Category Archives: Cybersecurity

Cybersecurity, Data

Expert witness: delivering evidence from the dark web when data breaches go to court

Written by Austin Berglas, Global Head of Professional Services, BlueVoyant

The well-publicized implementation of privacy legislation, including the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR), has raised public awareness considerably regarding the value of personal data and the implications of its loss or theft. The fear that a malicious actor might use stolen Personally Identifiable Information (PII) or other personal data to commit fraud via identity theft is a real and understandable concern for individuals. This fear is compounded by the frequent data breaches that hit the headlines, where people hear or read about millions of records being exposed or stolen. Often, one outcome of these mega breaches is a class action lawsuit, where individuals whose data has been breached launch a suit against the organization that has ​been accused of not securing​ ​ their data. As experts in cybersecurity and the dark web, where breached data is often destined to end up for sale, BlueVoyant professionals​ ​ may be called in as expert witnesses to help analyze the risk increase a breach has​, or has not caused, and explain to the court how personal data is sourced by cybercriminals and used to commit fraud. So, what are some of the factors we consider when we assist in these cases and how can individuals minimize their risk of fraud, even if their data is involved in a breach?

The first thing to note is that no one wants to end up on either side of a class action lawsuit over a data breach. Plaintiffs are worried about whether they need the protection of anti-fraud measures, and defendants have suffered loss of customer trust, reputation, and potential financial damage. We focus on helping courts come to a fair conclusion based on evidence that we can provide thanks to the expertise of our cyber ​threat and dark web​​ analysts and the insight we can provide into cybercriminal communities and tactics.

Can the stolen data be used to commit identity theft? 

One of the critical determinants of a class action lawsuit hinges on the type of data that has been stolen and whether it can be used on its own to commit identity theft. In this sense, all data breaches are not quite the same.

When data is stolen, if it has any value at all to fraudsters, it usually turns up on dark web marketplaces, where it is clear that pieces of personal data have differing value to cybercriminals. Opening bank accounts, making purchases, or claiming benefits based on someone else’s identity requires specific privileged information. We can make precise determinations on what information is necessary to commit specific criminal schemes and we are able to comment to the contrary when data breaches do not contain sufficient PII to advance fraudulent activities.

Dark web sites that cater to identity thieves usually carry inventory that focuses on the types of data required to commit financial fraud. In the cybercriminal world these data packages are referred to as a ‘Fullz’​​.  Fullz, at a minimum, includes the victim’s full name and billing address, credit card number, expiration date and card security code, as well as their social security/national insurance number and birth date.

Risk exposure on the dark web

Another aspect we are often asked to investigate as part of class action work is the level of exposure those affected by the breach already have on the dark web. The rationale for this is to establish whether the breach in question has genuinely increased individual identity or financial fraud risk.

It often comes as a surprise when people learn just how much of their data is already available on the dark web. Our ​dark web analysts​​ conduct exhaustive searches of ​deep/​dark web sources to establish what personally identifiable information is obtainable and identify the historical breaches from which it originates.

We can build a full picture of an individual’s presence online. This could include lists of stolen account log-in and password details, as well as ​PII such as driver’s license information​​, residential history, and social security data. If class action participants had low exposure prior to the breach at issue, their claim that the breach has raised their risk can be validated. If, however, much of their personal data was already available, their position – in the case of this specific breach – is​, potentially, not as strong​.

Assembling this evidence requires support from an authoritative and credible expert witness with covert presence on the dark web from which to conduct investigations, such as the presence we maintain at BlueVoyant. Our analysts, who have honed their craft in international intelligence agencies and at the highest levels of private sector cyber intelligence, can build this portfolio of information to lend evidence-based clarity and substance to legal arguments.

What can individuals do to protect their data?

Experience tells us ​that it’s vital individuals keep high-value personal data under tight control so that, in the event of a breach, ​your risk of identity theft or financial fraud can be reduced.​ This means keeping ​ social security/national insurance numbers​, credit card information and PII​ ​closely guarded, ​for when combined they ​can be the prime tools for identity verification by financial and government institutions. Also, the importance of account password hygiene cannot be overstated. Cybercriminals who buy a list of names, emails and passwords exfiltrated from a breach at one organization will try them out with other businesses, meaning if you use the same log-in details with your favorite clothing store as you do for your ​bank, a breach of one of them compromises your security with the others.

Ultimately, no one wants to be involved in a data breach class action but, when they do happen, understanding the value of the data stolen, whether it has surfaced on the dark web, and the level of victims’ existing exposure are the key factors the court needs to use to reach its verdict. That is where BlueVoyant can help. We can research, analyze, and present evidence that helps courts to reach a fair conclusion in data breach class action lawsuits.

Cybersecurity, Technology

The problem with secondary infection and how this relates to island hopping

Written by Rick McElroy, Cyber Security Strategist, VMware Carbon Black

One of the biggest challenges every country is facing with COVID-19 is that healthcare workers are sometimes becoming infected often with no knowledge that they have the virus. In turn, these healthcare workers may be infecting people they are tending to.  This secondary infection, which has always been the worst-case scenario for the healthcare industry, really speaks to the concept of island hopping in cybersecurity.  Island hopping is particularly dangerous – because it is infection that occurs via a trusted partner.

For those less familiar, island hopping is the practice in which hackers attack third-party suppliers with weaker cybersecurity practices in order to reach their final target. Attackers use vulnerabilities in the first company’s defences as a point of entry to the second.

Today, island hopping is exploding.  Attackers are using the digital transformation efforts of organisations to attack their customers, with increasing cyber-physical integration meaning that they are hijacking the physical environment of that entity, not just the technological environment.  Here at VMware Carbon Black, we are seeing an increase in island hopping where networks, websites, mobile apps and the mail service of organisations are being commandeered. And all their digital transformation efforts are being seized. And then that infrastructure is pushing out attack code against their board, their company and their customers.

This has been exacerbated by the situation we find ourselves in right now. With everyone home working, there is a heavy reliance on collaboration tools and technology platforms that enable us to continue to work but these very tools, if not adequately secure, can be used to infiltrate organisations.

To date there has been a sharp increase in the number of COVID-19 related attacks such as phishing, spearphishing attachments, cybercriminals masquerading fake VPNs, remote meeting software and mobile apps, ransomware and island hopping.  Attacks are targeting organisations from every sector, including healthcare organisations on the frontlines of the battle against COVID-19.

Remote work has intensified the underlying problems that have always existed – although not as heightened – when the workforce wasn’t working from home.   I say this because now we’re having meetings in our living rooms, dining rooms, bedrooms and so on and we’ve built an entire security foundation that doesn’t take into consideration aspects such as digital distancing, and which doesn’t protect organisations and users against cloud-jacking and lateral movement.

Attackers know this and they also know the implicit trust that the remote worker puts into VPNs and VPN security.  And the implicit trust being placed on the endpoint being used because it is a corporate laptop. There is a lot of room for cybercriminals to commandeer that endpoint and then hijack that secure tunnel, and the packets within that tunnel.  It is very difficult for security professionals to monitor all packets coming through trusted connections.

And so, we need to do a much better job of protecting things from the inside out, we need to have the existing control points within the infrastructure, protect the infrastructure, intrinsically, and suppress attacks and behavioural anomalies in real-time.

Going back to our home network, users need to take their security much more seriously. We can’t just rely on our employer to protect us at home just because we’re using a corporate laptop and a VPN.

Some of my recommendations are quite simple.

You need to practice digital distancing between your device and your spouse/partner and children’s devices and the smart devices in your home. And the easiest way to do that is your router has two networks, one network should be dedicated just for your work devices and the other network should be dedicated to your spouse/partner, children’s, and your personal smart devices.

You need to pay attention to your router and whether it is updated.   Unplug it for a good minute and wait for it to reboot to make sure it has the latest firmware updates on it. And never use the same password that it came with.

And just like you would with your own home, where you close the windows, lock the doors and set the alarm, you need to take the same actions with your devices, and how you digitally distance your devices at home. I expect you have rules about conduct in your home, you should also employ digital rules around how your network is used by your children, by your loved ones, and by visitors.

And finally, remember today Infosec is no longer just restricted to the office or home, think about all the other devices that users connect to.  As an organisation how do you inherently secure all these aspects so that you’re ready for any event? It’s not necessarily about securing the organisation, it’s about securing people in the organisation who have their own cluster of devices, apps, passwords, home appliances that could all be used to infiltrate the company – they’re all potential islands from which attackers can hop into your network, or from your network into your customers.

And while we all continue to work from home, I’ll leave you with a few tips for utilising video conferencing software

  • Set passwords for meetings so that only invited attendees can join.
  • If sensitive material must be discussed, ensure that the meeting name does not suggest that it is a top-secret meeting, which would make it a more attractive target for potential eavesdroppers.
  • Restrict the sharing of sensitive files to approved file-share technologies, not as part of the meeting itself.
  • Use a VPN to protect network traffic while using the platform.
  • Utilise two networks on your home Wi-Fi router, one for business and the other for personal use.
Cybersecurity

Maturing approach as Cyber Threat Intelligence pays dividends

Written by Anthony Perridge, VP International at ThreatQuotient 

In the battle to protect businesses from relentless attempts at infiltration, theft and disruption by cybercriminals, knowledge is power. Over recent years, this fact has been formalised through the growing adoption of cyber threat intelligence (CTI) With the creation of teams and implementation of CTI programmes, organisations aim to build a proactive defence posture and stay one step ahead of adversaries. The 2020 SANS Cyber Threat Intelligence survey sponsored by ThreatQuotient, analyses the state of play in cyber threat intelligence worldwide, indicates that we are entering an exciting period. CTI shows strong signs of maturing and cementing its place in the cybersecurity arsenal. 82% of survey respondents say their CTI activities are delivering value. We are also seeing organisations become more strategic about how they implement the intelligence process and a growing recognition of the value of collaboration with the wider threat intelligence community. The following are my key highlights from this year’s research findings.

CTI is coming of age

There were twice as many respondents to this year’s survey compared to 2019 and more respondents than ever before reported that they are operating a CTI programme in their organisation. 85% overall said that they had some form of CTI resource, with nearly half (49.5%) having a formal, dedicated team. A further 27% have shared responsibility with staff drawn from other teams, while 9% have a solo CTI analyst. This is a welcome sign that CTI is accelerating as a component of companies’ cybersecurity strategies.

Also encouraging was the fact that the percentage with a dedicated team has risen steadily in the past three years. Investment in headcount is on the rise, indicating that businesses are committing to CTI for the long term.

In-house teams are not going it alone, either. 61% of respondents said CTI tasks are handled by a combination of in-house and service provider teams, an increase of 54% in 2019. This combination of external resources and internal expertise means organisations can better understand and address the threats they face.

Organisations are becoming more strategic about CTI

At the start, and the heart, of an effective CTI programme are clearly defined intelligence requirements (IRs). These identify the specific questions and concerns to be addressed by the programme to ensure the right data is collected and the appropriate focus is placed on the relevant threat areas by analysts. They are critical in providing the business-specific context for CTI programmes so that they deliver the most valuable outcomes for that organisation.

So it is encouraging that this year’s survey found the percentage of respondents reporting that they have clearly defined intelligence requirements has jumped 13.5%, from 30% in 2019 to 44% in 2020. Another positive sign is the growth in the number of contributors to CTI requirements – there was more input from security operations teams, incident response teams and C-Suite executives, showing that a diverse group of stakeholders is helping to drive both the tactical and strategic direction of the CTI programme. The next stage in maturity will be to see more regular and structured reviews of intelligence requirements, as most still review IRs on an ad hoc or unknown basis.

Intelligence sources, automation and management advances – but more to be done

When it comes to collecting data to answer the intelligence requirements, there has been a jump in the percentage consulting both open source feeds and those from CTI-specific vendors. There has also been an increase in organisations producing threat intelligence data in-house to complement externally sourced data – more than 40% of organisations said they both produce and consume threat intelligence data.

With this wealth of data at their disposal, the survey asked how organisations process high volumes of intelligence to gain actionable insight, and the degree of automation used to lift the burden from CTI teams. The survey shows that automation is still some ways off, with the majority of processing tasks completed either manually or semi-automated. While basic tasks such as data de-duping are commonly automated, more complex activities, such as reverse-engineering samples are a manual undertaking for 48% of respondents.

In CTI management, the picture is slightly better with more organisations reporting automation in SIEM platforms and CTI management platforms. As CTI continues to prove its value, we would anticipate seeing more automation and tuning of tools to fit the context, priorities, and specific threats that businesses face. This supports analysts to focus their efforts where human evaluation is most effective and respond more proactively to threats.

Measurement is proving a challenge

Another sign that an approach is maturing is when focus shifts from operational considerations around what tools and teams can do, to measuring the effectiveness of their actions. Here the survey found that there is still some way to go. While a resounding 82% of respondents find value in CTI, only 4% had processes in place to measure effectiveness. However, the growing rigour in identifying clear intelligence requirements can offer a good starting point here. Once these are set, goals can be set based on answering the IRs through the CTI programme.

Collaboration is critical

Perhaps the most encouraging finding from the SANS Cyber Threat Intelligence survey is confirmation that collaboration is being embraced as a core component of security programmes. 45% reported membership of an Information Sharing and Analysis Centre (ISAC) which is a high percentage, given that they are not available in all verticals or territories. The main benefits noted are timely and relevant threat information and the ability to network with contacts at other member organisations.

Now, more than ever, the uncertain cyber and physical environment and new threats emerging out of the disruption of COVID-19 pandemic mean that intelligence analysts need to share best practice data and strategies to overcome threats.

Ultimately, the 2020 SANS Cyber Threat Intelligence survey offers robust evidence that CTI is increasing in adoption and is proving its worth to a greater number of organisations than ever before. When threat intelligence is effectively collected, integrated, automated, prioritised and shared between analysts and wider stakeholders, organisations become more agile and effective at addressing the threats they face. We are in an exciting period for the industry, where organisations can see real, measurable impact from their accelerating investment in CTI teams and tools and we look forward to seeing further evidence of success in next year’s survey.

Cybersecurity, Networks, News

A10 Networks Delivers Highest Performance DDoS Protection, HTTP/3 and QUIC Protection

A10 Networks is offering a leap forward for service providers with DDoS protection at the scale required to stop today’s cyber threats. A10 is launching its highest-performance DDoS protection appliance, the A10 Thunder® Threat Protection System (TPS) 7655, helping service providers and MSSPs mitigate the largest DDoS attacks.

The A10 Thunder TPS 7655 provides up to 1.2 Tbps blocking capacity and 380 Gbps scrubbing capacity. Combining Zero-day Automated Protection (ZAP) powered by machine learning (ML) and advanced software mitigations, Thunder TPS delivers unprecedented protection in a compact 1.5U form factor, enabling customers to efficiently scale-out their DDoS defenses as the threat landscape expands. The Thunder 7655 TPS will be available in Q3 2020.

Fueled by massive IoT botnets and new reflected amplification exploits, Distributed Denial of Service (DDoS) attacks continue to grow in size and sophistication and have broken the 1 Tbps barrier. The current pandemic has only increased the threat as cyber attackers find new targets in healthcare, government, online gaming and remote working services. Service providers, MSSPs and enterprises require a new generation of DDoS protection technology to protect their networks.

In addition, A10 is bringing first-to-market DDoS protection for the QUIC protocol.

To ensure the user experience for business and consumer services that are migrating to the cloud, QUIC is rapidly being adopted by content and cloud providers, leading browser developers, such as Mozilla and Google, and is backed by the Internet Engineering Task Force (IETF). The QUIC protocol provides faster connect times with built-in security versus the traditional combination of TCP and TLS. It also offers a dramatic reduction in latency that will enable better user experience for content-rich web applications. Based on these benefits, QUIC is the chosen transport for the upcoming HTTP/3 protocol.

A10 is the first major software and hardware DDoS vendor to provide DDoS protection for the QUIC protocol. Thunder TPS protects this new transport mechanism from DDoS and enables a safer next generation of web services using this protocol. DDoS protection for the QUIC protocol is available now for all Thunder TPS customers.

Cybersecurity, Data

Embarrassment is Endemic as 64.5% Say They’ve Sent Work Emails to the Wrong Person

The latest Data Breach Incident Report from the Information Commissioner’s Office (ICO) revealed that misdirected emails were the number one cause of data breach incidents during Q4 2019, accounting for 20% more reported incidents than phishing attacks.

In response to these findings, we commissioned a straw poll with CitizenMe to learn more about these email errors with 300 email users in the UK and 300 in the US. Our poll found that almost two-thirds (64.5%) of respondents admitted to sending emails to the wrong recipients, with everything from confidential figures to court documents going astray. Here is what else this quick poll showed us:

Red-faced respondents say they don’t report email errors

Although 68% of UK respondents and 61% of US respondents admitted to sending work emails to the wrong recipient, anecdotal comments from those who admitted to doing this also showed that they hadn’t reported the incident to their line managers.

Anecdotal responses:

Mistake: I once sent confidential figures to a colleague in my team rather than the CEO as they both had the same first name. Outlook gave me her name as a suggestion rather than the CEO.

Did you report it: No, my colleague saw my mistake and quietly told me.              

Mistake: I sent a document for a bankruptcy to the wrong client because I mixed up two small businesses.  Both were chapter 7 bankruptcies filed around the same time and they both began with the letter A.  I accidentally sent a document that came in from court to the wrong client because I confused the two, as previously mentioned.

Did you report it: No I did not. We are small business and I apologised to the client it was sent to and advised to disregard.  Then I sent the document to the correct person.

Mistake: I emailed an excel sheet about future investment opportunities to the wrong person.

Did you report it: No, just apologised and sent it to the right receiver.

Elevated risk environment:

The ICO report and the results of our quick poll show that this is really just the tip of the iceberg.  Most email data breaches go unreported, so it’s difficult for CISOs and their security teams to fully grasp and tackle this problem. What’s more, with 60% of the UK’s workforce now working remotely, we’ve seen a 23% increase in email usage due to the pandemic.  Imagine what the true cost of misdirected emails would be if all were reported as data breaches?

In this elevated risk environment, where misdirected emails can have devastating repercussions if personal or corporate data is exposed, it is paramount that organisations provide staff with technology that stops outbound emails going to unintended recipients.

COVID-19: a catalyst for Digital Transformation

Post Covid-19 it remains to be seen what the new normal will look like, but all indications are pointing to increased remote and flexible working across the board. Organisations will then have the opportunity to distribute finances previously allocated to expensive real estate for other purposes. With remote working seemingly here to stay and email remaining the most common business communication tool, intelligent email security that prevents breaches and protected data must become a central part of organisations’ digital transformation stories.

COVID-19, Cybersecurity, Networks, News

It is Security, not Covid-19, that challenges the commercial deployment of 5G

Adrian Taylor, Regional VP of Sales for A10 Networks, considers the barriers to full 5G rollout across the UK.

Since the beginning of the current pandemic, false and unsubstantiated rumours of 5G and its impact on people’s health have been prevalent in social media. Phone masts have reportedly been damaged or destroyed in several European countries. The problem has been particularly acute in the UK, where dozens of towers were targeted, and engineers abused as they worked, according to media reports.

The scale of the problem prompted the World Health Organisation (WHO), the UN agency which is leading the response to the pandemic, to add the 5G conspiracy to its COVID-19 myth busters article, which highlighted that “viruses cannot travel on radio waves/mobile networks. COVID-19 is spreading in many countries that do not have 5G mobile networks.”

In the midst of this controversy, A10 Networks released a report titled, “Toward a More Secure 5G World,” which highlighted how COVID-19 may result in some short-term delays for operators, but ultimately it demonstrates a global need for higher speed, higher capacity 5G networks and the applications and use cases they enable. The study also found that 81% believe industry progress toward 5G is moving rapidly, mostly in major markets, or is at least in line with expectations.

Whilst the report shows 5G adoption is scaling rapidly, one of the main concerns from the report was surrounding cybersecurity. As 5G networks expand, so does the explosive growth in network traffic, connected devices, and mission-critical IoT use cases. This will impact network security and reliability more than ever before. The report supported this view, with 99% respondents expecting 5G networks will increase security and reliability concerns and 93% have or may change security investments in light of 5G.

To address this challenge, service providers need highly cost-efficient security solutions that offer flexibility, scalability, and protection as they evolve their networks to 5G and integrate cloud and edge capabilities. This means a comprehensive security stack at service provider scale with other functions most needed in mobile networks, including a firewall for all network peering points, deep packet inspection (DPI), carrier-grade network address translation (CGNAT) and IPv6 migration, integrated distributed denial of service (DDoS) threat protection, intelligent traffic steering and analytics.

Below is a blueprint of five of the key solutions required for a successful migration to 5G.

  1. Gi-LAN Security – Gi/SGi Firewall

Significant threats to mobile subscribers and networks come through the internet interface – the Gi/SGi. As traffic volume, devices and cybercriminal expertise increases, so do these threats. An integrated Gi/SGi firewall protects infrastructure and subscribers and delivers the performance that mobile carriers require. The Gi/SGi firewall solution meets both current and future traffic requirements for any service provider. This comprehensive and consolidated approach provides best-in-class performance, efficiency and scale to protect the mobile infrastructure while reducing OPEX and CAPEX costs. Service providers can also use a Gi/SGi firewall solution in a virtual form factor to gain a flexible, easy-to-deploy and on-demand, software-based deployment.

  1. Mobile Roaming Security – GTP Firewall

The GTP protocol used in the roaming and other EPC interfaces has known vulnerabilities that can be readily exploited by malicious actors. Operators must meet the growing security challenges while also providing a seamless subscriber experience – wherever they travel, whatever devices they use, and whatever network is accessed. A GTP firewall provides extensive capabilities including stateful inspection, rate limiting, and filtering of traffic for protocol abnormalities, invalid messages, and other suspicious indicators. It protects against GTP protocol vulnerabilities such as fraudulent use, confidentiality breaches, DDoS attacks by malicious peers and other threats. A GTP firewall can be inserted into multiple interfaces carrying the GTP traffic. In the primary use case, it is inserted on S5-Gn and S8-Gp (roaming) interfaces. The GTP firewall provides scalability and supports uninterrupted operations while protecting subscribers and the mobile core against GTP-based threats such as information leaks, malicious packet attacks, fraud and DDoS attacks through GTP interfaces in the access networks and GRX/IPX interconnect.

  1. Network Slicing – Intelligent Traffic Steering

Network slicing will allow mobile operators to offer security and other capabilities tailored to each vertical application and to capture revenue from these diverse use cases, without losing the economies of scale of common infrastructure. Network slicing isolates each use case or service from one another so that the services can be independently deployed, managed securely, and delivered in a robust way. This solution identifies specific types of traffic by multiple criteria including radio access type, IP address, DNS address, device type, destination, subscriber ID, and other parameters and then redirects these “slices” of traffic to value-added service platforms, such as protection platforms for deeper threat analysis and scrubbing. This re-direction can be based on either static policy or dynamic factors. This solution enables differentiated treatment to the developing 5G use cases, deepens the security posture and boosts revenue opportunity without adding unnecessary inspection load on the entire network.

  1. Network Wide DDoS Detection and Mitigation System

Mobile operators must maintain high network availability at all times. DDoS attacks target mobile networks and their subscribers with high volume message floods that overwhelm infrastructure and can cause service degradation and network outages. Now, targeted attacks can also come from any network peering point and include both volumetric and lower volume, sophisticated attacks against specific network elements or important applications of key enterprise customers. Over-provisioning of network elements to meet rising threat volume or simply blocking traffic during an attack increases costs and can result in service denial for critical traffic. Operators need a more cost-efficient and comprehensive approach that quickly detects and mitigates DDoS and infrastructure attacks across the entire mobile network without denying service to important traffic. Service providers can achieve full DDoS resilience and improve security by using a layered approach for detecting and mitigating attacks of all types and sizes before attackers take down their targets.

  1. Secure, Efficient MEC

Multi-Access Edge Compute (MEC) architecture is often part of the 5G transition plan. In a MEC architecture, network traffic processing functions move from a centralised data centre or mobile core to a number of distribution points that are located closer to the user at the “edge.” A distributed architecture with thousands of nodes increases management difficulty and requires a high level of automation and analytics for deployment, management and security and operational changes. We at A10 Networks offer a Thunder CFW solution that offers high performance, low latency in a software-based or hardware form factor for firewall, CGNAT and IPv6 migration, traffic steering and other functions. Many functions that may have been provided by single point appliances are combined into one appliance, virtual instance, bare metal or container. Cost-efficient, high-performance security is ensured without exceeding space and power limitations. Centralised management and analytics simplify operations for lower TCO.

As we reach the halfway point of 2020, the A10 study indicates that major mobile carriers around the world are on track with their 5G plans, and more expect to begin commercial build-outs in the coming months. That means mobile operators globally need to proactively prepare for the demands of a new virtualised and secure 5G world. That means boosting security at key protection points like the mobile edge, deploying a cloud-native infrastructure, consolidating network functions, leveraging new CI/CD integrations and DevOps automation tools, and moving to an agile and hyperscale service-based architecture as much as possible. All these improvements will pay dividends immediately with existing networks and move carriers closer to their ultimate goals for broader 5G adoption.

Cybersecurity, News, Technology

Teleconferencing – Have we learned from our past?

Vemun Waksvik, Business Development Manager at Synergy Sky, considers the challenges of using new tech in lockdown and the lessons we should have learned from previous technology

It’s easy to look back and laugh at the time we all papered our public Facebook walls with content that was supposed to be private. We cringe at how we (and government officials with us) shared passwords and sensitive information in e-mails and later could not understand how our accounts got compromised. You would think we had learned, but the truth is that we are in fact reliving these exact scenarios today, only this time it’s for video conferencing.

Many companies have introduced remote working measures under exceptional circumstances and without clear policies in place. Conferencing vendors such as Zoom, Microsoft Teams and Cisco Webex have been quick with the assist. While they have been throwing out business communications lifelines to millions of companies worldwide, often free of charge, users have been faced with some major challenges in regard to how their data is secured while using the conferencing tools.

But, is it right to put all the responsibility on the vendors? Was it right to blame our e-mail clients in the 90’s when our accounts – protected with our self-constructed paper padlocks of “password123” – got hacked?

Normally most of the implemented solutions companies use are enterprise grade offers. However, currently the versions being used widely are free consumer offers with best effort quality.

These solutions are ideal in situations where you need something quickly and they have been very helpful in our scramble to maintain collaboration and workflow from home. However, they tend to lack centralised control. There are no IT policies in place such as password strength, the ability to assign features to certain users or software version control.

Many of the security issues we have read about over the past few months would most likely have been avoided with more centralised control by the IT department – better passwords, unique or randomised conference ID’s, unique or randomised meeting passwords, waiting rooms or the ability to exclude anonymous joiners.

Today we know not to email our passwords or to post sensitive information on our social media. We have learned how to work the technology to our advantage and how to protect ourselves from breaches. We have also created a culture on how to behave while using these tools. Now we need to do the same for video in the workplace.

Establishing a good company culture to support the use of video conferencing is important. This can include subtle things like muting your microphone when not speaking, avoid back light and wearing appropriate clothing to reflect it’s business.

While much of this might be common sense, someone who has downloaded a free version of a web conferencing tool may not yet have the experience to realise that they should mute themselves whilst their dog is barking in the background. Putting an official policy in place for an emerging video conferencing culture could be useful to maintain efficiency and security.

At the end of the day, there is no doubt that the ability to work remotely has some major benefits. It provides a better work-life balance, lets companies recruit talent to work from all around the world and not to mention it cuts down on our travel, saving cost and our environment.
So, let your IT security team implement the policies needed so we can all move forward and utilise the amazing technology video conferencing offers, in controlled, secure environments.

Cybersecurity, News, Technology

ThreatQuotient Expands Professional Services Offering

ThreatQuotient™, a leading security operations platform innovator, today announced enhancements to their professional services offering, including new Assessment and Consulting Services. First launched in 2017, ThreatQuotient’s global Professional Services team has continuously evolved to meet and exceed the changing needs of organisations at all levels of security operations and threat intelligence maturity. By providing the core capabilities to assess, design and build a threat-centric security operations function, ThreatQuotient is enabling organisations to transition from traditional signature-based monitoring, detection and response to an external, threat-focused program.

“At ThreatQuotient, we know building a security operations program is hard, and building one that is threat-centric is even more difficult. Our team is here to help at every stage – from assessing whether a company will get value out of a threat intelligence program, all the way to helping the most mature and sophisticated teams diversify their use cases,” said Jonathan Couch, SVP Strategy, ThreatQuotient. “With over 50 years of combined commercial and government threat intelligence and operational cybersecurity experience on the services leadership team, we are uniquely qualified and positioned to tailor solutions that meet the distinct needs and demands of an organisation’s security operations.”

In addition to the current services of implementation, training and development, ThreatQuotient now offers consulting services that range from an initial assessment of current threat intelligence capabilities, to more in-depth and long-term process development. The ultimate goal is to mature a program to the point that a team can confidently address specific use cases like spearphishing, threat hunting and vulnerability management. ThreatQuotient’s services can educate new cyber intelligence teams, refocus teams onto specific classes of threats, and operationalise an intelligence practice.

ThreatQuotient’s Professional Services also guide the development of a strategic plan, which embeds threat intelligence within all functions of security operations, by taking into account stakeholder analyses, risk identification and a one to three year growth plan. In addition, ThreatQuotient enables security executives to leverage the application of global threat intelligence to communicate effectively with their business leadership.

ThreatQuotient will help organisations seamlessly deploy the ThreatQ platform into their ecosystem, however, companies do not have to be users of the platform to take advantage of ThreatQuotient’s services to mature their operations and learn how to implement threat intelligence. ThreatQuotient’s experts can provide additional support to create automated workflows, develop and/or map attributes against data sets or feeds, auto-enrich indicator sets, or provide specific deployment actions against intelligence. For example, since first integrating with MITRE ATT&CK in early 2018, ThreatQuotient has helped customers adopt and integrate the framework into their workflows to achieve a holistic view of their organisation’s specific attack vectors and what needs to be done to effectively mitigate those attacks and defend against adversaries.

“ThreatQuotient’s services team uses best practices for threat intelligence and training to consult on applying the right processes and workflows, accelerating detection and response, and integrating ThreatQ with each enterprise’s unique ecosystem of pre-existing technologies to extend the architecture of their security operations,” said Anthony Perridge, VP International, ThreatQuotient. “With our new assessment service, ThreatQuotient extends to help organisations that are new to threat intelligence answer an important but difficult question – are we ready to get value from a cyber threat intelligence program? If they are not, we can work to get them ready and help set up the people, processes, and technologies necessary to integrate intelligence into security operations and cyber risk management programs.”

For more information about ThreatQuotient’s Professional Services, download the datasheet here.

Coronavirus, Cybersecurity, Data, News, Technology

Redscan reveals the most Googled cyber security and technology trends during COVID-19 pandemic

Redscan, the managed threat detection, incident response and penetration testing specialist, has released an analysis of the most searched security and technology terms during the COVID-19 pandemic. The findings demonstrate the technology priorities of UK businesses, the potential security threats they face, and the extent to which many were unprepared for such an event.

Key findings, based on Google Trends global search history data, include:

Coronavirus-related phishing scams are currently more searched for in the UK than those linked to many big brands, including Apple and Amazon. HMRC phishing scams were also widely searched for, coinciding with the introduction of unprecedented financial support for employees and businesses most affected

Searches for “Business continuity plan” saw a huge spike between 8-21st March 2020, significantly higher than any other time in Google’s history – revealing the extent to which the pandemic has triggered panic amongst businesses, many of which would not have had such a plan in place

Search interest in “remote working”, “collaboration tools and “remote access” reached record highs in March, as organisations sought solutions to facilitate employee home working.

“VPN” searches also saw a significant spike in March. Since 8th March, VPN is more searched for in the UK than Chancellor of the Exchequer, Rishi Sunak, who has also seen an increased number of searches during the virus pandemic

“Antivirus” also saw increased searches in March, but searches for this term over the last 10 years remain on a steady decline

Zoom is currently the most searched online collaboration technology, ahead of GoToMeeting, WebEx, Slack, and Microsoft Teams. Despite reported security and privacy concerns (including the rise of “Zoombombing”) all these collaboration related tools generated a significant spike in online search interest during the month

“Google’s search data tells a clear story of businesses trying to adapt to remote working and related security and technology challenges of greatest concern,” said Mark Nicholls, Redscan CTO. “A spike in business continuity plan searches is hardly a surprise, but it is also troubling to think that so many are Googling the term now. It suggests that many businesses did not already have a continuity plan in place, and now is hardly an ideal time to implement one. But better late than never.

“Ensuring that employees have the tools in place to work from home has been a priority of IT teams but it’s important that organisations are vigilant about the increased security risks and put appropriate controls and processes in place to mitigate them – such as ensuring that cloud platforms are appropriately configured and monitored.

“At this moment, search traffic is so high for COVID-19-related phishing scams that it exceeds search volumes for phishing attacks imitating major brands like Apple. Cybercriminals are treating the pandemic as a unique opportunity to target remote employees, who may be more vulnerable to social engineering away from the protection of an office network. During this difficult time, employee cyber awareness training and proactive network and endpoint monitoring are more important than ever.”

Cybersecurity, Technology

Glasswall offers free cyber protection to small businesses as Covid-19 crisis continues

It’s never been more important to support small business. Customers are staying at home, suppliers are stretched and online sales can’t fully replace what’s being lost. Finances are tighter than ever. Small businesses are critical to our economy and a vital part of our community. They deserve our help.

Glasswall, a leading file-regeneration technology company, wants to play its part.  The company is offering small businesses in UK and US a one-year subscription to its award-winning FileTrust for Email service. Powered by it’s patented deep-File Inspection, Remediation and Sanitisation Technology (d-FIRST™), FileTrust for Email provides complete protection against the greatest cyber threat businesses face today: Malicious email file attachments.

Glasswall will provide this service, along with setup and support, at no cost for a full year.

In addition, companies can also benefit from new products slated for release over the next few months, including Glasswall’s Mass File Scanner and Website File Scanner services. Mass File Scanner is a quick and simple way to conduct risk assessments on large quantities of files, while the Website File Scanner does the same for the file content of websites.

“Health professionals and key workers are all making sacrifices to help us get through the current crisis and at Glasswall, we feel our business also has to play its part.” said Danny Lopez, CEO of Glasswall.

“Small businesses are increasingly being targeted by cybercriminals seeking to exploit the current crisis for their own gain. The owners of these vital businesses are facing enough challenges. Malicious emails shouldn’t be one of them.”

Glasswall’s FileTrust for Email service is quick and easy to set up, works seamlessly with any email gateway and provides a valuable addition to other security products.

Glasswall disarms file-based malware without requiring signatures, behavioural analytics or machine learning. Glasswall regenerates totally clean, safe and visually identical versions of files in under a second, ensuring no disruption to productivity.

To learn more about FileTrust for Email, visit glasswallsolutions.com