Artificial Intelligence – Helping Cyber Security

Artificial Intelligence

Artificial Intelligence (AI)  is now playing a significant role in helping to managing cyber risk. This was recently evident in the aftermath of the Nordsk Hydro ransomware attack where AI was utilised to identify further vulnerabilities.

This form of automative technology would seem to be a good match for managing the constant threats posed by hackers where new cyber attacks relentlessly attack computer systems and constant monitoring is required. Despite the automation basis there however still needs to be human involvement in this process.

How Does AI Work ?

Billions amounts of data is consumed by AI via machine learning and deep learning techniques. This makes it possible to improve and develop its cyber security bank of knowledge which ultimately provides a better understanding of existing and developing cyber risks.

AI utilizes reasoning in order to identify relationships cyber threats malware threats and dubious IP threats . This is then analysed in a very short period of time thus enabling users to respond and act on imminent cyber threats.

Where can Artificial Intelligence be used ?

  • Monitoring of computer systems
  • Predictive tool for new threats
  • Analysis of threats based on current activity
  • Monitor Human activity
  • Post data breach tool
  • Detection of viruses and malware

The Future 

Capgemini released a report last month “Reinventing Cybersecurity with Artificial intelligence”

https://www.capgemini.com/wp-content/uploads/2019/07/AI-in-Cybersecurity_Report_20190711_V06.pdf

The report revealed that 69% of organisations felt that AI will be necessary to respond to cyber attacks in the coming years. Telecoms in particularly were of the view that this would help mitigate the sizable losses already experienced in this sector. Many organisations are gearing up for testing the viability of AI and how it can help their cyber risk management processes. Budget provisions for this are being made as long term there are many  costs benefits in AI.

Artificial Intelligence is developing at a rapid rate and it is important that its application remains relevant to the cyber security sector as other industries also show an interest in this technology.

Image : Shutterstock

Ransomware Is Still A Real Threat

Ransomware

Ransomware still remains one of the main methods that hackers utilise to carry out cyber attacks on businesses.

New strains of viruses are emerging all the time one such type is Sodinokibi which is only three months old but has had a significant impact already. It is also know as Sodin and REvil and connected to a previous form of ransomware called GrandCrab.

It is beloved that the average ransom demand for Sodinokibi in May was $150,000 against $50,ooo for other forms of ransomware. The largest recorded to date is $500,000.

Furthermore according to a report by Coveware, an incident response company the average downtime from a ransomware attack during the first part of this year has increased from 7.3 days 9.6 days which is believed to be due to the impact of this new ransomware.

The use of  Sodinokibi is also on the increase so much that it now accounts for 12.50% of the overall market.

Attack Methods

Sodinokibi is a ransomware-as-service (RaaS) and is used to attack both businesses and consumers and use various attack methods that include the following:-

  • Acting as malicious spam
  • Phishing attacks
  • Malvertising
  • Exploitation  of vulnerabilities in Oracle

The Signs of this Ransomware Infection

The normal signs of a ransomware attack are displayed when a computer system has been compromised by Sodinokibi this being changes in the desktop wallpaper and the announcement of the attack by way of a ransom note.

https://www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/

How it Happens

Files are encrypted on local drives by an encryption algorithm renaming all files with a pre-generated pseudo- random alpha- numeric extension that can be up to eight characters in length. This type of ransomware appears to target files which are mainly media related.

It also has been found to delete shadow copies of back-up and disables the Windows Startup Repair tool which prevents users from fixing any system errors relating to the ransomware attack.

Sodinokibi is unique in that it does latch on to zero-day vulnerabilities and and allow a Sodinokibi ransomware attacker access to endpoints that it infects replicating tasks that administrators would normally carry out.

How to Try and Prevent an Attack

Creation of back-ups of data on an external drive or on the cloud

Ensure that updates are run on all computer systems and appropriate patching is carried out.

Reinforce training of staff so that they are aware of possible phishing attacks that might carry this ransomware.

Restrict the use administrative tools to the IT team

Disable macro on Microsoft Office products

Cyber Insurance

The purchase of cyber insurance can help manage and mitigate the impact of these form of attack. This type of policy will provide coverage for the investigation costs of such an attack, the cost of negotiating with the hackers and if need be the actual ransom itself.

Image : Shutterstock

Mergers & Acquisitions – The Cyber Risks

Mergers and Acquisitions

Mergers & Acquisitions are a complicated process with many facets of risk to consider of the target business – cyber exposures will be one of these but is the correct degree of attention given to this when a multimillion takeover or acquisition is at stake ?

Why are these risks ignored?

Mergers and acquisitions are a very complicated and time consuming activity for a business. Due diligence is undertaken which will involve many facets of the business under consideration. This will include the financial standing, employee numbers and makeup, market share and future prospects of the organisation.

Cyber risk maybe considered during this process but it is doubtful that any in-depth cyber risk management is carried out which could present problems post acquisition / merger.

What cyber security due diligence should be carried out?

  • Examination of the types of privacy risks of the targeted business that they may encounter in their industry.
  • Obtain detailed knowledge of the computer network and passage of date to include the supply chain and use of cloud providers.
  • How data is is managed and in particularly personal data of customers and intellectual property of the organisation.
  • Review of any contractual indemnities with customers and third parties who may suffer a data breach as a result of a cyber security breach.
  • Obtain details of any previous cyber attacks or compromise of data  with details of subsequent measures put in place to rectify similar incidents and improvements in cyber security.
  • Ensure that GDPR compliance has been achieved together with any other relevant regulatory requirements in other geographical locations.
  • Evidence of any cyber insurance being in place and review of adequacy together with details of claims made under the policy.
  • Review of their incident response and business continuity plans with proof of the testing of these.

The Verizon and Yahoo Merger 

In February 2007 Verizon Communications Inc purchased Yahoo Inc’s for $4.48 billion, but lowered  its original offer by $350 million in view of two significant cyber attacks that hit the internet business.

https://www.reuters.com/article/us-yahoo-m-a-verizon/verizon-yahoo-agree-to-lowered-4-48-billion-deal-following-cyber-attacks-idUSKBN1601EK

The takeover agreement included requirements that Yahoo would be responsible for any subsequently discovered cyber incidents.

Cyber Insurance

The existence of cyber insurance will assist with helping to mitigate the cyber risks associated of a proposed acquisition . Insurers will want to know in-depth details of their cyber risk management processes and procedures and only consider inclusion within an existing policy if these are satisfactory.

Image : Shutterstock

GDPR One Year On – What’s Changed?

GDPR

GDPR has been with us now for just over a year – so what has changed during this period?

Businesses are now much more proactive in their approach to cyber security instigating robust systems and procedures to combat the threat of hackers.

http://cyberbrokers.co.uk/gdpr-data-protection-but-not-as-we-know-it/

The ICO have just published a report “GDPR – One Year On” which sets out a review of its first year in operation.

https://ico.org.uk/media/about-the-ico/documents/2614992/gdpr-one-year-on-20190530.pdf

Countering the Cyber Security Threat

The risk of a data breach is also now higher than ever with the changing cyber risk landscape. New ransomware strains and malware are evolving so keeping up to date protections in place is vitally important. GDPR is a clear driver of the approach that the C Suite has to instigate to protect and secure their businesses.

Among the many areas that IT Security has focused upon is back-up which is essential in protecting data. This makes it retrievable in the event of a compromise of data due to a cyber-attack.

Change in Philosophy

GDPR was a long time coming and businesses have struggled to find the resource to put in place processes to achieve compliance. Some were ahead of the game and some struggled to meet the deadline of 25th May 2018.

The philosophy to cyber security has also reached an engagement point where businesses are looking beyond GDPR. Businesses are now seeking cyber security accreditation’s such as ISO27001.

Global Effect

Other countries are also taking note of the impact that GDPR is having and bringing in similar legislation of their own.

For example the California Consumer Privacy Act (CCPA) which comes into force on 1st January next year.This provides consumers with certain rights over their personal data which is held by businesses  and is an obvious parallel with GDPR.

GDPR Fines

Regulators to date have issued in excess of 200.000 fines of which 65,000 were related to data breaches . Fines totalled E56M which includes the E50M levied against Google by the Irish Data Protection Commissioner. In this case new users were inadequately advised how personal data was collected and how this was subsequently used.

The fear of potential fines being issued of up to 4% of global turnover of a business by the regulators has not materialised yet. However from a speech made by Elizabeth Dunham , the U.K. Commissioner of the ICO recently stated in a speech that this may be about to change later in the year. The ICO it is understood have a couple of very large cases that are currently being reviewed.

Both Equifax and Uber have been fined over the past twelve months but this was under previous legislation and not GDPR.

The impact of GDPR  does appear to have improved cyber security standards. We are however waiting to see how regulatory bodies will impose the full force of non-compliance in the event of a cyber-attack that results in a significant data breach.

Image : Shutterstock

Airports : The Importance of Cyber Security

Airports

With critical infrastructure now becoming a prime target for hackers airports now need to ensure that they have in place a comprehensive cyber risk management program in place.

http://cyberbrokers.co.uk/the-cyber-threat-critical-infrastructure/

The European Aviation Safety Agency (EASA) has estimated that an average of 1000 cyber attacks occur each month on aviation systems which further demonstrates the threat posed to this sector.

Airports are technology dependent sector on which also makes it attractive for a hacker who is likely to have the intention of causing maximum disruption with many facets of an airport to target.

Whilst a number of computer networks may be segregated such as  navigational guidance, immigration and retail outlets there are many areas that could be targeted.

  • The airports core IT infrastructure
  • Self-check-in desks
  • Automated bag drop off systems
  • Smart operated gates
  • Wi-Fi available within the airport lounges

Cyber-Attacks on Airports

We have see cyber-attacks on airports notably Bristol airport in the U.K. and Atlanta airport in the US both of which occurred last year.

The computer systems of Bristol airport were accessed by a phishing attack whereby an employee clicked  on a link which lead to malware infiltrating  their systems. For a period airport staff had to communicate arrival / departures by using a blackboard as the messages boards were inoperable.

https://www.bbc.co.uk/news/uk-england-bristol-45539841

The wi-fi of Atlanta airport was taken down as a result of a cyber-attack. Flights had to be cancelled causing passenger delays and significant disruption to the airport services.

https://www.ajc.com/business/hartsfield-jackson-takes-down-after-cyber-attack-city/

The Data Breach Threat

High volumes of data are contained within the computer systems of an airport and it therefore important that this protected. This would typically include :

  • Boarding card details of passengers
  • Car parking details
  • Health and Safety information
  • Details of disabled individuals
  • Employee personal details
  • Salary payment details of employees

With GDPR coming into force last year all organisations are legally required to store and protect data up to certain standards.

The NIS Directive

This came into force last year and sets out minimum standards of cyber security that need to be in place for operators of essential services systems (OES) which will be applicable to the aviation sector.

One of the keys in preventing cyber attacks is the developing of cyber resilience within an airport once potential threat vectors have been identified and solutions are in place to manage potential threats.

Image : Shutterstock

Are You Checking In With Hackers?

Hackers

Are you checking in with Hackers?

The hotel industry has been a prime target for hackers and this trend is likely to continue. So why are cyber attacks so prevelant within this sector?

Volumes of Data

Hotels hold vast quantities of data through many sources such as through their reservation systems for their customers . This will be personally identifiable information that would consist of names, addresss , e-mail addresses and passport details.

Online Payment Processing

Customers will log-in on a hotel website to make a reservation which will require them to provide debit or credit card details. These details could be compromised in the event of a data breach. Payment transactions can also remain exposed for a while on computer systems which presents further opportunity. In 2017 hotels accounted for 92% of all point of sale intrusions.

WiFi

The wi-fi in some hotels can be relatively insecure if their cyber security processes and procedures are not as robust as they should be. This can also lead to their data being compromised.

Symantec released a report this week which revealed that 67% of hotel websites surveyed leaked customer’s booking data. This was over 1500 hotel websites in 54 countries , this equates to two in three websites data could be used by third party sites such as advertisers.

https://www.symantec.com/blogs/threat-intelligence/hotel-websites-leak-guest-data

Supply Chain

Hotels relies on a supply chain which can include a number of contractors, broking and travel agencies . If there is a vulnerability with one of these it is possible that the hotel may be impacted by this causing business interruption or a data loss.

An Attractive Sector

This sector is a target because of the size of the market and the revenue that is generated each year, this provides opportunists threats for cyber criminals and the proliferation of fraud.

Cyber Attacks on the Hotel Industry

There have been a number of high profile cyber attacks on hotels where hackers have sought to steal data or cause disruption to the business.

Marriot International Hotels 

This is the largest data breach in this sector but also one of the largest in the world.

500 million guests were exposed to this cyber attack which included names and addresses and passport numbers. The attack emanated from the Starwood guest reservation database with who they had recently merged.Starwood themselves had previously experienced a data breach a number of years earlier.

https://www.telegraph.co.uk/technology/2018/11/30/private-data-500-million-marriott-guests-exposed-massive-breach/

Hyatt Hotels Corp

Hackers hit the restaurants front desks and parking facilities at 40% of their hotels situated around the world over a four month period.

It is understood that malware was designed to collect cardholder names, numbers and expiration dates.

Hilton Worldwide

Access was gained via the payment card system but on this occasion their was no evidence that data was stolen. The systems were in fact attack twice , cardholder details were again the main target.

As with all business that rely heavily on business via on-line transactions their cyber risk is very high and it is important that cyber risk management is a central focus to management.

Image : Shutterstock