BlackBerry awarded Cyber Essentials Plus certification from the UK Government

BlackBerry has now announced they have become the first major mobile vendor to receive the new Cyber Essentials Plus (CE+) certification from the UK Government. Additionally, BlackBerry has announced they are now an accredited certifying body for Cyber Essentials Plus, with the certification being offered through BlackBerry Cybersecurity Services.

Click here to read the full story…

26% of British businesses ‘have no protection against cyber attacks’

Although businesses understand the importance of digital innovation, they aren’t prepared for the challenges

Almost a third of UK businesses are not sufficiently prepared against a cyber attack, research by software and services provider Advanced has revealed.

Additionally, 46% of companies don’t view data security as a priority when deciding which systems and software to adopt when furthering their digital presence.

“Digital innovation presents a huge opportunity for companies and our economy, but it also goes hand in hand with a need for greater emphasis on cyber security,” Tom Thackray, CBI Director for Innovation, said.

“Cyber resilience is a growing priority for all businesses, and the challenge now is to move from awareness to action. It’s important that businesses in all sectors – from manufacturing to retail – truly understand digital technology’s potential, from the boardroom to the shop or factory floor.”

Click here to read the full story…

The 5 essential steps to keep your business safe online

BUSINESSES from across the West Midlands heard from cyber-security experts at a seminar held by TheBusinessDesk.com, in association with Worcestershire Local Enterprise Partnership and IComm. The panel, chaired by TheBusinessDesk.com’s editor Alex Turner, included Emma Philpott, the chief executive of cyber-security certification body IASME, Steve Borwell-Fox, managing director of Borwell, cyber-crime protection officer Det Sgt Chris Greatorex, and Icomm Technologies’ Mark Lomas.

Click here to read the full story… (requires free signup)

New Information Security standards published through the Tech Partnership

A new set of National Occupational standards for Information Security was published this week by the Tech Partnership, defining in detail the capabilities required for trainees and professionals to work in the field.

The standards, built through consultation with employers from across the UK, also provide the building blocks for qualifications and training in Information security roles, helping to shape and benchmark relevant courses.

The information security skills shortage is among the most serious facing the tech sector. Recent Tech Partnership research showed that 95% of organisations identified gaps in their workforce’s cyber and information security skills, and with security breaches very much in the news, the situation remains serious.

Click here to read the full story…

Three quarters of firms unable to deal with cyber threats

Less than a quarter of firms are ready to deal effectively with a cyber-attack, according to new figures.

The annual Global Threat Intelligence Report from NTT Group revealed that just 23 per cent of businesses have a strategy in place to respond to threats to data security, with the retail and hospitality sectors the hardest hit in 2015.

Click here to read more…

Cyber-criminals becoming increasingly professional

Cyber-criminals targeting the UK are becoming increasingly professional and have a sophistication almost on par with nation-state hackers, according to a recently published report.

According to Symantec‘s annual Internet Security Threat Report (ISTR), there has also been an increase of 125 percent in zero-day vulnerabilities globally, with half a billion records lost as a result of data breaches.

The report also ranked the UK as the most targeted nation for spear-phishing attacks, and second most targeted nation with social media scams. The country was also ranked as third most targeted nation for ransomware.

According to the report, criminals are adopting corporate best practices and establishing professional businesses to increase the efficiency of their attacks against enterprises and consumers. It said that this spanned the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fuelling the growth of online crime.

These more professional criminals were among the first to use zero-day vulnerabilities, using them either for their own advantage or selling them to lower-level criminals on the open market where they are quickly commoditised.

The report said that malware had increased at a “staggering rate”, with 430 million new malware variants discovered in 2015. It added that the volume of malware proved that professional cyber-criminals are leveraging their vast resources in an attempt to overwhelm defences and enter corporate networks.

“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” said Kevin Haley, director, Symantec Security Response. “We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams.”

Ransomware attacks also increased by 35 percent with this form of attack broadening its attacks beyond PCs to smartphones, Mac and Linux systems, with the UK suffering up to 2215 attacks per day, the third highest in the world.

Fake technical support scams saw a 200 percent increase last year, with the UK the second most targeted nation globally, suffering 7,672,112 attacks in 2015.

Rob Holmes, SVP and general manager of email fraud protection at Return Path, told SC Magazine that the UK is a prime target for cyber-criminals due to the fact that a growing number of businesses are moving online.

“We are seeing a trend of small, medium and large organisations engage with their customers in the email channel and some financial services organisations are rejecting operating in the physical world altogether, choosing instead to operate digitally,” he said.

Jonathan Martin, EMEA operations director at Anomali, told SCMagazineUK.com that the only reason the UK would be the most targeted nation for spear-phishing attacks is because attacks are working, and criminals are seeing an above average number of click-throughs as a result of previous spear phishing.

“Remember that there are various degrees of customisation and personalisation that go into a spear-phishing attack. At the sophisticated end, criminals will handcraft messages to targeted individuals and will include code with a specific, possibly exact, purpose. Towards the less sophisticated end, criminals will craft messages that may look personalised but are sent to a larger number of recipients,” he said.

Piers Wilson, head of product management at Huntsman Security, said the best approach to remaining secure is to monitor systems in real-time for any unusual activity or suspicious behaviour that could indicate a breach is in progress.

“This can enable security teams to sweep in and shut down any access before hackers can do any serious harm. Furthermore, in light of the growth in the volume of attacks, these systems will also need to be embedded with artificial intelligence that enables much of the resolution process to be automated, freeing up security teams to concentrate on tackling the most severe threats.”

Are fake mobile phone masts listening to you?

Investigation finds evidence of ‘Stingray’ technology in use in the capital

FAKE MOBILE PHONE MASTS are being used to snoop on Londoners’ phone conversations, according to a report on Sky News.

A Sky News investigation has found that communications in the capital city are being intercepted using ‘Stingray’ devices that mimic mobile phone masts in order to listen in on users’ calls without their knowledge.

The surveillance technology is used by police agencies worldwide to target the communications of criminals, but it also collects the data of all other phones in the area.

The news outlet used a system made by German security company GMSK Cryptophone to look for signs of Stingray, or International Mobile Subscriber Identity (IMSI) catchers, across London over a three-week period.

Click here to read the full story…

Life is Short Hacked!

Here is an article that goes some way to showing that the more private the data, the more attractive it is to attackers.

Infidelity site Ashley Madison hacked as attackers demand total shutdown

Site’s hackers claim 37m personal records have been stolen from notorious dating site, with Cougar Life and Established Men also compromised

Hackers have stolen and leaked personal information from online cheating site Ashley Madison, an international dating site with the tagline: “Life is short. Have an affair.”

The site, which encourages married users to cheat on their spouses and advertises 37 million members, had its data hacked by a group calling itself the Impact Team. At least two other dating sites, Cougar Life and Established Men, also owned by the same parent group, Avid Life Media, have had their data compromised.

Click here to read the full story…

Android users in exposure to Stagefright

Android users are being warned to switch off the MMS (Multimedia Messaging Service) features on their phone following the discovery of the Stagefright exploit that has left up to 95 percent of all Android devices open to attack by hackers.

Simon Mullis, global technical leader at FireEye, told V3 that the flaw is very serious and that individuals and businesses must be aware of the threat.

“The sheer range and number of devices and therefore end-users affected, and the fact that no user interaction is required to become compromised, make this a very serious set of vulnerabilities indeed,” he said.

“Stagefright represents significant risk to the individual end-user. The contents of your phone are ripe for abuse (think photos, camera, contacts etc). It represents a more significant risk to organisations that allow BYOD free-run on their networks.”

Mullis added that, given patches are unlikely to arrive any time soon, users should switch off MMS to reduce the risk.

“The final straw is that it’s estimated that this has been around for five years. You can be sure that phone makers are hurriedly releasing patches for this as soon as they can. In the meantime, maybe you should switch off all MMS,” he said.

Click here to read the full story….