Octree Observer

  • Sony accuses DDoS attackers for ruining PlayStation's Xmas

    by : Octree

    Gaming service STILL struggling to return to life

    My son couldn’t wait to unwrap his shiny new Sony Playstation 4 on Christmas morning. The excitement was intense. And then came the time to activate his Playstation Plus subscription to play online and with friends across the Internet. It couldn’t be done! I thought at first it may be a browser issue, then an ISP issue, then a web filtering issue. But no…………it turned out to be a massive DDoS (Distributed Denial of Service) attack initiated by yet another Hacktivist group by the name of Lizard Squad. They did not endear themselves to the general public, and their motives are unclear. But it was yet another assault on the Japanese media corporation - talk about kicking a man when he’s down. Thankfully, for my sanity as much as anything, the network is now back online, and my son is now locked away for hours at a time only surfacing for essential supplies and his ablutions.

    A DDoS is an attack method used to deny access for legitimate users of an online service. This service could be a bank or e-commerce website, a SaaS application, or any other type of network service. Some attacks even target VoIP infrastructure.
  • Hackers now offer '100% satisfaction guaranteed'

    by : Octree

    Cyber-criminals are offering "100% satisfaction" guarantees on stolen credit cards, or they will be replaced

    The underground hacker market has become so commercialised that cyber-criminals are offering "100% satisfaction" guarantees on stolen credit cards, or they will be replaced. An investigation by Dell SecureWorks has also found that, like legitimate businesses, the criminals are selling ‘Hacker Tutorials' which make it easier for ‘newbies' to start planting malware and stealing financial data.

    The report also highlights an astonishing focus among hackers on “excellent customer service”, something many legitimate businesses could aspire to. Like any market which is crowded with multiple vendors selling many of the same products and services, the reputation of the vendor becomes critical to running a successful business. It looks like more hackers on the underground have realised this and are trying to distinguish themselves by offering prompt customer service and ‘100% guarantees' on the stolen data they are selling.

  • Bring Your Own Disaster as UK firms see rising mobile breaches

    by : Octree

    BT Study highlights the threats to businesses with unmanaged mobile devices

    A study from BT reveals that almost half of UK firms (41 percent) suffered a mobile security breach over the last year, with another fifth reporting as many as four incidents in the same time-frame.

    The research reveals that UK businesses are still not taking sufficient security measures to protect themselves from mobile threats – such as lost and stolen devices or mobile malware infections - and this all comes despite the same study revealing that 95 percent of UK organisations now allow their employees to use a BYOD (Bring Your Own) or COPE (Corporately Owned Personally-Enabled) device.

    Some of the findings on mobile security make for shocking reading; just over a third (35 percent) of IT decision makers said that they had a BYOD policy – which is seen by many as the first step in enterprise mobility management - while only 15 percent said that they felt confident they had sufficient resources to prevent a mobile security breach.

  • Retailers are "overconfident" about their security, majority have fundamental gaps

    by : Octree

    Worrying signs for Xmas shopping!

    Just in from Lisa Vaas at Sophos Labs, right in time for the holiday shopping daze: many UK retailers' heads are comfortably buried in the sand when it comes to their cyber security and data protection capabilities, thinking that in spite of not having basic protection and no contingency plans for data breaches, something - maybe magic? - will somehow protect them from malicious cyber-attack.

    In fact, the vast majority - 72% - of 250 UK retail IT decision makers surveyed for the 2014 Retail Security Barometer report, which was conducted by Opinium for Sophos, have failed to implement fundamental security required to safeguard both business and customer data.

    It's not that retailers aren't aware of the increasing risks, and it's not as though retailers don't know how a breach could affect both consumers and their own brand.

    One of many recent examples, this one from across the pond, is US retailer Home Depot, which at the end of last month was facing 44 civil lawsuits across the US and Canada following a huge data breach in September that left 56 million credit cards and 53 million email addresses exposed.

  • UK businesses suffer £10.5 billion in losses due to inadequate IT security

    by : Octree

    The vast majority of UK businesses remain behind the global curve for data protection

    A recent data protection study conducted by EMC revealed the impact of data loss and downtime on businesses across the globe, amounting to over £1 trillion in financial losses annually, £10.5 billion of that in the UK alone.

    Examining organisations across 24 countries — their adoption of various data protection strategies and abilities to fully employ them — the report demonstrates that companies are still unable to successfully meet the challenges presented with emerging data storage, mobile and cloud technologies. In the UK some 200 IT decision makers, in businesses of more than 250 employees, across both private and public sector organisations were interviewed.

    According to EMC, businesses are still quite hesitant to disrupt their “complex” workloads by strategically creating data protection plans. In the UK the vast majority of businesses remain behind the global curve for data protection and maturity, with only two percent cited as “leaders” in the field, and eleven percent as “adopters.” This is especially surprising considering that more than three quarters of UK enterprises are “not confident” of full recovery after a disruption, and already this year 60 percent have suffered downtime and 23 percent suffered data loss in the UK.
  • Information security: 'Not my problem'

    by : Octree

    Non IT directors pass the buck on cyber security.

    Having read this article from Tony Morbin, Editor in Chief of SC Magazine, I could not resist passing it on.

    Awareness for cyber-security as a risk has risen, but as Simon Church, CEO at NTT Com Security explained: “There is still a high level of misunderstanding, indifference and complacency, and failure to rank information security as a critical risk."

    The figures in 'The Global Risk:Value' report back up this view, based on a survey of 800 business decision-makers (not in an IT role) in the UK, Australia, France, Germany, Hong Kong, Norway, Sweden and the US, showing that 19 percent think there would be no significant impact on their revenue from a data breach and 28 percent admit they do not know what the financial implications would be.

  • How secure is your website?

    by : Octree

    Financial services websites suffer the second most number of attacks

    Things do not get any easier for financial institutions, clearly.

     

    According to the latest research websites of financial services businesses are the second most targeted behind only the retail sector. Impervas’s 2014 Web Application Attack Report is based on data collected from real time attacks on applications protected by their web application firewalls over a 9 month period, so no conjecture is assumed.

  • 'Serious threat' as free web apps plant Trojans and ransomware

    by : Octree

    We are being warned of a 'serious threat' from cyber-criminals using free web apps to distribute malware.

    I am pretty sure I’m not the first to admit I have used “freeware” occasionally to achieve some technical objective, and have been less than cautious as to the source, the program or the implications. I just wanted to mount that ISO file to install the app, open a PDF that Adobe didn’t like, edit a photo without ludicrous expense…….you get the gist. And what about the inviting adware?

    Yet are we really sure what we are clicking on, or downloading, isn’t laden with malicious code ready to compromise our systems? It would appear not.

    In a 17 November blog post, Trend Micro says criminals are using the FlashPack exploit kit to target corporate users who download apps supported by adverts. The ads secretly infect victims with a range of malware and ransomware, without the users clicking on malicious links or visiting unsafe websites. Trend has seen attacks being funnelled through three specific malicious domains, with the vast majority of victims so far based in the US.
  • Cybercrime is on the rise!

    by : Octree

    Ponemon Report suggests Cybercrime has increased more than 10% in 12 months.

    The Ponemon Institute completed their annual look at how well companies are coping with cyber-attacks. Cybercrime is up 10.4% over the previous year.

    It's that time of the year: the Ponemon Institute just published their 2014 Global Report on the Cost of Cyber Crime. "Our goal is to quantify the economic impact of cyber-attacks and observe cost trends over time," mentioned the report. "We believe a better understanding of the cost of cybercrime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack."

    5 November 2014 0 Comments
  • ICAEW: businesses are falling further behind cyber attackers

    by : Octree

    Business is not keeping up with cyber risks, says accountancy body

    Businesses are not doing enough to combat cyber risks despite an increased awareness of the need to take cyber security seriously, warn auditors. The ICAEW report, Audit Insights: Cyber Security, says there is a growing gap between business and cyber attacker capabilities, with economic growth and new business activity continuously creating new cyber risks.
  • How to avoid your critical data being held hostage

    by : Octree

    A simple guide to avoiding ransomware

    Ransomware is on the increase, not least because of its extremely lucrative nature. I’ve witnessed first-hand the devastating consequences. Files are locked with very strong encryption and cannot be released unless a ransom is paid. Yet it can be so easy to avoid, just by following some simple guidelines, courtesy of my infosec colleague Tom Tollerton.

    Beef Up User Security.
    Infection starts with a compromised user. Avoiding the installation of malicious software altogether is the best prevention of ransomware, yet unsuspecting and inherently trusting users continue to click on suspicious links and open email attachments from people they don’t know, immediately exposing their computer systems to the risk of infection. Combined with administrative privileges, a malicious file can often install unauthorized software that is difficult to eradicate. If this recommendation could be executed perfectly, there would be no fear of system infection. Unfortunately, human beings will always be the weakest link in the security chain, so we must rely upon the effective implementation of additional layers of protection.

  • JPMorgan hack sees financial services turn spotlight on cyber security

    by : Octree

    The positive side to a major data security breach

    You may or may not be aware that last week JP Morgan Chase reported that 76 million households and seven million businesses had their private information compromised, including customer names, addresses and telephone numbers but excluding financial information. Hackers also obtained internal data identifying customers by category, such as whether they are clients of the private bank, mortgage, vehicle finance or credit card divisions. The breach affected anyone who visited the company’s websites, including Chase.com, or used its mobile application. Follow-up reports have since claimed that the investment bank may have been compromised by a state-sponsored actor (believed to be of Russian origin) which exploited an employee password through a phishing attack to break into a company server.
  • Phishing Scams- Catching Email Users Hook, Line and Sinker

    by : Octree

    Email borne ransomware on the increase

    As reported by our Australian email filtering partner Mailguard Pty, further evidence of the increasing threat of ransomware.

    Another day and another sophisticated phishing scam has hit the headlines. This recent batch of file-encrypting ransomware including CryptoLocker, CryptoWall and CryptoDefense, and botnet kits like Zeus, are all deemed particularly nasty.

  • Londoners agree to give child away in return for free WiFi

    by : Octree

    Hundreds trapped and exposed by fake 'poisoned' WiFi hotspot.

    My thanks to SC Magazine for this article once again highlighting the reckless and carefree way we access public wifi.

    Researchers have exposed the public's “reckless” attitude to WiFi security by trapping hundreds of people in a free “Trojanised” hotspot in London that harvested their account details - and even got people to sign away their first-born child in its terms and conditions agreement.

  • It’s a fact……….small businesses know nothing about cybercrime!

    by : Octree

    SMEs face a relentless barrage of cyber threats today.

    What a way to start the week! A 7.30am Monday breakfast meeting to highlight cybercrime and how it threatens SMEs, organised by our Chamber of Commerce, and hosted by the good people of PwC. Charlie McMurdie was the keynote presenter, formerly Head of Law Enforcement National Cyber capability, Police Central e-Crime Unit, and now Senior Cyber Crime Advisor at PwC.

    And Charlie pulled no punches when, in a hopelessly short period of time, she delivered a whistle-stop assessment and some very high profile examples of the online threat posed by cyber criminals. What is really frightening is how organised these criminal gangs are, as well as astute and skilful computer hackers. And the expectation of almost complete anonymity as well as abundant financial rewards further amplifies their motivation.
  • Why you shouldn’t unsubscribe from emails (particularly this one!

    by : Octree

    5 things you should know about email unsubscribe links before you click

    We all get emails we don’t want, and cleaning them up can be as easy as clicking 'unsubscribe' at the bottom of the email. However, some of those handy little links can cause more trouble than they solve.

    You may end up giving the sender a lot of information about you, or even an opportunity to infect you with malware.

    Of course, not everyone who sends you mail is a spammer and if you know that a sender is trustworthy it’s safe to unsubscribe.

    15 September 2014 0 Comments
  • Just when you thought it was safe to go back in the water………

    by : Octree

    Double whammy as UK users hit by banking and ransomware


    It seems just five minutes ago we were talking about the Cryptolocker Trojan that encrypted data files and then demanded a ransom to “unlock” them. Authorities from numerous countries collaborated to bring down the botnet delivering this malware. And now……

    The new TorrentLocker ransomware and long-established Vawtrak/Neverquest banking malware have both started targeting UK financial industry users.
  • The ex-employee menace: why companies need a security 'exit' strategy

    by : Octree

    Insider threat to corporate data

    Rogue employee, internal threat, security awareness training, internal security, (whatever you can think of that people may use to search!)

    It would appear that few SMEs take the threat of a rogue employee seriously, and even fewer consider the implications after they have left. Yet the threats from rogue access are vast, from lost critical data to compliance failures, leading to potentially crippling damages. Read Edward Snowden as a high profile recent example.
  • The Storm clouds are looming

    by : Octree
    Whilst I am always somewhat sceptical regarding survey data generated by vendors most likely to benefit from the findings, this piece of work does throw up some alarming, and illuminating, statistics that we should all be mindful of. In simple terms, if your cloud provider is failing to meets its regulatory compliance obligations then so are you.

    Only one in a hundred cloud providers is set to meet new requirements on data protection. That's according to research from Skyhigh Networks after examining provisions taken to support the EU General Data Protection Regulation, due to be passed this year and take effect in 2015.

  • How to Weaponise your Pets

    by : Octree
    I must credit Lisa Vaas of Sophos for this story, however whilst extremely amusing the ramifications are very serious indeed.
    For 3 hours last month, a Siamese cat named Coco stalked a suburban neighbourhood.
    The mighty Coco's hunting was fruitful that day.
  • Cyber Essentials - could it be the glue for SME Internet Security?

    by : Octree
    Having attended a presentation by Richard Bach, Assistant Director for Cyber Security at the Department for Business, Innovation and Skills, it is refreshingly clear that the Government is finally taking information security for small businesses seriously. The announcement, on 5 June this year, that the government was introducing the Cyber Essentials Scheme, aimed primarily at small businesses, was a welcome tonic for what is an often a neglected sector generally. But is it really the solution, or yet another elephant in the room?
  • Germany considers replacing email with typewriters to evade spying

    by : Octree
    According to The Guardian, the head of the Bundestag's parliamentary inquiry into National Security Agency (NSA) activity in Germany - Christian Democrat politician Patrick Sensburg - said in an interview with Morgenmagazin TV that he and his colleagues were considering tossing email completely.
  • GOZeus, Cryptolocker and other deadly creatures (Part 2) [And how to avoid them]

    by : Octree
    I sincerely believe I would be hard pushed to find a business owner / partner / manager who has not been beaten around the head with news of the latest cash stealing, file locking trojan that is infiltrating computer systems on a global and prolific scale. Not least because every news medium, whether online, hard copy or television, as well as a plethora of industry newsletters and periodicals, has covered the threat story in some detail and at considerable length. The FBI has also given us two weeks until the end of the world! And, we have also witnessed, possibly for the first time, government departments and business advisory networks such as the Federation of Small Businesses (FSB) highlighting this highly dangerous and very real threat in isolation.

  • Cloud computing – Is the Cloud right for my business?

    by : Octree
    The world is abuzz over cloud computing--using virtual servers available on demand over the Internet. But the truth is not every small business needs to operate "in the cloud." Before you make the move, or someone convinces you to make the move, consider these five criteria, care of Philip McKinney, vice president and chief technology officer of Hewlett-Packard's Personal Systems Group.

    How Fast Is Your Business Growing?

    Investments in hardware and software typically follow a stair-step pattern. Incremental outlays often lead to too much capacity; that's why utilization rates for IT systems tend to be low--30% to 40%. Cloud computing can more smoothly match technology expenditures with a company's natural trajectory. Fast-growers tend to be good candidates for the cloud, as are those with choppy or seasonal demand. Stable, predictable outfits that feel more comfortable with keeping systems in-house might be better off staying pat.

  • Don’t wash your confidential data in public!

    by : Octree
    Hackers Target Public Wi-Fi to Steal Corporate Data

    It is widely accepted that public Wi-Fi hotspots – those found in well-known tax avoiding coffee shops, airport lounges, trains, and hotel lobbies to name but a few locations – are delivering rich pickings for hackers wanting to steal corporate data, financial information like credit cards, and login credentials that are more than likely replicated across multiple web apps and sites.

    14 May 2014 0 Comments
  • Always Picking On The Little Guys!

    by : Octree
    For those of you still believing that data protection and information security is exclusively within the realm of large corporates, and that they are the most likely (no, only………..) target of the cybercriminals’ attention, then you really do need to consider the facts. Ignorance is no better an immunisation against the plethora of threats that may be exploiting your data system vulnerabilities, as telling the traffic cop you didn’t realise you were going so fast.

    9 May 2014 0 Comments
  • Half of UK businesses unaware of new EU data laws

    by : Octree
    So according to research carried out by Trend Micro more than 50% of UK businesses are completely unaware of their obligations under the new European Data Protection Directive.
    • Of the 250 British respondents in the survey, 50% were completely unaware of the impending legislation.
    • Just 10% said they fully understood what steps their organisation needs to take to achieve compliance.
    • More than eight in ten British respondents (85%) believe their organisation faces significant challenges in order to comply with the data protection regulation. 25% said they don’t even think it’s realistic to adhere to.
    • Lack of employee awareness (44%) and restricted resources (31%) were highlighted as the biggest barriers.
    If the regulations are broken, fines could be as high as €100million or 5% of global revenue (speculation does surround this figure however it will be significantly higher than the ICO can administer currently). What is certain is the measures are intended to be "effective, proportionate" and, most notably, "dissuasive".
    7 May 2014 0 Comments
  • The dangers of not migrating from Windows XP

    by : Octree
    Microsoft has for some considerable time confirmed that support for their most successful operating system to date is being retired, says Tim Rains.

    This has created a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft. It seems that some people are failing to grasp the significance of this landmark and are not intending to replace until hardware fails.
    11 April 2014 0 Comments
  • Someone just locked your data files and threw away the key - Cryptolocker, HowDecrypt and other deadly creatures

    by : Octree
    Today I was introduced to a very concerned financial adviser who had unwittingly (and unwillingly) infected his company’s server with the Howdecrypt trojan encryption ransomware. I must stress this is not just a nuisance infection, as John Doe IFA had hoped, but a full blown, highly advanced file encryption process that effectively locks your data files with an unbreakable key stored on the attacker’s control server rendering your files (and your clients’ files) unreadable. That may still mean very little to you however once contracted it is nigh on impossible to counter, and you may well feel inclined to pay the ransom demand as requested, in Bitcoins no less.
    26 March 2014 0 Comments
  • Could your Financial Services firm be more at risk of a successful cyber-attack?

    by : Octree
    For those of you who think cutting corners on information security or avoiding your legal and regulatory obligations is cost effective, you might want to think again.

    Cybercrime is all about the money, reports John Lawes of Infosecurity company Sophos. It motivates most cyber crooks, from hackers penetrating company networks looking for information to sell or exploit, through the operators of online underground marketplaces, to DDoSers hired to take out a rival firm's web infrastructure.
    23 March 2014 0 Comments
  • 10 factors to consider when selecting your IT Support Company

    by : Octree
    I am frequently asked what business owners should look for before outsourcing their IT to an IT support company, or any company that you plan to outsource to for that matter, before engaging with them. So I have put together a checklist of useful criteria to consider when selecting an IT support company for your business. This is by no means an exhaustive list but designed to provide a suggestion, in no particular order, of factors to look at....
    19 March 2014 0 Comments
Octree Cyber Essentials
Cyber security – don’t know where to start?
Talk to Octree, specialists in helping SMEs achieve Cyber Essentials status.
GDPR Survey

Recent Posts

Blog Categories

Blog Archive