Our news and views

This is the place where you can read the our newsletter ICEbreaker, our latest
articles as well as details of the next events we’ll be visiting.

Cyber Security

by Patrick Carolan | July 31, 2016 | News & Events | 0 Comments

Today’s approach to cyber security has shown to be problematic for industry due to security threats constantly evolving. The initial traditional approach was to focus mostly on the resources most crucial, whilst protecting against the biggest known threats. This necessitated in leaving the less important systems undefended and less dangerous risks not protected against. Cybersecurity has never been simple mainly due to attacks evolving every day as attackers become more inventive, and industry fails to keep pace due to lack of education, expense and failure to adopt best practice.

In 2015, the industry saw a record total of nine major breaches, with an estimated advised exposure of identities jumping to 429 million. While this number is worrying, it hides a bigger concern where companies choose not to reveal the full extent of their data breaches due to reputational damage. On examination of recent security alerts we now come to see that even area’s thought to be secure tend not to be entirely. With this more in-depth IT security examination should be carried out by Industry and their associated clients than is currently being addressed due to financial concerns.

Alerts have shown that Microsoft 365 cloud can be hit by ransomware and point of sales systems can be targeted with success in leisure and travel industries. Free Wi-Fi, although counted as a benefit when visiting your favourite coffee shop, hotel or meeting spot, can expose a personal device breach and we would never know it had happened. In addition, recent alerts relating to Aviation and the Power & Infrastructure sectors, it is now a common place for cyber security targeting to occur.

It is worth remembering that cybercrime in all its forms is a business after all, only operating externally to the law.  It has infrastructure, development and a constant career plan based on your own industry’s success. An example of this can be shown with Apple, for years most viruses and attacks were comprised for Windows related systems and devices because this yielded the greatest pay out. As most cybercriminals don’t waste their time on applications or devices the market shows to be uncommon or unpopular with end users. With this Microsoft has been a particular favourite due to market demand yet with Apple’s rise in the market more and more cyber alerts are now showing on this resource. This can also be viewed externally to applications such as the increase of free WIFI, Point of Sales devices, Spear phishing and Websites all being the cyber criminal’s business revenue earners. And truth be told, business is good for them and it is becoming easier and more profitable than any other in business known globally.

One the biggest threats today and the most common is related to the malicious end user activity and spear phishing, where all public and private industry sectors are targeted with greater and greater success.  Spear phishing is commonly used by an attacker to facilitate a targeted attack to a specific user email. An attacker will first gather information on an individual prior to creating a crafted email specific to that user and the situation. Once delivery of the email to the attended target the recipient is six times more than likely to open it and trust it than other emails generic to the target. These crafted emails will detail instructions, web links or play upon the recipient emotions to facilitate an action. The actions can be wired fraud, system breach or worm/virus infection.

Due to the complexity and high success rate of these emails, companies tend to employ external white hat phishing services to train their employees on the dangers and the correct diagnosis of received attack emails.  Although it should be remembered that a complex spear phishing attack email can fool even the smartest of IT professionals, additional safeguards relating to money transfers and documentation release should be observed.

Following on from this is the insider threat to any client’s infrastructure, reports show that end user mistakes can be just as serious as malicious attempts by a disgruntled employee. Employee mistakes can circumvent any security that’s put in place where regular security education tends not to be employed. One of the biggest is the loss of company devices such as laptops and media drives that have not been secured if lost. Although incorrect server permission’s or direct physical access results in the same scenario, it is worth remembering that no matter how trusted an employee is, they are human and thus capable of making mistakes.

Ransomware, the extremely profitable type of virus attack, continues to ensnare company users and expand to any network connected devices that can be held hostage for a profit. In 2015, Ransomware found new targets in smart phones, Apple Mac, and Linux systems. The Ransomware virus has developed various variants over the years to become one of the most expensive threats to date. Varying pay-outs to resolve the file encryption caused by the virus variants have been reported to be in the range of $18 million between April 2014 and June 2015 although new reports show that the variant CryptoWall has seemed to surpass this. Reports show that between January 2015 and November 2015 pay-outs were advised to be $325 million. In some forms of CryptoWall the cost is doubled if payment is not received within a specified time frame. This value of payments varies from several hundred dollars to over a thousand.

The problem starts when a victim clicks on an infected advertisement, email, or attachment, or visits an infected website. Once the victim’s device has infected with the ransomware variant, the victim’s files become encrypted with no way to un-encrypt them unless payment is made. In most cases, once the victim pays a ransom fee, they regain access to the files that were encrypted. But this doesn’t ensure you from re-encryption at a later date. The virus becomes particularly effective due to many users failing on three crucial areas;

  • Keeping their software up-to-date;
  • Performing nightly backups of workstations and file servers;
  • Maintaining up-to-date anti-malware software.

Though this is not to say completion of the above entirely safe guards you as zero-day Ransomware, that’s previously been unknown to specific antivirus software signatures are becoming standard. Where the resident antivirus cannot identify and defend against, as shown with the likes of Office 365 and Adobe Flash encounters.

The use of bitcoin for ransomware demand payment is commonly used due to its easy use, allowing fast payment whilst being publicly available, decentralised, and providing a sense of heightened security and anonymity. The question of should a payment be made is still under contention where the US security services such as the FBI recommend payment is made. Although IT companies and regulatory bodies suggest that making these payments propagates the issue and allows continued scope to this threat.

Expanding upon on the free Wifi threat that is growing in today’s industry of unprotected Wifi networks, particularly in public places, are most certainly a threat. This is due to users connecting to a network without knowing who else is on the network. “Free Wifi” provided by cafes, restaurants, etc. serve as excellent places for cybercrime where attackers can be harvesting user passwords with the user never knowing a breach has occurred. The attacker has various options open to them although the more popular attack method to perform is the ‘Man in the Middle’ attack  which employs a technic known as ARP Cache Poisoning. Once addressed the attacker can read all plaintext passwords, including unsecured email (Email without TLS protocol use), unencrypted ftp and websites without SSL security. If this isn’t enough attackers can see all your internet searches and the domains that you visit, encrypted or not. The real concern is that the tools required to achieve such devious purposes are readily available on the internet with minimal tuition required.  And so getting to this point they don’t require any real effort as ARP Cache Poisoning and Packet Sniffing (computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network) are now simplified for even the basic of IT operators. But a more advanced attacker can set up an active proxy on his remote system to perform attacks such as SSL Stripping. This gives them access to all web sites you visit, including HTTPS secured SSL sites resulting in them breaching you PayPal, eBay, Facebook and Twitter secured logins. The introduction of two factor authentication has long been advised to combat this, although available for some years the use of it has been avoided by many companies, due to users circumventing the process at times due to logon delays and inconvenience. Moving on, an attacker may target your machine directly, if you have not updated your software the likelihood that  can spawn a shell with ‘Metasploit’ and download all your files for later analysis is increasing possible. Once again this can include saved browser passwords, authentication cookies, bank statements, personal correspondence etc.

Reputational cost of cybercrime has a deep impact on all companies and thus true figures of damage costs and known breaches are impossible to advise. Companies, where possible will hide a breach due to knowing that publication of it will impact on their financial wellbeing. But it should be pointed out that cybercrime goes beyond finances and intellectual property. A recent survey showed that 50% of the consumers indicated that a cybersecurity breach would prevent them from using a company again. While companies fear reputation damage, there still has been little work to quantify it. Companies suffer reduced valuation after public reporting of being hacked, usually in the form of a drop in stock prices. These losses can be significant as shown by the TalkTalk and Sony breaches. Indeed, stock prices usually do recover over time, though recovery of stock prices may not be so quick if investors decide that there has been significant damage to a company’s intellectual property portfolio or sees a significant outflow of customers as a result.

Leave a Comment