Month: September 2016

Following the news that hackers used IoT devices to conduct the largest DDoS attack in history on the French hosting company OVH, here is a comment from Lee Munson, security researcher for Comparitech.com:

“The recent OVH DDoS attack has highlighted two key security issues, neither of which looks like being addressed any time soon.

The first is the number and scale of DDoS attacks that have been taking place recently.

Gone are the days when a few script kiddies would shackle a few computers together to flood an individual’s blog into an overloaded pocketful of submission – nowadays it’s all about huge botnets and corresponding services that can be hired by the hour, by bandwidth or based on results.

Secondly, it is all about the Internet of Things, that marvellous evolution of network-enabled household items that promise oodles of goodness to homeowners while, years on from its inception, still concerns those of us in the security industry who have long warned of manufacturers who consider the risks too late in the development cycle, or not at all.

Until governments regulate IoT devices, or manufacturers at least consider more than the bottom line, cameras, fridges and toasters around the world will continue to offer themselves up as willing slaves to botnet command and control centres, waiting to be unleashed on Krebs on Security or any other website that a bad actor wants to take down.”

(176)

As cybercriminals create new pieces of malware, security researchers and white-hat hackers are fighting back by analysing this malicious software, usually by running virtual machines.This is done so the real system of the researchers will not be infected, and the malware can easily be terminated just by turning off the virtual machine.

However, it was recently discovered that malware writers are finding a way around this, by looking for the absence of documents to find out which systems are potential victims, and which ones are just being used for experimenting and analysis.

“There has been a long history of malware attempting to detect that it is running under observation and “going dark” to hide its presence and hence avoid revealing how it operates. Many anti-malware products rely on being able to observe the execution of malware and hence identify malicious files vs safe ones, so an arms race has developed between malware authors and security companies. Some malware tries to look for identifying features of various sandbox and virtual machine implementations, others have tried to detect debuggers or other tools used by security researchers. Even more common is for malware to try to avoid automated malware detection devices by trying to check whether there is actually a user present, by observing mouse movements and clicks.

This newly identified approach is a simple next step in the ongoing arms race, with malware simply observing the environment it is executing in to determine whether it looks too pristine to be a real end user system. Security researchers will respond by trying to make their observation environments look more like real systems by copying in fake documents and other files. This might fix things for a little while, though it’s a fight where malware authors have huge advantages over the security community — thy can create new evasion techniques extremely cheaply.

Certainly any truly sophisticated nation-state class malware will be evading detection routinely, and no one will be any the wiser. The only way to defeat such threats is to take a different approach, one that doesn’t rely on detection. Isolation through CPU virtualization is such an approach, which is why recent announcements such as Microsoft’s Windows Defender Application Guard are particularly important, coupled with other micro-virtualization approaches.”

-Ian Pratt, CEO and co-founder at Bromium

(159)

Following on from the Yahoo breach last week, Democratic Senator Mark Warner has asked the U.S Securities and Exchange Commission to investigate whether Yahoo and its senior executives fulfilled obligations to inform investors and the public about the hacking attack that affected 500 million user accounts.

Commenting on this news below is Andy Green, Senior Technical Specialist at Varonis, who believes Yahoo would have been facing substantial fines if the upcoming GDPR laws were already in place.

“Under the current EU Data Protective Derivative (DPD), there is no breach notification requirement, which was one of the main motivations for the new General Data Protection regulation (GDPR) that will take effect in 2018. If the GDPR were currently the law and Yahoo hadn’t reported the exposure of 500 million user records to a DPA within 72 hours, it would face massive fines. With a violation of the GDPR’s article 33 reaching as high as 2% of global revenue, Yahoo could have been on the line for more than $90 million.

“Considering that Yahoo reportedly found out about the breach back in the summer, and the hack appears to have happened back in 2014, this is a clear case of breach violation under the GDPR. As the law is being brought in to compel companies to report breaches just like the Yahoo one, we would hope it would have forced them to come clean as soon as they found out. “

(84)

This year INsig2 LawTech Europe Congress is again taking place in Brussels, 7-8 November. Congress sessions are relevant as they include but are not limited to the topics listed below:

New General Data Protection Rules
New TAR (Technology Assisted Review) Rulings in English and Irish Courts
Forensics Strategies & Cyber Security   Vulnerability Issues
Competition Law
Artificial Intelligence (AI)
Digital Fraud Forensics
Data Analytics
Digital Forensics
Cyber Security

As an additional incentive for our members, they would like to offer 30% off their registration fee of 390 EUR with discount code PLBN43.

For more information about the event, please visit the website at http://www.lawtecheuropecongress.com

(47)

A Nottingham data centre can now offer public sector organisations even more security after becoming an approved G Cloud supplier.

Space Data Centres will be able to provide services such as secure colocation to the public sector, by providing infrastructure that enables software developers to supply software that underpins the UK government and our economy and protects them from malicious cyberattacks from the likes of Ransomware.

The G Cloud is a purchasing framework that allows UK public sector organisations to select and purchase Infrastructure as a Service (IaaS), Software as a Service (SaaS), Platform as a Service (PaaS) and specialist Cloud services from approved suppliers.

Andy Gilbert, head of business development at Space Data Centres, said:

“Acceptance is governed by a strident application process so this is quite an achievement for Space, most suppliers can just tick a box to say their service meets the requirement (Service provider assurance).

“As we are a service provider, compliance is much harder to attain due to the nature of the information and services required by the public sector.

Government data is one of the most valuable information assets on the planet and as such must be protected from unauthorised access and use, says Andy.

He added:

“Data may contain information deemed beyond top secret, data that in the wrong hands could have devastating effects on the population and security of the nation.

“A regular business customer would probably be the only person or organisation affected by a loss of information or a breach to their system. Space can now provide the same level of security, protection and care given to public sector clients to our existing and future business customers. There is no distinction in protection level, only in content.”

Building on the policy and procedure created by Space during the development, implementation and successful operational audit of their UKAS ISO27001 Information Security Management certification, Space Data Centres can now supply Infrastructure as a Service (IaaS) to government and the public sector.

Andy said:

“We were able to demonstrate sufficient physical and virtual security to satisfy the relevant audits. Which, in turn allows Space DataCentres to provide this same level of confidentiality, integrity and availability of information to business of all sizes across the region.

“Enterprise class security of infrastructure and business information is now available right here in Nottingham, Space Data Centres has been designed to benefit local business, affording them the same Government level security, with local support and most beneficially, local pricing.”

(123)

Grange Holborn Hotel, LONDON – Widely recognised as a world leader in the promotion of biomedical science, Sir Mark Walport, Government Chief Scientific Advisor, will open the Forensic Science Technology Showcase in London on 20 October.

The showcase is an annual highlight for the Forensic Science Special Interest Group, supported by the Knowledge Transfer Network, and regularly attracts over 100 delegates each year, including forensic science service providers, scientific support managers and Home Office staff.

Featuring a mixture of presentations and exhibitions, the showcase highlights the latest research and developments in forensic science, providing an opportunity for developers and researchers to exhibit and discuss their work with end users, as well as meeting potential project partners.

The morning will feature short talks and pitch presentations from the exhibitors; with the afternoon dedicated to the exhibition, offering plenty of time to network and make new connections.

(166)

Kaspersky Lab has investigated investigated how cybercriminals could exploit new ATM authentication technologies planned by banks. While many financial organisations consider biometric-based solutions to be one of the most promising additions to current authentication methods, if not a complete replacement for them, cybercriminals see biometrics as a new opportunity to steal sensitive information.

Commenting on this research, Robert Capps, VP of business development at NuData Security said “We couldn’t agree more with Kaspersky Lab’s comments around the importance of protecting your physical biometric data from theft and misuse. Although the security world is desperate for new and improved authentication techniques, Olga Kochetova is absolutely right that physical biometrics have the added persistent risk of lifetime vulnerability attached to the method that other authentication methods simply do not have.

Fingerprints, irises and faces cannot be changed, but can easily be reused in a non-face-to-face authentication. How better to illustrate this example than a WikiHow step-by-step guide on how make fake fingerprints. As Kaspersky correctly states, facial recognition can be spoofed from social media, and it won’t be long until retinal skimmers are recording your eyes. If physical biometric authentication becomes widespread online, the skimming of physical biometric data will become big business – with far greater impact to consumers.

Physical biometrics has value as a single-touchpoint in a face-to-face transaction where we can leverage additional authentication tests. However, the persistent risk to the consumer is enormous compared to the value of the transaction. Would you trade a lifetime of risk associated with your facial scan or thumbprint to transfer $50 into your savings account through online banking? It’s this type of risk evaluation these verification systems are asking customers to make – often without the consumer being fully aware of what’s at stake. For those that might have the foresight to try and protect their identity, credit monitoring or identity protection services just aren’t enough when it comes to physical biometric identity theft.

The good news is, there is technology that can decipher the difference between fraudsters and real customers. Banks and FI’s using behavioural biometrics stop fraudsters in their tracks by identifying suspicious activity even before transaction, and do it in a way that doesn’t upset customers. As opposed to physical biometrics, behavioural biometrics can’t be spoofed or mimicked because it uses hundreds of unconscious behavioural signals amassed over time to build a risk profile of the user.

Behavioural biometric systems know who is a legitimate user by how they behave, in contrast to a potential fraudster with the right credentials or stolen biometrics. So, even if the fraudster has your spoofed fingerprint, facial scan and all of your account information, banks using behavioural biometrics can determine the real actor behind the device or fingerprint. In this way behavioural biometrics outshines physical biometrics and leaves consumers at no greater risk.”

(114)

A NATIONAL crime-reporting platform that uses powerful ‘digital detective’ technology to help retailers save police time and effort in collecting evidence is turning its attention to fuel thieves.

Theft from petrol forecourts, including so-called ‘drive off’ offenders increasingly operating in organised gangs, and motorists who claim to have no means of payment, has reached record levels.

Facewatch, working in a new partnership with Forecourt Eye, is planning to roll out its technology to petrol retailers nationwide. The platform includes a secure cloud-hosted automatic number plate recognition (ANPR) system linked to CCTV cameras to identify suspect vehicles and send out automatic alerts to warn retailers of potential fuel theft threats.

Latest figures presented to the Home Office estimate around one million incidents are reported in the UK annually, costing petrol retailers more than £31 million* in total – an average of £3,600 per forecourt.

Facewatch Founder and Chairman Simon Gordon said:

“Facewatch’s partnership with Forecourt Eye heralds a new era in the crack down on fuel theft. Using our technology, businesses can upload CCTV footage, images and information about suspects to compile digital evidence files, including witness statements, which can be instantly reported to police.

“Subscribers can also share pictures and number plates with local forecourts and use our secure Cloud based Automated Number Plate Recognition (ANPR) system to receive alerts when known offenders drive into their forecourt. The next step in our development is to combine this with facial recognition software, which is being tested and will be ready to deploy within weeks.”

Forecourt Eye is an industry response to a growing crime wave and as well as its partnership with Facewatch, the company works closely with the Petrol Retailers Association (PRA) to reduce criminal activity and improve safety of employees.

Nick Fisher, CEO of Forecourt Eye, commented:

“Our system allows the forecourt industry to take steps to tackle a fast-growing menace that is costing retailers millions of pounds every year. The sophisticated online tools we provide also offer enhanced protection for forecourt staff, providing an instant and direct link to police that improves conviction rates and acts as a very visible and effective deterrent.

“We believe this is one of the most significant advances in crime-prevention in the petrol retailing industry in decades.”

Facewatch enables organisations to report crimes online and submit moving and still CCTV images as evidence to the police, as well as share this imagery between businesses in related subscribed groups (in compliance with Data Protection guidelines) to reduce crime.

Since Facewatch was founded in 2010, it has worked closely with police throughout the UK and has achieved “Secured by Design” status, the official UK Police flagship initiative restricted to companies or products that have been successfully tested to exacting standards.

Facewatch enables crimes to be reported to any police force in England and Wales and for the user to receive an official police crime reference back within 72 hours.

Facewatch’s facial recognition technology has been launched in partnership with Allevate’s cloud-hosted Face-Searcher service, initially in Brazil. Following extensive testing, Facewatch is now gearing up for its UK launch.

The new feature will enable Facewatch subscribers to instantly and automatically share their images of ‘subjects of interest’ to watch lists, thereby allowing real-time alerting if someone entering a premises is a known offender.

(90)

XPATJobs, the UK’s biggest online careers website for international jobseekers, has launched its new online IT-specific jobs board which allows users to search for, and place, new jobs and find the skilled professionals they need no matter where in the world they are based, all via a single portal.

findajobinit.com is a one-stop shop that links skilled professionals in the technology sector with IT organisations across the world.

Supported by the company’s industry-leading XPATJobs.com site, which sees 100,000 jobs posted each day, findajobinit.com will provide employers and hiring managers with access to a network of more than 1 million registered jobseekers across 150 countries.

Rhys Maddocks, managing director of XPATJobs, said: “With skilled talent in short supply, employers continue to look beyond national boundaries to secure the talent they need.

“But with an ever-growing number of online sources available, the actual sourcing that talent is increasingly becoming a logistical nightmare for many hiring managers.

“We have spent considerable time working on providing a solution that is both highly targeted and has a global reach. This significantly reduces the employers time-to-hire as they can quickly find the right person for the right role at the right time – it is a recruitment solution that extends beyond their immediate geographical boundary.

“Conversely, job seekers can easily find the right role with the right company and in the right location. The site will provide them with unrivalled access to the latest and largest choice of jobs that are available for skilled professionals looking for their next role both here in the UK and overseas.”

The new job board will serve as a leading careers destination for jobs across the full range of disciplines and incorporate the same functionality as the XPATJobs.com site: Their intuitive systems enable users to conduct a quick search for their ideal role, while the simple registration process offers easy CV uploading and a straightforward application process in addition to providing daily or weekly (depending on their preferences) alerts featuring jobs that match their specific requirements.

“XPATJobs has enjoyed strong growth in recent years and launching this IT-specific careers portal is a critical step in our plan to strengthen and grow our existing position in the market,” said Mr Maddocks.

“Using the knowledge, expertise and of course the technology that powers XPATJobs, employers and hiring managers will have access to a wider pool of available talent without having to purchase additional licenses to search databases of candidates outside of the UK.”

The site offers easy job posting at highly competitive rates as well as access to the largest network of candidates searching industry-specific overseas roles.

(70)