Page 2 – DFM Blog, the authoritative blog on all matters concerning cyber security & digital investigations

UK Government Announces New UK Cyber Security Council

Posted on 9 February 2021 by Admin

The UK Government announces new UK Cyber Security Council “to boost career opportunities and professional standards for the UK’s booming cyber security sector”.

The new UK Cyber Security Council announced today by the UK Government follows an initiative started in the 2015 UK National Cyber Security Strategy “developing the cyber security profession, including through achieving Royal Chartered status by 2020, reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy”. Though the aim for the Council to achieve Royal Chartered status by 2020 has not been met, the achievement of establishing the Council is certainly a major step forward.

Following the publication of the 2015 National Strategy in early 2016 the WCIT and BCS worked to bring together a group of 17 organisations to form the Cyber Security Alliance.

This Alliance recognised that the establishment of the council, whilst much needed, could also be significantly disruptive if full engagement with industry professionals and academia was not carried. The Alliance set out to engage with DCMS and NCSC as discussions and public consultations were carried out. The result was the Alliance being awarded a grant and contract in August 2019 to establish the UK Cyber Security Council through its lead member the IET following an open competition process.

The significant amount of time and effort by individuals from both Alliance member and non Alliance member organisations is hard to quantify, but is significantly greater than the amount of grant funding awarded and that the council development has reached such an advanced stage within the contracted timeframe is a testament to their professionalism and commitment.

The Council is to be formally launched on the 31st March 2021

Work continues to prepare for the launch. The launch is but the end of the project to deliver the council, the real work then begins to establish the Council as a credible professional body that will represent those that work in the cyber security industry. DFM wish the new trustees charged with firmly establishing the council and moving it forward, good luck in their endeavours.

(188)

2021 To See More Successful Security Attacks

Posted on 17 November 2020 by John Walker

“In the period of 2021 more successful security attacks and compromise will be encountered, with many high profile organisations, in multiple sectors falling on their own sword of insecurity, and will thus pay the price of the reactive style of a supposed security posture. Sadly, 2021 will not be the year we see real steps taken toward Cyber Resilience – but it will be the year in which we finally see a more serious mindset toward addressing cyber insecurity with a proactive security posture.”

Developed back in the 1830/1840’s by Samuel Morse and other collaborating inventors, the telegraph revolutionized long-distance communication. It worked by transmitting electrical signals over a wire laid between stations, and changed the nature of communications forever – in fact it was commented by one authority:

“The new technologies will bring every individual into immediate and effortless communication with every other, and will practically obliterate political geography, and make free trade universal. Thanks to technological advance, there are no longer any foreigners, and we can look forward to the gradual adoption of a common language.”

Powerful words, linked to positive aspiration. However, stepping forward to the invention of the Internet by Sir Timothy John Berners-Lee, not only may we track our all encompassing technological progress, but equally may note that the outcomes have not always been so positive, with the advent of cyber insecurity.

From the Genesis period of the Internet Revolution there was always a very real concern that such a multi-faceted world on interconnectivity should dictate a very firm need for security in the uncontrolled space of the World Wide Web (WWW) – it did not. In fact such early concerns were around the area of the Internet naming and numbering authority – or, to put it bluntly the root authority. In that era, John Postel was, like many are today, fighting to prove the dangers of lacklustre controls, and on 28 January 1998 decided to take action, and took control, sidestepped Network Solutions and demonstrated that he could transfer root authority whenever he chose to – this made those in control sit up and take note.

So just what has the histrionics of the Internet got to do with the WWW today – answer, the simplicity of John Postels early concerns are now maximised to an unprecedented level with complex interwoven connectivity, with potentially millions of domains across the world being maintained in a vulnerable and exposed profile.

Along the path to exploiting what is referred to as the Super Highway, multiples of global organisations, and governments have embraced this easy to empower technology to their own singular advantage. However, as this eager embracement grew, it would seem in the majority of cases, those who were chasing the benefits of the Internet were unaware of the Genie of Insecurity which was gradually creeping from the lamp and entering their domains.

As of 2020 there are around 2 billion websites running on the net, so just imagine if 10% are insecure – that amounts to 200,000,000. However based on what has been discovered from a number of sample surveys conducted with WHITETHORN SHIELD that number would seem to be very much on the low side – with 25% being a more realistic percentage, the end number of insecurity is now scarcely significant.

What really changed the world of cyber was the appreciation and practice of OSINT (Open Source Intelligence) which goes well beyond the element of the IP address to discover titbits of unknown unknowns which can expose even the most secure of sites – titbits gathered from multiple sources may then be leverage to paint a aggregated big picture, Cuckoo Egg style off-line acquisition of dark intelligence metrics which may be used to further expose and exploit further insecurities.

In 2020, much work has been done by Cybersec Innovation Partner with their cutting edge WHITETHORN SHIELD engine, and findings gathered from both commercial and government sites are to be observed with the question – how can this be? The findings not only suggest there is a potential for cyber insecurity to exists on multiple site, but goes well beyond and prove that these discoveries are fact. The problem seems to be, nobody is willing to listen – that is until such time they are compromised!

(435)

Insurance Nexus by Reuters Events Releases the Connected Auto Insurance 2020 Report

Posted on 1 March 2020 by DFM Team2

The automotive sector is on the cusp of a huge wave of change, rivalled only by historic moments such as Ford Model Ts rolling off the construction line or the deep-seated impact of the 1973 oil crisis. This time, however, it is not just one technological frontier disrupting the sector, but multiple innovations that are already making their mark.

Insurance Nexus by Reuters Events have produced the Connected Auto Insurance 2020 report to make sure Auto insurance businesses; personal or commercial, can deliver on customer expectations and maximize the opportunities that available technologies like telematics, IoT, AI and analytics offer.

As well as gaining insight from over 1200 North American insurance executives, get the detail on what this means for an insurance organization from industry experts, including:

Shannon Lewandowski, Innovation and Digital Team – IoT, American Modern
Lorenzo Morganti, Big Data/AI Senior Project Lead, AXA
Glen Clarke, Head of Transformational Propositions, Allianz
Eugene Y. Wen, Vice President, Group Advanced Analytics, Manulife
Amrish Singh, Vice President of Product, Enterprise, Metromile
Allison Whittington, Head of Housing, Zurich Municipal

And many more…

Download the report now

By downloading the report readers can discover the vital strategic steps you must take in 2020 in order to keep pace with an ever-evolving Auto insurance ecosystem; validated by industry statistics based on 1200 insurance carrier executives and technology leaders.

Justify next steps for investment with 7 easy-to-decipher infographics that clearly demonstrate technology trends, carrier ambitions, investment strategies and partnerships and learn from your peers through 3 in-depth case studies focussing on ‘Open APIs Open Up Business Opportunities,’ ‘Tracking Through Tags, Pulses and Apps,’ & ‘Enabling Mobility-Based Insurance.’

You can also access exclusive viewpoints including James Spears’ take on ‘OEMs Muscling In: The Battle for FNOL’ so that your next step towards OEM collaboration is informed and profitable.

Understand the ‘state of the industry’ and where it’s heading through a wealth of articles, commentary, and debate on the impact of OEMs and how carriers will respond, new models of car ownership, autonomous vehicles and commercial fleet developments so that you remain on the cutting edge.

Have any comments? Get in touch and learn about the Auto Insurance USA conference, April 16-17, Chicago. Website viewable here: https://events.insurancenexus.com/auto/

(170)

Cyan Forensics Announces New Chair to Lead Venture into the Next Stage of Growth

Posted on 29 February 2020 by DFM Team2

Cyan Forensics – the Edinburgh-based company aspiring and working towards a world where there is no place that harmful digital content can be easily hidden or shared – has announced that Paul Brennan is taking over as chair to guide through its next level of growth.

Cyan Forensics’ digital forensic analysis tools finds child sexual abuse images on devices within minutes and their product is currently being rolled out to police forces across the UK. Its products can also be applied in the field of counter terrorism and by social media and cloud companies to find and remove harmful content online.

Brennan offers a wealth of commercial experience helping to steer technology organisations into the international arena, with particular focus on the US and Europe. Former chair Simon Hardy will remain on the board continuing to bring with him experience from more than a decade of providing high technology solutions to law enforcement worldwide. Hugh Lennie, Cyan Forensics’ Chief Finance Officer (CFO), also joins the expanded board line up to bring his extensive experience of building, growing and exiting businesses.

Paul Brennan, new Chair of Cyan Forensics, comments: “I am delighted to have the opportunity to help shape Cyan Forensics’ forward momentum. Cyan Forensics’ technology has multiple applications to offer solutions that can make a real difference to protect people from online harms. The company has seen much success in its first three years’ of business and I look forward to supporting their expansion following a recent contract with the UK Home Office and into new markets in Northern Europe and the US.”

Ian Stevenson, CEO of Cyan Forensics, said: “We welcome Paul Brennan and Hugh Lennie onto our board, and are fortunate to retain the experience of our former Chair Simon Hardy. We are at an exciting stage of growth where our product is going into many police forces across the UK to help catch paedophiles much faster, and we are now in a strong position to enter the European market, as well as making greater in-roads in helping law enforcement in its fight against counter terrorism.”

Cyan Forensics was founded in 2016 by Bruce Ramsay, a former police forensic analyst and now the company’s CTO, and CEO Ian Stevenson. Last month the business confirmed a successful new round of funding from Triplepoint, Mercia, Social Investment Scotland Ventures, the Scottish Investment Bank and private investors, bringing the total raised by the company to £2.8m.

Last year Cyan Forensics announced partnerships with America’s National Center for Missing & Exploited Children and the UK Home Office’s Child Abuse Image Database (CAID).

Cyan Forensics is addressing a huge and growing problem for society. At the end of 2019 the WeProtect Global Alliance Threat Assessment report announced that there are 750,000 individuals estimated to be attempting to connect with children across the globe for sexual purposes online at any one time. Technology companies also reported a record 45 million online photos and videos of child abuse last year, that number was less than a million just five years ago, and is more than double what was reported the previous year, according to the National Center for Missing and Exploited Children (NCMEC).

(245)

Clearview AI’s entire client list stolen in data breach- Comment

Posted on 29 February 2020 by DFM Team2

It has been reported that Clearview AI suffered a data breach that involved its entire list of customers. Clearview’s clients are mostly law enforcement agencies, with police departments in Toronto, Atlanta and Florida all using the technology. The company has a database of 3 billion photos that it collected from the internet, including websites like YouTube, Facebook, Venmo and LinkedIn. This comes on the heels of their photo-scraping and facial recognition capabilities raising major privacy concerns.

Commenting on this, Tim Mackey, principal security strategist within the Synopsys CyRC (Cybersecurity Research Center), said “In cybersecurity there are two types of attacks – opportunistic and targeted. With the type of data and client base that Clearview AI possess, criminal organisations will view compromise of Cleraview AI’s systems as a priority. While their attorney rightly states that data breaches are a fact of life in modern society, the nature of Clearview AI’s business makes this type of attack particularly problematic. Facial recognition systems have evolved to the point where they can rapidly identify an individual, but combining facial recognition data with data from other sources like social media enables a face to be placed in a context which in turn can enable detailed user profiling – all without explicit consent from the person whose face is being tracked. There are obvious benefits for law enforcement seeking to identify missing persons to use such technologies for good, but with the good comes the bad.

I would encourage Clearview AI to provide a detailed report covering the timeline and nature of the attack. While it may well be that the attack method is patched, it also is equally likely that the attack pattern is not unique and can point to a class of attack others should be protecting against. Clearview AI possesses a target for cyber criminals on many levels, and is often the case digital privacy laws lag technology innovation. This attack now presents an opportunity for Clearview AI to become a leader in digital privacy as it pursues its business model based on facial recognition technologies.”

(477)

GDPR improves dwell times

Posted on 20 February 2020 by DFM Team2

Organisations are detecting and containing cyber attacks faster since the introduction of GDPR in 2018, according to a report from FireEye Mandiant. In the EMEA region, the ‘dwell time’ for organizations- the time between the start of a cyber intrusion and it being identified- has fallen from 177 days to 54 days since the introduction of GDPR. There has also been a decrease in dwell time globally, which is down 28 percent since the previous report. The median dwell time for organizations that self-detected their incident is 30 days, a 40 percent decrease year on year. However, 12% of investigations continue to have dwell times of greater than 700 days.

Jake Moore, Cybersecurity Specialist at ESET:

“It’s great to see a positive GDPR story – and this is exactly what it was designed to help with. Dwell times have notoriously been longer than they should be over the years, but this statistic really shows that GDPR regulations are working, and that organisations are becoming more secure in the process. GDPR shouldn’t be seen as an inconvenience, but instead as a remedy to improve security. There is simply no excuse to have a dwell time of over 700 days and I would imagine that the 12% of companies that do would require a serious security overhaul.”

(211)

ISS World hack leaves thousands of employees offline- Comment

Posted on 20 February 2020 by DFM Team2

It has been reported that a cyber-attack has hit the major facilities company, ISS World, which has half a million employees worldwide. Its websites have been down since 17 February, and This Week in Facilities Management said 43,000 staff at London’s Canary Wharf and its Weybridge HQ, in Surrey, still had no email.

Commenting on this, Sam Curry, chief security officer at Cybereason, said “In the case of the ISS World ransomware attack, and all ransomware attacks for that matter, corporations can either become a hero or a villain. In the adrenaline rush of “crisis mode,” I hope the executives and security staff of ISS World choose to be heroes by protecting employees, being transparent and erring on the side of doing the right thing. We all hope for minimum damage, rapid recovery and strengthening of ISS World in the wake of this and of peers from their experience when the dust clears. In any cyber attack, transparency and clarity is what matters and like so many others we’ll wait to hear more in the coming days. Recently, Travelex suffered a significant breach and leadership was widely criticized for a slow response. That criticism was coming from pundits without specific knowledge of the incident. Let’s not “bayonet the wounded” because being a target and a victim is happening more and more frequently. Organizations today need to take a much more proactive approach to cyber hygiene by actively hunting for anomalies in their networks. Preventing, detecting and responding to incidents has to highest on the list of steps being taken to minimize and reduce high impact breaches.”

(264)

Watchdog probes Redcar council cyber-attack

Posted on 20 February 2020 by DFM Team2

As reported by the BBC, a watchdog is probing a cyber-attack on Redcar and Cleveland Borough Council, which was still unable to provide any online services more than a week after its systems were crippled. The council’s website and all computers at the authority were attacked last Saturday, affecting 135,000 residents. The council notified the Information Commissioner’s Office (ICO) – the watchdog said the authority had “made us aware of an incident and we are assessing the information”.

Jake Moore, Cybersecurity Specialist at ESET:

“This indeed has all the hallmarks of a ransomware attack. The knock-on effects just show the devastation that this simple yet effective attack can leave in its wake.

This is by no means the first ever council to be hit with ransomware and nor will it be the last. Local governments have tight budgets but sadly, IT security still appears way down the priority list with some leaders. I would be surprised if this council was unaware of previous similar attacks, so it suggests they need a better understanding in how to protect their networks. Funding is a difficulty in local government but this is about assessing risk and must be addressed properly.

Offsite backups can be restored in hours when they are set up correctly so when they fail to be back up over a week later, serious questions should be asked. I never condone paying the ransom being asked as you can never be 100% certain you will see the money again, but no doubt the council will have this as a consideration if they are cornered. It’s better to prevent and protect rather than pay.”

(130)

EU unveils proposals to regulate AI

Posted on 20 February 2020 by DFM Team2

As reported by Verdict, the European Union will unveil a range of policy proposals to keep Big Tech in check. The package includes tougher rules for digital services, a single European data market and a white paper on artificial intelligence (AI).

The white paper is expected to include proposals for a regulatory framework for Europe’s AI sector, focused on high risk sectors and high risk uses of AI. This is likely to include biometric identification systems, such as facial recognition and deepfakes.

Please see here for the EU’s press release on the topic.

John Buyers, Head of International AI at Osborne Clarke LLP:

“Getting regulation right around a fast-changing, very powerful emerging technology is not easy and the Commission’s horizontal, one-size-fits-all approach is very ambitious. A lot of industries will be concerned that the right balance has been struck between enabling a vibrant European market in these new technologies and protecting the rights of EU citizens.”

“For post-Brexit UK, this initiative is highly significant – we know that the government is actively considering regulatory divergence where it would serve UK interests. Data and AI are areas where we can’t assume the UK will opt will go for alignment. So this White Paper sets a clear threshold for UK regulatory bodies to work with in deciding the right direction for the UK AI industry. Which direction are we going to take? The decision could prove to be highly determinative.”

(127)

Millions of Windows and Linux systems vulnerable to cyber-attack- Comment

Posted on 18 February 2020 by DFM Team2

It has been reported that fresh firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks, according to research from Eclypsium. TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops and the Wi-Fi adapter on Dell XPS laptops were all found to lack secure firmware update mechanisms with proper code-signing.

Commenting on this, Tim Mackey, senior principal consultant at the Synopsys CyRC (Cybersecurity Research Centre), said “With supply chain cyber attacks on the rise in 2019, this research should serve as notice to software publishers that they are a critical component of the digital supply chain – regardless of what type of software they provide. In the case of insecure update mechanisms, or lack of cryptographically secure validation mechanisms for their software, they open the door for malicious attacks. This is due to the reality that most end users are not equipped to validate the legitimacy of the software they use and rely on the software delivery process to perform all validation. Importantly, when they can’t locate what they believe to be a solution for their issues from the vendor, they’ll download a potential solution from the internet with the potential result of a malware infection. Since device firmware executes on a computer before the operating system starts, the protections present from anti-malware solutions are rendered ineffective due to the ability of malicious firmware to behave in ways that allows anti-malware to believe there is nothing wrong with the computer system.

In the end consumers of any software, whether it be packaged commercial software, IoT firmware, computer drivers, or open source solutions, should first directly contact the supplier of their software for any updates or patches. While it might be convenient to apply a patch following an internet search, the reality is that third-party repositories could easily host malicious versions of software. This is why the first principle of patch management is to know where the software came from as that’s where any patches need to also originate.”

Michael Barragry, operations lead at edgescan, added “It seems a bit strange that software signing has become a modern standard when it comes to various programs and executables in general, whereas for firmware it has apparently been ignored on a massive scale.The practice of software signing ensures that an end-user can verify that what they are downloading is from a trusted source and has not been tampered with by a malicious actor somewhere along the way. Failing to do this for firmware essentially gives a free pass for malicious code to enter your system. Depending on the hardware that falls under the control of the firmware in question, this could lead to a multitude of attacks.Addressing this threat from an industry-wide perspective is not a small task and will require collective effort and cooperation from hardware vendors and OS manufacturers alike.”

(241)