Author: Professor John Walker

Having spent over 36 years in an industry, now entitled Cyber, starting my cyber-career post completing formal IT Security Training at the Police, School at RAF Newton, I went on to work in the world of Counter Intelligence where I took up an enhanced vetted post in the SIGIN/COMINT world, moving on to a role of IT SyO within an Accredited (Verified Trust) US Agency SCIF (Sensitive Compartmented Information Facility) who engaged in areas such as Talent Keyhole (TK-SAT-COM), and many other specialised support projects provisioned, ranging from Lockerbie, to Jamie Bulger case. Post my 22 years Royal Air Force…

ABOUT This ‘Surviving Ransomware’ document is intended to raise the awareness of the threats posed by the digital dangers presented by Ransomware and seeks to expand on the methodologies employed to circumvent the security posture, to deliver the intended payload of Cyber Extortion through multiple channels. Cyber Extortion through digital means is nothing new. In the last decade businesses were attacked by the then, methodology employed with the Cyber Criminal Modus Operandi (MO) of the Denial of Service (DoS), and the Distributed Denial (DDoS) Attacks intended to take a business off-line, until the demands of the uttered ransom terms were…

A couple of years ago I was contacted by a local SME Engineering business, after they had embarrassingly been impacted by a Ransomware attack, denying the business access to several their critical engineering assets and templates, resulting of course in client impact, and a black mark against their trusted reputation. As they, like many SME’s were low on IT and Cyber Savvy Skills, joined by the fact they did not have in place a robust/adequate backup strategy, their only alternative was to pay – and on this occasion, thankfully there was honour amongst thieves, and they did receive by return…

Being certain that most readers will have noticed the levels of successful cyber-attacks carried out against public services such as Government, and in particular the scattered Local Authorities who have been put on notice by the U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) who released a Joint Technical Alert about malicious cyber activity. According to the alert, the targets of such malicious cyber activity are primarily government and private-sector organisations, critical infrastructure providers, and Internet Service Providers (ISPs) supporting these sectors, so I guess with that in mind…

For want of a better term, the ‘Cyber Security Industry’ has for many years now followed a terminology based, trending pattern attempting to achieve robust solutions to accommodate protection of digital assets – a following which, by inference drawn from the multiples of successful cyber-attacks which have occurred against, supposedly well-defended deployments do tend to leave a hanging question in the air when it comes to trust! The latest security terminology to fall into the cyber-security solution dictionary is that of Zero Trust – but just what does this amount to in a purist definition of the overarching operational objectives?…

Earlier in 2021, Andrew Jenkinson the CEO of CIP issued an alert and notified the CWE Team that they were running with some security exposures, leaving their domain open to a higher potential of compromise and security exposure – something the staff at CWE were unaware of at that time – Andy Jenkinson has since published his assessment report on Linkedin today (26/07/21) as a matter of Public Awareness and Interest – See below at Fig 1. As most readers will be aware, CWE, the ‘Common Weakness Enumeration’ is a category system for ‘software’ weaknesses and vulnerabilities which is supported…

Without doubt the BBC TV Drama Line of Duty kept us all on the edge of our seats as we tuned into every episode, seeking to unmask the corrupt officer known as ‘H’ – with the ultimate episode revealing the gory conclusions of AC12 as they uncovered the murky world of collusion between OCG (Organised Crime Gangs) and the world of corrupt bent Law Enforcement. In the modern age of dependency on technology, the OCG may leverage the opportunities of the interconnected on-line world to conduct their criminal operations across the planet – as we observed in Line of Duty,…

It was back in Q4/20 when the UK based Outsourcing company serco were warned they were running with digital insecurities – something which was leveraged by the Babuk Gang when they exploited some of the said security weaknesses in Q1/21 with a Ransomware attack – followed by a public disclosure of the acquired data. Rumour does have it on this occasion a ransom was paid. The Babuk Gang have yet again risen to adverse fame, this time by compromising the Washington DC Police Department with a successful Ransomware attack – and again, acquiring data – very sensitive data, releasing and…

Travelling back to the early days of the Computer Virus entering the world of low cost, COTS (Commercial Off the Shelf) available computing, we may reflect on a few home truths as we proceed down the Road to Digital Perdition. Circa 1983 when Fred Cohen, a graduate student out of the University of Southern California presented his thoughts of the digital future of potential adversity, by demonstrating a computer virus during a security seminar at Lehigh University in Pennsylvania. See Fig 1. I recall that event very well, as it was not long after when the Sunday Times ran a…

For more years than I care to recall, I have been on, what has seemed like a crusade to spread the word about, what we now understand to be the Cyber Threat that our interconnected, IoT driven world faces. On my crusade, spanning over 30 years + I have had negative encounters, knock-backs, faced criticism, been called a nutter (possibly true), and have been referred to as a scaremonger who does not understand the reality of the topic. The following scenes taken from such encounters will hopefully go some way to convey my built-in sense of utter frustration as to…