Be Prepared to Face the Worst Viruses

As the digital age ushers in new disruptive innovations such as cloud computing, the internet of things, biometric authentication and much more, cybersecurity is slowly becoming the biggest threat we, ordinary citizens, will ever face.

The issue that organisations, companies and governments face when trying to protect themselves from hacking or other malware is that the burden of work is on them. In order to have a successful defence mechanism you need to be able to protect all points in your network, whereas criminals need only to identify one weak point to achieve their goal.

This imbalance is only set to grow as we enter the world of big data and Web 3.0 where people, devices and appliances are more connected than ever. With objects such as fridges, cars, planes and even the lights in your home becoming connected to your personal network, protecting flaws has become exponentially harder, while exploiting them has become easier.

2016 was a particularly busy year in the sphere of cybersecurity with headlines dominated by state-sponsored intervention into the US election process. More common headlines described large organisations, in all markets from healthcare to car manufacturing, experiencing large scale data breaches (data from over 500 people/customers).

The first few months of 2017 have been no exception, with news of CIA/government surveillance techniques involving smart TVs and even accessing mobile phones thought to be secure.

What is the biggest cyber threat facing organisations?

Targeted hacking has become the method of choice for most cybercriminals and it represents the most sophisticated and organised way of achieving their focussed goals. In the cyber sphere, they are known as Advanced Persistent Threats (APT), with the key word being persistent.

How they work is that they target specific weaknesses in an organisation’s end point system, which allows them to keep a foot in the door as such. Once in, they can slowly work their way through the system towards their desired objective, taking as much time as they want. When they have achieved their goals, usually a data breach of some sort, they can then retrace their footsteps and cover up their tracks without ever sounding any alarms and leaving the weak point undetected.

Being ‘persistent’ means that the threats are able to spend extended periods of time within an enterprise system without being detected. This allows them to enter a network through its very weakest and most vulnerable point, then move laterally to the more secure parts where the data is stored.

The hackers tend to target the weak points through the use of social engineering and social networks to lure an unsuspecting customer/employee to click on a malicious link or attachment. All it takes is one click for them to get into the door without anyone noticing.

Another method employed is the use of zero-day exploits which are unpatched vulnerabilities in the code of the system. They are called zero-day because the author of the code literally has zero days in which to patch the vulnerability and stop it being exploited.

How businesses can combat an APT

Because hackers target the weakest link in any system – people – it is important to raise awareness within a business and its customer base about the potential threats and their implications. Many banks have implemented ways of identifying a secure email or website to ensure that users are not clicking on false-fronts. Complete social engineering awareness is very hard to achieve so unfortunately there is little chance of finding a ‘silver bullet’ for APT.

Sharing threat intelligence has become an active way of identifying and resolving weaknesses in the architecture of systems. Businesses in similar markets may often have similar threats and so informing each other of them can be an effective way of ensuring proactive measures are taken.

Having skilled personnel is a necessity when dealing with threats as advanced as APT. The number of job openings in cybersecurity, 1 million worldwide, indicates the shortage of skills in the sector. Initiatives are underway to try to encourage young people to consider a career in cybersecurity.

Finally, next generation data protection tools are needed in order to combat the constantly evolving threats that businesses face. New ways of storing, transferring and creating data are being used to increase the security of the entire process and lifetime of the data.

While none of these are sure to prevent an APT attack, they are a step in the right direction for businesses. Time is everything in the cyber world, so you should waste no time in preparing your business against the rising tide of cyber threats.

Is Fintech Making Corporate Finance More Secure?

FinTech (or Financial Technology) is one of the biggest headline grabbing sectors of the start-up boom in the cybersecurity world. But are the advances being made actually making corporate finance any safer from online fraud and cyber-attacks?

A young industry but not naive

Technology services to support, supplement and enhance the financial industry isn’t a new thing. Banks and financial institutions have always been cautious of new technology but also keen to take advantage of the competitive edge that such advancements could give their business. The direction of such developments has therefore largely been at the mercy of these big organizations. That was until the global financial markets unwittingly changed the face of financial services as we know it. The money that was lost during this crisis was second only to the huge impact that the process had on consumer faith in big banks and the rest of this huge sector. Businesses, large and small, and the general public suddenly had an appetite to look at alternative ways of using financial services.

The market to fill this demand was a vacuum left wide open to be filled by entrepreneurs with new ideas. Of course, the symbiotic relationship with the technology sector meant that FinTech was established.

FinTech may only be in its infancy as the phenomenon we know it as today but it is far from being an inexperienced field. Innovative start-ups in the field of payment processing, alternative lending cryptocurrency and wealth management services are all too aware of the dangers that go hand-in-hand with using technology as a means to do so. As a result, most of the companies that are pushing the boundaries of the FinTech movement have incorporated cybersecurity at the heart of the products; they understand all too well the need to assure customers over reliability and security.

How is FinTech affecting businesses?

The huge range of applications being driven to market by innovative developers is giving businesses faster and more flexible access to their financial service needs and, in a secure environment, this can only be a positive thing. Businesses are benefiting from lower overhead investment in financial software suites, more adaptive displays on real-time data and unprecedented business insight into their financial information. Not only that but organizations are able to offer their customers and suppliers the same combination of speed and flexibility to enhance their relationship.

‘If you build it, they will come’

The more applications that FinTech developers produce then the more opportunities exist for cyber criminals to attacks so is all this technology making organizations any less vulnerable from cyber-attack?

That is the critical question and, because the industry has grown up in a rather disjointed and haphazard way, is playing an important part about how the future of this sector is shaped.

Countries that have been active in the FinTech revolution have realized the need for collaboration of the growth of the sector in order to ensure that financial markets and institutions (as well as their customers) are safe. The need to factor in legislative compliance and global interconnectivity is therefore driving the recent formation of a federation for the FinTech sector. Innotribe and Innovate Finance has already established a British federation but African, Turkish and Chinese clusters have indicated their intent to join forces. This is good news and offers a significant opportunity to establish a hub for learning and sharing resources which can only help to improve the security of the FinTech sector.

What are the challenges for the future?

As the FinTech sector gears up for an era of collaboration, we hope to see continued innovation from existing players as well as new entrants to the market. With advances in the field of AI, we can expect to see changes in the way financial advice is offered to clients and possibly continue to supplement or even replace existing human interaction in many of the ways we do business.

Great analytics of data will yet further refine the way financial markets are exposed to risk and that greater market insight could expose bigger rewards for some businesses.

What is obvious is that all of these developments require additional protection that keeps up to date with existing threats and vulnerabilities but that also innovates new solutions to stay ahead of those risks. Cyber-security must remain at the heart of this blossoming industry if the public are to invest their trust in financial services once more.

If You Have an Inteno Router – Your Security Might Be in Danger

Researchers at F-Secure, the Finnish cybersecurity and data privacy corporation, has claimed in recent news that some models of the popular residential gateway routers manufactured by Inteno are vulnerable to cyber-attack.

Affecting models EG500, FG101 and DG201, F-Secure believe that the hardware is at risk from remote attacks which allow firmware to be installed on the device, unbeknownst to the user. Such software would allow attackers to assume complete control of the router and be able to monitor, track and steal all data sent via the device. This is a serious claim and affects thousands of users who have these routers installed at home.

The news is bad press for the manufacturer, Inteno, who F-Secure claim to have contacted over the issue over seven months ago and were given an unsatisfactory response which eschewed responsibility claiming that ‘operators’ who sold the devices were responsible for software issues.

Their statement, issued over two months after the warning was received from F-Secure stated:

“Operators that sell the CPE to end users or run their services over it should request update from Inteno. Inteno do not do end user sales on CPE, we sell through operators so such software features are directed through operator’s requests.”

The vulnerability lies in the fact that the affected router models do not validate the Auto Configuration Server certificate which allows anyone who launches a Man in the Middle (MitM) attack to intercept any and all traffic being processed through the router.

It goes without saying that such a flaw poses a significant threat to data security for those households and small businesses that it affects. Any information being driven through the router is instantly available to criminal scrutiny. Whilst HTTPS traffic is less easy to access there is no doubting the seriousness of the potential threat to users. Access to higher level infiltration is harder than just exploiting the known vulnerability and hackers would need to gain a privileged network position before being able to launch malware attacks. However, criminals who have the knowledge to gain access via and MitM attack will usually be intent on deploying such a strategy.

Users are redirected to malicious sites via the use of malware and sensitive and/or confidential data is extracted without the need to resort to cracking into https files.

The extent of the problem is being downplayed. With talk of there being some kind of fix being available (although this has yet to be confirmed and verified by independent sources) the threat remains very real and users who could be affected are encouraged to ensure that their anti-virus software is up-to-date, that all software used to access an internet connection is current and to use a VPN to encrypt traffic over the internet to prevent any access via a MitM attack.

Have a PC Based Business? Uninstall QuickTime

In yet another recommendation from US Homeland Security and global IT security experts, Trend Micro, users of the popular multimedia player are being encouraged to uninstall QuickTime owing to serious concerns over recently discovered vulnerabilities.

First Java, then Windows XP, now QuickTime. What’s the problem?

These software have long been as staples in the repertoire of any PC based business but it is, perhaps, this very reason that they are proving to be such a target for critical bugs. Two brand new Zero Day Initiative security alerts have been issued which affect QuickTime for Windows (ZDI­16­241 and ZDI­16­242) both of which allow the remote execution of code that could be exploited by hackers. It should be noted that there have been no reports of any incidences of these bugs being used maliciously in the wild but, with no patches promised, this may not remain the case for long.

Everything has a shelf life

The advice to uninstall QuickTime is based on the crucial factor that Apple is no longer actively supporting the software on Windows and, as such, will not be providing security updates. The advice does not affect Mac users.

The news won’t come as much of a surprise to most businesses as QuickTime has long been replaced as the de-­facto standard for watching videos and which will probably be using newer and more effective programs.

Business users of QuickTime should take action as soon as possible to implement the removal of the program from their networks to avoid potential future exploitation.

The policy to remove programs where security support has been rescinded should be common practice within any robust cyber defense policy and system administrators should regularly monitor the support procedure for all programs in use to ensure that protection against flaws, bugs and vulnerabilities is kept up to date. This is particularly crucial for software that has known issues.

It’s worth noting that software published by Apple is among the least commonly updated software by Windows users.

QuickTime is a common piece of software used within the Windows environment particularly with iTunes but, in the view of the problems identified with security, there is little reason to keep using the program.

The process to uninstall QuickTime is a straightforward one and can be performed simply by opening the Control Panel on your PC and, via the Programs menu, select Uninstall a program. Once you find QuickTime in the list of installed programs, select QuickTime and then click the Uninstall function at the top of the window. You will be asked, via a pop­up, to confirm that you want to uninstall the software. Simple. If you need further assistance with this then use this video link

Act now

We can’t more firmly recommend acting now to avoid the potential vulnerabilities that these bugs can expose but, with up to 10 per cent of worldwide PC users still running Windows XP (which hasn’t been supported for over two years) we know that many businesses can be slow to react to potential risk.

Ultimately the removal of QuickTime will eradicate the current risks and any potential future vulnerabilities but this stalwart of the PC’s arsenal of tools will not be the last to meet its maker as software developers evolve new applications to stay ahead of the game and, in doing so, abandon previously well supported software.

Hacking from Within: How to Respond to Cyberespionage

Of all of the challenges corporations face today, perhaps the biggest question that needs to be answered is how to prevent industrial espionage or cyberespionage? Cyberespionage has the potential to completely disrupt businesses, governments and organizations. It can be perpetrated by an individual or group from overseas, or someone working much closer from home to target computer networks ‐ and the effects can be devastating.

Research shows that cyberespionage is putting businesses, financial institutions and government agencies at risk, and in the case of financial institutions and businesses, this also poses an obvious risk to people’s personal information, too. Despite growing awareness, the problem continues to escalate, and the most frightening thought is any business could become a target at any moment.

How to prevent industrial espionage

Industrial espionage isn’t entirely preventable; if someone is determined enough to get hold of industry secrets, there is a real possibility they’ll find a way, but as detailed below there are steps each business can put in place to try and prevent their company from becoming a victim.

Have strong security is in place

The most essential – and the most obvious measure – is to have a strong security system in place. This will play a key role in preventing Trojans, viruses and spywares from getting into a system. Also, make sure the security system is purchased from a reputable firm so you know you can trust the retailer, as just occasionally the problem can come from a vendor.

Identify Threats

Another important protection measure is to identify any possible threats to your company. Unfortunately, it won’t necessarily be foreign governments, business rivals or outside hackers that you need to be weary of: the threat could come from an employee or business partner. Once your business has a better idea of the possible threats, you can create a firmer plan to protect your business.

Limit access to servers

Only allow access to a small and trusted team. Where you can, make accessibility as difficult as possible. It is often suggested that servers are kept in an entirely different location, or make sure there the servers are locked down if they are on your premises.

Have a surveillance system

A surveillance system will also play a crucial part in preventing industrial espionage; these serve as a deterrent as an effective anyone who was trying to compromise the business as they know they’re likely to be caught on camera. However, if you do incorporate such a system into your business – either for preventative measures, or because you suspect an employee has been acting inappropriately – you’ll need to be respectful of your employee’s privacy when placing cameras.

Store data carefully

Ensure that staff know how to manage and store data carefully, and make sure they are kept up to date with any new procedures that are introduced. Using best practices for the safe storage of information will make it more difficult to fall into the wrong hands.

Protect against tampering

Data tampering is another common problem, so make this as difficult as possible. Keep data discs in tamper proof packaging and limit access to it. When your company security is at stake, the fewer people who can access sensitive data, the better.

Conduct regular audits

Finally, holding regularly audits is a further valuable step you can take. Like surveillance, audits act as a deterrent should the hacking occur internally, and if it’s outside hack, carrying out audits will help to pick it up sooner. Make sure you have a schedule for audits and stick to them.

Corporate spying can be costly to a business, but by understanding how to prevent industrial espionage you can reduce the risk of it occurring at your workplace. Ensure the relevant security is in place, that surveillance systems and regular audits are utilized, and make staff aware of their personal responsibilities.