securely and safely. Research shows that more than 80 per cent of people feel that they do not have complete control over their data online.

Under the plans individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. This will also mean that people can ask social media channels to delete information they posted in their childhood. The reliance on default opt-out or pre-selected ‘tick boxes’, which are largely ignored, to give consent for organisations to collect personal data will also become a thing of the past.

Businesses will be supported to ensure they are able to manage and secure data properly. The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or four per cent of global turnover, in cases of the most serious data breaches.

Matt Hancock, Minister of State for Digital said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

The Data Protection Bill will:

  • Make it simpler to withdraw consent for the use of personal data
  • Allow people to ask for their personal data held by companies to be erased
  • Enable parents and guardians to give consent for their child’s data to be used
  • Require ‘explicit’ consent to be necessary for processing sensitive personal data
  • Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
  • Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
  • Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
  • Make it easier for customers to move data between service providers

New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data.

Elizabeth Denham, Information Commissioner, said: “We are pleased the Government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”

Data protection rules will also be made clearer for those who handle data but they will be made more accountable for the data they process with the priority on personal privacy rights. Those organisations carrying out high-risk data processing will be obliged to carry out impact assessments to understand the risks involved.

The Bill will bring the European Union’s General Data Protection Regulation (GDPR) into UK law, helping Britain prepare for a successful Brexit.

Julian David, CEO of techUK, offered: “The UK has always been a world leader in data protection and data-driven innovation. Key to realising the full opportunities of data is building a culture of trust and confidence.

“This statement of intent is an important and welcome first step in that process. techUK supports the aim of a Data Protection Bill that implements GDPR in full, puts the UK in a strong position to secure unhindered data flows once it has left the EU, and gives businesses the clarity they need about their new obligations.”