Coinhive attacks and how to prepare for the (almost) inevitable
This week’s report that more than 5,000 websites, including that of the Information Commissioner’s Office (ICO) have been hacked, shows that it really can happen to anyone. Other affected websites where malware took over the processing power of their user’s devices include the Student Loans Company, the council website for Manchester City, Camden and Croydon and the home page of the United States Courts. Although the initial reaction may be one of schadenfreude – pleasure in someone else’s misfortune – a more measured response would be to realise and accept that hackers are now so ingenious and creative that everyone, including those with top class cyber defence, is likely to be subject to attack at some point.
This latest hack involved a piece of cryptocurrency mining malware, called Coinhive, which ran in the background while the webpages of the hacked organisations were open. This forced visitors’ computers to run the mining programme which can then be used to gain small fractions of cryptocurrency from each victim.
So, how can we protect ourselves? The honest answer is that we can’t fully. What we can do, however, is to be prepared for the probability that our systems will be attacked at some point and to reduce the potential impact this will have. Developing a robust Incident Response protocol is an important start and here a Retained Forensic (RF) service will be of immense benefit. With a detailed knowledge of your systems, an RF team is able to mitigate the damage swiftly and effectively.
Damage limitation is crucial but, in the long term, building additional layers of security into your system’s architecture is also key. We need to ensure we are not giving away information without meaning to. We should also consider our defensive architecture but it is important that we balance the need for security with the practical requirement for our systems to be functional and easily navigable.
Achieving this balance is a complex issue. SRM’s VirtualCISO (vCISOtm) service can resource and support the incumbent CISO or DPO in managing this task. From providing expert strategic guidance to taking on the full CISO role, our vCISOtm team has many years’ experience in providing robust yet agile defences. We work with our clients across a range of services including Incident Response, Retained PFI, Digital Forensic Investigation and Security Breach, Incident Management and Containment Support.
To find our more, visit our website or contact Mark Nordstrom on 03450 21 21 51 or firstname.lastname@example.org
PCI SSC Europe Community Meeting: free one to one meetings with PCI DSS industry thought leaders
Delegates at the PCI SSC Europe Community Meeting in Barcelona this week will have a lot on their minds. Changes to compliance, the security of customer payment card data, issues concerning the Cloud and the ever-present threat presented by hackers and cyber criminals will have brought the industry together to share in a range of seminars and talks which will help to address these issues.
The agenda is diverse ranging from the keynote presentation by the PCI Security Standards Senior Team on Wednesday to an outline of the security road map for the next generation of payments; from the Miracle on the Hudson to the weaknesses in IoT. So why, with all this information readily available, and so many people offering advice, should you spare half an hour to talk to the guys from Security Risk Management (SRM)?
The short answer is this: people. Yes, we are the leading PCI Forensic Investigation company in the UK and cyber security supplier to HM Government. Yes, our team boasts some of the most highly qualified professionals within the world of information security and, yes, our clients range from enterprises and government departments to SMEs and the third sector so we understand all sizes and types of organisation. But when it comes to working with your business, it is the individuals who really make the difference.
Paul Brennecker has been with SRM since 2008. Formerly he was PCI Compliance Manager with Barclaycard and successfully drove the compliance programme forward, working with both VISA and Mastercard in the process. With many years’ experience and a host of high level qualifications (including QSA), Paul is widely recognised as a PCI DSS compliance thought leader, regularly speaking at events. Known for his approachable manner and depth of knowledge, he has a particular skillset in conducting pre-compliance scoping and de-scoping exercises, conducting gap analysis assessments, creating remediation plans and assisting with intrusion detection and prevention systems. Paul is available at the Barcelona event for free one to one consultations.
James Hopper is SRM’s Operations Director, having worked previously within the worlds of consultancy and local government service improvement, delivering significant Transformation Programmes. He also has experience in consultancy, operations and innovation with a large FTSE 100 outsourcing company and a large NHS organisation. James brings this vast strategic experience to the process of company-wide information security solutions. At SRM he ensures that our service is constantly evolving to deliver first class service to a range of clients across many sectors. With a reputation as a clear-thinking no-nonsense problem-solver, James can cut through to what is specifically required so that top level compliance can be achieved in a cost-effective manner. James is also available at the Barcelona event for free one to one consultations.
James and Paul are interested in meeting those involved with PCI DSS compliance programmes. They also have a thorough knowledge of the whole information security sector and can advise on other issues as part of a company-wide strategy. But they are only two people from a highly skilled, experienced team and, where necessary, they can put you in touch with someone with a specific expertise.
Established in 2002, SRM has a proven track record in the industry. As a company it continues to grow in excess of industry norms. It is structured to respond to the continual changes within the world of information security and to ensure that its innovative service offerings evolve to better suit the needs of existing and future clients.
To book your free consultation simply email email@example.com or firstname.lastname@example.org.
To find out more about us, visit http://www.srm-solutions.com or to read our blog visit http://blog.srm-solutions.com/
Win a free day’s consultancy: October offer to celebrate National Cyber Security Awareness Month (NCSAM)
Security Risk Management is offering a free day’s consultancy in support of National Cyber Security Awareness Month.
October may, for many, be associated with the ghouls and ghosts of Halloween. But that is not all this month is about. It is also National Cyber Security Awareness Month. Like Halloween (in its current form) the NCSAM has its origins in the United States. Unlike Halloween, however, it focuses on keeping us safe from those who might wish to harm us.
In 2004 the US Department of Homeland Security and the National Cyber Security Alliance joined forces to create an initiative to educate and raise awareness of staying safe online. Its aim is to engage with and educate businesses, educational organisations and the public in how to build resilience and stay safe online. It is now recognised in the UK as an important way to remind everyone of the potential perils of cybercrime.
This year’s theme is ‘Our Shared Responsibility’ and this has relevance to the business community as well as the general public. Data breaches hit the headlines on a regular basis. Every time a company is exposed in this way it highlights the need for data security to be at the top of every board agenda. It cannot be the sole remit of the IT department or the Chief Information Security Officer (CISO). Its importance is so great that it ought to appear on board agendas every month, even if a sub-group then manages the implementation of compliance and security.
From phishing attacks which exploit human psychology to gain access to an individual’s log in and account details, to large scale Black Hat attacks by highly-organised cyber criminals, company-wide awareness is crucial to protection and defence. Increasingly, boards are becoming aware of their collective responsibility to provide additional resource and support for their information security teams. Outside expertise is an important aspect of this, particularly when it comes to testing a company’s defences.
Rather than waiting for a malicious attack from an unprincipled attacker, it is important to make use of the skills of experienced information security test teams. The very best include individuals with the Offensive Security Chartered Practitioner (OSCP) qualification. Unlike their counterparts with only theoretical knowledge of hacking, those with OSCP training have practical skills. Their rigorous training includes the requirement to be able to effectively hack a range of well-protected networks within a challenging timeframe. Through this process they get into the minds of the hackers themselves.
Those boards that are seen to be proactive will help to make their organisation less appealing to hackers. Those who have engaged with the best test teams will make the actual task of breaching security sufficiently difficult that hackers will look for easier prey. So let October be the month in which every board of every company in the UK prioritises data security and recognises its shared responsibility.
To win a free day’s consultancy, just leave your details on the Contact Us page. The prize includes:
- Development of the information security risk profile of your organisation delivered by an experienced Information Security Consultant;
- A prioritised roadmap to help you focus on the issues to fix now and suggested mitigation steps to help you manage key risks;
- Where your organisation ranks on the GDPR maturity scale and the next steps you should take to be prepared for May 2018;
- A scan of your website to uncover any significant security risks using our best of breed scanning tool;
- Preparation for Cyber Essentials and a discount on obtaining certification.
This prize is worth over £1000 and will provide you with comprehensive insight of your organisations Information Security risk profile.
PCI – Europe Community Meeting Barcelona 24 – 26 October 2017
James Hopper and Paul Brennecker of SRM will be attending the Europe Community Meeting in Barcelona 24th – 26th October. Organised by the Payment Card Industry Security Standards Council (PCI SCC) the focus of the three day event will be the security of payment card data. Those who are attending are invited to make appointments with James and Paul to discuss any specific issues they may have and receive free advice from two of the industry’s experts.
James is skilled at providing strategic insight into the management and implementation of business-wide information security solutions. He is a clear-thinking no-nonsense problem-solver with wide experience in both the corporate and SME markets.
James joined SRM in 2016 and brings extensive senior management experience from within the worlds of Consultancy and IT. Previously with a large FTSE 100 Outsourcing Company as a Managing Consultant and the Operations & Innovation Director for a large NHS Organisation, he has overseen the scoping and implementation of plans from the very small to extensive national projects. His experience also includes delivery of major IT Transformation Programmes and senior assurance roles.
Paul is a PCI DSS compliance guru. He regularly speaks at PCI conferences and writes on issues relating to card payment security. He is also a practising senior Information Security Consultant at SRM. He is currently engaged with a number of high-profile organisations, assisting them with their compliance programmes. Ranging from programme management, and mobilisation of their PCI DSS compliance projects, Paul also advises clients on their information security policies, their implementation and training requirements. Paul has considerable skill at conducting pre-compliance scoping and de-scoping exercises, conducting gap analysis assessments, creating remediation plans and assisting with intrusion detection and prevention systems.
Paul joined SRM in March 2008 from Barclaycard. As their former PCI Compliance Manager, Paul successfully drove the compliance programme forward and worked closely with both VISA and MasterCard to raise awareness of the standard and was a regular key-note speaker at the industry’s security forums. Due to his substantial network of colleagues and industry contacts Paul is a well-known and highly respected consultant, recognised for his approachable manner and depth of knowledge.
Simply email email@example.com or firstname.lastname@example.org to make an appointment.
US statistics warn of new trends in cybercrime: how a retained PFI can mitigate the risks
Statistics provide useful evidence of the trends developing within the world of information security. Figures compiled from reported attacks in the United States for July 2017 give us a breakdown of attacks sector by sector, providing some useful insight into the minds of cyber attackers and their motivation. As we all know, cybercrime is international and these trends are likely to be reflected in the UK in the coming months. The key figures from this latest research show an increasing trend towards attacks on individuals and an increase in the number of attacks motivated by crime.
In fact, the number of cyberattacks on individuals in the US doubled between June and July 2017. In June 14.1 per cent of recorded attacks were targeted at single individuals but in July this figure had increased to 27.5 per cent. Of course, this still means that other sectors account for nearly three quarters of all cyberattacks. Industry (26.1%), Government (8.7%), Healthcare (8.7%) and Finance (5.8%) were the other major targets.
As for motivation, that 84.1 per cent of attacks in July 2017 were motivated by cybercrime is no great surprise. The fact that this particular motivation has increased by 15.3 per cent since June, however, is worthy of note. Rogue individuals with the requisite skill set have long been attracted by financial reward, yet in the past Cyber Espionage, Cyber Warfare and Hacktivism figures more significantly in these statistics. So theft is on the increase.
What does this mean for UK businesses? Given that the trend is toward an increase in crimes on individuals it may not be obvious. But we have noticed a correlation between an escalation in individual attacks and a heightened awareness among the business community. This is perhaps due to the power of the media but also to the even greater power of word-of-mouth. Because when a businessman becomes aware that someone they know has had their account hacked, he or she will be more likely to look to their business’ online security.
As far as we are concerned, any news of this type is helpful. Because the fact is that cybercrime is on the increase. Whether it is the slow and subtle syphoning off of funds from an unsuspecting retailer or a massive much publicised hack demanding ransoms like the one inflicted on HBO, theft is nowadays more likely to be an online activity than a physical one.
If an incident occurs, swift action is required to minimise the impact of an individual attack. But prevention is always better than cure. That is why increased awareness is always a good thing. The more businesses that retain an information security consultant to ensure their defences are robust, the fewer will be hacked. Those who trade online also benefit from a PCI Forensic Investigator (PFI) to protect their card payments.
SRM offers a full range of services to protect the online environment. Using a range of tools from penetration testing to vulnerability assessments and network security testing, we enhance risk mitigation and ensure that the online environment of our clients is as robust as it is possible to be. We also provide a bespoke retained PFI service, working proactively through regular strategic reviews to develop enhanced risk mitigation. Anticipating the potential risk areas for attack, we provide highly-targeted cost-effective solutions.
Given the constantly evolving world of cybercrime and the ingenuity of hackers, attacks can and do happen, however. But with a retained PFI already familiar with a company’s systems, remediation is rapid and disruption minimal.