Cyber Security

How Secure Is Your Supply Chain?

by
Supply Chain

Many businesses are now reliant on third parties in order to function and to provide their goods or services. These third parties are likely to form a supply chain providing such capabilities as IT services, HR outsourcing and hosting services.

The calibre of these services can vary greatly be they a large conglomerate to small local business. Each suppler will have they own cyber security processes and procedures that should be embedded within the business….. but in practice is this the case and what is the impact on a business if they suffer a cyber security breach?

With reliance now placed on a supply chain it is important that due diligence is carried to ensure that this resilience is in place.

What sort of processes can be carried out in order to provide some assurances?

  • Regular cyber security audits of third party vendors
  • Prioritization of vendors for critical services
  • Review of data monitoring standards of third parties
  • Ensure own security procedures remain at a high standard enforcing regular patching and installation of latest firewalls.
  • Managing of privileges provided outside of the business
  • Robust procurement processes for new vendors
  • Management of contractual liability with the vendor in the event of a possible data breach
  • Due diligence of cloud service providers
  • Insurance checklist for professional indemnity and or cyber insurance by the vendor
  • Review interconnected devices to managed The Internet of Things ( IoT) exposures

The supply chain of a business can be their weakest link and managing this should be given the same level of attention as the internal cyber risks that exist.

The National Cyber Security Center publish a list of some of the risks that businesses should look out for :-

https://www.ncsc.gov.uk/content/files/protected_files/guidance_files/Cyber-security-risks-in-the-supply-chain.pdf

The consequences of a third party suffering a compromise of their computer systems could lead to  the following:-

1.Business Interruption

2. Reputational Damage

3.Regulatory Actions and Fines

4.Loss of customers

5.Costs incurred to the business to rectify loss of data or damage to computer systems

6.There have been a number of high profile data breaches where losses have emanated from the supply chain :-

Target

In December 2003 hackers gained access to the heating and ventilation system of the retailer Target. As a result of network credentials being stolen from a mechanical services engineer the hackers were then able to gain access to credit and debit card data of customers. The cost of the breach is thought to be close to $300M with 100 million individuals being affected and the CIO of Target resigning soon after the breach.

Stuxnet

This was a malicious computer worm that targeted automated processes utilized to control machinery on factory assembly lines and systems within the nuclear industry.

It was introduced into a supply network via an infected USB flash drive by individuals that had access to the system It was then possible for the worm to move across the network which scans software that controls machinery and n influence the commands that were given.

NonPetya

Last year NonPetya was a malicious code aimed at software supply chains. The targets were outdated and unpatched Windows systems utilizing the EternalBlue vulnerability which hit many global businesses such as WPP DLAPiper and Maersk.

The hackers initially breached a financial services company in the name of MeDoc which was a third party software service readily utilized by goverments. Once access had been obtained they were able to install malware on their software which was then distributed to end users when the latest update was downloaded.

A report earlier this year by Symantec reported that there had been a 200% increase over the last 12 months in hackers injecting malware implants into the supply chain to gain access to the organizations computer systems.

https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf

Perhaps one of the keys to ensuring that a supply chain is secure is to try and enforce the supply chain to have in place similar robust cyber security procedures and practices to the business in order to manage the evolving cyber risk landscape that exists.

 

Image : Shutterstock

Tackling the Cyber Threat at the World Cup

by
World Cup

The 2018 FIFA World Cup has finally arrived with the expectations for the England team  more subdued than normal…..away from the football pitch the cyber threat landscape will once again present challenges for this major sporting event.  Already this year we have seen the Winter Olympics in South Korea experience wiper malware that hit the internet and TV broadcasting of the opening ceremony.

With Russian hackers having  “home advantage ” it will be interesting to see the attack vectors utilized and how resilient cyber security will be to combat this.

GCHQ have warned the Football Association that both the officials and players could well be targeted by hackers during the tournament.

https://www.theguardian.com/football/2018/jun/12/england-world-cup-squad-targets-russian-hackers

Why the World Cup ?

Major sporting events grab the attention of the entire world but unfortunately this also attracts elements of the population who perceive this as an opportunity to be exploited  ….. the world of cyber crime.

The threat that cyber crime poses to an event such as this is similar to that which exists for any other business but on a much larger scale and with more dramatic consequences due its high profile and the many threat vectors that may exist.

Assessing the Cyber Threat

Some of the targets for cyber criminals are likely to be the following :-

1.The Official World Cup Website

Distributed denial of service (DDoS) attacks preventing access to website by fans.

The accessing of the website by hackers and altering the data such as falsifying the results and tables and providing incorrect information to the public.

Defacement of the website by a hacktivist.

Fans will no doubt access the website via Wi-Fi and vulnerability will exist if they inadvertently log in through a rogue Wi-Fi connection which could lead to the stealing of their personal data.

2.Match Day Tickets

Ticket fraud with the setting up of bogus websites taking fans money and issuing counterfeit tickets.

Website scamming offering last minute match day tickets for the big games with no ticket actually being produced.

3.The Stadiums

Technology will be pivotal in all aspects of the running of the ten stadiums being used in the tournament. Stadium entry, ticketing processing, management of floodlights and associated infrastructure would all be impacted in the event of a cyber attack.

4. Tournament Data 

The event will involve a huge amount of data ranging from credit card data of fans, players confidential information or the database of the organizers which is likely to be targeted by hackers. This could occur through phishing attacks in order to steal personal private information (PPI)and then lead to possible bank fraud of individuals. With GDPR now in force hackers are likely to focus more on stealing data.

5.E-mail Transmission

E-mail scamming could be caused by bogus e-mails set up to obtain players and officials personal information that is disseminated over the internet. The numerous sending and exchanging of e-mails also presents an opportunity or spamming.

6.Media Coverage

World wide coverage will be provided to this event by television companies who will be reliant on technology and the service could be interrupted or even blacked out by a hacker wishing to cause transmission downtime.

7. Computer Network 

The spreading of a malware attack within the internal computer network and third party providers could cause enormous interruption to the running of the tournament. The reliance on technology reaches far and wide ranging from the transportation network to close circuit TV surveillance systems.

8. Mobile Applications 

Fake mobile apps devised by developers to give the impression of the official FIFA app.

9.Cyber Terrorism

Cyber terrorism could occur in a number of forms. A ransomware attack would limit or entirely restrict the use of computer systems affecting many aspects of the tournament.

There may be political motivation from countries that want to disrupt the tournament. This could be to make a political stand on an issue or perhaps a country that failed to reach the finals or a country that has controversially been knocked out of the competition.

The threat of remotely controlled drones by cyber terrorist entering a stadium causing disruption and delay to matches.

10.Social Media

Infiltration of social media websites by hackers of the tournament and personal accounts pose a threat to fans , players and officials privacy.

Cyber Risk Management Program

FIFA will no doubt have in place a comprehensive cyber risk management program to manage the World Cup  which is likely to be broken down into the following :-

  • Identification of cyber risk vectors
  • The mitigation of cyber risk within the tournament
  • The transfer of residual cyber risks that they are unwilling or unable to manage.

Cyber Insurance

Cyber Insurance can assist with the transfer of cyber risks by the following insurance modules :-

  • Network Security Liability
  • Data Privacy Liability
  • Multimedia Liability
  • Network Business Interruption
  • Data Asset Protection
  • Cyber Extortion
  • Crisis Management

A cyber insurance policy also provides post breach vendor assistance helping with data breach notification , forensic investigation and public relations.

Image : Shutterstock

Will Ransomware Attacks Increase Under GDPR?

by
Ransomware

Business in the UK suffer on average 38 ransomware attacks a day and it is likely that we will see a significant increase in this when GDPR comes into force on 25th May this year.

According to cyber security product developer Sonic Wall there are over 2,500 different know variants of ransomware hitting UK businesses which makes the task of managing these attacks becoming a formidable job to combat. One of the current trends of cyber attacks carried out by hackers was is that their targets appeared to be that of data with ransomware being an ideal method of disrupting businesses by corrupting their data, stealing it or perhaps holding them to ransom.

This form of cyber attack on a business is perhaps one of the most difficult to handle due to its unpredictable nature and the impact that it can have on a business leaving it paralyzed to operate. It is also normally time limited which adds the factor of stress to the business owners with  the imminent threat of data being destroyed if the ransom is not paid within a specific deadline.

With GDPR there is added factor of a business being fined by the Information Commissioners Office (ICO) if data is compromised.The fines that could be imposed by the ICO are between 2 and 4% of global turnover depending on how the degree of the data breach. Uber would be an example of where the ICO could have imposed a heavy fine. Hackers held Uber to £750,000 ransom with the threat of releasing the data of 57 million customers. Uber would have been in the position of breaching GDPR rules on two occasions for the initial cyber attack and the fact that it was not disclosed as all data breaches will need to be advised to the ICO within 72 hours. It will be interesting to see how the ICO approach the question of fines and to what degree they are likely to impose the maximum fine threshold.

The paying of a ransom is am easy option to pacify alleviate a cyber attack but this could only be a short term solution as the hacker could return perceiving the business to be an easy target. There is  also no guarantee that the files containing the data will be released and will remain encrypted with the business still unable to access the data.

Cyber insurance can help with ransomware attacks , in paying the actual ransom and the costs associated with negotiating with the hackers. The policy would also provide coverage for the forensic and IT costs to investigate a possible sideways attacks by the hackers into computer systems. A data breach will need to be managed and this specialist form of insurance provides incident response services backed by a panel of experienced vendors.

Ransomware attacks will undoubtedly increase once GDPR comes into force and businesses will need to improve their cyber risk management in order to avoid the wrath of the ICO and the damage to their reputation that a severe data breach may cause.

Image : Shutterstock

Winter Olympics Viewed As Cyber Target

by
Winter Olympics

The Winter Olympics has already captured the attention of hackers and with this major event only a few days away the cyber threat is very real …..

Hackers have already targeted the Winter Olympics with a number of organisations being subject to attacks in an effort to gain access to sensitive information.

MacAfee have revealed that a hacking campaign has been in place for a while which appears to be backed by a nation state . The targets have been ice hockey teams and ski-ing suppliers discovered.

https://www.wired.com/story/pyeongchang-winter-olympics-cyberattacks/

Why the Winter Olympics?

Major sporting events grab the attention of the entire world but unfortunately this also attracts elements of the population who perceive this as an opportunity to be exploited  ….. the world of cyber crime.

The threat that cyber crime poses to an event such as this is similar to that which exists for any other business but on a much larger scale and with more dramatic consequences due its high profile and the many threat vectors that exist.

The Cyber Threat Landscape

Some of the targets for cyber criminals are likely to be the following :-

1.The Official PyeongChang 2018 Website

Distributed denial of service (DDoS) attacks preventing access to website by fans.

The accessing of the website by hackers, altering the data such as falsifying the results and interfering with medal tables.

Defacement of the website by a hacktivist.

Spectators and visitors will no doubt access the website via Wi-Fi and vulnerability will exist if they inadvertently log in through a rogue Wi-Fi connection which could lead to the stealing of their personal data.

2.Event Tickets

Ticket fraud with the setting up of bogus websites taking fans money and issuing counterfeit tickets.

Website scamming offering last minute match day tickets for the big events with no ticket actually being produced.

3.The Venues

Technology will be pivotal in all aspects of the running of the 15 venues being used in PyeongChang . Entry to the venues, ticketing processing, management of lighting and associated infrastructure would all be impacted in the event of a cyber attack.

4. Competitors Data 

The event will involve a huge amount of data ranging from credit card data of spectators, athletes confidential information or the database of the organizers which is likely to be targeted by hackers. This could occur through phishing attacks in order to steal personal private information (PPI)and then lead to possible bank fraud of individuals. Brazil does have an established reputation for on-line banking fraud.

5.E-mail Transmission

E-mail scamming could be caused by bogus e-mails set up to obtain athletes and officials personal information that could be disseminated over the internet. The endless sending and exchanging of e-mails also presents an opportunity or spamming.

6.Media Coverage

World wide coverage will be provided to this event by television companies who will be reliant on technology and the service could be interrupted or even blacked out by a hacker wishing to cause transmission downtime. For example a video re-run of the 200 m final could be disrupted by a ransomware attack.

7. Computer Network 

The spreading of a malware attack within the internal computer network and third party providers could cause enormous interruption to the running of the numerous events taking place. The reliance on technology reaches far and wide ranging from the transportation network to close circuit TV surveillance systems.

8. Mobile Applications 

Fake mobile apps devised by developers to give the impression of the official Winter Olympics app. Smartphones area also at risk if stolen and personal data is sourced.

9.Cyber Terrorism

Cyber terrorism could occur in a number of forms. A ransomware attack would limit or entirely restrict the use of computer systems affecting the running of the Winter Olympics.

There may be political motivation from countries that want to disrupt the event. This could be to make a political stand on an issue or perhaps a country that failed to win an event or perhaps a competitor that was disqualified and the country that was represented takes retaliation.

The threat of remotely controlled drones by cyber terrorist entering an event causing disruption and delay to matches.

10.Social Media

Infiltration of social media websites by hackers of the tournament and personal accounts pose a threat to fans , players and officials privacy.

Cyber Risk Management Program

The International Olympic Committee will no doubt have in place a comprehensive cyber risk management program to manage the programs of events which is likely to be broken down into the following :-

  • Identification of cyber risk vectors
  • The mitigation of cyber risk within the tournament
  • The transfer of residual cyber risks that they are unwilling or unable to manage.

Cyber Insurance

Cyber Insurance can assist with the transfer of cyber risks associated with sporting events by providing the following insurance modules :-

  • Network Security Liability
  • Data Privacy Liability
  • Multimedia Liability
  • Network Business Interruption
  • Data Asset Protection
  • Cyber Extortion
  • Crisis Management

A cyber insurance policy also provides post breach vendor assistance helping with data breach notification , forensic investigation and public relations.

The Winter Olympics is global event that is reliant on technology which does make it especially vulnerable to cyber security threats, it is therefore important that these are recognized and measures are put in place to mitigate the potentially severe consequences that could impact on the games.

This post is based on “Rio 2016 – The Cyber Threat”

http://cyberbrokers.co.uk/rio-2016-cyber-threats/

Image : Shutterstock

 

Hackers Raise Cyber Risk Awareness in 2017

by
Mergers and Acquisitions

Hackers raise Cyber Risk awareness in 2017….. this is the one upside where Hackers have again grabbed the headlines with many high profile cyber attacks taking place resulting in cyber crime and data breaches. These are proving to shape the world of cyberspace and how cyber risk will be managed in the future.

What have been the high profile cyber security breaches this year ? 

Ransomware feature highly as the main attack vector utilized by hackers and proved to be the most effective in terms of impact and the disruption that was caused to businesses.

WannaCry

This was one of the main strains of ransomware that hit over 150 businesses throughout the world in May this year. This compromised the NHS and car manufacturing plants  such as Nissan  and Renault in the UK and the global corporations of  Telefonica and FedEX.

Not-Petya

This was the second significant ransomware attack within the space of two months and should have heighten businesses concerns that cyber risk was now a boardroom issue after the WannaCry attack.  Not-Petya took place in late June again reaching out to hit high profile global corporations that included Merck, WPP and AP Moller-Maersk having longer lasting consequences on their trading ability and reputations.

Equifax

The US credit reporting agency revealed in September that they suffered a data breach which compromised the accounts of 143 million US customers, it is believed that a certain percentage of these were also UK citizens.

Uber

It was announced by Uber last month that they were hit by a data breach which affected 57 million users by an attack that occurred 12 months earlier. A ransom of $100,000 was also paid to the hackers.

Morrisons

Whilst this breach was not new it does have potential far reaching consequences for the directors of a business. It was found by the High Court that those affected by a data breach which was caused by an employee, were allowed to claim compensation for the ” upset and distress” caused.

What happened in the UK ?

Whilst hackers infiltrated many businesses worldwide, in the UK we also saw businesses and organisations being hit demonstrating that cyber attacks are closer to home that many people may believe, here are a few examples :-

Sports Direct revealed in February that they had been hit by a data breach where a hacker had gained access to their 30,000 employees personal details which included names , addresses and e-mail details.

Wonga announced in April that 245,000 of its customers in the UK had been affected by a data breach, personal details this time included bank account details.

RingGo, the parking payment app was subject to a data breach in April whereby 2,000 customers were affected

Hotpoint UK had their website compromised in May when malware was discovered on their computer system luckily no data was taken on this ocassion.

Cardiff City Centre suffered the embarassment of their computer system being compromised in August with a Swastika being posted on a shopping billboard.

The Scottish Parliament suffered a brute force attack in August where hackers targeted the e-mail accounts of MP’s in an attempt to obtain passwords

Lessons to be learned …..

Cyber crime and data breaches will not go away and will continue to be a prominent threat to busineesss

This is a major issue for businesses so much that it is now on boardroom agendas

Cyber risk needs to be managed at all levels of a business

Cyber attacks can happen to any business , SME’s are faced with the same vulnerabilties as larger organzations

Cyber risk needs to be embedded into a business’s risk management procedures and processes.

Inadequate cyber risk management will impact of the reputation of a business.

2018 will be a testing time for many business sectors with the volatility of the economy, unstable governments and Brexit to name a few but cyber risk should also sit alongside these challenges as the impact of failure to address this is likely to be just as influential.

Image : Shutterstock

What is a Denial of Service Attack?

by
Denial of Service

What is a Denial of Service attack?

A denial of service attacks is a form of cyber attack where a hacker aims to make a computer or network unavailable to its user.

It’s full description is described as a Distributed Denial of Service (DDoS) attack and is carried out by disrupting the services of a host that are connected to the internet by flooding the target with bogus requests which will overload the computer making it inaccessible by the users.

The UK is only second behind the US as being the most targeted country for DDoS attacks. The UK is subject to just under 10%of the world’s DDoS attacks, whereas the US boasts 50.30% of the total of attacks.

Over the last year DDoS attacks have increased by 211% as reported by cyber security consultants Imperva. The main source of the attacks is South Korea over taking China .

In recent months the size of attacks have started to become much larger. An average attack is around 200 Gigabits per second but attacks of between 600Gbps and 1 Terrabit per second are now evident. An attack of this magnitude would cause serious disruption to a businesses computer systems.

Consequences of a DDoS Attack

Business Interruption

A business could be severely disputed for a period of  time which prevents the business from trading normally.On-line retailers for example could loose a high volume of sales.

Reputational Harm

The business may suffer reputational issues following a DDoS attack and the perception by it customers that its cyber security procedures are not of a sufficiently robust standard

Common Types of DDoS Attacks

UDP Flood

User Datagram Protocol is where random ports are attacked on a computer system by packets which cause it to listen for applications on those ports and signal back with a ICMP packet.

Ping of Death

This is known as a “POD” that manipulates IP protocol by sending packets larger than the maximum byte allowance. As a result this causes the computer servers to crash.

Peer to Peer

This is where a peer to peer server is compromised to route traffic to a target website. Users are resultantly sent to the target website where it is eventually overwhelmed and is taken off line.

https://www.rivalhost.com/12-types-of-ddos-attacks-used-by-hackers

Dyn – The Largest DDoS Attack – Case Study 

This DDOS attack heralded a new dawn of what these forms of cyber attacks can achieve as it bought down a huge chunk of the US internet.

It was called the Mirai bonnet and targeted the servers of Dyn which is a company that controls a large proportion of the the DNS infrastructure.This occurred in October last year and took place for almost a day. In its wake it bought down household names such as Twitter, the Guardian and Netflix in Europe and the US.

A network of computers were infected with malware know as a “botnet” and coordinates into bombarding a sever with traffic until it gives way under the weight of the traffic that it is being hit with.

What was unusual with the Mirai botnet which normally consists of a number of computers but this consisted of Internet of Things devices that included digital camera and DVR players.

Due to the fact that so many devices connected to the internet this enabled the attack to be so much larger than any other previous DDoS attack. The attack was thought to be the strength of 1.2 Tbps and twice as powerful of  the next most powerful attack.

It is good business for hackers ….

Kaspersky Labs have carried out studies on Denial of Service attacks exploring the business model and its popularity. A DDos attack can costs as little as $7 an hour with the average rice being $25 an hour . The profit margin can be as much as 95%.

https://www.thecsuite.co.uk/cio/security-cio/ddos-attacks-the-hackers-profit-margin/

Cyber Insurance 

Cyber Insurance can provide assistance in the event of DDos attack by providing the following policy coverage :-

Business Interruption

Cyber Extortion

Incident Response Services

Businesees need to be prepared for the threat that a DDos attack can bring and it important that their cyber security risk management procedures are effective to combat attacks of this nature which are being bought about with increasing severity by hackers.

Image : Shutterstock