Are we already at war?

Are we already at war?
This is the first (of two) articles taking a look at the hacking and cybercrime that’s taken place in 2015. Part 2, to be published soon, looks at the simple steps we can take to enhance our security and minimise the threats from cybercrime.

2015
Cost of Cyber Crime in 2014Although we’ve yet to reach the end of 2015, there’s already been an unprecedented number of data breaches and hacks compared to previous years, measured by both the number of breaches and the amount of data exposed.

The graphic on the right shows the estimated cost of cybercrime for 2014. In 2015 the cost has increased by 14% according to the “Cost of Cyber Crime Study: UK“, conducted by the Ponemon Institute and sponsored by HP.

The institute conducted 326 interviews with personnel from 39 UK companies to assess the incidence and cost of cybercrime for businesses. and the latest news is that the very recent TalkTalk hack has cost the company £35m so far

Major data breaches in 2015

FebruaryBillion dollar cyberheist
Up to 100 banks were penetrated and more than $1bn stolen
  US health insurer Anthem
80 million patient and employee records including date of birth, social security
numbers, home and email addresses, employee information and more
May 2015 – BlueCross, US Health Insurance provider
11.2 million names, birth dates, email addresses stolen
US office of Personnel Management
21.5m US Federal employees confidential data was accessed and presumed
stolen
June 2015Kasperski Labs (yes, the security vendor) was hacked
Technical information was stolen, thought to be industrial espionage by a
sovereign Nation State
July 2015 – Harvard University
One of 8 universities hacked in 2015 but it’s not known what information was
accessed (and stolen)
Hacking Team
Hacking Team develop spy tools for government agencies and the breach
exposed 1 million emails including those of a sensitive nature from a number
of security agencies around the world
US Army National Guard
850,000 social security numbers, home addresses, names and other
personal information stolen
August – Ashley Madison
32m member’s data stolen and posted on the dark web for sale. The
ramifications are ongoing
September – John Brennan
CIA Director had his personal AOL email account hacked
October – TalkTalk
Major hack of the TalkTalk website and a lot of user data was stolen

In the US it is a legal requirement that all hacked companies make a report to the appropriate government department, however similar legislation has yet to be enacted in Europe so the reported incidents may just be the tip of the iceberg – and that’s assuming that hacked companies know that they’ve been hacked.

So who was behind these hacks and what was their goal?
hacker at laptop?At the time of writing, 4 people had been arrested, and bailed, for the The TalkTalk hack – 3 teenagers and a young adult although no charges have been brought.

Some hacks might be carried out by the stereotypical spotty teenager in a bedroom just doing it for fun, however the majority are likely to be carried out by more worrying groups, ranging from organised crime to extort money to government organisations.

The Ashley Madison hack looks to have been for the purpose of extortion, of both Ashley Madison themselves and their members (pay us £xx or we’ll let your friends and family know where you spend your time etc).

Others will be industrial espionage, companies looking to gain a competitive advantage whilst the remainder might have been carried by departments acting for state security and it’s believed, although almost impossible to prove, that the Kasperski, US National Guard, US Office of Personnel Management & Hacking Team hacks were conducted by sovereign Nation States, believed to be North Korea and/or China.

These attacks by non-friendly sovereign nation states on infrastructure may even be attacks seen as acts of war.

Safer Internet DayWhy do hacks occur?
For some, it’s simply for fun, the challenge and the bragging rights.

However, there’s a lot of money to be made from the theft of intellectual property and business sensitive materials, and nations stand to learn a great deal about their friends and enemies. It’s widely believed, for example, that China has been inside US military design systems for many years which could explain why their military have made extremely rapid advances with the design and manufacture of new military equipment, including stealth planes, missile defence systems and drones in recent years.

Towards the end of 2015 we’re seeing that China is negotiating two way, anti-hacking, arrangements with a number of major economic partners, including the UK, USA and Germany, theoretically enshrining in law that the countries won’t attempt to hack China and China won’t try to hack them. However, even if the above is true they don’t need to hack any further if they already have access to core systems.

A cynic might also say that history indicates that China may not stick to it’s side of the deal, and even if they do – they can always ask their friends to do it for them.

Protecting your business and yourself.
Although I’ve mentioned high-profile attacks, SMEs are also at great risk and so in Part Two I’ll be looking at some simple steps that you can take to maximise your security and minimise the risk that you are exposed to.

Has Anti-Virus software reached its “Best Before” date?

CrowbarFor many years, the security mantra has been

  • Mac good – invulnerable to viruses and hacking.
  • Windows bad – very vulnerable to viruses and hacking

 The reason was two-fold, whilst it’s true that the Apple operating system IS harder to infect with a virus, the main reason was popularity (or lack thereof). When 97% of the world was using Windows, why bother writing viruses and other malware for the extreme minority.

The traditional Windows solution was to install an anti-virus program from one of the many vendors and, for real “belt and braces” safety, protect your internet connection with a firewall. Hopefully all would be well and good, so long as you paid your annual anti-virus subscriptions and ensured that the virus definitions were regularly updated so your anti-virus program could identify the threats and keep you safe. (Free anti-virus programs for home users did a similar job, again provided they were kept up to date)

Crypto-LockerSignificantly Increased Risk of Infection

However, the upsurge in Apple popularity over recent years means that Apple devices are also targets of the cyber-criminals. And it’s not just Apple computers and iDevices that are at risk, the virus writers are also targeting Android devices, Microsoft phones and tablets and devices running Linux devices.

Anti-Virus is dead!

Brian DyeLast year, Brian Dye, Senior Vice-President for Information Security at Symantec (the company behind Norton Anti-Virus solutions) said, in an interview with The Wall Street Journal, that “Anti-Virus is dead”. What he meant was that cyber criminals were now able to write malicious software faster than Norton could be updated.

Whilst Norton, and all the other anti-virus programs, are not yet ready for the scrapheap they only detect around 45% of all attacks. As well as that rather disturbing stat, research by FireEye (A cyber-security provider)  indicated that 82% of malware detected by their security solutions stays active for just one hour and 70% of threats surface just once before disappearing and being re-written to avoid detection by the AV companies.

So, what should you be doing?

Security-padlockWell, I’ve said it before, but it’s always worth reiterating, security starts with education. Then you add as many layers of additional protection as you feel necessary, depending on how you use your devices and the level risk you feel you are faced with.

  • Never open an attachment unless you are expecting one and you know, and trust, where it came from.
  • Keep your Anti-Virus software up to date and continue to renew your subscriptions, it may only block 45% but that’s nearly half of all threats stopped before they have a chance to install.
  • Install a security App on your phone and tablet
  • Explore the new offerings from the traditional anti-virus vendors that look to protect your web browsing and protect you against spam, phishing attacks and other cyber crime threats.
  • Be alert for anything that doesn’t feel “right” and if something looks too good to be true – that offer of a full version of Microsoft Office on CD for £50.00 for example – remember, it probably is!
  • Use a different, complex, password for each website that you have to log in to. An App such as LastPass will help you create passwords, securely store them and “auto complete” the log-ins when you log in to those websites. (other password tools are available)
  • Ensure your Social Media accounts privacy settings are set to an appropriate level
  • Look at Bitdefender Safego,a free anti-scam service for Facebook and Twitter
  • Remain cautious when using any internet connected device

When “now” is too late!

Fire Escape SignLast week saw an underground fire in Holborn, London, lead to the cancellation of a number of West End shows, costing theatres thousands in lost revenue.

More than 1,900 homes and businesses were left without electricity when the power had to be cut for safety reasons, directly affecting around 5,000 people who were forced out of their homes and offices whilst the underground fire was brought under control.

A small number of larger businesses were able to continue functioning because they had suitable contingency plans in place to cover precisely this type of eventuality. These were the ones that had back-up generators to ensure a continuity of electricity supply which enabled them to continue their activities whilst all around ground to a halt.

A small explosionSo what provisions have you made for business continuity in the event of an incident that leads to you having to vacate your offices?

Remember, this fire, although disruptive, was not classed as a “major” incident and similar issues could happen almost anywhere, at any time. Would your business cope, could it survive should you have to be evacuated, without warning.

What would be the impact on your business if you couldn’t access your office for hours, days or even weeks?

How do you manage the data and documents that are critical to the survival of your business?

Would your business be able to move seamlessly to a different location, would your key staff be able to work from home or elsewhere?

How do you manage and store the documents that are essential to the running of your business? Are they stored on your laptop/PC, on a server, back-up, in the cloud or a USB stick?

Are your clients and business contacts in a Customer Relationship Management application, on a spreadsheet, on your phone or in your head?

How about your financial records, are they saved in Excel or a dedicated software application?

Bits and BytesThere are many ways to store and manage your essential data, you just have to be sure that you can access the business critical information from a location away from your office.

Companies most reliant on data may have back-up locations, complete with computers and data connectivity that they can move key personnel to, ensuring that service and continuity continues with the shortest of interruptions.

Smaller businesses might have file servers storing their data attached to their network with back-up devices regularly creating copies with the back-ups being taken off-site.

Micro-businesses and sole traders could make effective use external hard-drives, whether attached by USB or shared on a network, automatically cloned to one of the numerous, and inexpensive, cloud data services.

Remember, it’s too late to do anything about business resilience once an incident has started.

The Google “Red screen of Doom”

I had a telephone call from a former client a month or so ago. He was in a bit of a panic because we was suffering from the Google “red screen of doom”. Having been in IT for a while, I’ve been familiar with Microsoft’s “blue screen of death” but this was something that was new to me, or so I thought and so I asked for more information.

He asked me to do a search for his company on Google – which I did – and his company came top of the search results, which was good. What was less good – much less good – was the stark warning, inserted by Google, that “This site may harm your computer” .

This site may harm your computerAha, Google was warning that the website had been hacked and was now serving malware to visitors.

I switched to my Chromebook – which is impervious to all known computer malware – and clicked through to the website – only to be blocked by the “Google red screen of doom”

Google's red screen of doomAlthough there was nothing to buy on my client’s site, it did host a range of technical papers and specification sheets that were vital for his clients and this attack was already having an impact on his business. Action was desperately needed.

The site was originally built 7 years ago and nothing much had changed, including the access data required to log-in to the host. So, I logged in and saw that a number of .js files had newer dates on them than the rest of the content, confirming that the site had been hacked and a small number of files altered so that they could be used to force malware downloads on to the computers of unsuspecting visitors.

The next step was to delete all of the website files, just to be on the safe side, and create a new, simple, home page with contact details and links to the most popular PDFs so that clients would be able to access the information they required.

Next was to see what Google had found by logging in to the Google Webmaster Toolkit account for the website- www.google.com/webmaster.

There were a number of warnings relating to suspicious activity on the site that had gone unread, simply because my client had changed email addresses, was unable to access the original email account and had not updated his Webmaster Tools account with the new address.

Webmaster Tools advised of the type of threat that had been set up on the site and provided other, valuable, information along with a reporting tool that enabled me to advise Google of the actions taken to remove the threat.

Clicking “Send” was quickly followed by a confirmation message from Google that they would look at my message within 18 hours – a time frame that I thought was commendably fast. They were as good as their word and within 18 hours had checked the website to make sure it was clean and had removed all warnings and red screens of doom – my client was back up and running.

However, we didn’t leave it there. The original site was old, used old code and the web hosts weren’t the most responsive – telephone calls to their support line either went unanswered or, when answered, were as much use as the proverbial chocolate teapot and so the decision was made to move the hosting to a more secure provider and to work on a plan to develop a new website.

The moral of this tale is simple. Make sure that you use the Google Webmaster Toolkit!

It’s the only way to let Google know what you’ve done should your site fall victim to an attack, keep your Toolkit account up to date and only use a web host that you know provides good security and a decent level of support.

And please don’t think that you’re immune – small businesses are the most targeted, the presumption being that their security is weaker than measures put in place by larger organisations and there are a number of websites that I keep an eye on that are attacked many times a day. However, being hosted on a secure platform with monitoring in place means that I am kept aware of the threats and can take remedial action, if required, very quickly.

To date, none has been required.

If you are worried by the security of your website, or your IT systems, please give me a call on 01793 238020 or email me, andy@enterprise-oms.co.uk for a confidential, impartial, and free chat about your security concerns

 

 

Chromebook Diaries – The Chromebook has landed

Andy, checking out websites as part of his workMy trusty Toshiba laptop is coming up on 3 years old and is beginning to show its age. Like its owner, it’s heavy, getting slower with age and just looks too chunky.

I have been agonising over its replacement for a while. I was taken with Windows Ultrabooks, great performance, quality screen and fantastic battery life, up to 5 hours but less than engaged by their prices, from £700 up.

I’ve also been looking at the Chromebooks which are basically small laptops with 11.6″ screens, fantastic battery life and running Google’s Chrome operating system rather than Windows. I even wrote about Chromebooks in an earlier post.

Larger screen Chromebooks are now available in in all cases battery life is as long as 9 hours, so all day computing without a charger is a realistic aim and they are impervious to viruses and other forms of malware.

Toshiba Satelite NB10 compact laptopScreen quality is perfectly acceptable but build quality, according to reviews, has been variable. However, since Xmas 2013 more and more manufactures have been releasing models using Intel processors for better performance, compared to the Samsung processors used in older Chromebooks, and manufacturers such as Toshiba and HP have released Chromebooks with larger screens, a 13″ from Toshiba and a 14″ from HP

However, I have been wary of the leap away from Windows and that has held me back, particularly after discovering a Toshiba of a very similar size to the 12″ Chromebooks, with a touch screen and Windows 8 for not a lot more money than a Chromebook, around £300 compared to the typical Chromebook price of £200 to £250.

So, I continued to sit on the fence.

Then Dell released their take on the Chromebook, an 11.6″ screen, excellent battery life, Intel dual core processor, light weight and, more importantly, 4Gb RAM.

With excellent reviews and a keen price, my mind was 90% made up. Then I spotted a great deal on eBay just as the Dell delivery date slipped from days to months, my decision was made and on Tuesday July 8th I picked up my ever so slightly used Dell Chromebook.

How much did your last cup of coffee cost?

Nice cup of coffee

Imagine the scene, you’re between meetings and decide to drop in to your favourite coffee shop for a steaming hot cup of your favourite coffee, a cake and to tap into their Wi-Fi to read your emails, refresh your knowledge in time for your next meeting or simply to surf the web.

Then the urge hits, you look around and see that everybody seems respectable enough so you you head off to the toilet thinking that your laptop is safe on the table. After all, nobody would lift it in sight of all those customers, staff and CCTV cameras would they?

Laptop tracking service provider, Prey, found that areas offering free Wi-Fi were the second most common target for opportunistic laptop thefts, the only riskier place being left in a visible place in your car.

Open Laptop

If stolen, it’s not only the inconvenience of replacing the laptop, re-installing your applications and copying back your data [you do back-up your data don’t you?] it’s the additional costs that are not covered by your insurance.

The Ponemon Institute, a US cyber crime consultancy, put the real cost of the loss of a laptop and it’s data at nearly £31,000. This was broken down in to £4,000 for the loss of Intellectual Property, forensics and legal bills adding around £1,500 with a staggering £24,500 attributable to the loss of income, customers and competitive advantage associated with a data breach

SPOOF HOTSPOT


When you sit down and try to log-on to the Wi-Fi there’s often a selection of hotspots to choose from. How do you know which is the free service provided by the venue and which is a spoof.

It’s very easy to set up a Wi-Fi hotspot using a mobile phone, Mi-Fi type of device or laptop and allow other users to connect through this free connection. However, all of the traffic can then be intercepted by the person providing the spoof account. What sort of important information is passed from your laptop through this connection? It could be your details to access your online banking, the log-in to your company network or the necessary information required to access your corporate email account.

So, the next time you stop off for a cup of coffee and decide to log-on using their free Wi-Fi, just make sure you know which network that you’re connecting to and that you don’t leave your laptop unattended.

And if you’re in need of help, then just give me a call on 01793 238020 or send an email to andy@enterprise-oms.co.uk

Not so Civil Servants

As the new inquiry in to the Hillsborough disaster got underway a number of disturbing facts came to light.

Whitehall Street Sign

One that hit the news late in April was the discovery that civil servants had been making sickening edits to a variety of Wikipedia pages, starting in 2009, the 20th anniversary of the tragedy.

In one instance “Blame Liverpool fans” was added to the Hillsborough section of Wiki.

In 2012, computers again accessed Wikipedia to make edits from Whitehall’s secure network, changing “You’ll never walk alone” to “You’ll never walk again”.

Although Wikipedia has been able to identify the IP addresses used to make these edits, all this serves to demonstrate is that they originated from Whitehall, there’s no way to identify who, out of the hundreds of thousands of users on the network, actually made the edits.

Unless they own up, or someone else who knows who made the edits provides the names it’s highly likely that the culprits will evade any action

Similar problems exist within our education establishments, thousands of incidents of cyber-bullying have been reported with many posts being made by children of school age during school time, inferring that they took place whilst the posters were on school premises, potentially using the school’s IT network.

Now there’s a solution. The latest security appliances from Cyberoam not only secure networks from external hacking and intrusion but enable IT managers to log all internet access, blocking sites with black lists, allowing sites via whitelisting and recording individual activity, enabling any improper web access to be traced back to the perpetrator.

If you are worried about the security of your IT network then please get in touch to explore the issues, discuss your concerns and find solutions. Drop me an email andy@enterprise-oms.co.uk or give me a call, 01793 238020, for a free and confidential chat about your concerns.

Does your Heartbleed – what is it and should you be worried?

Heartbleed security flawEarlier this week the discovery of a major security flaw was announced and it may have exposed your personal data to hackers. The bug has been given the name Heartbleed and one security expert, Bruce Schneier, described it on a scale of 1-10 as an “11!

So, what is the Heartbleed?

Heartbleed is the name given to a flaw in a piece of software called OpenSSL and OpenSSL was designed to encrypt data between your computer and a secure website – so whenever you logged in to a web site that started HTTPS and displayed the “golden padlock” your browser could be interacting with OpenSSL.

OpenSSL is one of the most widely used encryption tools and it’s thought that about half a million sites have been affected, including Facebook, Gmail, YouTube, Yahoo and DropBox

All of the above, and many others, have been patched which means that the security flaw has been eliminated.

What to do?

A lot of people are recommending that you change your password for all your sites. However, that may not solve the problem, imagine changing a password for a site that has yet to be patched. You’ll feel secure but the site would still be vulnerable to hackers and even your changed password could be stolen.

Ideally, each website should either notify their subscribers whether they are at risk or post a message on their home page but some may not. Where you are unsure you should contact the company concerned directly and ask them whether they use OpenSSL and whether the vulnerability has been fixed.

If they don’t publish this information or answer your questions then password security vault provider, LastPass have made a Heartbleed checker available.

All you have to do is go to https://lastpass.com/heartbleed and enter the web address for any site you want to check out.

If you feel the need to change your password, please don’t use the world’s favourite – 123456, use something more complicated and harder to guess – there’s a simple solution on an earlier blog post about passwords – 123456 is not an exercise in counting.

If you are concerned about the overall security of your business IT then I can help – from a security strategy review, to advice on protection from viruses, or firewalls, or any other security-related issues just send me an email – andy@enterprise-oms.co.uk or give me a call on 01793 238020.

123456 is not an exercise in counting

We are only 2 months in to 2014 and there have already been a significant number of major news stories about data theft and online security so I thought I’d round some up and give some tips that will help you to stay safe.

  • February 25th 2014, cyber security company Hold Security LLC said that it had uncovered 360 million sets of customer account data available for sale through cyber black-markets. These are new discoveries and represent a fresh risk to security.

Typical data includes email addresses, user names and passwords.

Hold Security LLC believe that these thefts are yet to be publically reported by the organisations who were hacked.

  • February 14th 2014 Tesco announce that the details of more than 2,200 Club Card accounts were published on the internet and a number of Club Card points had been stolen.

It’s important to understand that Tesco has not been hacked. Rather, criminals purchasing data related to other security leaks will simply run email address and passwords combinations against websites such as Tesco’s Club Card site to see which of them work. A small number obviously do and have permitted unauthorised access to user accounts.

  • February 14th 2014 Barclays announce the theft of 25,000 customer files, including sensitive information such as passport and National Insurance numbers as well as account data.

Popular PasswordsIt’s going to get worse before it gets better!

How do we know? Well, a number of companies have looked at stolen data and it’s been revealed that the No.1 password in use during 2013 was “123456”. The No.2 password was “password”, No.3 “12345678”, No.4 “Qwerty” and No.5 “abc123”

So how do you minimise the risk to yourself.

Well, it’s really easy – you just need to use a different password for every different website and account that you have. I know the message is old but it’s becoming increasingly clear that the message is not getting across and people are getting hit.

Of course, it’s challenging to remember the tens or hundreds of passwords that we use on a daily/weekly basis so you need a tool to make the task easier.

The two most popular approaches are either to use a Password Vault – a piece of software that runs on your computer/phone/tablet which securely stores all your vital information and, in some cases, can be used to produce a really strong password every time you need one or you could use a “Seed” word or phrase that you amend every time you need a new password.

For a seed you could think of a line from your favourite song, perhaps the first line of Bridge Over Troubled Water – “When you’re weary, feeling small” for example. Take the first letter from each word – Wywfs and substitute a letter with a number, 5 for s for example, so your seed is Wywf5.

Now let’s image that you want a password for Tesco, take “Tesco”, substitute numbers for letters  – T3sc0, split it and add the letters to be beginning and end of your seed,  T3Wywfs5c0. Now have a password that will take 6 years for an average PC to crack. Add a symbol, such as “!” to the end, T3Wywfs5c0! and it will take 4 million years for the average desktop PC to crack.

That’s your personal security dealt with. If you are worried about security for your business, I can help there too. To learn more please give me a call on 01793 238020 or email andy@enterprise-oms.co.uk to start the ball rolling.

 PS. Just make sure that you have a remote wipe utility installed on your phone/tablet so that you can remotely erase the data should your phone be lost or stolen.

Windows XP – fast becoming a liability

RIP XP, October 25th 2001 – April 8th 2014

Windows-XP becomes a security riskIn a life that’s seen 2 US Presidents, 3 UK Prime Ministers and 3 Popes Microsoft is finally stopping support for Windows XP on April 8th 2014.

According to a survey conducted by Net Applications more than 30% of computers around the world are still running Windows XP. This is mainly simply because “it works” and for many there’s been no compelling reason to change.

However, that time is NOW and it’s because since 2001 Microsoft have been constantly working away

After April 8th this service ceases so when the hackers find a security hole that will enable them to take over your Windows XP PC, without your knowledge they’ll be able to monitor your activity, read your emails, learn your online banking security codes and be “you” if they want to. behind the scenes to deliver patches that resolve reliability issues and fix security holes.

You may never notice until your bank accounts have been emptied, payment demands for loans that you never took out start dropping through your door, or the anti-piracy police come storming in because your computer has been hosting pirated software, films or something much worse.

Windows XP - RIP April 2014Anti-Virus software will protect you from many risks but they’re powerless in this scenario.

So, if you’re using Windows XP and are more than a little concerned about your security it’s time to start thinking about moving on – and it may not simply be a case of buying and installing Windows 8.

  • What about all those programs that you use, will they run on your upgraded operating system?
  • Is your hardware of a sufficiently high specification to support the new version of Windows?
  • What happens if it all goes wrong?
  • Do you have a Disaster Recovery plan in place that’s more substantial than simply backing up your data?

All of these reasons, and more, mean that the time to start planning is NOW. Check your businesses to see which desktops and laptops are still running Windows XP – we know there are loads out there – our web Analytics shows that more than 25% of visitors to our website are still using Windows XP.

We can help with your migration,

  • we’ll talk to you to understand your IT requirements,
  • audit your XP PCs to see which ones can be upgraded and which ones will need to be replaced.
  • audit your software to ensure that there are suitable versions that will run on a more up to date version of Windows
  • help you implement and manage the whole process to ensure that it goes as smoothly as possible.

So, if you are more than a little concerned about your IT security then drop me an email to andy@enterprise-oms.co.uk or give me a call on 01793 238020  to start the ball rolling and to ensure that your network is secure in 2014 and beyond.