OilRig Targets Technology Service Provider and Government Agency with QUADAGENT

The OilRig group continues to adapt their tactics and bolster their toolset with newly developed tools. The OilRig group (AKA APT34, Helix Kitten) is an adversary motivated by espionage primarily operating in the Middle East region. We first discovered this group in mid-2016, although it is possible their operations extends earlier than that time frame. They have shown themselves to be an extremely persistent adversary that shows no signs of slowing down. Examining their past behaviors with current events only seems to indicate that the OilRig group’s operations are likely to accelerate even further in the near future.

Effort backed by Leading Bodies in the Field Aims to Support National Cyber Security Strategy.

In recognition of the United Kingdom’s increasing economic dependence on internet-enabled capabilities, a number of established councils, chartered professional bodies, professional certification bodies, academics and industry representative groups have established a collaborative alliance to advance the development of the cyber security profession. With representation from a breadth of disciplines currently active in cyber security professional practice, including computing, engineering, physical security, CNI and focused cyber security bodies, the collaborative effort reflects constituent members’ common understanding that professional cybersecurity expertise is relevant to a broad range of disciplines. With an overall aim to provide clarity around the skills, competences and career pathways within this fast-moving area of professional practice, the initial objective is to support commitments expressed within the UK National Cyber Security Strategy to provide a focal point for advising national policy, including the stated intent to recognise professionals through Chartered status.

Supply Chain Attacks on the Rise as One of the Biggest New Threat Vectors as Organisations Scramble to Close Gaps

CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced the results of its global supply chain survey, Securing the Supply Chain, produced by independent research firm Vanson Bourne. The study surveyed 1,300 senior IT decision-makers and IT security professionals in the US, Canada, UK, Mexico, Australia, Germany, Japan, and Singapore across major industry sectors.

IoT security – A barrier to deployment?

Security takes priority when it comes to the development and deployment of IoT, with Gartner predicting that by 2020, IoT security will make up 20% of annual security budgets. As a potential inhibitor, analysts, vendors and stakeholders alike are concerned about the potentially significant security risks associated with IoT deployments. These concerns are playing a role in decision-making and end user confidence in deploying IoT services, particularly when it comes to utilising existing networks that are known to be vulnerable, for example, Wi-Fi, and those that are new and operate in the unlicensed spectrum, such as LoRaWAN and Sigfox. Standardisation, or lack of, within the IoT industry is also acting as a barrier to deployment, with older and newer networks deploying IoT, more standardisation regarding security policies is urgently required.

Could complacency be setting in when it comes to ransomware?

By Chris Ross, SVP International, Barracuda

Ransomware may be a headline favourite, but the attack itself is nothing new. In fact, it’s been around in some form or another for decades. Since last year’s high profile global campaigns such as WannaCry and NotPetya you’d be hard pressed to find anyone who isn’t aware of the threat posed.

Russian Hackers Breach US Utility Networks

News broke that hackers working for Russia claimed “hundreds of victims” last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said. They said the campaign likely is continuing. IT security experts commented below.

A study of car sharing apps

The growing popularity of car sharing services has led some experts to predict an end to private car ownership in big cities. The statistics appear to back up this claim: for example, in 2017 Moscow saw the car sharing fleet, the number of active users and the number of trips they made almost double. This is great news, but information security specialists have started raising some pertinent questions: how are the users of these services protected and what potential risks do they face in the event of unauthorized access to their accounts?

What Businesses Should Know About GDPR

On Data Privacy Day earlier this year, CCSI briefly discussed the implications of The General Data Protection Regulation (GDPR). It is essentially a set of rules imposed by the European Union to give individuals primary control over their personal data. This means that companies will now have to disclose or delete the personal data they hold. The rule came into effect last May 25, 2018. With this in place, how will it affect companies in the long-term?

3D Printing, Cybersecurity, and Audio Fingerprinting

We all understand the risk of someone taking over our computers or phones for nefarious purposes. But remote access to printers and fax machines was something most people took a little less seriously. After all, you might get some obscene printouts or someone wasting some paper, but in general, those are not big deals. Some researchers however have lately been pondering what might happen should someone break into your 3D printer. Of course, you could bring a printer down to deny service, or cause things to malfunction — maybe even in ways that could be dangerous if the printer didn’t have sufficient safety features. But these researchers are more crafty. They are studying how you know what you’ve printed hasn’t been subtly sabotaged. They also think they have an answer.

Why Computer Criminals Are Targeting the NHS

We all know what happened on 12 May 2017. That’s the day when an updated version of WannaCry ransomware announced itself to the world. In a matter of days, the malware encrypted data stored on 200,000 computers across 150 countries.One of the victims affected by WannaCry was the United Kingdom’s National Health Service (NHS). According to a report released by the National Audit Office (NAO), the attack caused disruption at 34 percent of NHS trusts. An additional 603 primary care and other NHS-related organizations also reported infections.Amyas Morse, head of the NAO, said the attack didn’t have to go that way. As quoted in an October 2017 press release:The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.May 2017 wasn’t the only time that NHS trusts suffered disruptions at the hands of computer criminals. According to Freedom of Information (FOI) requests sent to 80 NHS trusts by Intercity Technology, approximately a third of organizations suffered an outage across their IT systems between January 2015 and February 2018. A security breach was behind the blackouts for 14 of those entities, with NHS organizations suffering 18 security breaches over the last three years. Those events collectively caused 18 days’ worth of outages, The Register reported.These findings beg the question: why are computer criminals so intent on targeting the NHS?Part of the answer has to do with the NHS specifically. In its report, the NAO found that the National Health Service had not conducted simulations for a significant digital attack at a local level leading up to WannaCry. This lack of familiarity led to communication problems when the ransomware attack hit, thereby degrading recovery efforts. The NAO also learned that all NHS organizations affected by WannaCry could have protected themselves by updating their Windows operating systems or by properly configuring their firewalls.The other part of the answer ties into greater problems affecting healthcare overall. In general, healthcare organizations aren’t the most effective when it comes to patching known security vulnerabilities. According to the “SecurityScorecard 2018 Healthcare Report: A Pulse on The Healthcare Industry’s Cybersecurity Risks,” 60 percent of the most common security issues in the healthcare industry relate back to poor patching practices. This industry-wide shortcoming gives attackers a means of preying on healthcare organizations. They don’t need any more motivate; they already have the value of healthcare data to spur them forward. As noted by IFSEC Global, attackers can leverage stolen healthcare data to either sell it on the dark web or to build victim profiles for follow up attacks.Acknowledging the persistence of these types of threats along with the limitations highlighted by WannaCry, the UK Government announced new measures to boost the digital security of the National Health Service. These efforts will include £21 million on upgrading firewalls and network infrastructure at certain sites, funding that empowers the Care Quality Commission to evaluate the digital security preparedness of NHS trusts and the implementation of a new text messaging alert system to help facilitate better communication between trusts.Still, there’s work to be done. The Internet of Things increasingly threatens the NHS with data breaches unrelated to WannaCry. So too do non-WannaCry ransomware attacks, as at least four separate incidents have shown since May 2017.How Tripwire Can HelpThe NHS, not to mention all healthcare organizations, need to take steps to bolster the digital security of their systems so that they can ensure the availability of critical medical services and protect their patients’ data. Such measures are especially important in the case of defending against vulnerabilities like EternalBlue, the Microsoft SMB flaw which WannaCry exploited in May 2017. CVSS risk scoring is good. But in these types of instances, such low-medium-high scoring is not of any use because the vulnerability will show up as “high” in every part of the business where critical systems/assets that provide the “business as usual” state are in the same category as non-critical systems.This is where Tripwire IP360 can assist. Tripwire not only provides the CVSS risk scoring but also adds a unique way the assets are weighted depending on criticality to the business, amongst other criteria. This provides a way for the limited resources available to apply patches quickly to the critical systems in order to provide the secure “business as usual” state for the business.In the meantime, Tripwire Enterprise can be utilised to monitor the network for any changes or drifts of compliance and policies, providing real time notification to the resources on anything that is detrimental to the estate so they can address them immediately.

Space is open for business

David Cowan is a partner at Bessemer Venture PartnersBessemer Venture Partners, where he launched the firm’s investing practices in space tech, cyber security, cloud infrastructure and consumer tech. More posts by this contributor

Tess Hatch is an investor at Bessemer Venture Partners, where she invests in frontier technology, specifically commercial space, quantum computing and drones.

For 50 years, space innovation meant scaling Apollo-era technologies into ever larger, more durable satellites parked above their terrestrial clients in geosynchronous orbit. Exotic space-ready parts, militarized defenses and layered redundancies ballooned into multi-billion-dollar systems designed to last 40 years or more beyond their conceptions. Only vast organizations with thousands of aerospace engineers could participate.

What Is EMM And How Can It Help With Mobile Security?

Enterprise Mobility Management (EMM) is the process of leveraging people and technology to secure sensitive data present on employee devices. EMM automates security configurations on devices so they’re ready for corporate use. It also enables you to keep security threats at bay, regardless of their attack vector. Whether the threat comes from an app, the Internet or the device itself, EMM solutions can prevent critical data loss and unauthorised data access.