Cyber Security

European Union Agency for Cybersecurity (ENISA) - Annual threat landscape report

The European Union Agency for Cybersecurity (ENISA) has just published (on the 3rd November) their 10th Annual Threat Landscape Report.  In their own words “It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis. It also describes relevant mitigation measures.”
 
I find it makes interesting reading although at a 150 pages long it is not for everyone.  

It is a well-structured document and the sections likely to be of most interest are Annex A, “Mapping to MITRE ATT&CK Framework” and Annex D, “Recommendations”, which cross references them to the relevant ISO standards as well as NIST’s Cybersecurity Framework (CSF). If nothing else these can act as a good aide memoire / checklist.
 
The document can be downloaded directly from ENISA’s website
here.

National Cyber Security Centre Phisihing stats

Did you know that you can forward suspicious emails to the National Cyber Security Centre for them to collate with others and investigate further?

If you encounter emails in your inbox that don't look right then you can forward them to report@phishing.gov.uk. It is free and effective.

I encourage everyone to do so.
As of 31st August 2022, the number of reports received by the NCSC stands at more than 13,700,000 with the removal of more than 95,000 scams across 174,000 URLs.

U.S. Government''s Cybersecurity & Infrastructure Security Agency (CISA) to open its first ever overseas office in London

The U.K. and U.S. Governments have had a very long standing relationship and collaborate closely on many issues relating to intelligence and cyber security.

The relationship appears to be getting even closer as the U.S. Government''s Cybersecurity & Infrastructure Security Agency (CISA) has recently announced it is to open its first ever international Attache office which will be in London.

They have not yet said where it will be located but I would guess either within the U.S. Embassy in Nine Elms, or close to the NCSC's offices in Victoria.

How would you deal with an unsolicitied notice of vulnerabilities in your infrastructure?

Are you set up to respond to unsolicited vulnerability disclosures?

Recently I was asked to help find a contact within a national telecommunications operator to whom an infrastructure vulnerability could be reported. A colleague had discovered an instance on the public internet that was not correctly protected and therefore could be compromised and exploited. You would think it would be an easy task! Not so! It took me over a day of effort over an elapsed timescale of two and a half days to reach the correct team members to make the report as a responsible disclosure. Messages via LinkedIn to likely staff members were ineffective as was contact through people who worked there. Ultimately it was one person who "know a man who knows the man" that enabled us to get their attention.

Lessons from the experience:
  • Most people would have given up after a few hours
  • Unlike software companies, tech companies do not tend to be set up to receive responsible disclosures of vulnerabilities
  • Systems were exploitable and accessible from the public internet for over 3 elapsed days!
  • Persever, if you don't then you won't be successful.

Recommendation
  • Design a Contact Form and make it accessible from your public homepage.
  • To protect against spamming and screen scraping do not publish the email address, make it a hidden attribute
  • Incorporate CATCHPA / re CATCHPA or a similar solution to ensure you protect against 'bots'

.

FBI warns against trusting "secure" websites

The FBI released an alert on the 10th June 2019 on their Internet Crime Complaint Centre (IC3) advising the public not to trust implicitly the padlock which is displayed to indicate that the browser session is secure. They also include some basic recommendations. Sophisticated criminals are frequently including 'legitimate' certificates when mounting campaigns against unsuspecting users. Our recommendation is to always click on the padlock and confirm that the certificate matches the domain name to which it is supposed to be related.

Cyber Security Standard for connected and automated vehicles

The British Standards Institute (BSI) has recently published its standard for cyber security for connected and automated vehicles, PAS 1885:2018. The standard builds upon the 8 key principles guidance published by H.M. Government in 2018 Read Moreā€¦

Inside the unnerving supply chain attack that corrupted CCCleaner

This article, published in WIRED makes very interesting reading. It describes how CCCleaner, a well known anti malware product was compromised prior to the company being acquired by Avast. Well worth a read. The article cane be found at this url:-

https://www.wired.com/story/inside-the-unnerving-supply-chain-attack-that-corrupted-ccleaner/

The increased cyber security threat to enterprises

Over the past few weeks and months, the cyber security threat landscape has been made much worse by two significant leaks of data which occurred in 2017. These are the Vault 7 leaks and the ShadowBroker leaks

Vault 7 leaks
On the 7th March 2017, WikiLeaks started to released documents about the US Government’s offensive cyber warfare capabilities. The first tranche
consisted of 7,818 web pages with 943 attachments, purportedly from the Center for Cyber Intelligence. Between the 7th March and 7th September 2017, a further 22 tranches of information were released including the cyber warfare tools and software claimed to have been developed by the CIA. The information, software and tools that were leaked are generally accepted to be “nation state” capabilities.

ShadowBroker leaks
ShadowBroker is a group of self-styled hackers who first came to prominence in about 2013 but in the middle of 2017, they released into the public domain a massive collection of tools and information about zero-day exploits hoarded and used by the Tailored Access Operations (TAO) Group of the US Government’s National Security Agency. TAO is widely understood to be the proactive hacking (cyber warfare) group within the NSA. The ShadowBroker leaks exposed vulnerabilities in Cisco routers, Microsoft’s Windows Operating System and Linux mail servers amongst others, including the exploit used by the authors of WannaCry ransomware that infected computers in over 150 countries worldwide.

The consequences
The consequences of these two leaks is that extremely advanced and sophisticated “nation state” cyber warfare and hacking tools and information has been released into the public domain and the hands of lesser capable countries, and criminals and hackers. This in turn has significantly enhanced their capabilities to attack enterprises who, for the most art, are not equipped to defend against “nation state” types of attack. These tools operated across the entire security stack namely infrastructure, application, data and user domains.

Palo Alto's Unit 42 releases their Adversary Playbook

Palo Alto's Unit 42 has released into the public domain their Adversary Playbook which is built upon a combination of STIX 2.0 and ATT&CK, Mitre Corporation's curated knowledge base for cyber adversary behaviour. Full details can be found here, well worth a look!

This site uses cookies to enable us to optimise your experience and to generate usage statistics through Google analytics.

We do not share any of your information or activity on this website with others. For more information please see our Privacy policy which can be found on our 'Legal Stuff' page.