Monthly Archive January 2016

Ransomware

As with any black hat related activity, innovations are always emerging to circumvent security and exploit vulnerabilities. Older forms of ransomware was mostly kept by specific groups of hackers that would utilise it solely for their personal gain.

As of recent times, a new form of ransomware has been identified that affects Windows, Linux and Mac with Javascript code. This nasty program acts as a Ransomware as a Service (RaaS) which allows anyone to download and distribute their own copy as long as they have a bitcoin address.

In return for this service, the developers of this ransomware take 25% of all ransom payments. Victims of ransomware are presented with a ‘lock screen’ which informs them that all their files have been encrypted together with a message demanding a certain amount of Bitcoin payment in order to decrypt their data.

New variations of this malware will continue to rise as they are an easy way of making money and so far there is no way of decrypting the majority of ransomware as they use strong encryption that is used within the Internet.

The worrying factor for this new ransomware is the implications of it being offered as a service as opposed to keeping it within the confines of a few groups; when coupled with ease of use and quick money, it is fairly easy to see how this can spread like wildfire among unsuspecting users.

Time and time again, the basic best practices of security are repeated to warn people of the risks of this compromise. In this case, crucial safeguards would be to avoid visiting malicious websites and being extra cautious with email attachments by verifying the email source.

 

Cyber Security health tips for the New Year

As New Year resolutions go, enhancing personal cyber security may not be as high on people’s lists as that resolution to take out a new gym membership or embark on a Dry January (Dryathlon). Yet, when it comes to enhancing personal well-being, protecting cyber security really should be top of everyone’s lists, both at home and at work. The long-term impact of having personal security breached certainly eclipses any transitory disappointment at failing to lose a few pounds or indulging in a sneaky drink before the end of the month.

When it comes down to it, though, how do cyber security professionals fare? Do those who work in this sector take as much care of their online security as the personal trainer does of his physique? Cynics may wonder if they are perhaps saying one thing to clients while neglecting their own cyber health. A brief survey of SRM consultants, however, shows nothing could be further from the truth:

“We, as security professionals, tend to be more cautious than most. In our family, we securely destroy all printed matter with names and addresses on, we don’t use Facebook (much to the disgust of my friends) and we are cautious when shopping online. I don’t suppose we are all that different to anyone else though really – common sense is the most useful tool when using the internet. If it looks dodgy, it probably is!”

“I use a plugin for chrome called Blur (https://abine.com/index.html) which provides users with disposable email / Creditcard and phone numbers all linked to your real one. If you are unsure of a website or on-line retailer you can provide a temporary generated one that you can delete any time you wish. Very good for managing spam email or just simply not revealing your real identity when you are trying to download white papers.”
“I have a special safe, just for my password register. I also have two CCTV systems – one protecting the key physical access points – and the other protecting the CCTV system. Sad, I know….”

“The one bit of advice that I always give to my friends and family, especially at this time of year is to only use a Credit card when shopping online – never ever use a Debit card. The liability associated with credit card use is very different to that of a debit card and this offers a good level of personal protection. This alone has helped some of my friends avoid getting caught out in the past, so it is a good tip when the urge to shop online is too great to resist.”

“I always look for the padlock to the left of the URL; never save passwords / card details to websites when asked; try my best to order from more well-known websites and, where possible, I also use Paypal. I also avoid clicking adverts on Facebook.”

Few of us would be happy taking tips on fitness from a health professional who clearly does not follow their own advice. Cyber security professionals are their online equivalent: they see the full range of disasters that can result from a careless approach to online security and keep their own online health status high. As 2016 unfolds, it’s worth wondering what a cyber security consultant might do to enhance your personal cyber security and make, at the very least, just one change for the New Year.

SRM Blog

SRM Blog