Days after the missile strike on Syria, GCHQ and the FBI have warned of a potential retaliation by Russia- in the form of a cyber attack. The NCSC is on high alert and concern is growing among executives who fear severe disruption of critical infrastructure. IT security experts commented below. Bill Conner, CEO at SonicWall: “Cyber attacks like WannaCry and Not-Petya demonstrate governments can and will, use nefarious means to target critical national infrastructure of nation states. There is no doubt that Russia has the ability and the motive to deploy this kind of attack on the West. Many other nation states have this ability…
ISBuzz Team
A new project from Cybereason, where the team created a fake company as a honeypot to trick the bots commonly used by hackers to initiate attacks. The honeypot took the form of a fake financial company with weak security, and it was discovered and breached by bots almost instantly. The team monitored the intruders to gain some interesting insight into how attackers are using bots – with one notable example entering the network within 2 hours and performing 80% of the tasks required for a hack in less than 15 seconds. As well as demonstrating how automation can quickly overwhelm…
The UK government and NHS are facing criticism from MPs for failing to implement security measures a year on from WannaCry. Tony Pepper, CEO at Egress commented below. Tony Pepper, CEO at Egress: “It is deeply concerning that little progress has been made to improve security in healthcare in the past year. WannaCry was, quite literally, a big shock to the system but given the state that the NHS’s security was in, an incident on that scale was inevitable. WannaCry was not the most sophisticated attack – it was just the first at that level – and, given today’s statements, I’d bet that cyber criminals are working on…
The BBC today ran a story covering how cyber-attackers are now turning to tools that automate the process of finding and hijacking vulnerable servers.The study used a fake server known as a honeypot to log everything done to it by digital intruders. Put online by security firm Cybereason, the server was quickly found and hijacked in seconds by a bot that broke through its digital defences. To make the fake server look more convincing, Cybereason thought up a company name, generated staff identities and spoofed network traffic. This helped it pass the “sniff test” and convince bots it was a target that…
While recognising physical consequences of cyberthreats, proper investment lacking Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organisations, today announced the results of a survey conducted by Dimensional Research examining industrial control systems (ICS) security in the energy industry. The survey was conducted in March, and its respondents included 151 IT and operational technology (OT) security professionals at energy and oil and gas companies. According to the survey, 70 percent of respondents are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion. With widespread recognition of the physical…
The report issued today by the House of Lords Committee, warns that the UK has what it takes to become a world leader in the development of artificial intelligence, but such new technologies should not come at the price of data rights or privacy of individuals, families or communities, David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “The use of technology brings great benefits – especially so in the case of artificial intelligence and the opportunities this presents. Consumers are clearly prepared to trade their data for the convenience of…
Following the news reports that UK pub giant J D Wetherspoon has shut down down their Facebook, Twitter and Instagram pages for all 904 of their pubs and their head office. The move comes after the ongoing controversy over data leaks at Facebook. Evgeny Chereshnev, CEO and Founder at Biolink.Tech commented below. Evgeny Chereshnev, CEO and Founder at Biolink.Tech: “One of today’s modern misconceptions is that social media (SM) is essential for business. The truth is, most companies totally mix cause and effect; they invest lots of money in SM as if those channels were a business goal in itself, but in reality SM…
During the first three months of the year, Kaspersky Lab researchers discovered a wave of new APT activity based mainly in Asia – more than thirty per cent of Q1 reports were dedicated to threat operations in this region. A peak of activity was also observed in the Middle East with a number of new techniques used by actors. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary. In the first quarter of 2018, Kaspersky Lab researchers continued to detect cyber activities by advanced persistent threat (APT) groups speaking languages including Russian, Chinese, English and…
Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to the third annual report on cloud security from cybersecurity firm McAfee. Craig Young, computer security researcher at Tripwire commented below. Craig Young, Computer Security Researcher at Tripwire: “Cloud is just a fancy way of saying you rely on someone else’s hardware. This is not a decision which should be made lightly and while there are many firms advertising turn-key cloud solutions, I don’t think organizations should rush into the cloud without understanding enough to have confidence in the security model.…
New report provides statistics on web application vulnerabilities, based on client security audits performed with PT Application Inspector in 2017 Positive Technologies has announced its latest report from its own audits of web application security: Web Application Vulnerabilities in 2017. The results, collated through the security firm’s automated source code analysis through the PT Application Inspector, detected vulnerabilities in every single web application tested in 2017.* Among the key findings, 94 percent of applications had at least one high-severity vulnerability, demonstrating that websites are a critical weakness for organizations. Breaking down the detected vulnerabilities by severity level, most (65%) were of medium…
