darrell-smith-6

DAST in DevOps: Why It Matters

Mon, 14 Oct 2024 14:17:17 GMT

DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process.

According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations.

So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?

Why is DAST important in DevOps?

The application security testing landscape is undergoing a significant transformation to align with the higher velocity of development and deployment in DevOps environments, and the increasing complexities of modern software applications.

A Gartner Magic Quadrant for Application Security Testing report identified the need to support organizational DevOps initiatives as the principal catalyst propelling this transformation. Additionally, the report notes customers now demand solutions that offer high confidence in security and valuable insights without imposing unnecessary delays on the development process.

However, with organisations delivering applications rapidly via DevOps processes and with the support of highly distributed or remote staff, contemporary application environments are also presenting formidable security challenges. Therefore, ensuring application security requires the integration of robust cross-functional partnerships across all security, software development, and operations teams – often referred to as DevSecOps. Additionally, it requires the capability to scale rapidly and deliver real-time insights into ongoing activities.

To meet these demands, an increasing number of organizations are adopting a DevSecOps approach to application security. Specifically, most organizations are emphasising the greater integration of application security testing tools into the development workflow and deployment pipelines, including DAST tools and solutions.

Integrating DAST into your DevOps workflow is not merely a recommended ‘best practice’ for evaluating the security status of applications in production and predicting their interaction with end users. Instead, it has now evolved into a crucial element for teams to adapt to the changing application security landscape and the strategies that malicious actors employ. In other words, the foundation of strong DevSecOps practices involves incorporating feedback that DAST tools generate into SecOps and DevOps tools. Ultimately, DAST is instrumental in identifying vulnerabilities that pose risks to both the organization and its end users.

The shift to secure code is on

Application security testing initially revolved around various specialised tools. Nowadays, organizations are aiming for a more comprehensive approach. In essence, they seek a wide range of capabilities throughout their application environment.

Subsequently, testing technologies like DAST have shifted to be leveraged earlier in the software development process, moving away from their traditional implementation towards the end of the development cycle. With the greater adoption of numerous microservices and APIs, it’s becoming more practical to incorporate dynamic analysis and security testing closer to the start of the DevOps workflow. Put differently, security testing is now “shifting left” to detect flaws and vulnerabilities during the coding process.

Why is this the case? DAST assesses applications in their dynamic, operational state, mimicking attacks to discover vulnerabilities by analysing the application’s responses. In the past, DAST tools may have been operated exclusively by and siloed within dedicated security teams – now they are leveraged by and embedded within development teams. These days, there are efforts to integrate DAST with build automation and CI/CD tools such as Jenkins and Azure DevOps, providing application testing capabilities to development teams.

The approach actively involves developers making active use of security tooling, rather than merely being presented with the output produced. The goal is to integrate with existing tools and workflows, enhancing development processes rather than causing interruptions. As a result, developers are better empowered to identify and address security challenges starting from the coding phase, ensuring that applications are secure by the time they reach production and release.

Why integrate DAST instead of other solutions in DevOps?

Integrating DAST into DevOps brings a host of valuable advantages. In the early stages of the Software Development Life Cycle (SDLC), DAST steps in to offer a dynamic view of how your application behaves. It simulates potential attacker actions in the live HTTP environment. As such, this real-time approach uncovers vulnerabilities that might slip through the cracks in static analysis alone. Furthermore, it provides a proactive approach to identifying and mitigating runtime vulnerabilities, which significantly cuts down the risk of costly security incidents as the development process unfolds.

Modern applications are often a complex mix of APIs and frameworks. Luckily, DAST excels in detecting risks that pop up due to the complex nature of a modern application’s elements within the web environment. Its comprehensive approach assesses how components interact in a real-world scenario, ensuring that vulnerabilities aren’t overlooked as could occur when components are examined artificially or in isolation. As a result, integrating DAST tools early in the DevOps framework fortifies your application’s overall security.

DAST also shines when it comes to distinguishing genuine security risks by building an understanding of potential threats. Genuine insights allow your development teams to zero in on the most crucial issues allowing you to prioritise remediation. Focusing on actual risks ensures that your limited resources are allocated where they matter most.

DAST easily fits into the Continuous Integration/Continuous Deployment (CI/CD) pipeline. It jumps into action right from the build phase. Hence, in fast-paced agile development setups with frequent releases, DAST’s swift feedback loop helps developers pinpoint and tackle high-risk vulnerabilities right at the beginning. This perfectly aligns with the DevOps philosophy of nipping issues in the bud.

DAST goes beyond just finding vulnerabilities. It provides helpful attack context. Specifically, it spots vulnerabilities, demonstrates actual attacks, and delivers proof of exploit for each risk it identifies. These insights provide developers with accurate information to validate vulnerabilities and test patches without needing additional scans. It speeds up the remediation process and ensures that your security measures hold up in real-world attack scenarios.

One more standout feature of DAST is its ability to keep false positives to a minimum. False positives can lead to needless delays and resource wastage. DAST reduces the false positive rate to let your teams focus on genuine security risks right away, saving time and resources. This is especially vital because reports suggest it takes an average of 38 days to fix web application vulnerabilities, regardless of their severity. With reduced false positives, organisations can expedite the remediation process and maintain a more secure, agile, and efficient software development process.

How do you integrate DAST into the DevOps workflow?

The concept of “shifting left” has now become a standard practice in software development. Shifting left emphasizes the importance of addressing vulnerabilities as early as possible in the software development process.

The IBM System Science Institute estimates that organizations spend at least a hundred times more to rectify a defect in a production environment than during the design phase. Hence, shifting left signifies a shift in focus towards quality and proactive defect prevention rather than reactive detection and remediation. As a result, shifting left results in shorter test cycles and reduced occurrence of critical defects discovered in production.

In practical terms, shifting left involves introducing comprehensive testing early in the development process. Unlike traditional methodologies like the waterfall model, modern rapid development cycles enable developers to incorporate DAST very early in the application development cycle and automate the testing process.

As such, this necessitates solutions that seamlessly integrate with the tools and processes already used by developers. Doing so allows security teams to work in tandem with development teams, gaining a better understanding of each other’s priorities and fostering a more collaborative environment. However, integrating DAST early in the DevOps environment requires DAST solutions with the following properties:

Enable Integration with CI Platforms: Integrating DAST into the DevOps process is crucial for ensuring web application security. For example, integrating DAST solutions with CI platforms like Jenkins allows early vulnerability detection. Also, APIs act as bridges, enabling automated scans during the build process ensuring the early detection and remediation of security issues.
Enable Integration with Ticketing Tools: When DAST scans uncover security vulnerabilities, it’s vital to have an efficient mechanism to manage and resolve these issues. As such, integrating with tools like Jira enables DAST to export identified vulnerabilities, swiftly creating actionable tasks for developers. Thus, this streamlines vulnerability management, improves developer visibility, and enhances accountability.
Convenient Deployment Options: Organisations have the benefit of using cloud-based or managed services to align with their preferences and constraints. Ensuring this flexibility allows organizations to seamlessly integrate DAST into their DevOps processes while optimizing testing capabilities and maintaining control over their security testing infrastructure.
Provide Comprehensive Reporting: DAST solutions can offer robust reporting for effective monitoring and management of web application security throughout the development lifecycle. These reports provide user-friendly insights and in-depth analysis capabilities, allowing developers to navigate the data easily. Furthermore, intuitive visualisations, summaries, and detailed vulnerability breakdowns improve the understanding of security assessment results and expedite the remediation process.
Provide Compliance-Specific Reports: For organizations subject to industry-specific regulations, DAST solutions can offer specialised, compliance-specific reports tailored to essential standards like PCI-DSS, HIPAA, SOX, GDPR, and the OWASP Top Ten. These reports simplify compliance demonstration, offer a clear roadmap for security improvements, and help track progress toward meeting critical standards.
Provide Management Reports: Management reports or executive reports are a crucial component of DAST solutions. They provide leadership and stakeholders with insights to make informed decisions about web application security. In addition, they offer concise summaries of key statistics, including vulnerability counts, severity levels, remediation progress, and security trends. These reports bridge the gap between technical assessments and high-level decision-making, aiding risk management and the allocation of resources for security enhancements.

Top benefits of integrating DAST into your DevOps framework

Modernising the SDLC by integrating DAST offers several advantages that can significantly enhance an organization’s DevOps framework.

1. Gain enhanced confidence in scan results.

Firstly, it enables an organization to gain enhanced confidence in scan results. In the past, security professionals often encountered false positives, leading to the belief that all identified issues required manual confirmation, which added unnecessary manual work to the process. However, incorporating DAST into the DevOps framework can help to eliminate this problem. DAST ensures the detection of various vulnerabilities and provides automated, verifiable confirmation for the most critical issues, reducing the need for manual checks and confirmation, saving the security team valuable time.

2. Automatic validation of vulnerabilities and rapid resolution

In addition, automation is a crucial factor for a speedy SDLC. Security testing needs to fit seamlessly into an agile DevOps pipeline for continuous testing and vulnerability management. In this case, integrating DAST into the SDLC provides the ability to validate vulnerabilities automatically. As a result, it allows the organisation to swiftly incorporate real issues into developers’ issue trackers without the need for manual verification or triage. In some cases, fix tasks can even be assigned directly to the responsible developer, facilitating rapid resolution and eliminating the inefficiency of fixing others’ code. Automation streamlines the process, promoting scalability across a multitude of websites, applications, and services, ensuring that the organisation’s security testing keeps pace with development.

3. Enhanced Cyber Security posture

Furthermore, organizations achieve improved long-term security. As web applications grow in size and complexity, maintaining a good security posture becomes increasingly challenging. Luckily, integrating DAST into the SDLC helps shift the workload away from small security teams and towards larger development teams. DAST tools can also provide accurate feedback in real-time, enabling developers to rectify security bugs promptly and avoid repeating them in the future. This cultivates a security-focused mindset among developers and enhances long-term application security.

4. Reduced conflicts between security and development teams

Automated application security testing reduces friction between security and development teams. Developers receive proven security bug reports directly in their preferred ticketing system, fostering efficient collaboration rather than adversarial interactions. In more mature organizations, it becomes possible to manage application security issues at the development team level, enabling the core security team to concentrate on high-level research, vulnerability management, and policy development.

5. Improved time-to-value with ease of deployment

Integrating DAST into DevOps pipelines also provides real value and tangible savings. It streamlines the time-to-value calculation, as these tools offer ease of deployment and a broad scope of testing. Moreover, automating manual processes and enhancing team collaboration reduces the cost of the organization’s application security program while improving its effectiveness.

6. Eliminate manual verification tasks

Last but not least, automated vulnerability confirmation eliminates the need for manual vulnerability verification, allowing security personnel to focus on higher-value activities, such as vulnerability management and security education. This results in fewer person-hours spent on tasks that can be automated, improved security, and increased job satisfaction among the organisation’s employees.

Want to know more, or want to discuss how Dynamic Application Security Testing can assist your business, please get in touch to book a free Dynamic Application Penetration Testing Demo below!

Why DAST Testing is Important

Fri, 04 Oct 2024 17:16:32 GMT

Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs.

Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm.

According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors.

This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.

Why you should integrate DAST early in the development process

A recent survey involving 378 application developers and security professionals revealed that many organisations deploy code that contains known vulnerabilities in their production environments. Approximately 45% of the respondents cited the need to meet critical project deadlines, the perception that the vulnerabilities are low-risk, or discovering the security flaws late in the release cycle. However, it’s essential to recognize that releasing code with vulnerabilities poses a considerable risk.

These findings underscore the critical importance of integrating security testing solutions like DAST early in development. Failing to test, assess, and address risks accurately can lead to severe repercussions when deploying code with well-known vulnerabilities. In fact, 60% of survey participants admitted that hackers target their production applications to exploit vulnerabilities listed in the OWASP Top 10. The OWASP Top 10 catalogues the most pressing security risks in web applications, including but not limited to injection attacks, inadequate authentication, sensitive data exposure, insufficient access controls, and security misconfigurations, among others. These kinds of issues should not persist in production code, and integrating DAST early in the development lifecycle can help mitigate them.

How does DAST work?

DAST techniques first detect potential input fields in the application being tested. Then, it subjects the input fields to various malicious inputs, including attempted exploits of well-known vulnerabilities, such as SQL injection and XSS vulnerabilities, or unusual inputs that may reveal security problems related to input validation and memory management.

The aim of sending the varied inputs is to enable the DAST technique to evaluate how the application responds to detect the presence of specific vulnerabilities related to unexpected or anomalous input that may not have been considered by developers. For instance, if an SQL injection attack results in unauthorised data access or the application crashes due to invalid input, these outcomes signal the presence of exploitable security weaknesses.

Furthermore, DAST tools conduct automated scans that replicate adversarial external attacks on the target application to identify unexpected and potentially detrimental outcomes. As an illustration, a DAST test can introduce malevolent data to detect injection weaknesses. Typically, DAST tools assess all HTTP access points to unearth vulnerabilities by simulating random user actions or behaviours.

DAST tool features that make it essential to modern AppSec testing

Comprehensive Automated Security Testing: DAST provides exhaustive security testing options, including ad-hoc, continuous, and scheduled continuous assessments, which underpin agile AppSec practices. This adaptability aligns seamlessly with the dynamic nature of modern applications, offering swift responses to evolving threats. Moreover, with diverse testing modes, DAST enables proactive vulnerability resolution and routine security evaluations, helping organisations stay agile in the ever-shifting threat landscape.
Complete Vulnerability Coverage: Today’s applications confront a broad spectrum of threats, from well-known vulnerabilities to emerging zero-day risks. Fortunately, DAST’s ability to cover the entire OWASP list of the most critical vulnerabilities, and its extensive repository of known flaws cements it as an essential component of modern application security testing practices. The current security landscape is characterised by security threats that continually mutate, making DAST stand out as a robust defence against potential risks.
Seamless Integration with Build Servers: The seamless integration of security testing into the development pipeline is pivotal in modern software development. Thus, DAST’s compatibility with popular build servers, such as MS Azure DevOps, Team City, and Jenkins, streamlines the security evaluation process. In a world where rapid code deployment is the norm, this integration empowers organisations to safeguard their applications throughout the software development lifecycle (SDLC), diminishing the risk of deploying vulnerable code into production.
Streamlined Vulnerability Management: Effective vulnerability management ensures that released software products are secure. In this regard, DAST’s integration with in-house ticketing systems like JIRA simplifies the workflow, enabling development teams to monitor, prioritise, and resolve security issues efficiently. This streamlined approach is essential in the fast-paced application development environment, guaranteeing prompt and effective vulnerability resolution.
Automation for Complex Web Applications: Modern applications are becoming increasingly complex, with single-page applications (SPAs) becoming the norm. DAST’s prowess in navigating these complex structures is a valuable asset in today’s landscape. Furthermore, DAST ensures that even the most convoluted applications undergo thorough security testing, addressing vulnerabilities that may elude conventional assessment methods.
Comprehensive API Security Testing: In an era where APIs play a central role in application functionality, DAST’s capability to meticulously scan and test APIs, including WSDL, Swagger, and GraphQL endpoints, ensures the security of both front-end and back-end components. This completeness aligns with the modern application’s reliance on APIs, leaving no part of the attack surface unexamined.
Vulnerability Monitoring: Vulnerability tracking is fundamental in modern application security. DAST’s ability to identify trends and pinpoint the most vulnerable areas in the production environment enables proactive risk mitigation. Such real-time insight is indispensable in a landscape where threats rapidly evolve since it enables organisations to promptly address emerging risks and reduce the window of vulnerability.

DAST tools give you an edge over other AppSec testing solutions

For some time now, applications have been the preferred attack vector for attackers looking to compromise sensitive information or gain a foothold in an organisation’s network systems. A State of Application Security report found that applications are the prime focus, with web application exploits ranking as attackers’ third most frequently employed technique.

Given this reality, organisations must subject their live web applications to the same scrutiny as malicious hackers do. The objective here is to uncover and address vulnerabilities proactively to prevent external actors from discovering and exploiting them.

Although many development teams routinely perform static application security testing (SAST) and software composition analysis (SCA) on their code before deploying, utilising DAST tools within the application’s runtime environment is equally vital. It is worth recognising that prevalent vulnerabilities cannot be adequately assessed within the source code since some only emerge once you deploy code in a production environment. As such, this underscores DAST’s pivotal role in a comprehensive application security testing strategy.

How DAST benefits application security

While compliance requirements, legal regulations and industry standards mandate encryption, DAST takes a unique approach by assessing the effectiveness of encryption techniques. Specifically, DAST tools attempt to breach the implemented encryption mechanisms. Such a simulation tests the resilience of encryption methods, focusing on potential impacts on business operations. For example, in APIs, DAST emulates attacker tactics to probe encryption mechanisms, examining their vulnerabilities. It is a comprehensive approach to encryption assessment that ensures that potential weaknesses are uncovered and can be addressed proactively.

Dynamic testing also goes beyond conventional access control checks. It verifies if users can access authorised resources and if they can gain unauthorised entry through injecting malicious scripts. As a result, DAST uncovers scenarios where plugin vulnerabilities grant elevated privileges. In contrast, other solutions like SAST concentrate solely on scanning the source code, missing these real-time application security concerns. The real-time nature of DAST’s approach is crucial in identifying and mitigating security risks that might go undetected.

Lastly, back-end security is a critical area that developers must put more emphasis on. DAST examines scenarios where attackers could compromise authentication and authorisation tokens to exploit the trust relationship between the back end and the application. Fundamentally, it comprises testing for vulnerabilities such as cross-site scripting and SQL injection, enabling a comprehensive assessment of the application’s security posture. The assessment includes the potential compromise of user access session cookies. This comprehensive assessment helps organisations strengthen their back-end security, reducing the risk of critical security breaches.

More DAST Benefits:

Early Integration: DAST can seamlessly integrate into the software development lifecycle (SDLC) during the building phase. As a result, this enables security testers to observe the application’s behaviour in the HTTP environment, allowing them to simulate attacker actions without the need for the extensive, costly penetration testing process.
Complex Environment: DAST excels in uncovering risks that result from the complex interactions of modern APIs, microservices, frameworks, and various components. Even when these components are individually secure, they can introduce unforeseen challenges when working in concert within a web environment.
Real Risks: DAST pinpoints issues that genuinely pose risks instead of merely highlighting vulnerabilities that may or may not translate into actual threats. On the other hand, using SAST as the primary testing solution may cause difficulty in discerning whether a finding corresponds to a tangible risk, which can be a perplexing task.
CI/CD Integration: DAST smoothly integrates into the Continuous Integration/Continuous Deployment (CI/CD) process, commencing as early as the building phase. In agile development scenarios, where applications can become operational within hours of a software development cycle, DAST paves the way for early detection of critical security threats, allowing developers to address high-risk vulnerabilities promptly.
Context and Proof: DAST identifies vulnerabilities, demonstrates the attack, and offers evidence of exploit for each risk discovered. As such, this provides developers with valuable context, affirming the existence of vulnerabilities and streamlining patch testing and implementation without necessitating additional scans.
Reduced False Positives: Compared to SAST, DAST exhibits a lower rate for false positives. Most developers consider this paramount since resolving security issues can be time-consuming, and false positives can lead to unwarranted delays. Initiating the security assessment process with DAST helps avert unnecessary holdups by concentrating on vulnerabilities with substantial real-world risks.

DAST stands as a robust choice for fortifying security. Its capacity to evaluate genuine risks, compatibility with complex environments, and seamless integration into the development workflow provide a pragmatic approach to identifying and mitigating security vulnerabilities as part of your security endeavours.

Bridging the gap between developers and security analysts in DevSecOps

Most organisations aspire to dismantle the barriers that frequently separate development and security teams. While not a universal remedy, DAST plays a vital role in mitigating friction, seamlessly integrating security into the developer’s workflow, and elevating the overall security stance of your organisation.

Shifting security to the early stages of the Software Development Cycle ensures that genuine security issues surface more rapidly. In this case, automation becomes a pivotal ally in reducing the necessity for manual testing, leading to accelerated time-to-market and alleviating the bottleneck resulting from the disproportionate ratio of one security analyst for every one hundred developers. For this reason, DAST allows developers to initiate scans and independently address issues while granting the security team oversight to confirm the successful execution of testing and remediation—without the constant requirement for hands-on involvement. Through DAST, security teams gain a more comprehensive view and increased control over what, when, and how to conduct testing.

On the other hand, DAST provides developers with lucid and actionable results. Interactive reports provide them with prioritised lists of the most critical risks, simplifying access to and analysis of essential data. Furthermore, a proficient DAST solution equips them with the capacity to understand the context thoroughly, examine details from various angles, and efficiently streamline their mitigation actions. When a DAST tool permits real-time attack replay, developers can independently verify the existence of vulnerabilities, assess associated risks, and validate fixes.

While it might be impractical to anticipate perfect alignment between security and development teams, given their distinct cultures, timelines, and incentives, DAST can make substantial headway in bridging the gap and fostering a collective sense of security ownership. With DAST in place, security can keep pace, and development can consistently deliver applications with enhanced security.

How to approach DAST testing

Now that you understand the importance of DAST and how it can benefit your organisation’s application security and DevSecOps practices, how do you perform actual DAST testing?

Identify the applications to be tested: You must compile a comprehensive list of web applications or websites that you intend to assess for security vulnerabilities. This can include internally developed software, third-party applications, and online services. Understanding the target is crucial for effective DAST.
Determine the vulnerabilities the test should target: Selecting vulnerabilities should be based on a thorough understanding of the application’s architecture and potential security threats. The aim is to tailor the DAST scan to focus on the specific threats most relevant to your application.
Select an appropriate DAST tool(s): DAST tools are specialised software designed to simulate real-world attacks on web applications. They utilize various scanning techniques, including black-box testing, to identify security vulnerabilities. Choosing the right tool is crucial to practical testing.
Run the test and evaluate the results: Once you determine the applications, vulnerabilities, and tools, configure the DAST tool to run against the target web applications. The tool sends a series of HTTP requests and analyses the responses, searching for signs of vulnerabilities. Analyse the results to identify and categorize potential security issues.
Mitigate the identified vulnerabilities: Vulnerability mitigation typically involves developers and security teams collaborating. Developers must patch or mitigate the vulnerabilities while the security team monitors the progress and re-tests to ensure that the vulnerabilities have been effectively resolved.

Want to know more, or want to discuss how Dynamic Application Security Testing can assist your business, please get in touch to book a free Dynamic Application Penetration Testing Demo below!

The Evolution of Hacking

Wed, 25 Sep 2024 15:33:57 GMT

In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.

Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all.

So, what is a hacker?

Almost everybody in 2024 is familiar with the modern meaning of “hacker” – an individual who is highly skilled technically – with computer systems especially – and willing and able to use that knowledge with criminal intent in order to breach the security of computer systems, especially those that operate across the internet. We’re familiar with the iconography of hackers as pale, young individuals typing furiously into the early hours of the morning, their hooded face lit only by the pale blue glow of their computer screen. This figure of the “security hacker” describes someone who utilizes their technical know-how of bugs or exploits to break into computer systems and access data which would otherwise be inaccessible to them.

However, “hacker” as a term predates the internet, was not originally restricted to activities involving computers, and did not signal any criminal intent. A “hacker” was simply an enthusiast of technology, with sufficient motivation to not simply use or operate the technology, but to understand its function in detail and apply a playful cleverness to subvert the technology to achieve a goal other than that which it was designed for. The defining characteristic of a hacker was not applied to any specific activity, but this approach that combined deep technological knowledge with lateral thinking, and an often playful or exciting activity. Quite aside from any criminal intent, the earliest hacks (as described by that word) were performed either just to test the hacker’s mastery of a technology for their own satisfaction, or else to demonstrate their technical aptitude and cleverness to others within their community.

Origins of hacker culture

The first modern community or communities of like-minded individuals that adopted these ideas as a community and subculture is generally accepted as being the so-called “hacker culture” that emerged in distributed academic environments (though particularly in North America) in the 1960s. Foremost among these is generally held to be the Massachusetts Institute of Technology (MIT) and in particular the members of its Tech Model Railroad Club (TMRC), as well as the MIT Artificial Intelligence Laboratory. Despite the fact that MIT at this time was already making use of computers, these self-described “hackers” were using lateral thinking not to attack computer systems but to perform pranks such as placing of a campus police cruiser on the roof of the university’s “Great Dome.”

The key factor in common was to analysis technologies available and what could be done with them, often to deliver a solution that baffled the casual observer as to how it could be performed. In this respect, “hacks” had more in common with traditions such as parlour magic and the crafting of so-called “impossible logic” problems such as the “ship in a bottle” – a practice that dates as far back as the creations of Giovanni Biondo at the end of the eighteenth century – or the even older Chinese puzzle balls of the fourteenth century.

What does hacking involve?

A hacker in this broader sense is a person who is technically skilled and who uses their technical knowledge to achieve a goal or overcome an obstacle, by a non-standard and often unexpected and unanticipated means. There are therefore three elements to hacking:

The first is a deep technical knowledge and often the love of knowledge for its own sake. Not content with simply using an available technical system, a hacker is someone who digs deeper and determines how the technology works, often by breaking it down into smaller and smaller subcomponents and establishing the operation of each. A hacker is therefore a person who enjoys exploring the details of technologies, but also enjoys challenging and stretching their own capabilities. Notably this is quite different to a modern script kiddy, a denigrating term that is used to describe modern computer hackers who simply attack computer systems using tools created and published by others.

The second factor is that of edge cases and unexpected operation: that is, using a device or system or technology for a purpose other than was intended or in a way other than was anticipated by its creator. Within computing, this often involves exploiting so-called edge cases – actions that are possible within a system but at or beyond the expected boundaries of normal usage – in opposition to the expected “happy path” that users of a system are expected to follow.

There is an element in this second factor both of novelty and also of subversion, so that even where hacking is not criminal it can often be considered at least to be a prank.

The third element usually seen is elegance or cleverness in that the alternative usage cannot simply rely on brute force over cleverness so achieve its goals. Rather, a hack is considered more notable the greater the force multiplier that it applies, with the greatest perturbation or disturbance for the smallest input.

Hacking vs Invention

There may seem to be a large overlap between this broader sense of “hacking” and the concept of invention and innovation. Both can be seen as driving evolution of technology to some extent – the latter directly, and the former by forcing or suggesting improvements by demonstrating current problems.

There are three main differences between hacking and innovation. The first is that not all innovations or innovations are disruptive, even if they are revolutionary, but hacking is always disruptive in nature in that it seeks to upset the status quo in some way. For example, although often cited as one of the world’s most important inventions, the first cars in the late 19th century were not a disruptive innovation, because the earliest vehicles were expensive luxury items: they did not disrupt the existing market for horse-drawn vehicles.

The second difference is that innovations and inventions can often take a substantial amount of effort, resourcing, and investment to deliver. In the case of the automobile, it is a significant manufacturing undertaking. This contrasts with the hacking concept of elegance, where a goal can be achieved by subtle redirecting or undermining of existing practices.

And the final difference is that hacking doesn’t generally involve the introduce of new tooling at all, it relies on the subversion of existing systems in a somewhat parasitic manner. Hacking may involve combining existing technologies to undermine a solution in an unexpected way, based on an understanding of the technology and potential alternative applications, but it does not introduce new functionality itself in general. Hacking therefore involves a new process, rather than a new product or service. Through identifying and analysing existing systems for possible points of intervention, or alternative usages, a hacker can then perform a disruptive intervention.

Invention and hacking work instead in tandem: even as technology changes – from the wheel to the telescope, to the computer – hackers push the envelope and test the limits of what’s possible.

Modern Era Hackers

In the strictest modern sense, hackers clearly don’t predate modern digital electronic computers, which began to originate in their crudest forms as early as the 1930s. One of the earliest – and most commonly cited – examples of early hacking are the emergence of “phreakers” during the 1970s. This was a group who manipulated properties of the phone system communication protocols at the time in order to gain access to AT&T’s long-distance system and place free long-distance calls. John Draper famously discovered that a toy whistle given away boxes of “Cap’n Crunch” cereal delivered the perfect tone to replicate a special “administrative operator” line tone used to access restricted modes across the public phone network. All the elements that we outlined above are present here in that the technique is elegant and cheap (in using a free toy whistle), required a knowledge of the technology involved (the phone dial tone protocols) and exploited an edge case of an existing system.

Industrial Era hacking

An even earlier example of hacking involves two twins Joseph and Francois Blanc, who worked in the financial industry. At the time there was a system of semaphores used for long-distance communication within Europe, prior to the electronic telegram, a system based on a series of spaced semaphore towers – each tower or station operating a large contraption of wooden beams controlled by ropes and pulleys that could indicate different characters or meanings, similar to the system of naval signalling flags, and each relaying messages from one to another via line of sight.

The Francois brothers bribed a semaphore operator to transmit stock market messages for them across the (government operated) semaphore system, allowing them to gain a head start on changing financial prices. Since the brothers did not have the collusion of every single semaphore tower operator along the message path (only the originating tower) they needed to find a way to send a message but that could not be detected as such by tower operators. They struck upon the idea of having the operator send unlikely error signals followed immediately by “correction” signals that were effectively coded messages. This practice of hiding even the existence of a secret message is known as steganography and is still used to this day.

The Roman “Corvus”

Mechanical and geared systems for processing and communication in particular date back potentially as far as 100BC. The earliest known instances include devices such as geared astrolabes, planetaria and orreries used for astronomical calculations and predictions, such as the controversial Antikythera mechanism, however little is known of the usage of these devices, let alone documented instances of their being subverted by hackers.

In the broader sense of a hacker culture that we described above, however – using a cleverness and understanding of systems to bypass convention and disrupt expected activities – examples exist throughout history. Technically these are extremely far removed from modern concepts of hacking, but culturally and ideologically they can often share much in common. Humans have been finding ways to exploit established systems throughout history, whether those systems are technological, administrative, or otherwise. Just as with software or operating system, human institutions have expected or intended usage patterns, as well as unconsidered edge cases that offer points of vulnerability and loopholes. A “civic hacker” may be willing to exploit them in their own self-interest.

An early example of this type of thinking applied outside of a computing context is the Roman corvus. The Roman Republic became engaged in a protracted war against Carthage. Carthage was a significant empire bordering the Mediterranean and with a power based backed by significant naval force and experience. The Romans in contrast had not fought a significant naval war previously but were used to conducting land-based warfare, and its main assets were the discipline and the courage of the Roman soldiers. Rather than attempt to replicate Carthaginian ship design, tactics, and training, the Romans instead came up with a simple solution that allowed them to subvert Carthaginian expectations for how naval warfare should be conducted and to simply fight a “land war” at sea instead. They fitted their boats with massive boarding bridges that allowed their infantry to board Carthaginian vessels and overcome the Carthaginians’ superior naval experience and skills: a simple and elegant solution requiring minimal change or effort but delivering a significant force multiplier and undermining expected practice and conventions.

Want to know more, or want to discuss how Web Application Security Testing can assist your business, please get in touch to book a free Web Application Penetration Testing Demo below!

5 Tips for Application Security Testing

Thu, 19 Sep 2024 14:23:09 GMT

Prioritising application security has become a significant focus for modern businesses, and staying informed about the evolving security landscape is crucial for organisations looking to effectively enhance their application security.

A critical underpinning of safeguarding an enterprise lies in incorporating robust application security testing practices. The adoption of DevOps methodologies and the use of open-source code have accelerated the pace of application development, maintenance and delivery, but security challenges persist and require close attention.

In a recent special Application Security Trends for 2023 report , approximately 70% of organizations recognize that application security has become one of their top three priorities. Simultaneously, nearly 90% of these organizations intend to enhance their application security measures. Application security attacks are the most prevalent type of external threats. No wonder enhancing application security is a priority and concern for organizational security leaders.

So, what is application security testing?

Application security testing is the procedure used to protect applications against security threats. It comprises various methods, practices, and tools used to detect, rectify, and protect against application security flaws throughout the software development life cycle (SDLC). Although application security consists of diverse tools and techniques, the common objective is to locate and address vulnerabilities before malicious actors can exploit them.

It is worth noting that uncovering and resolving application vulnerabilities is most efficient when integrated closely with – and embedded within – development practice. Application security testing tools expand automated testing throughout the SDLC, enabling developers to discover security and quality issues that could otherwise expose software applications to security risks. This fosters collaboration within the DevSecOps framework and offers a robust mechanism for identifying and managing security risks more confidently.

Common application security techniques

Automated code scanning tools can be integrated within CI/CD pipelines, providing continuous security checks as part of quality gates during development. They can be indispensable in identifying vulnerable code in new and existing applications as close as possible to its time of introduction. Developers can also incorporate code scanning tools into the code review process during the SDLC to receive prompt feedback on potential vulnerabilities.

Authenticated scanning tests applications can extend test coverage via the use of valid user credentials or authorisation, providing a more comprehensive view of security. Authenticated scanning should be an integral part of the testing process, especially in the CI/CD pipeline, to ensure that developers perform security assessments with the same level of access as authenticated users. The choice of specific tools and techniques should be determined based on the nature of the application, the organisation’s security policies, and the specific risks that need to be addressed.

Why your organization needs application security testing

Numerous high-profile application security breaches, including those targeting Slack , Amazon , and Covid passport apps , could have been averted through robust app security testing. Application security testing is crucial since applications frequently handle and store sensitive consumer or corporate data, attracting hackers’ interest. Failing to secure applications can erode client trust, tarnish a company’s reputation, and diminish brand value in the long term.

Besides, handling data responsibly and securely is a top concern for most individuals. As a result, customers trust platforms that adhere to the recommended data privacy standards to protect them against credit card fraud, identity theft, and other cybercrimes. Notably, subjecting applications to rigorous security testing procedures helps identify missing data privacy controls and other security vulnerabilities, allowing organizations to implement security hardening measures.

While many organizations channel their effort toward securing critical data centres and information systems, most overlook application security and lack well-defined application security policies to stay ahead of cybercriminals. Yet, applications remain the most prominent attack vector and a prime target for most hackers. A recent study on application threats revealed that 82% of an application’s vulnerabilities originate from its code, with an average of 22 vulnerabilities per app and five categorized as high risk. Prioritising proven application security testing techniques is necessary to detect and remediate existing vulnerabilities

Another software security report further highlights the prevalence of application security issues. According to the report, 83% of the examined 85,000 software programs were found to have more than one security issue. Shockingly, the study also identified a staggering 10 million security issues from different software programs, indicating that most apps exhibit multiple security problems.

However, it’s not just the existence of these security weaknesses that is concerning; the real problem arises when organisations lack the tools and procedures necessary to pre-empt security breaches and address vulnerabilities promptly. A practical application security solution must be able to identify and rectify vulnerabilities swiftly, thus preventing them from becoming exploitable issues. Companies should prioritise security testing to ensure early detection and zero day detection. Early detection allows security teams to uncover and address security issues before releasing your app to the public and zero day detection allows teams to be pro-active with fixes, enabling you to identify risks before malicious hackers do.

Baking application security in DevSecOps

Developers struggle to spot vulnerabilities: According to the GitLab Global DevSecOps survey , 50% of security professionals note that developers miss 75% of security vulnerabilities, underscoring the need for a more integrated security approach.
Widespread vulnerabilities: The Contrast Security State of DevOps Report indicates that over 99% of technologists believe that software programs in production contain a minimum of four vulnerabilities. As such, DevSecOps teams must embrace rigorous application security testing procedures to uncover and treat vulnerabilities before releasing software.
Security is often an afterthought: The “Accelerating Secure Application Development” study by EMA reveals that many IT professionals acknowledge security tends to be an afterthought in the application delivery process. However, building security in finished products is challenging and ineffective in countering vulnerabilities – as well as being typically more expensive. Integrating continuous security testing throughout the SDLC ensures security is built-in, which is a more proactive not to mention cost-effective approach.
Lack of shared vision: In its report on “The Shift to a Security Approach for the Full Application Stack,” Cisco AppDynamics reports that 78% of technologists see the absence of a shared vision between application development and security teams as a significant challenge to application security. It underscores the need to align these teams to strengthen security measures.

Considering these insights, it’s clear that integrating security into the development process, fostering collaboration, and establishing a shared vision between development and security teams are essential to addressing the evolving threat landscape. More importantly, DevSecOps teams must prioritise application testing in the CI/CD pipeline to ensure applications meet industry-standard security and privacy-preserving requirements.

Our Top 5 Application security testing best practices:

Despite the ongoing discussion about integrating security into CI/CD workflows, many organizations still find that DevOps and security teams operate in separate silos. As a result, security often lags in DevOps ecosystems. A recent study involving 350 IT decision-makers revealed that, despite a high awareness of its need, half of all DevOps teams are yet to integrate application security into their CI/CD pipelines.

While DevOps teams are taking on increasingly substantial projects and accelerating software releases, they frequently lack a clear strategy for integrating security into the development process. This gap between development and security teams persists in many organizations.

A survey involving more than 2,050 professionals drawn from the DevSecOps community revealed that 72% of respondents described application security as a “nuisance.” Also, 48% of developers participating in the survey said that, while they acknowledge application security is vital, they lack sufficient time to run security tests and harden the security of applications. Unfortunately, this underscores the challenges associated with aligning security and development efforts and highlights the need for a more integrated or automated approach to security within the DevOps workflow. Here are five application security testing best practices that can lead to more secure applications.

1. Integrating automated tools into the toolchain

According to Meera Subbarao, a senior principal consultant from the Synopsys Software Integrity Group, the key to efficient and secure development is utilising automated application security testing tools connecting with the CI/CD toolchain. The primary objective is to maintain a smooth development pace and workflow, all while preventing security issues from causing disruptions. Therefore, organisations need to establish direct feedback loops that provide actionable, prioritised vulnerability data to application developers to achieve this. Embracing such an approach ensures the swift resolution of any security vulnerabilities identified during the coding process.

In addition, Subbarao draws attention to the findings of the 451 Research report , which sheds light on a significant obstacle to realizing successful DevOps: the absence of automated and integrated security testing tools. She points out that the report underscores a deficiency in the security aspect of DevOps, as only half of the respondents incorporate any elements of application security testing into their CI/CD pipeline.

Despite this, the demand for security automation is rapidly escalating, driven by the urgent need for modern businesses to integrate vulnerability scans and penetration testing results into the DevOps framework to create a continuous security testing process. Furthermore, mission-critical applications should undergo more frequent testing due to their constant evolution, as they pose heightened risks to the organization.

2. Embrace a leftward shift right from the start.

The traditional method of conducting application security testing just before deployment has lost effectiveness due to the unprecedented speed at which developers develop and deploy new code. Furthermore, development teams are rapidly expanding, hiring at a rate of eighty developers for every application security professional. Thus, this glaring imbalance necessitates organisations to adopt a cooperative application security management approach.

In this regard, application security professionals should provide developers with the necessary tools and procedures and transition to a more process management and governance-oriented role rather than solely focusing on hands-on testing, a traditional role.

Additionally, shifting security to the left, right from the start, is a vital application security testing practice. Embedding security controls as essential components of the integration and deployment processes enables a security-by-design approach, ensuring that released applications contain built-in security mechanisms. This approach facilitates early detection and more straightforward rectification of security defects within the development process.

3. Leverage abuse cases when testing the application.

Adopting a hacker’s or malicious user’s mindset in application security testing can be a valuable strategy. As such, developers should explore various ways an attacker or user could exploit their access to an application, potentially compromising sensitive data or critical systems. Adopting such a forward-thinking approach empowers developers to anticipate and mitigate potential misuse effectively.

In addition, integrating abuse cases into the Quality Assurance (QA) process is instrumental in bolstering security. These scenarios go beyond traditional functional testing by simulating legitimate and malicious usage, providing valuable insights into how an application responds under different conditions. This comprehensive perspective allows developers to implement robust security measures, ensuring the application’s resilience to potential threats. In other words, automating these tests as part of the QA process ensures they become an integral component of ongoing testing, complementing standard regression tests.

Furthermore, abuse case testing can help developers refine security measures, ensuring applications remain resilient against misuse. Essentially, continuously enhancing the abuse case models and adapting to emerging threats helps developers maintain a strong defence against evolving attack vectors. Integrating security features inherent in chosen software frameworks can offer significant advantages. This practice enhances the overall security posture and streamlines the development process. Developers can create new features with integrated security considerations, reducing the need to focus on security aspects during the development lifecycle constantly.

When testing applications for security weaknesses, one must acknowledge that the threat landscape continually evolves. New vulnerabilities and attack vectors emerge regularly, making it crucial to stay ahead of potential threats.

4. Maintain vigilance about third-party code.

Managing third-party code in a DevOps setup requires vigilance. While open-source and third-party components can speed up code development, remember that even one flawed component can jeopardize your entire application.

A recent survey found that using third-party components results in an average of seventy-one vulnerabilities in each application. Furthermore, the survey revealed that only 23% of organizations using third-party components have established processes for testing the code for security weaknesses, and only 52% update components when security issues come to light.

An application’s flawed code component is a significant security risk, potentially providing an entry point for malicious actors. Hence, to counter this threat, maintain a well-curated inventory of the code components your application relies on and subject them to regular, rigorous testing. Continuous and comprehensive testing is the most effective way to secure your code against potential vulnerabilities.

Additionally, consider including open-source components in vulnerability and application scanning practices. Integrating open-source components into your security measures can bolster your defences and help you proactively identify and address security risks.

5. Incorporate patching in the CI/CD workflow.

The cybersecurity landscape evolves rapidly as new threats emerge. As such, taking swift action to identify and mitigate vulnerabilities is vital. When new vulnerabilities surface, malicious actors seek out unpatched systems or software.

Therefore, to counter this, integrating patch management into the CI/CD process can effectively remediate new threats as they emerge. This enables the rapid identification and resolution of security issues, thereby enhancing the security of the software.

Traditionally, patch management was the responsibility of the operations team, leading to delays in addressing vulnerabilities. However, incorporating patch testing and deployment into the CI/CD pipeline moves vulnerability detection and management from the operations team to the development process, allowing developers to address security flaws more quickly. As a result, this streamlined approach significantly reduces the time required for patching, ultimately bolstering the overall software security.

The CI/CD and DevOps methodologies are ideally suited for rapid vulnerability responses. Engineered for agility and efficiency, they seamlessly incorporate security updates with new features and code changes. This not only expedites the development process but also elevates the overall security of the software.

Strategically Navigating Application Security in a Complex Landscape

Organisations today face an increasingly complex challenge: ensuring the security of their digital assets against a backdrop of sophisticated threats. In this environment, a strategic partner in application security testing is crucial, and it’s a partnership that goes beyond the basics.

You need a partner that combines a holistic approach to security to navigate the digital terrain confidently. This includes harnessing open-source intelligence and a sophisticated browser-based crawling engine to identify application components potentially vulnerable to attacks. It’s about proactive threat identification and mitigation before attackers can exploit any weaknesses.

But that’s just the beginning. A comprehensive partner in application security goes further. They offer continuous vulnerability discovery and management, covering not only your internal estate but also your external one. This means that your organisation’s entire digital footprint is under watchful eyes, ensuring that no security gaps go unnoticed. Moreover, testing applications in a production environment is critical to a robust security strategy.

Choosing the right partner in application security testing is a strategic decision. It’s about more than just safeguarding your data; it’s about protecting your organization’s reputation, trust, and future.

How can JC Cyber Security Services Help?

JC Cyber Security Services will help you with providing assurance in your entire organisation’s security footprint. Our Web Application Penetration Testing tool performs comprehensive checks for a massive range of web application vulnerabilities – including authentication failures, misconfigurations and violations – from first principle to detect vulnerabilities in in-house application code.

The Vulnerability Analysis Engine provides detailed rationale behind each finding including a custom narrative to explain the detection methodology, verbose technical detail and proof of concept evidence through safe exploitation.

Want to know more, or want to discuss how Web Application Security Testing can assist your business, please get in touch to book a free Web Application Penetration Testing Demo below!

What is Web Application Security Testing and how can it help?

Mon, 19 Aug 2024 15:03:02 GMT

In the early days of the internet, most webpages were static, informational resources. As the internet matured however the power of the web to deliver richer content was leveraged, and static web pages were increasingly replaced by the adoption of dynamic web applications. Web applications deliver interactive experiences and often underpin vital commercial operations for businesses such as portals allowing customers to self-administer various account details, through to online retail sales, online banking, and more recently interactive online spreadsheets, project management, and customer relation management (CRM) tools.

These web applications leverage technologies such as AJAX (“Ansychronous JavaScript and XML”) and HTML5. With AJAX, web applications can send and retrieve data from a server asynchronously (in the background) without interfering with the display and behaviour of the existing page, behaving almost the same as a locally installed traditional (compiled) application installed as an executable on a personal computer. By decoupling the data interchange layer from the presentation layer, AJAX permits web applications to update displayed content dynamically without the need to reload the entire page, and underpins the delivery of the recent Single Page Application phenomenon.

All these usages mean that the platforms that underpin and deliver web applications necessarily store and grant access to significant volumes of customer, financial and other data. Security breaches on these kinds of web applications are a major concern because they can involve both enterprise data and private customer data.

How is a Web Application Constructed?

In order to understand how a web application might present specific and serious security concerns, it is important to understand how they are constructed.

In their most common form, a web application is generally constructed based on a model involving three “tiers” or layers known as the presentation , application , and storage layers. Each of these layers delivers specific functionality and crucially each must communicate with and pass data between it and the other layers. Even when carefully designed, these boundaries between the various tiers often introduce security weaknesses if errors are introduced in how data is passed between each layer.

In a web application, the user’s web browser forms the first tier (presentation layer) and displays (presents) information to the user, as well as taking input from them and communicating via HTTP protocol to the application layer on the web server;
The middle tier (application logic) consists of code or libraries that act as a dynamic engine using dynamic web content technology such as ASP, PHP, or Ruby on Rails. It forms the application logic, making decisions on whether requests from the presentation layer are authorised and how they should be routed, handled, processed, and responded to; and
A database forms the third tier (storage). It contains and controls access to all the data that the web application may need in order to handle requests and build responses to return to the client.

Errors in how any one of these layers is implemented can lead to security weaknesses being introduced in the application. Web applications are typically exposed to the Internet by design, at least in part, and security-related problems caused by errors in the program’s logic, implementation or configuration can therefore be exploited by a potentially unlimited number of attackers situated anywhere in the world.

Web applications by their nature are dynamic, and their complexity of functionality means that they have what security researchers term a large “attack surface” – the number of all possible points, or attack vectors, where an unauthorized user can access a system and extract data. The richer and more complicated the attack surface, the more potential areas for errors to be introduced, and the harder it is for an organisation to gain assurance that the web application is secure. Because of the sheer amount of data in modern web applications, and the difficulty in ensuring that they are suitably secured, web applications continue to be a prime target in attacks for malicious hackers.

What is the impact when something goes wrong in web applications?

A single flaw or software weakness in a web application or its framework can allow an attacker to either partially or completely compromise a server and the data that it stores. If a web application is not secure, this can lead to numerous issues including data breaches, loss of website control, and even fraudulent transactions. Security weaknesses are often expressed in terms of their impact on the “CIA Triad” , a term used to describe the three key metrics or principles of security delivery, and any failure which constituted a security breach or incident. The CIA triad consists of:

C – Confidentiality – an organization’s efforts to keep their data private or secret. In practice, it’s about controlling access to data to prevent unauthorized disclosure. Failures to ensure confidentiality are often expressed as “data breaches” and can involve the theft of private or financial data. This is perhaps the most considered form of security weakness, as well as the most widely reported type in the general media.
I – Integrity – the ability to ensure that records are accurate and have not been tampered with and can be trusted. A prime example would be the case of customer bank balances and transaction history in an online banking system – the accuracy of the data is essential to the provision of the service to the user as well as in the organisation’s own interest.
A – Availability -whether the web application is actually available and able to serve customers. It is important for all web applications, but a vital example might be an e-commerce or web sales platform. For many businesses this may provide their primary (or indeed only) revenue stream), so the loss of the web application platform’s availability has a direct and immediate impact on sales revenue. An example of a key threat to an application’s availability may be the delivery of a successful “DoS” (Denial of Service) attack by a hacker, in which an application is knocked offline and made unavailable to genuine users.

What causes security weaknesses in Web Applications?

Web applications are inherently complex in both their design, their implementation, and their operation, and trying to establish the root cause of software weaknesses in a meaningful manner is incredibly difficult. Organisations such as MITRE try and provide a hierarchical taxonomy of software weaknesses in a community-developed catalog known as the CWE. Examples of types of weaknesses include not validating or sanitizing form inputs, misconfiguring web servers, and application design flaws. Although the CWE provides different “views” that aim to group weaknesses in different ways depending on the goal (e.g. for analysis or to facilitate understanding or research) none of the views directly addresses the root cause of each in a meaningful way.

Perhaps the best way of understanding how security weaknesses are introduced in a web application is understanding how they are created. Web applications are like any other application in that they are developed under a Software Development Lifecycle (SDLC), consisting of seven theoretical phases of development – planning, analysis, design, development, testing, implementation, and maintenance – a failure during any one of which can lead to a security weakness being introduced. In practice, the SDLC is a model only and not every web application will step through each phase of development explicitly during its development – although failure to conduct or consider a given phase is likely to introduce security weaknesses by its very absence.

Possible causes of security weaknesses at each stage of a web application’s development include

Planning – failure to consider risks that may need to be addressed during the application’s development
Analysis – choosing an insecure framework or technology;
Design – introducing an architectural weakness;
Development – failing to follow secure coding standards, or using unsafe functions, introducing logical errors;
Testing – Failure to conduct testing of the application behaviour, especially under edge conditions, prior to release;
Implementation – Misconfiguration of the supporting platform or an error in deploying and configuring the application; and
Maintenance – Failing to patch and update the platform.

How can Web Application security testing help?

Security weaknesses are addressed using various measures that are collectively known as controls – they can be preventative (stop a weakness being introduced), detective (detect when a weakness has been introduced), or corrective (fix a weakness once it has been found).

Web application security testing is a key detective measure that helps to ensure that any issues that have been introduced during the application’s planning, design, development, and implementation are speedily detected and flagged for attention so that they can be addressed and remediated before an attacker can exploit them.

In modern deployment practices such as CI/CD (continuous deployment) pipelines, web application security testing can be performed against pre-production instances of the web application too, so that they can double as a preventative measure – spotting weaknesses in code even before it is deployed. This allows developers to fix issues before they are even introduced to production, leaving attackers with no attack window during which the web application is vulnerable to exploit.

What types of Web Application security testing are there?

The two primary forms of web application security testing are: static analysis (SAST) in which the code itself is examined (offline), analogous to the script for a play being read and examined for issues; and dynamic testing (DAST) tools such as our Web Application Penetration Tester in which the running application itself is probed for weaknesses while it is running, analogous to a live performance of the play being observed, rather than simply the script being looked at.

How does Dynamic Web Application vulnerability scanning work exactly?

Dynamic web application scanning works by sending requests across the network in the same way that a user’s web browser does, continually attempting to break into and compromise a web application in order to pinpoint any potential gaps in the application’s security. DAST works in the same way a hacker would therefore, attempting to gain access or take advantage of flaws and insecurities within web applications for real.

There are two primary approaches to vulnerability scanning – passive, and active. A passive scan performs non-intrusive checks, simply looking at items to determine if they are vulnerable. You can visualize this method by imagining encountering a door, but not touching it to see if it’s open or locked. If the door is closed, that marks the end of that branch of your investigation.

An active scan on the other hand, is a simulated attack on your site in order to access vulnerabilities as they would appear to an outsider and is where the real power of dynamic web application security testing lies. Sophisticated dynamic web application scanners perform this active testing via an “outside in” or “black box” approach, with no prior information of the application or code – if you visualize this as a door, the fact that it may be closed would not present a dead-end. Instead, your investigation would push you to test the door, perhaps pick the lock, or even force entry. To support this, dynamic web vulnerability scanners work by automating several processes: these include application spidering and crawling, discovery of default and common content, and probing for common vulnerabilities, It is during this last step, which is perhaps the most powerful, that the scanner searches for vulnerabilities via a process known as “fuzzing” – submitting numerous variants of each possible web request to the web application, carefully tweaking numerous parameters of the request one at a time to try and elicit an unexpected response from the application under certain conditions.

What kinds of issues can Web Application scanning detect?

Some of the more basic web application vulnerability scanners may solely identify vulnerabilities in commercial products – such as Apache web server – in which the vulnerability in question is already known/publicly disclosed and has a published CVE ID – that is, common cybersecurity vulnerabilities that have been catalogued and are assumed as being present based on recognised patterns and software versions recorded as being susceptible to that particularly vulnerability. However, our Web Application Penetration Tester is designed by experienced penetration testers, making it more thorough and accurate at identifying complex issues from first principles, meaning that it actively uncovers previously-unknown vulnerabilities, even in custom and in-house code.

Our Web Application Penetration Tester’s crawling engine uses a combination of application modelling techniques and subtle heuristic cues to automatically discover the complete attack surface of any given application in the shortest time possible. The algorithms are designed to model how a penetration tester or attacker would explore the application, to detect subtle vulnerabilities that other tools often miss and opening up attack vectors that are inaccessible to less sophisticated crawlers. It can therefore detect a range of vulnerabilities in in-house and custom code that is unique to an organisation and developed in-house by its own engineers.

Web application scanning is capable of detecting all common security problems, including “OWASP Top 10” issues such as broken access control, cross-site scripting (XSS), SQL injection, and other injection failures, security misconfigurations, and server-side request forgery (SSRF) vulnerabilities.

What else can be done to help?

It is important to appreciate that security is best assured via a “defense in depth” approach, meaning that no single measure – such as web application security scanning – should be considered to be a panacea, no matter how effective. Rather, a strong web application security scanner should be considered as part of an effective arsenal of tools leveraged against preventing, detecting and correcting any potential security issues.

The exact list of measures most appropriate for a given organisation will vary, but in general it is worth considering what measures can best be performed at each stage of the software development lifecycle, mapping a chosen control (or controls) to each phase of the web application’s development.

How can JC Cyber Security Services Help?

Want to know more, or want to discuss how Web Application Security Testing can assist your business, please get in touch to book a free Web Application Penetration Testing Demo below!

How Training Benefits Employees

support@eazi-sites.com (Eazi Business) — Wed, 22 May 2024 20:52:51 GMT

Training employees is an exercise implemented by high-level management or a person of authority within an organisation to provide employees ample opportunities to develop their skills, knowledge, qualifications, and certifications. In general, training schemes for employees should be consistently provided to ensure continual skill improvement, ensure workplace competence, and to refresh staff on their roles and responsibilities within their field of work.

From a financial perspective, by consistently investing and developing your staff, your organisation should see an immense return on investment as employees can grow their knowledge base and improve their job skills to become more effective in the workplace. It’s often compulsory for some level of training (an induction) to be offered to new members of staff as you introduce them to their role. However, it’s just as worthwhile to provide training to existing members of staff, as it’s likely to help with the individual employee’s development, sense of value, and benefit your business in the process.

There are several other reasons why it is important for employers to initiate consistent training programs for their employees. In this post, we are going to explore these benefits further but also discuss the implications it will have on your organisations, specifically within the field of Cyber Security.

Cyber Security Training & Awareness

We at JC Cyber Security specialise in all aspects of Cyber Security and are happy to offer Information Security Awareness Courses to ensure your workforce are competent in the following areas:

Phishing Awareness

Office hygiene

Privacy issues

Ongoing Compliance

Insider threats

CEO/Wire fraud

Data in motion

Password Security

Whether in our personal lives or at work, Cyber Security Training & Awareness is important for us all. There are many different types of hackers who have different skills, motivations, and morals regarding the actions they perform online. Furthermore, threat-actors will always be evolving their methods and trying to gain an angle on your organisation to exploit your vulnerabilities. Keeping up to date with the latest trends, vulnerabilities and security optimisations for every single business asset can be extremely time consuming and financially straining.

Every employee is a potential vulnerability, and as an organisation who potentially handles, processes, and transfers personal customer data, it is your responsibility to ensure that data handled holds its confidentiality, integrity, and availability . Staff working remotely , potentially due to COVID-19 and the resulting lockdown and restrictions enforced in 2021 has piled more pressure on organisations providing Cyber Security Awareness Training due to each employee’s home having to be considered when protecting your cyber profile.

To ensure staff competence in information security, we recommend training your employees at least once a year with Security Awareness Training , and then reinforcing training with monthly Awareness Campaigns and quarterly Phishing Simulations . Continuous programs like this are not exhaustive but keep security awareness front of mind for you, your business, and your staff.

There has never been a better time to become Cyber Secure.

Benefits of Training Staff

Improve staff skills and knowledge

Employee training programs help improve the knowledge and skills of employees to match the various changes for the given industry they work in. These improvements will positively impact the productivity of workers, which can increase business profits and efficiency.

Help meet staff performance appraisals

To monitor staff progress, development, and the impact they are having while at your organisation, key performance indicators are set every period to manage staff effectiveness and ROI. Typically, said performance indicators may rely on employees developing a new skill set or competence in a certain area of work.

By undergoing training schemes and courses, key performance indicators can be met ultimately leading to a successful appraisal. If during an appraisal, you find a gap in knowledge, or the organisation as a whole is lacking or failing to meet certain standards, procedures, or goals, you can use that information to structure future appraisals.

Prepare employees for higher responsibilities

Training programs can also help prepare employees who are moving into higher roles and taking on more responsibilities. Training programs will help staff develop and solidify the skills necessary to function effectively in their new positions. For example, they may be trained in leadership skills or in a specific software they will use in their new role.

Show employees they are valued

Implementing training programs in the workplace will help employees feel like the company is invested in them. By continuing to teach your employees new skills and abilities, they will not just become better workers but improve their own and potentially department morale.

Test the efficiency of a new performance management system.

Employee training programs help your organisation test the efficiency and effectiveness of a new performance management system, which can help HR establish clearer performance expectations. Using these systems to train your employees will reinforce the necessity of meeting goals and help employees better understand what is expected of them.

Increase productivity and performance

When employees undergo training, it improves their skills and knowledge of the job and builds their confidence in their abilities. This will improve their performance and make them work more efficiently and effectively.

Unify the work process

When employees in a workplace are exposed to training, it helps to standardise the work process among the staff. Workers will apply and follow similar procedures because of their exposure to similar training.

Reduce waste

When employees are trained, they will learn to make good, safe, and economical use of the company's materials, tools, and equipment. Accidents and equipment damage will be minimised, and this will keep waste low.

Reduce supervision

Though training employees should not eliminate the need for supervision, it can significantly reduce the need for excessive supervision in the workplace – freeing up other staff for more important responsibility.

Promote from within

When an organisation needs professionals with new or specific skills, they don't have to go into the market to employ new professionals from outside sources. They can look inward and select promising staff members who can be promoted after they are trained in this set of new skills needed. Promoting staff within can help speed up the process as they will already understand your organisations policies, procedures, values. ethics, visions and missions.

Improved learning structure

When a company has an organised system of training for employees, it helps them learn in a consistent and systematic way. It also prevents the employees from learning by trial and error.

Increase customer valuation

When employees are exposed to consistent training, it improves their skills on the job and makes them work more professionally and productively. Customers will feel the impact of this elevated service, and it will improve their opinion of your organisation and lead to less negative customer experiences.

Create a better workplace environment

Consistent training will help employees work more effectively in the workplace environment. This brings about an atmosphere that encourages every employee to feel valued and welcomed.

Keep staff up-to-date with updated technology

With the ever-increasing change in technology across all industries, exposing employees to new techniques in advanced technology will help to increase efficiency and productivity as they are kept up to date with the latest technological trends.
If employees are not consistently updated, shifting the company to new/updated software may have a huge impact on productivity.

An Introduction to Security Awareness Training (SAT)

Wed, 15 May 2024 20:29:16 GMT

Information Security Awareness Training is a strategy used to improve staff awareness, prevent, and mitigate user risk within your organisation while also helping employees understand their roles and responsibilities in combatting information security breaches.

Through continual and successful training, staff will hold a better understanding regarding cyber hygiene, the security risks associated with their actions, and be better equipped to identify cyber-attacks they may encounter via email and the web.

Information Security Awareness Training Involves:

Phishing Awareness

Teaching employees how to recognise, avoid, and deal with potential social engineering attacks from phishing emails

Office hygiene

Helping employees understand the best way to protect paper, desks, screens, and buildings and minimise risk

Privacy issues

Instructions on how to protect the sensitive data of customers, partners, employees, and the company.

Ongoing Compliance

Covering compliance for HIPAA, PCI and GDPR.

Insider threats

Instructing employees how to recognise threats that may come from inside the organisation, how to deal with insider threats and how to manage access control. This can ensure the integrity of customer data within the CIA triad

CEO/Wire fraud

Showing employees how attackers may impersonate a C-level executive to defraud the company of thousands of pounds

Data in motion

Helping employees understand how vulnerable data in motion is and how they can protect it.

Password Security

Policy and procedure creation concerning the best password management guidelines, strong password creation, avoiding password duplication, and avoiding use of personal passwords

Why your employees need Security Awareness Training?

Research suggests that human error is involved in more than 90% of security breaches. Therefore, it is extremely important that your organisation is doing everything it can to minimise risk thus preventing the loss of assets, suppliers, financial strength, or brand reputation.
By taking the necessary actions and improving staff competence, stakeholders will have a better customer experience as they are less likely of becoming a victim due to your poor information management practises. Furthermore, higher staff competence will lead to employees feeling more valued within your organisation as their skills, qualifications, certifications, and awareness are all being strengthened.
Training can specifically address common cyber mistakes your employees make and eliminate the risks associated therefore maintaining the confidentiality, integrity, and availability of your data.
Due to Covid-19, and the resulting lockdown and restrictions, employees working remotely is now a more common practise within the business landscape. Due to this, businesses are facing more vulnerabilities than ever due to each employee having different working environments.
Information Security Awareness Training can provide peace of mind to high-level staff as staff will understand how to identify vulnerabilities within their working space and how to avoid them.
Many organisations are ditching high-street premises and operating online is becoming the norm - it’s harder than ever for employees to verify sources over the phone, online and through email communication.

How long does it take to build a security awareness training program?

The time required to build a security awareness training program depends on the technology and methodology you choose. With JC Cyber Security and our Hut Six online platform , training can be deployed and configured quickly, rolling out awareness training to a global workforce easily.

We recommend training your employees at least once a year with security awareness training, and then reinforcing training with monthly awareness campaigns and quarterly phishing campaigns. Continuous programs like this are not exhaustive but keep security awareness front of mind for you and your business.

How much does a Security Awareness Training Program cost?

The cost of an effective security awareness training program will vary depending on the size of your organisation. Both small to mid-sized businesses and global enterprise organisations can implement our Hut Six Training & Awareness programmes for a fraction of what a successful cyber breach costs a company in revenue losses.

If you’d like us to quote how much a Security Awareness Training Programme would cost your organisation Contact Us and one of our Cyber Security Experts will be happy to provide an accurate quote.

How Phishing Simulations can provide a baseline

Testing your employees with phishing simulations is an important part of your overall Information Security Awareness Program. You can run targeted Phishing campaigns to test current staff awareness/competence with minimal risk by:

Using real-life de-weaponised attacks such as phony promotions and package tracking to fake news and password resets due to unauthorised logins.
Specifying which employees will receive your phishing emails allowing you to test different phishing simulated emails against different departments.

How Phishing Simulations work

First, your organisation will need to make a decision regarding who is responsible for the simulation. The best method would be to book a consultation with JC Cyber Security Services to determine your requirements and goals of the phishing simulation(s).

After a consultation with us, we design and develop a targeted phishing campaign that simulates a phishing attack vector against your employees and assets. The actual vector deployed will be agreed after a scoping discussion and will be carefully designed in a non-destructive way that target employees of your choice.

After the simulation has been performed, we will measure and interpret the results to provide trend analysis, highlight problem areas and recommend solutions.

ISO 27001 Certification Guide

Wed, 08 May 2024 22:46:30 GMT

What is ISO 27001?

IS0 27001 is the international standard that provides the specification for an Information Security Management System, also known as an ISMS. Learn More...

What is an ISMS?

An ISMS is a systematic approach consisting of people, processes, and technology that supports your business by protecting and managing all your information through a risk management process.

ISO 27001 Certifacation

As certification with ISO 27001 is not mandatory - not all organisations may choose to achieve it. However, there are many benefits to becoming certified. Read more...

If not managed correctly, becoming certified and creating an optimal ISMS can be difficult. Company-wide decisions regarding the following have to be carefully thought out and managed:

Recruitment

Planning

Funding

Implementation

Staff

Competence

Post-Launch Management

Training &

Awareness

How much does certification cost?

The cost for obtaining ISO 27001 certifacation can depend on many different factors within your business such as people, processes and technology. Therefore, it's incredibly important to find out before you go ahead with your implementation processes.

ISO 27001 Certifacation Checklist

Step 1 - Assign/Implement a team to carry out the project

It may not be financially achievable for your business to build your very own internal team – it could be beneficial to seek an external institution to manage this project for you as hiring suitable staff with the necessary experience, qualifications, and certifications can take a lot of time, management, and funding to acquire. If you would like to know more about how JC Cyber Security can help your business become ISO 27001 compliant, contact us and one of our Cyber Security Experts will be happy to assist you.

Once you have implemented a suitable candidate to serve as project lead, they will be responsible for overseeing the implementation of your ISMS, and creating a project mandate, answering the following questions:

What are we attempting to achieve?
How long will this process take?
How much funding will this project cost?
Do we currently have to correct amount support to complete the work?

Step 2 - Produce an Implementation plan

Once the project mandate from step 1 has been agreed with senior management, the team will now create a more detailed outline regarding the plan, information security and any identified vulnerabilities from the initial risk assessment.

At this stage, high-level policies will be thought out for the ISMS that establish:

Staff roles & responsibilities
Managing the ISMS post-launch (to ensure it doesn’t become obsolete)
Ensuring minimal business disruption when implementation is complete
Necessary staff/departments that may require training and awareness courses to ensure staff competence

Step 3 - Determine a continual improvement methodology

There is not a particular methodology that Is applicable to all organisations - you can use any approach if your ISMS requirements and processes are

Clearly defined
Implemented appropriately
Regularly reviewed and improved

Create a ISMS policy detailing what your organisation wants to achieve and how they will go about completing this work

To be signed off by senior management before any work is initiated

Creating a document structure of the following

Policies defining your organisations position regarding acceptable use, password management and any other identified issues
Procedures that enact said policies requirements
Documentation on how employees are expected to meet said policies

Step 4 - Define the scope of your ISMS

Understanding the scope and defining the overall scale is crucial. This process involves documenting how your ISMS will tackle the following questions:

What level of reach will it have in your organisation?
What impact will this have on your day-to-day operations?
Will the ISMS meet all our needs?
Where do we store our data?
What type of data do we process?
What infrastructure do we have in place?

If your scope is too small, you will not appropriately protect your organisation and its stakeholders

If your scope is too big, your ISMS will not efficiently protect your organisation

Step 5 - Identify your security baseline and mitigating risk

Identify the minimum level of activity required to conduct business in a safe and secure fashion – to identify this, use the information gathered from a ISO 27001 risk assessment

Step 6 - Implement a risk management process

Risk management is a core aspect for your organisation and becoming ISO 27001 compliant as it will help:

Establish a risk assessment framework
Identify risks
Analyse risks
Evaluate risks

Once a risk has been identified, you must address it. You can either

Tolerate the risk
Remove the risk by implementing the appropriate controls and safeguards
Avoid the risk by using an alternative method
Transfer the responsibility of the risk to another party through an agreement

Complete a SoA (Statement of Applicability) document concerning the controls you have selected and omitted – detailing why you made the choices you have

Step 7 -Implement a risk treatment plan

to build security controls and safeguards that will protect your information so that

Security Controls are effective
Staff can operate your ISMS controls
Staff understand their information security obligations

Step 8 - Review your ISMS

Once you have successfully implemented your ISMS, you must ensure that it is working appropriately – to do this you must review it.

To undertstand whether or not you are ready to apply for certifacation
You can use a quantitative analysis (where you assign values to risk) determining how devastating they can be if exploited by a threat-actor
You can use a qualitative analysis which is based on contextual judgment

Conduct internal ISMS audits

One department at a time (to prevent company-wide loss in productivity and ensures your auditing staff are not stretched too thinly)
Results from the audit can feed your continual improvement process

Step 9 - Certification

Once all the necessary processes and documentation has been implemented, you then can seek ISO 27001 certification. You should only apply for certification once you are confident

As the overall process can be time consuming
You will still be charged if you fail

Certification requires an external audit which is conducted in two stages by a third-party certification body who must be a member of the IAF (International Accreditation Body)

The first audit determines whether your ISMS has been developed in line with ISO 27001 requirements – if the criteria is met, the auditor will conduct a more thorough investigation. This stage requires evidence to be provided of all critical aspects of your ISMS.
If you pass the first stage, the auditor will conduct a more thorough assessment. This will involve reviewing the actual activities that support the development of the ISMS. The auditor will analyse your policies and procedures in greater depth, and review how the ISMS works, with an on-site investigation. The auditor will also interview key members of staff to verify that all activities are undertaken following the specifications of ISO 27001.
If certification is achieved, it is valid for 3 years. However, your ISMS will need to be managed and maintained throughout that period. Auditors from the CB will continue to conduct surveillance visits every year while the certification is valid.

ISO 27001 Explained

Wed, 01 May 2024 19:53:36 GMT

As the risks associated with cyber attacks and data breaches continue to increase, information security has become a critical issue for every business.

IS027001 is the international standard that provides the specification for an Information Security Management System, also known as an ISMS. An ISMS is a systematic approach consisting of people, processes, and technology that supports your business by protecting and managing all your information through a risk management process.

As the mainstay of the 27000 series, ISO27001 provides a globally recognised framework for structuring best security practice management. These standards help organisations keep information assets secure by offering a set of specification, codes, conducts and best practice guidelines to ensure strong information security management.

However, it is important to note that ISO 27001 will only provide the specification of an effective ISMS whereas 27002 will provide the code of conduct, guidance, and best practices to effectively implement your ISMS.

An ISMS, particularly one that confirms to ISO 27001, can help organisations complying with laws, such as GDPR, or the Network and Information Systems Regulations, also known as the NIS Regulations.

ISO 27001 focuses on protecting 3 key aspects of information -

Confidentially - Separating information into various collections that are organised by who needs access to the information and how sensitive that information actually is.

Integrity – Protecting data from deletion or modification from any unauthorised party, and when an authorised person makes a change that should not have been made, the damage can be reversed.

Availability - Authentication mechanisms, access channels and systems all have to work properly for the information they protect and ensure it's available when it is needed.

ISO 27001 is one of the most recognised information security standards in the world. The standards in place are there to support organisations managing their security posture in a consistent and cost-effective way - it’s technology and vendor neutral while being applicable to all organisations, regardless of size, type, or nature.

As certification with ISO 27001 is not mandatory - not all organisations may choose to achieve it. However, there are many benefits to becoming certified:

It’s a proven, externally validated proof of your organisation’s willingness to confirm to internationally accepted information standards
Your assets are safeguarded

Improved management control
Meeting customer/supplier criteria
Customer and regulator confidence
Demonstrable information security provision
Business continuity

Compliance with legal requirements
A more cyber aware workforce
Cycle of continual improvement
Reduced cost (less risk of facing fines)
Provides a competitive advantage

ISO27001 Controls

Organisations are instructed to compare the controls they currently have in place, with the best-practice controls provided in ‘Annex A’ to determine their current security posture. Any identified controls that are missing can then be implemented or improved to ensure ISO 27001 criteria is met. Complying allows your organisation to apply for certification. If certain controls within Annex A do not seem applicable to your business, and you are looking to become ISO 27001 certified, you must document the reason to why you believe they are not applicable.

There are 114 best-practice controls in Annex A that are split in to 14 categories. We will briefly describe these 14 categories.

Annex A.5 – Information security policies

Ensures policies are written and reviewed in line with the overall direction of your businesses information security practices.

Annex A.6 – Organisation of information security

Covers the assignment of responsibilities for certain tasks
Having an established framework for implementing and maintaining information security practices
Managing the best practice for mobile devices and remote working staff

Annex A.7 – Human resource security

Covers employees and contractors so staff can have a full understanding of their responsibilities
Covers staff’ responsibility pre-employment
Covers staff responsibility during employment
Covers staff responsibility post-employment

Annex A.8 – Asset management

Concerns identifying information assets within the scope of the ISMS
Ensures that assets are subject to the correct level of defence
Handling media
Ensuring that data is not subject to unauthorised access, modification, or destroyed

Annex A.9 – Access control

Ensures that information available to employees are relevant to their job role only
Divided in to four sections addressing business access control requirements, user responsibilities and application access control.

Annex A.10 – Cryptography

Data encryption and the management of sensitive data
Designed to ensure organisations use cryptography both properly and effectively
Protect data confidentially, integrity and availability

Annex A.11 – Physical and environmental security

Procedures that can prevent unauthorised physical access, damage or interference to an organisations premises or information held within
Deals with preventing the loss, damage, or theft of business equipment that manages business assets

Annex A.12 – Operation Security

Used to ensure the facilitates that process information are secure
Operational procedures and responsibilities
Ensuring that the appropriate defences and safeguards are in place to mitigate infection from malware
Establishes back-up requirements so data is not lost
Logging and monitoring processes so that evidence can be collected when a event occurs
Technical vulnerability management so third-party threat-actors cannot exploit systems
Requirements regarding the integrity of software-packages
Information systems and audit consideration so minimal business disruption occurs during an auditing process

Annex A.13 – Communications security

Network security management and ensuring confidentially, integrity, and availability of information regarding the information your networks process
Managing the security of information in transit with other departments within your organisation or with third parties and customers

Annex A.14 – System acquisition, development, and maintenance

Covers information security regarding process life cycle and ensuring it remains a central part of the organisation

Annex A.15 – Supplier relationships

Covers contractual agreements with third parties
Addresses the protection of valuable business assets that suppliers have access to
Ensures both parties maintain the same level of information security

Annex A.16 – Information security incident management

Managing and reporting cyber security incidents
Identifying which employees should take responsibility for specific actions
Ensuring a consistent and effective approach concerning incident response

Annex A.17 – Information security aspects of business continuity management

Having an effective system that manages any business disruptions

Annex A.18 – Compliance

Ensures you can identify relevant laws and regulations your organisation must comply with
Any contractual agreements that must be met
Mitigating risk of non-compliance and the fines that accompany them

Getting started with ISO 27001

It is important to ensure business continuity – ensuring a hassle-free transition can be extremely beneficial for your organisation. However, not implementing controls correctly can have major implications in the future, so it is important to get it right the first time around.
If you’d like a helping hand with becoming ISO 27001 compliant, we at JC Cyber Security Services are happy to guide you through the process, and instruct the best method of implementation, specifically tailored to your business needs and requirements. Not only are we happy to advise, but we are also able to help implement systems that have been identified to be missing or weak.

How to get ISO 27001 certified?

Once you have met the various requirements requested by ISO 27001, the next step is to seek certification. Certification is the procedure where an external certification body provides written assurance that an organisations ISMS confirms to the requirements of ISO 27001. The process involves going through a certification audit: where an expert from a certification body visits your business to examine your ISMS. If they are satisfied, they will award a certificate.

Types of Hackers – The 6 Hats Explained

Mon, 08 Apr 2024 21:15:05 GMT

What is hacking?

‘Hacking’ refers to activities performed by a threat actor (a ‘hacker’) that seeks to compromise digital services, such as computers, smartphones, and networks. Hackers are usually characterised as only being unlawful, motivated by financial gain, information gathering, or even just for the thrill of having a challenge.

Although the above statement is true, the reality is much more complicated – hacking can be performed by many different types of people with different goals and motivations. Most importantly, hacking can be ethical and help many businesses and people keep safe online. Now it might seem odd to use both ‘hackers’ and ‘ethical’ in the same sentence, but that’s exactly what we at JC Cyber Security Services are! While the media might do a good job of making it look like all hackers are out there with malicious intent, the reality is that there are lots of different types of hackers out there - each one with their own motivations, skills and intent.

In the cyber security world, we describe different types of hackers through a coloured ‘hat’ system, such as:

White Hat Hackers
Black Hat Hackers
Gray Hat Hackers
Green Hat Hackers
Blue Hat Hackers
Red Hat Hackers

This is not an not an exhaustive list – We’ll be adding more content in the future!

White Hat Hackers

White Hat hackers (also known as ‘ethical hackers’) are professionals with expertise in cyber security, hired by organisations to ethically run hacking simulations in accordance with industry guidelines, to closely mimic real-world targeted attacks. By actively testing organisation’s defences, white hat hackers help businesses understand their security posture while also improving defences, reducing the likelihood of experiencing a cyber-attack, and ensuring continued business confidentiality, integrity, and availability.

Being the opposite to ‘Black Hat’ hackers, white hat hackers provide companies with ongoing support in the battle against cyber threats by actively keeping up to date with the latest cyber threats and testing assets within the organisation to find potential vulnerabilities..

The different ethical hacking job roles:

There are several roles associated with ethical hacking, the scope of which can vary depending on your area of expertise and the organisation/sector you are working in. Some of the most popular ethical hacking jobs include:

Penetration tester - Penetration testers perform ethical, authorised tests on applications, systems, networks, and infrastructure to identify weaknesses. Penetration testers will often specialise in one system.
Computer crime investigator - This role focuses more on what happens after post data breaches. From hacking to other types of illegal activity, a computer crime investigator will look at the systems auditing and monitoring systems to conclude on how and why something illegal occurred.
Data security analyst - A data security analyst is usually an in-house role that focuses on identifying potential vulnerabilities within an IT system. They will then recommend and implement safeguards on to said assets to prevent breaches, such as creating firewalls and putting encryption in place.

Black Hat Hackers

Black Hat hackers are the stereotypical ‘hackers’ we mentioned during our introduction. Black hat hackers are criminals who attempt to gain unauthorised access to business assets to steal confidential information for their own financial gain.

Many Black Hat hackers start as novice "script kiddies" using publicly available hacking tools to exploit security vulnerabilities whereas the upper echelon of Black Hats tend to be skilled hackers who work for sophisticated criminal organisations. Black Hat hackers often develop specialities, such as phishing or managing remote access tools. Some develop and sell malicious software themselves, but others may prefer to work through franchises or leasing arrangements, just like legitimate businesses.

Other illegal activities include

Sending phishing emails and SMS messages.
Writing, distributing, and selling malware like viruses.
Denial of service (DDoS) attacks to slow down or crash business websites.
Earning money for performing espionage.
Finding and exploiting vulnerable databases, applications, security controls, websites, infrastructure, and any other vulnerable company assets.
Selling financial and personally identifiable information on the Dark Web.
Executing financial/identity fraud.
Deploying brute-force attacks, scareware, botnets, man-in-the-middle attacks, advertising campaigns, etc.
Blackmailing the victims using ransomware and spyware to encrypt, lock, steal, modify, and delete user data (Black hat hackers typically demand money to provide users back access to their files, system, databases, or the entire device).

Black Hat hacking is a global problem, which is why every business needs a strong security posture. The challenge for law enforcement is that hackers often leave little evidence, use the computers of unsuspecting victims, and cross multiple jurisdictions. Although authorities sometimes succeed in shutting down a hacking site in one country, the same operation may have multiple nodes in many countries, allowing cybercrime groups to operate 24/7.

The best protection against black hat hackers is to have the knowledge and awareness to avoid becoming a victim. Keeping your firewall optimal, updating, and running reputable antivirus software and applications, keeping operating systems up to date while also having the appropriate business policies and procedures in place are a few examples that can reduce vulnerabilities. Additionally, if you’d like to know more about keeping safe from black hat hackers, read our remote working blog.

Gray Hat Hackers

G rey Hat hackers have all the skills of a Black and a White Hat hacker, but, the difference is, they don’t care about stealing, nor do they particularly want to help people. Instead, they like to play with systems and enjoy the challenge of finding gaps, breaking protections and generally just find hacking fun. Despite their skill set and the fact that they do break into systems, Grey Hat hackers will rarely do anything harmful. They break into things because they can, and then move on. Grey Hat hackers make up much of the hacking community,

Green Hat Hackers

Green Hat hackers are often described as the “newbies” in the world of hacking. Green hat hackers are not aware of the security mechanisms and the inner workings of the web, but they are keen learners and determined to elevate their position in the hacker community. Although their intention is not necessarily to cause harm, they may be if they choose to be.

Green Hat Hackers vs Script Kiddies

There’s another type of hacker that’s like green hat hackers — they’re known as ‘Script Kiddies’. – we mentioned them earlier. Script kiddies, like green hat hackers, are amateur hackers, but instead of learning new hacking techniques, they’re simply interested in downloading or buying publicly available malware, tools, and scripts online. The main difference between green hats and script kiddies are that green hat hackers are generally serious and hardworking, having a clear vision to improve their skills whereas script-kiddies are only interested in pre-existing scripts and codes to hack. This is generally because script-kiddies want to make a quick buck without putting in the time and effort to make something themselves. Green hat hackers often take the proper educational path, earning certificates, and taking skill development courses to learn hacking. But script kiddies simply find shortcuts

Blue Hat Hackers

Blue Hat hackers can be broken down in to two groups:

Vengeful and aggressive - but only if you create them:

These blue hat hackers often take existing code for malware and viruses they find online, then modify it to meet their needs. They use this code to target the business or individual they feel has wronged them to inflict revenge. Generally, Blue Hat hackers are only a problem if you’ve made someone angry and they have the expertise to make you regret doing so. This could be a customer, supplier, or current/previous employee.

Outside Security Professionals

Blue hat hackers can also be security professionals that work outside of an organisation. Companies often invite these blue hat hackers to test the new software and find security vulnerabilities before releasing it to the public. Sometimes, companies organise periodic conferences for blue hat hackers to find the bugs in their crucial online systems.
Blue hat hackers perform penetration testing and deploy various cyber-attacks without causing damage. Microsoft often organizes such invite-only conferences to test its Windows programs. That’s why some blue hats are known as blue hat Microsoft hackers.

Red Hat Hackers

Much like white hat hackers, red hat hackers try to take a more ethical approach to their work but decide they must operate in between the lines of good vs bad to achieve their goal.

Red hat hackers are like the ‘pseudo-Robin Hood of the cybersecurity field’ — they take the wrong path to do what they deem is the right thing to do - when they find a black hat hacker, they deploy dangerous cyber-attacks against them to limit their ability to perform malicious intent.

Red hat hacker tactics:

Infecting the bad hackers’ systems with malware,
Launching DDoS attacks,
Using tools to gain remote access to the hacker’s computer to demolis h it.

In short, red hats are the types of hackers who often choose to take aggressive steps to stop black hat hackers. They’re known to launch full-scale attacks to bring down the bad guys’ servers and destroy their resources.

Conclusion

We hope that this post has helped clear a few things up and provides some insight into the world of hacking in all its colour! At JC Cyber Security Services, our job is that of White Hat hackers: to keep all the other hackers out of your business by identifying weaknesses, protecting your assets, your stakeholders, and your data, ensuring smooth business operations. If you would like to know how we can help your business or would like to know more about how to protect yourselves from malicious attackers, please get in touch .

Different Types of Penetration Testing

Mon, 01 Apr 2024 18:22:01 GMT

Before we delve into the different types of penetration testing , their methods, and what assets they test, it is important to understand what penetration testing is . Penetration testing is a form of an ethical hacking simulation conducted in accordance with industry guidelines, which aims to closely mimic real-world targeted attacks that organisations face daily. By actively testing your organisation’s defences, you can understand your security posture while also improving your defences, reducing the likelihood of experiencing a cyber-attack, ensuring confidentiality, integrity, and availability .

What can Penetration tests be performed on?

Website Application Penetration Testing

A website application penetration test is an ethical hacking simulation designed to assess your businesses web applications regarding their architecture, design, and configurations. An assessment is conducted to identify any cyber-related risks that could allow any unauthorised access to sensitive data or impact business continuity.

Web applications are an attractive target for cyber criminals as they play such a crucial part in business success. Customers not being able to access your web applications could reduce ROI (return on investment) and impact customer loyalty as they might prefer another consistently available.

To perform the best possible web app penetration test, your business will need a team that hold a deep understanding of the latest tactics and techniques that threat actors are using to compromise business web applications.

Website application Penetration Test methodology

Before the web application penetration test can be started, the penetration testing team will need to understand the scope of the assessment. This includes having a conversation about which specific web applications are to be tested and whether the assessment will be authenticated (log-in credentials are known) or unauthenticated (log-in credentials are unknown).

The tester will use a range of tools in their arsenal to discover any vulnerabilities within the web applications. Following this, should any vulnerabilities be found, the tester will proceed to exploit those vulnerabilities – demonstrating a ‘real world attack’ from a malicious actor.

After the web application penetration test, the tester will produce a custom-written report, detailing weaknesses identified and the follow-up steps to avoid these vulnerabilities being exploited by someone with malicious intent.

Website application Penetration Test Benefits

Internal Network Penetration Testing

Internal network penetration testing is an ethical hacking technique used to simulate a scenario where the attacker will already have internal access to your organisation’s system(s).

The aim of an internal penetration test can be either specific, or general, but will always have the same objective: either take control of as many assets as possible or reach a specific target within the organisation.

As a result, an internal network penetration test will provide a true representation of how vulnerable your organisation might be by identifying what actions can now be performed that the threat actor has access – those potentially being:

Unauthorised data disclosure
Data misuse
Data alteration
Data destruction

Since the threat actor will have already gained access to your organisation’s system(s), the purpose of an internal network penetration test will be to determine what assets are at risk, how they might be targeted, and what security controls may need implementing or strengthening to avoid future business disruption.

Internal Penetration Test Methodology

The penetration testing team will use a range of tools in their arsenal to discover any vulnerabilities within your businesses network. This toolbox includes a range of automated and manual tools selected specifically to fit around your organisation. Following this, should any vulnerabilities be found, the tester will proceed to exploit those vulnerabilities – demonstrating a ‘real world attack’ from a malicious actor.

Furthermore, if the tester has successfully exploited a vulnerability, then they will attempt to see what they can do from there. For example, if the tester manages to get onto a device, they will see whether they can pivot onto another machine to pass through the network. If the tester successfully bypasses detection and gets into the corporate network, then they will look to see what they can do from there.

The tester continuously aims to escalate their access control and try to get Domain Admin credentials. However, if no vulnerabilities have been discovered (or no vulnerabilities discovered that are worth exploiting) then the tester will conclude the test and begin writing up the report.

The report will detail all the vulnerabilities that have been discovered during the internal penetration test and will endeavour to provide a detailed description of how to remediate that certain vulnerability. If the vulnerability was exploited, the tester will detail how this was exploited and what the result of exploiting such vulnerability was.

External Penetration Testing

External network penetration testing is an ethical hacking technique used to simulate a scenario that examines all aspects of externally facing IP addresses and services that are publicly available such as:

Identifying misconfiguration with business security controls (such as a firewall)
Identifying any other vulnerabilities and further exploiting those applications/systems
Compromising administrative services and interfaces

As this is an external test, all work can be done remotely (compared to an internal pen test) and does not require an on-site engineer. Although this can usually be cheaper, it might not be able to cover all your business’s assets like an internal penetration test can.

An external penetration test will look for any vulnerabilities and will ethically look to exploit them if the tester is comfortable that this will not impact your businesses continuity. If an external hacker gains access to your network, then they can access and modify sensitive personal data and use their access to bring down the network impacting your organisation’s availability.

External network penetration test benefits:

Gain real-world insight into your security controls
Identify out of date security controls and patch them
Reconfigure poorly optimised software, firewalls, and OS (operating systems)
Identify the most vulnerable asset/route that can be taken to exploit your network
Understand what data is vulnerable and how a breach impacts your organisation

External Penetration Test Methodology

To achieve this, the tester will use a range of tools in their arsenal to discover any vulnerabilities within the externally facing services. Following this, should any vulnerabilities be found, the tester will proceed to exploit those vulnerabilities – demonstrating a ‘real world attack’ from a malicious actor.

Such as explained for the internal penetration test, the external penetration tester will attempt to see how far they can infiltrate the system. For example, if the tester manages to get onto one of your business’s servers, they will see whether they can pivot onto another machine to pass through the network. If the tester successfully bypasses detection and gets into the corporate network, then they will try to see how far they can go. However, if no vulnerabilities have been discovered (or no vulnerabilities discovered that are worth exploiting) then the tester will conclude the test and begin writing up the report.

The report will detail all vulnerabilities that have been discovered during the test and will endeavour to provide a detailed description of how to remediate that certain vulnerability. If the vulnerability was exploited, the tester will detail how this was exploited and what the result of exploiting such vulnerability was.

Application Testing

Application testing is a simulated security test where software applications and mobile apps are tested using scripts, tools, or any other automation frameworks to identify any vulnerabilities or errors. If any vulnerabilities are found and exploited, sensitive data could be accessible by unauthorised users and can be used to compromise your business continuity.

An application penetration test can assure the security of your application(s). The tester will manually scan for weaknesses in access controls, user permissions and separation, input injection, file upload/download functionality, authorisation, and authentication. It can identify weaknesses that may allow an unauthorised user to use the application in a non-intended manner and provide access to information they are not authorised to view.

Furthermore, application penetration testing can also be used to test an organisation's compliance with security policies, the security awareness of its staff and how effectively it can respond to security threats.

Application penetration testing will enable you to:

Manage vulnerabilities
Identify any code or deployment issues
Avoid extra cost and reputation damage from suffering a security breach
Provide evidence of compliance with regulatory and certification standards
Provide stakeholder assurance

A report will be compiled detailing the following:

Identified vulnerabilities
Risk levels
Examples and instructions for recreating the vulnerability
The data that become vulnerable after unauthorised access was successful
Mitigation recommendations

Infrastructure Segmentation Testing

Infrastructure segmentation testing will test access from certain network segments that communicate with other network segments. For example, your business may not want Guest users to access your corporate segment of the network.

To achieve the aims of this testing, the pen test team will try to establish rules concerning what access users on certain subnets should and/or should not have. An example base statement would be “Users on the Finance VLAN should not be allowed to access any services that the technical team have access to” .

Once we have the base statements, the tester will connect onto the network segment in question and will attempt to use a variety of tools in their arsenal to see if they can pivot onto segments that they should not be able to.

If the tester was able to get onto a segment that they should not be allowed to, they will detail in a report how they were able to do this and will provide recommendations on how to prevent this from happening in the future.

Social Engineering

What is social engineering?
Social engineering is when a threat actor (a hacker) with malicious intent attempts to exploit human weakness by appearing to be a trusted source and manipulate their access control within the organisation to gain access to personally sensitive information. Phishing simulations are one example of social engineering.

Social Engineering is not really a form of penetration testing, but forms part of an ethical hacking simulation. But as we have not really spoken much about this topic, we wanted to include it in our post before we go into more detail in the future.

Social Engineering test
An ethical hacking social engineering simulation will help your business evaluate your employees’ susceptibility to social engineering attacks by educating your employees about how social engineering attacks are carried out and implementing and maintaining appropriate security controls - provide a basis on which to highlight issues with operating procedures and to develop targeted staff awareness training .

A social engineering simulation will help you:

Understand what information is publicly available regarding your organisation
Evaluate how susceptible your employees are to social engineering attacks
Determine the quality, readability and effectiveness of your information security policy and your cyber security controls when preventing social engineering attacks
Develop a targeted awareness training programme

Social engineering penetration test methodology

The tester will discuss your social engineering assessment requirements and define the overall scope of the test. Information concerning your organisation will be collected from publicly available resources.

The tester will try to achieve some sort of access to your business’s hardware and/or software-related assets by attempting to manipulate employees. If access has been achieved, and nobody has noticed, the tester will report their findings regarding the knock-on effect a similar breach may have if a real-life hacker were to take the same approach.

Any weaknesses within the test will be bought to your organisation’s attention and further action such as running team workshops ( training and awareness ) can be taken to improve employee knowledge and avoid any further unauthorised access.

Conclusion

As you can see, there are many different penetration testing methods that can be carried out against your business. They all have their own unique benefits and should be carried out annually, as a minimum requirement, to ensure continuing business compliance. We understand that penetration testing may seem to be a daunting task, but rest assure we can help. If you are worried about your business's security posture, then please do get in touch .

What is Penetration Testing?

Mon, 25 Mar 2024 10:39:59 GMT

Penetration testing definition

A penetration test ultimately seeks to answer the question “ How effective is my organisation’s security controls against a skilled human hacker? ” while determining the security posture of your organisation's network infrastructure and identifying any potential risks. Penetration testing assists businesses with realising the true impact of a security breach by:

Identifying areas for improvement:

Software & Hardware
Weak security configurations
Lack of staff training & awareness

Increasing customer confidence:

Protecting those that matter most
Happy stakeholders
Reducing the risk of a cyber breach
Avoiding fines/lawsuits

Providing business assurance:

Implementing a flexible control framework
Real time monitoring capabilities
Developing strong authentication and management controls

Penetration testing is a form of an ethical hacking simulation conducted in accordance with industry guidelines, which aims to closely mimic real-world targeted attacks that organisations face on a day-to-day basis: to identify

Security vulnerabilities
Weaknesses
Misconfigurations

By exploiting vulnerabilities within your business’s security controls, a malicious actor can compromise the confidentiality, integrity, or loss of availability to business data.

Types of penetration testing

Website Application Penetration Test

Aims to identify security issues resulting from vulnerabilities in design, coding and publishing of software or a website.

Internal Penetration Testing

An ethical hacking technique used to simulate a scenario where the attacker will already have some sort of internal access to your organisations system(s).

External Penetration Testing

Examines all aspects of externally facing IP addresses and services that may allow a 'threat actor' to gain access from outside the network.

Social Enigneering

Identifies how aware staff are concerning how they respond to certain requests from unverified parties trying to gain access/retrieve sensitive data.

Application Testing

Testing software applications for vulnerabilities to see how they respond to certain intrusion attempts.

Infrastructure Segmentation

Tests access from certain network segments that communicate with other network segments.

Penetration testing methodology

Planning - Planning is key! Here, the penetration testing team will define the scope and overall objective for the penetration test while also detailing the systems to be tested and the testing methods to be used. A decision regarding which systems are to be exploited or highlighted will be required to avoid business disruption.

Reconnaissance - Identifying hosts, software and operating systems while determining the applications and services running within your organisation.

Scanning - The scanning stage intends to test the system's defences to see how it reacts when faced with various intrusion attempts. By examining a database of known vulnerabilities and replicating them on their system, the scanning tools provide the testing team with a better understanding of the capabilities and vulnerabilities of the target before they've even attempted any specific tactics.

Manual Tests - Adding analysis and relevance to the vulnerabilities found and translating it to information gathered about the customer environment.

Penetration Attempt - Any previously identified vulnerabilities will be recreated and exploited.

Priviledge Escalation - Once the penetration attempt has been successful, the testing team will attempt to identify any other avenues of authority by further exploiting systems for higher-level privileges or potential access to other systems/applications.

Clean up - Once all penetration attempts and exploits have been resolved, any virtual artefacts left behind from the testing process will be removed.

Review & Documentation of Findings - The results of the penetration test are then compiled into a report detailing:

Specific vulnerabilities that were exploited
Sensitive data that was accessed
The amount of time the pen tester was able to remain in the system undetected
Any other avenues of exploitation that were identified

Reccomended Next St epts - Decisions and a plan of action within the organisation must be made post-analysis in regards to ensuring identified vulnerabilities get patched while ensuring that the appropriate safeguards are enforced going forward

The benefits of penetration testing:

Gain real-world vulnerability insight - Penetration testing identifies how a hacker will attempt to exploit vulnerabilities within your businesses systems, applications, networks, and infrastructure. By detecting weaknesses, you gain the ability to heighten your protective measures around your biggest assets and most threatening vulnerabilities.

Develop strong authentication and session management controls - Not only does penetration testing identify current gaps within your organisation's security controls, but it can also start the process of developing a strong security culture within your business. Everyone taking a cyber security first approach can ensure that any future security controls are appropriately safeguarded.

Protect customer loyalty and company reputation - Even a single occurrence of compromised customer data can destroy a business’s brand and negatively impact its bottom line. Penetration testing helps avoid data breaches that may put reputation and reliability at stake.

Avoid expensive post-breach assessments - By actively testing against your assets, you decrease the likelihood of being caught off guard. By not doing so, you increase the chance of being the next cyber breach victim.

Not only will you have to deal with potential fines and lawsuits, but the cost of getting your business back online could be crippling. You'll also be responsible for creating a post-breach assessment to identify the scope and potential damage caused.

This can be an extremely difficult and expensive process, especially if you don't have the expertise. Ensuring you are actively testing your systems while also having a cyber security team to support you every step of the way can be highly beneficial.

Conclusion

Penetration testing involves your business undertaking planned ethical attacks against your own security infrastructure to gain a better understanding of your businesses' security posture. Penetration testing can be performed on many different areas within your business such as website applications, internal infrastructure, external infrastructure, and against staff to simulate a reality where a 'malicious threat actor' attempts to gain unauthorised access and disrupt business continuity.

Actively testing your organisations' defences can help keep your business up to speed with an ever-changing cyber-security landscape where attackers are constantly adapting - so must you.

If you have any questions or queries considering penetration testing or your businesses' security posture, speak with one of our cyber security experts today - start the process of defending your business, protecting your customers and data, and becoming cyber secure.

Hackers are switching to credential theft – here’s how to stay safe.

Mon, 18 Mar 2024 13:43:39 GMT

Recent research shows that email scammers are sending less malware-infected messages. Instead they are choosing to use phishing techniques to steal credentials directly because they are harder to detect.

First of all, what is phishing?

In simple terms, phishing is a type of online scam in which criminals pretend to be a legitimate company, using texts, emails and other related messages. The goal is to convince you to hand over your personal information – like passwords.

Phishing has become the most popular method of credential theft making up 57 percent of scam messages. Malware infected payloads are becoming less common, just 12 percent of scam messages. A staggering 45 percent of all phishing attacks were aimed at Microsoft Office users!

The URLs linked from phishing emails typically only last about 24 hours. This means that there is only a narrow window of opportunity for scammers to take advantage – but it also makes it very difficult to detect and block these sites quickly enough.

Malicious attachments still play a role in phishing, but the frequency of this has declined significantly over the years. Most phishing attempts these days are not even malware, but instead encourage you to open links in your web browser. The linked sites are designed to steal your credentials.

There are two main reason phishing is more popular than other techniques. The first is being phishing is hard to detect. The second is that phishing is extremely cost effective.

Hackers can maintain fake webpages and send hundreds of thousands of emails at very low cost – and there is a very low chance of being caught or stopped. Attackers can also quickly change the infrastructure used to support their landing pages. This leaves far fewer consistent or reliable indicators to compromise their tactics or plans, making it more difficult for the police and forensic investigators to track the criminals.

Currently, cyber criminals are crafting their messages to target Microsoft 365 users. Due to most businesses using Microsoft 365, people are more likely to believe scams and click links, making it a very effective way of stealing information.

What can I do to stay safe and protected?

To stay safe, always remain cautious when receiving communications from unknown sources:

Do not reply to the scammer. You can forward the message for further analysis to the UK National Fraud & Cyber Crime Reporting Centre at report@phishing.gov.uk
Do not click on any links listed in the email or text, and do not open any attachments.

If you do click a link on a phishing email, pay attention to the website. Legitimate companies will not ask for personal information using pop up screens. If you see a pop-up screen, do not enter any personal information like usernames or passwords.

If you are concerned that the email is not genuine, visit the website directly – don’t click links in the message. Type the address into your browser and when the page loads, log into your account. If there is an issue, there will be a message available in your account.

You should also ensure that you have a reliable Endpoint Protection tool like the one offered in our Protection Plan packages. This will protect you against any malware that may try to automatically download from the website.

Zero-Day Vulnerabilities: What are they?

Mon, 11 Mar 2024 00:00:03 GMT

Every single business relies on software and internet services. This dependence brings along a certain degree of vulnerability. Today’s businesses are more likely to be disrupted by cyber criminals than real-world criminals. Zero-Day vulnerabilities are especially intimidating, as they give hackers a unique opportunity to bypass typical cyber security defences.

What is a “Zero-day vulnerability”?

The term “Zero-day” is an imaginative time, as this type of cyber attack happens in less than a day since the awareness of the security flaw. Thereby, not giving developers ample time to eradicate or mitigate the potential risks associated with this vulnerability. In zero-day attacks, software vendors are reactive, not proactive. Therefore, because patches have not yet been released, the attackers are already making their move.

A zero-day attack occurs when hackers exploit a vulnerability window and then launch a direct attack using that vulnerability. What makes zero-day exploits so dangerous is that the only ones who know about them are the attackers themselves. Hackers can attack immediately or take advantage of their weakness, waiting for the right moment to strike.

How does a Zero-Day attack work?

Generally, zero-day exploits include targeting specific security weaknesses with malware. What happens next is that malware integrates into an existing layer in the software and blocks it from fulfilling its normal function. Sounds complicated, right? In fact, malware infiltration is remarkably easy. Hackers can conceal malware as links to a particular site. All a user has to do is click on the link and the doubtful software starts downloading automatically. Downloads like these usually occur when attackers have found a way to exploit unprotected vulnerabilities in a browser.

Let’s assume your browser has released an updated to add more features. You log in to a site you trust and click on what you believe is a valid link. However, the link contains malicious code. Before patches, your browser would have prevented the link from automatically downloading the software to your computer. However, due to changes in the browser code, the download begins and your computer becomes infected. Later, the browser is updated with a new patch to prevent infecting other users. Unfortunately, it is too little too late.

Who are the targets?

Although it is believed that zero-day exploits target large businesses and governments, the truth is anyone can be a target. For example, Stuxnet tried to sabotage Iran’s nuclear program back in 2010 in what is probably the most famous and devastating type of cyber warfare sabotage. This worm was specifically designed to target Siemens centrifuges used to enrich uranium in Iranian nuclear power plants. By modifying the rotation patterns, Stuxnet was able to destroy a significant amount of centrifuges, and delay Iran’s nuclear program by several years. Stuxnet contained new forms of exploitation that many people had never seen before.

Fake addresses, for instance, cannot be filtered out by new email software. This could expose users to different types of phishing attacks. Hackers can try to steal valuable information, such as bank card details or passwords.

How to detect Zero-Day exploits?

Businesses need to be able to detect these attacks quickly. So far, there are four ways to identify a zero-day attack.

Statistical analysis – It can be used to analyse the probability and probable source of an attack
Static and dynamic behavioural analysis – Study the malicious behaviour and see if it has changed. If the patterns from a suspected hacking entity differ, then it could be a sign of attack.
Signature – Previous data from past attacks can be examined and can determine if current data models indicate a threat. If they do, then an attack may already be in progress.
Combined scoring system – By combining all the methods in a single scoring system, the score determines the probability of an attack.

How to prevent Zero-Day exploits?

It is wrongly believed that not much can be done to stop a zero-day attack. There are a series of measures that can turn out to be effective zero-day prevention strategies.

Use advanced security software

The problem with many basic solutions for antivirus software is that they are only good at defending against known threats. When threats are unknown – as in zero-day attacks – they can fail. Only the most advanced security programs can protect against cyber attacks from unknown sources. Luckily for you, our innovative Endpoint Protection with 24*7 Vulnerability Management solution enables you to automate your patching process and efficiently manage vulnerabilities. It can prevent zero-day attacks using advanced automated patching, scheduling, IT asset management, and more. You will no longer worry about vulnerabilities that expose you to malvertising campaigns such as the one operated by ScamClub after you take your patch management to the next level.

Make sure your security software is up to date

Businesses cannot always reveal whether they have been the victims of a zero-day attack. So, to help reduce the risk of zero-day attacks, make sure you install new software updates as soon as they roll out. It is recommended that you cover other areas of your cyber security infrastructure, such as Privileged Access Management (PAM), DNS security, a reliable Next-Gen Antivirus with Firewall Integration, and advanced email security as well. We have all of these and more, as part of our Protection Plan packages .

Learn online security habits
Like it or not, most zero-day exploits use human error. Take malicious hackers, for example, who target users through fake emails. These emails may contain malware-infected documents or they can manipulate users to share private information. Therefore, both individuals and businesses should strictly implement security habits to help them stay safe online.

Install smart security defence solutions
These products can sometimes block unknown threats using databases of previous breaches. The data obtained can be associated with current threat detection attacks. Choose software that can protect against attacks of both known and unknown origin, like our Protection Plan offering.

Use content threat removal
Content Threat Removal (CTR) is a type of detection technology that assumes that all data is threatening. The system works by breaking up all data coming through the network and rejecting any potentially malicious files. The main goal is to reject any insecure element in the original data, determined from a database of dangerous threats.

Implement recovery strategies
Even if you follow all of the advice above, it is unlikely that you or your business will be able to completely mitigate the threat of zero-day exposure. Therefore, in order to react, you need to prepare for the worst. Having a disaster recovery strategy is essential. In the unfortunate event of a security breach, your data is safe and you can continue your operations as usual.

To conclude

To an extent, cyber crimes persist due to their high-level anonymity. So, if hackers discover a zero-day vulnerability on an information system they will gladly use it for their advantage, and to the disadvantage of the business who has been compromised (which may result in financial loss, loss of customers, and reputational damage).

With the proper cyber security knowledge and practices, as well as a reliable suite of solutions, staying safe from zero-day vulnerabilities will come easy. As always, JC Cyber Security can help you. If you want to know more about how we can defend your business, don’t hesitate to contact us today.

Phishing Emails are trying to use Cyber Security against you

Sun, 04 Feb 2024 16:15:57 GMT

Phishing has been around since email has existed. It is an ever-present cyber threat, and one of the most dangerous. It is estimated that one in every 99 emails is a phishing attack, and that 30% of phishing emails manage to get around default protections . What’s more, over 92% of the malware in the world arrives via email. Meaning emails are the number one attack vector.

Apart from malware, phishing emails can also be the way in for scams such as BEC—Business Email Compromise—a type of cyber crime that, according to the Financial Crimes Enforcement Network (FinCEN), generates $301 million every month . Recently, the subject “invoice” was used in 60% of the most effective phishing campaigns. However, in 2019, another tactic seems to be more effective.

Cyber Security knowledge as a force for bad

A security awareness training company, KnowBe4, has carried out a study to discover the most effective phishing email subjects. The most successful subjects were those related to cybersecurity or that made the victims think they had suffered a security breach.

For the study, the company sent out thousands of simulated phishing emails with different subjects, and observed which of them were clicked on. They also observed the subjects of real phishing emails that users had reported to their IT departments.

The results were revealing. Phishing emails that used the subject “Password Check Required Immediately” were the most successful: 43% of users fell into this trap . Ironically, the success of this subject reveals that, to a certain degree, efforts to increase user awareness about cyber security are making headway; users are beginning to understand the importance of protecting their passwords.

Other subjects that managed to get recipients to open emails included “A Delivery Attempt was made” and “Deactivation of [[email]] in Process”, which fooled 9% of users.

Taking interest in the company can be dangerous

Another tactic is the use of subjects related to company policies: “New Organisational Changes”, “Updated Employee Benefits”, “Staff Review,” and “Revised Vacation & Sick Time Policy” were among the subjects of emails that were most frequently opened.

Stu Sjouwerman, CEO of KnowBe4 says that, “As cyber security threats persist, more and more end users are becoming security minded. “They have a vested interest in protecting their online lives, so a message that sounds urgent related to their password can entice someone to click. The bad guys are always looking for clever ways to trick end users, so [users] need to remain vigilant.”

Defend yourself against phishing

With the volume of emails that users receive every day, both legitimate and phishing attempts, protecting against threats of this kind is a must. The most important thing is to make employees as aware as possible of the dangers that this kind of attack poses, as well as how to recognize fake messages. Many of them contain the names of real companies that could be providers for the organisation, or even adapt the company’s branding. However, they also usually contain a few suspicious elements:

A domain name used by the sender that doesn’t entirely coincide with the domain of the company that is sending the invoice.
A different language from that usually used by the organisation to communicate with the providers.
Serious spelling or grammar mistakes, product of the use of machine translation programs when writing the email.

As well as exercising caution when it comes to possible phishing emails, it is vital to have an advanced protection to stop cyber threats landing in employees’ inboxes. The Protection Plan offers Email Protection. This provides multilayer protection against all kinds of spam and malware in real time. The advanced scanning technology is carried out from the cloud, simplifying security management, since it can be used from anywhere, at any time, simply by accessing the web console.

Phishing is one of the traditional cyber threats that is still growing, and it is highly likely that it will continue to grow every year. What’s more, it is the point of entry for a litany of cyberattacks and malware. Protect your systems with JC Cyber Security's Protection Plan .

Book a Free Cyber Clinic today to see how The Protection Plan can help your business.

Seventy-three percent of SMEs pay up after a ransomware attack

Thu, 16 Feb 2023 15:41:44 GMT

SMEs account for 99% of all businesses in the UK, and create 1.5 million new jobs every year, 64% of the total. This means that SMEs are a true economic powerhouse in the UK. Although many of these companies believe that they are too small to be attacked by cyber criminals, almost half of all cyber attacks in the world target this kind of business.

SMEs and ransomware
According to a recent study, SMEs still have a lot of work to do when it comes to protecting against ransomware. To reach this conclusion, Infrascale interviewed over 500 C-level executives in SMEs. The results shed some light on the attitudes of this business segment towards ransomware attacks.

The most striking statistic is the fact that almost half (46%) of the SMEs surveyed have experienced a ransomware attack. However, the kind of SME has an effect on this number. Among the SMEs in the B2B sector, 55% have fallen victim to a ransomware attack, while in the B2C sector, it falls to 36%.

Whether the SME is B2B or B2C also has an effect on how prepared the company is to deal with ransomware. While in general, 83% of SMEs feel prepared for a ransomware attack, in the B2B sector, the figure is 87%, while in B2C, it is just 77%. For the 17% of SMEs that do not feel prepared for ransomware, the principal obstacles are time and resources.

Thirty-two percent of SMEs say that they do not have enough time to research ransomware mitigation strategies. The same percentage said that their IT teams were so stretched that they do not have enough resources to deal with the ransomware threat .

Paying the ransom offers no guarantees

Being unprepared for a ransomware attack can turn out to be very expensive for an SME, especially if it decides to pay the ransom. Among the SMEs that have suffered a ransomware attack in the B2B sector, 78% paid the ransom demanded by the cyber attacker; in the B2C sector, 63% of organizations too the same decision.

This is not a cheap option: 43% of SMEs that have paid a ransom paid between £10,000 and £50,000. Thirteen percent of those that chose to pay the ransom were forced to pay over £100,000.

Among the SMEs that haven’t paid a ransom, 26% would consider paying one to get their data back. Sixty percent of organisations say that they would choose this option to recover their files quickly, while 53% say they would pay to avoid the reputational damage related to data protection and data recovery efforts.

However, even if the company chooses to pay up (an option that JC Cyber Security and other experts strongly advise against), there is no guarantee that the organisation will recover its data: 17% of companies that have paid a ransom say that they only recovered part of the data lost in the attack .

How to avoid ransomware in SMEs

Even though 72% of SMEs have a plan to mitigate ransomware attacks, it is not enough. Those with no plan are exposing their data to unnecessary risk, as well as endangering their clients and partners. This is why it is so important that measures be taken to stop ransomware affecting SMEs.

The first step is to properly protect email, which is the attack vector for 91% of all cyber attacks. To stop a phishing email from leading to a ransomware attack, never open links or attachments from unknown senders.

Another point of entry that needs to be monitored are RDP (Remote Desktop Protocol) connections. Ever since a large percentage of the workforce has been working from home, these connections have become vital. However, they are also a popular target for cyber attackers: every day there are a million brute force attacks against this protocol. RDP connections are the first step in 63% of ransomware attacks.

To protect against these kinds of incidents, it is also vital to have an advanced cyber security solution. Our Protection Plan packages stops any unknown process until it can determine whether or not it is malicious. What’s more, it also monitors all endpoint activity, and thus knows exactly what is happening on the system at all times. This way, no advanced cyber attack targeting companies, even ransomware, can run on protected computers.

Using the right tools for each company is a must to keep computers safe. Protect your business with JC Cyber Security today.

The UK Online Safety Bill – What You Need to Know!

Thu, 09 Feb 2023 17:49:28 GMT

Since 2021, the British government have been debating a new legislation to make the internet a safer environment for everyone. Known as the Online Safety Bill (OSB), the new law vows to update existing statutes to better regulate new apps and websites. The oversight process has been perpetual, as numerous ideas have been added and removed along the way.

So, what’s currently happening?

Could end-to-end Encryption be banned?

The UK government is still in debate over this one. This is due to the rising concerns about encrypted messaging being used to share illegal or even criminal content, which could lead to the ban on end-to-end encryption . This could mean tech companies such as, Facebook, Google and Apple all being forced to provide increased access to their private messaging services- or even a total ban of this type of encryption.

Criminal liability for failing to protect children.

The protection of children as they use the internet is of great importance to the Online Safety Bill. One of the latest updates is set to further strengthen already existing protections. Should the bill become law, we could see executive officers of large tech being prosecuted personally for breaching their duty of care to children. If minors are exposed to harmful, age-restricted or illegal content, the CEOs in charge of popular online platforms could face penalties such as fines, or even jail time.

'Deepfakes' will be outlawed.

The OSB will be introducing a new ban on creating and sharing deepfake images. This means material that has been edited with another person’s face or distinguishing features, will be illegal.

“Legal but harmful” designation has been removed.

A lot of controversy has surrounded this part of the bill. The proposal to outlaw content deemed ‘legal but harmful’ faced backlash as the clause never actually specified what constitutes as ‘harmful content’. In fact, the original text was so vague that multiple civil liberties groups warned that the law would be used to curtail free speech online, as service providers would be forced to remove content without the evidence that it caused offence.

The government have since reviewed this proposal and have concluded that the clause is incompatible with existing law, and potentially unenforceable, resulting in it being dropped.

Self-harm content may be criminalised.

Due to the role of social media in several high-profile teen suicides, there are moves to forbid self-harm related content.

Under this proposal, internet firms will be legally obliged to identify and remove post and videos which encourage suicide or self-harm.

OSB implementation to be accelerated.

Since the Online Safety Bill has been under development of such a long time, lawmakers are keen to implement it as soon as possible once passed.

Originally companies were to be given 22 months to make the required changes to become compliant .

Despite this, the text of the proposed bill has again changed, resulting in them having only 2 months to bring their operations into line.

Big Changes Ahead

It is inevitable the OSB will undergo further revisions before it eventually becomes law in the UK- but whatever happens, there are set to big changes for the British internet users. We could see firms take an overly cautious approach, by automatically removing and blocking legal content to avoid potential issues that may arise. It will be fascinating to see how the situation develops, and whether any other countries follow Britain’s lead.

Want to know more, or want to discuss how the Online Safety Bill may effect your business, please get in touch!

Staying safe online this Christmas

support@eazi-sites.com (Eazi Business) — Thu, 23 Dec 2021 08:20:13 GMT

The Christmas period is almost upon us – one thing is for sure, with the current status of COVID-19 and increasing restrictions, this may well be another Christmas spent at home for many. Now we understand as a Cyber Security company, there isn’t much we can do to change that, however, one thing we can do is help ensure that you keep yourselves safe this holiday period from any nasty, unwanted surprises.

With many organisations opting to allow staff to work remotely , we are also seeing a huge increase in customers doing the same with their Christmas shop. Not only can it be a more convenient process for customers to shop online, but access to an entire galaxy of online shops, services or platforms can be confusing to navigate – not to mention the different types of threat-actors out there waiting for you to make a mistake! To help with the transition, here are some important (but relatively simple) tips to ensure your data remains your own this holiday season..

HTTPS > HTTP

Hypertext transfer protocol secure (HTTPS) is a protocol used to send data between a web browser and a website. Compared to websites that only use HTTP, HTTPS encrypts transmitted data, increasing the security of data transfer while also protecting the users. This is particularly important when sensitive data is often transmitted, such as by logging into a bank account, email service, or entering your card details into an online checkout service.

All websites should be using HTTPS - especially those that require login credentials. Currently, web browsers such as Google Chrome flag websites that aren’t using HTTPS as non-secure and should be avoided.

Achieving HTTPS on a website is not particularly a difficult task, so, if a service provider is not willing to take the necessary steps to implement the protocol, you as a consumer should think twice about trusting them with your personal data

What is encryption?

Encryption is a process where inputted data is scrambled (hidden) so that any unauthorised users (threat-actors) cannot access your data. Readable text is altered into incomprehensible text which can only be unscrambled by authorised users who have access to the necessary key. This way, only trusted sources can access the data required and the confidentiality, integrity and availability of data is ensured.

Use a VPN

Speaking of encryption, VPNs (Virtual private networks) are an online service used for securing and privatising your internet browsing activities by connecting device(s) to an encrypted, private network. When using a VPN, anything performed online will first be sent to the VPNs server, where identifiable details such as your IP address and location will be modified, and your connection will be encrypted. Ultimately, anyone who tries accessing this data will not be able to identify you or any of your personal data.

Typically, VPNs are used by those who want to increase their online privacy by restricting the amount of data that would usually be accessible by your ISPs (Internet Service Provider) and by anyone trying to gain access on public Wi-Fi.

If you would like to know more about VPNs, the different types, and their advantages, then please read our dedicated VPN blog .

Don’t use public Wi-Fi

We’ve all been there, out and about, no access to the internet or poor data connection and an increasing urge to look at our emails, check our bank balance or make an online order. Typically, you’d connect to the publicly available Wi-Fi at your convenience, grab your smartphone/laptop and problem solved, right?

The truth is, anything you do on a public network is, well, public! Public Wi-Fi is described as the virtual playground for hackers as they can easily access your data. if you were to do anything such as logging into online banking or emailing customers with personal details, you can be certain that whoever has access to the network also now knows these details too – it is scary to think that something so simple can create so many vulnerabilities.

If you ever find yourself in a similar situation and must connect to public Wi-Fi, then we recommend:

Ensure the public network is from a trusted source – threat actors can and will create real-sounding public networks to entice people into connect to them
As mentioned above, only visit websites that are secure – sites with https are using the latest encryption protocols whereas sites using http are not
Make sure that your device is using an optimal firewall
Do not communicate sensitive data - If you don’t have access to any tools to keep your data safe, it’s best to stick to low-risk websites and avoid performing any sensitive actions until you can ensure you are safe to do so
Do not log into online banking – only use websites that are secure low-risk such as listening to music
Use a VPN – connect to an encrypted network and disguise your activity

Be careful about the emails/offers you click on

I’m sure you’ve already noticed the increasing number of emails and SMS messages you receive daily regarding special offers and account troubleshooting. Since COVID-19 we have seen a major increase in the amount of Phishing and Smishing campaigns people are experiencing. In situations like this, threat-actors are preying on vulnerable users and taking advantage of anyone who doesn’t realise they aren’t who they say they are. It’s not always easy to recognise phishing messages, particularly if you are a client of the company from which the message has supposedly been sent.

Identifying social engineering attacks:

Even though the ‘From:’ field of the message shows the address of the company, it is not difficult for a criminal to alter the source address of the email in any mail client.
The email may have the logos and trademarks of the organization, yet these can easily be lifted from the company’s website
The link in the email seems to point to the company’s website, though really it takes you to a fake page which will ask you for your username, password, etc
Very often these messages contain spelling or grammatical errors that you would not normally expect in official communications from the genuine company

Another thing to be aware of is that although we normally talk about phishing in the context of banks, cyber criminals often use any popular website or platform (eBay, Facebook, PayPal, etc) as bait for stealing personal data.

No company will ever ask you to send them your personal details over email or text. If they do, be very suspicious!

Use Password Management Software

This may seem like a simple tip, but it may be one of the most important ones so far. The frustrating part about the amount of choice you’ll have online this Christmas is the fact that you will have to sign up for each website which requires a password. Yes, it may be convenient to use the same password as it only requires you to remember that one password. However, if one website were to become compromised, then that threat-actor would have the necessary tools to every single account that uses the same password.

We always believe something like this wouldn’t ever happen to us, but the fact is, it so easily can. Even if a threat-actor does not act, they could easily sell it to another person that happily will.

A very simple fix is to obtain a password management software package - password management tools (such as 1Password or LastPass ) ensure that users are not storing their passwords on physical devices (can be accessed by other people) or through their memory (will not be a secure password). The passwords for every account you hold can then be managed on the software rather than in your head, on an old spreadsheet or piece of paper. All that is required is you to remember one core master password and the software does the rest.

Password management tools will alert you about repeated passwords while also having tools that can quickly generate and store long, hard to replicate, and secure passwords so you don’t have to constantly create new and secure passwords yourself. These tools are also easily accessible and can be downloaded on devices such as your smartphone if necessary.

Multi Factor Authentication
MFA (Multi-Factor Authentication) is an authorisation method that requires two or more successful prompts to verify a user’s identity. These prompts could be a fingerprint scan, entering a pin, or even accessing another account such as their email to repeat a specifically generated code. After verifying their identity, staff will only then be given access to their account.

Accounts that require identity authentication reduce the risk of a successful brute force password attack. So, if an attacker successfully guesses the correct password, they still cannot access your account.

What is a Cyber Security Audit?

support@eazi-sites.com (Eazi Business) — Wed, 01 Dec 2021 11:00:56 GMT

A cyber security audit is a systematic, independent review and analysis of an organisation’s current cyber security posture and IT infrastructure set-up – with the purpose of identifying potential threats and vulnerabilities, to expose weaknesses and high-risk practices.

Depending on the size and scale of your business, your organisation will need to have some cyber security policies and procedures in place regarding how you process and protect the data you handle on a day-to-day basis. A cyber security audit provides a standardised ‘checklist’ to validate that your current controls are working as they should. However, if your cyber security infrastructure is not as strong as it is required to be, a cyber audit can identify the holes within your security posture, providing management with the necessary understanding and scope to becoming cyber compliant, while also providing vendors and customers with peace of mind that your organisation takes their security seriously.

By not actively auditing your current cyber controls, your business is at high risk of a threat actor exploiting a hole within your security posture, leading to consequences such as non-compliance with laws & regulations such as GDPR and the resulting hefty penalties. The cost of actively performing periodic cyber security audits is miniscule compared to the fines your business could face. Furthermore, another alternative could be if a threat-actor were to gain access to your organisation, they could perform a DoS attack (Denial of Service attack) that could completely lock management or all staff out of your systems/applications that are crucial to the day-to-day running of your business. There is no predicting how costly this could be – there may be no coming back.

The three different Cyber Security Audits

At JC Cyber Security we offer three different types of cyber security auditing solutions to help your business achieve ongoing compliance and cyber security competence. We understand that a cyber audit can be a big commitment, especially If you aren’t 100% sure what an audit cover.

We recommend our Cyber Advice Audit to organisations who are looking for a better understanding of their security posture before committing to a longer auditing process such as our Security and Weakness audits.

Cyber Advice Audit - an Advisory Audit which is where you tell us what you have in place, and we tell you where the gaps are

Cyber Security Audit - looks at your cyber resilience, staff training and awareness, response plans and will provide action points.

Cyber Weakness Audit - assists in identifying the vulnerabilities and configuration issues that hackers use to penetrate your network.

If you would like to know more about our Cyber Audits, and how each package can help your organisation, contact us today or visit our dedicated audit page .

How a JC Cyber Security Protection Plan can help your business post-audit

We at JC Cyber Security understand that it’s difficult, especially for SMEs to implement their very own qualified, certified, and specialised cyber security department. Creating a cyber security first culture within your organisation is also a long-term achievement that takes a lot of investment and time to achieve. To counter this, we have created the Cyber Security Protection Plan to help organisations achieve ongoing compliance and safety through access to many of our Cyber Security Solutions for a manageable monthly fee.

Through auditing your business, you may identify a whole range of vulnerabilities within your organisation that may seem impossible to fix due to the scale of the issues at hand. A JC Cyber Security Protection Plan offers many solutions that can help you achieve ongoing compliance such as:

Endpoint Protection
Mobile Threat Defence
Vulnerability Assessments
Managed Email Security
Managed Firewall Protection
Remote Support
Penetration Testing

All for a fixed monthly fee. If you would like to know how a Cyber Security Protection Plan can help your business, contact us today and one of our Cyber Experts will be happy to assist you.

Is active cyber security auditing the end goal?

If your business is serious about:

On-going compliance
Safeguarding your assets
Business continuity
Having a more cyber aware workforce
Improved management control
Meeting customer/supplier criteria
Competitive advantages

Then a pratical step after sucessful cyber security auditing perspective would be to become ISO 27001 compliant . As certification with ISO 27001 is not mandatory - not all organisations may choose to achieve it. However, there are many benefits to becoming certified as it’s a proven, externally validated proof of your organisation’s willingness to confirm to internationally accepted information standards. ISO 27001 certification includes a two-stage auditing process to becoming certified and would be the best course of action once your organisation has becoming compliant through active cyber auditing.

What do Cyber Security audits cover?

A cyber security audit focuses on cyber security standards, guidelines, and policies. Furthermore, they focus on ensuring that all security controls are efficiently optimised, and all compliance requirements are met.
Specifically, an audit evaluates:

Operational Security (a review of policies, procedures, and security controls)
Data Security (a review of encryption use, network access control, data security during transmission and storage)
System Security (a review of patching processes, hardening processes, role-based access, management of privileged accounts, etc.)
Network Security (a review of network and security controls, anti-virus configurations, SOC, security monitoring capabilities)
Physical Security (a review of role-based access controls, disk encryption, multifactor authentication, biometric data, etc.)

Unlike a cyber security assessment, which provides a snapshot of an organisation’s security posture, a cyber security audit is a 360 in-depth examination of your entire security posture.

Cyber Security Audit Benefits

A cyber security audit is the highest level of assurance service that JC Cyber Security Service can offer. As previously mentioned, it provides stakeholders within your organisation the confidence that you take their security seriously and can provide that competitive advantage.

Unfortunately, cyber threats and data breaches are more prevalent than ever before. As a result, business leaders and consumers increasingly prioritise and value cyber security compliance.
An audit adds an independent line of sight that is uniquely equipped to evaluate as well as improve your security - the following are some benefits of performing an audit:

Identifying gaps in security
Highlights weaknesses and provides prioritisation
Ongoing-compliance
Reputational gains
Testing controls
Improving security posture
Keeping one-step ahead of threat actors
Assurance to vendors, employees, and clients
Confidence in your security controls
Increased performance of your technology and security

How often should my business audit?

How often your business will need to perform an audit depends on what compliance or security framework your business follows - failure to comply with laws that require cyber security audits can result in fines and penalties.

Some compliance regulations require annual audits. Some require none. How often you perform audits is entirely dependent on what type of data your company works with, what industry you are in, what legal requirements you must follow, etc. However, even if you are not required to perform an audit, most security experts recommend you perform at least one annual audit to ensure your controls are functioning properly.

If you have any concerns regarding the security posture of your organisation and how JC Cyber Security can help, we’re happy to discuss this with you further.

Cyber Security News - December 2021

support@eazi-sites.com (Eazi Business) — Wed, 01 Dec 2021 11:00:48 GMT

23/12/2021

UK donates 225 million stolen passwords to hack-checking site

UK law enforcement has donatedf 225 million unique passwords to a cyber-security project helping to protect users from hacking. The National Crime Agency (NCA) recovered the database from cyber-criminals who had collected real users' email addresses and passwords.

That list has been added to free online service Have I Been Pwned (HIBP).

It lets anyone search through hundreds of millions of passwords to see if theirs is in the hands of criminals.

Troy Hunt, the security researcher who runs the site, announced on Friday that it now has a "pipeline" function for law enforcement to add passwords they have recovered to the service.

If your password appears in the database, then it is in the hands of cyber-criminals and you should change it.

Chris Lewis-Evans, from the NCA's National Cyber Crime Unit, said that the huge list of compromised passwords came from the largest set the NCA had ever recovered - more than two billion email and password pairs.

13/12/2021

Omicron Phishing Scam Already Spotted in UK

U.K. consumer watchdog “Which?” has raised the alarm that a new phishing scam, doctored up to look like official communications from the National Health Service (NHS), is targeting people with fraud offers for free PCR tests for the COVID-19 Omicron variant.

Sent by text, email and even offered over the phone, threat actors are contacting people across the U.K. offering them what they say are new test kits specifically designed to detect the Omicron variant.

Phishing attacks and other scams often exploit emotions to get people to react quickly and without thinking things through,” Erich Kron, security awareness advocate at KnowBe4, told Threatpost.

Last year, when COVID-19 vaccines began rolling out, one analysis from Barracuda Networks found between October 2020 and last January, the average number of vaccine-themed spear phishing attacks grew by 26 percent.

If you recieve a message, email or call you are not sure about, make sure you don't perform any action (such as clicking on a link, entering personal information or payment details) unless you are sure that the source is trusted. For instance, if you are looking to book a PCR test, use the NHS website directly, for more details.

01/12/2021

Twitter Bans Users From Posting 'Private Media' Without a Person's Consent

Twitter on Tuesday announced an expansion to its private information policy to include private media, effectively prohibiting the sharing of photos and videos without express permission from the individuals depicted in them with an aim to curb doxxing and harassment.

"Beginning today, we will not allow the sharing of private media, such as images or videos of private individuals without their consent. Publishing people's private info is also prohibited under the policy, as is threatening or incentivizing others to do so," the company's Safety team said in a tweet.

As part of the revised policy, the social media platform will allow individuals to request takedowns of pictures or videos featuring them with a clearly abusive intent, and violators found sharing private information and media will be prompted to remove the offending content and have their accounts temporarily locked out. Users contravening the private information policy twice will risk permanent suspension of their accounts.

Cyber Security News - November 2021

support@eazi-sites.com (Eazi Business) — Mon, 01 Nov 2021 16:34:59 GMT

22/11/2021

Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023

Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year.

"We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Meta's head of safety, Antigone Davis, said in a post published in The Telegraph over the weekend.

The new scheme, described as a "three-pronged approach," aims to employ a mix of non-encrypted data across its apps as well as account information and reports from users to improve safety and combat abuse, noting that the goal is to deter illegal behavior from happening in the first place, giving users more control, and actively encouraging users to flag harmful messages. Meta had previously outlined plans to be "fully end-to-end encrypted until sometime in 2022 at the earliest."

The shift to encryption is a crucial element of Meta's proposals to build a unified privacy-focused communications platform it announced in March 2019, with CEO Mark Zuckerberg stating that the "future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won't stick around forever."

19/11/2021

UK fighting hacking epidemic as Russian ransomware attacks increase

The National Cyber Security Centre (NCSC) said it tackled a record number of cyber incidents in the UK over the last year, with ransomware attacks originating from Russia dominating its activities.

The cybersecurity agency said it had helped deal with a 7.5% increase in cases in the year to August, fuelled by the surge of criminal hackers seizing control of corporate data and demanding payment in cryptocurrency for its return.

Paul Chichester, director of operations, said that “ransomware has certainly dominated a significant portion of year” and that the hacking epidemic had become “global as a story in the last 12 months”.

Central government and the UK public sector do not pay cyber ransoms, although fixing the damage can take months. Rebuilding Hackney’s affected systems cost around £10m, with some of the costs met by central government.

11/11/2021

Government commits millions to security investment

Westminster has committed to ploughing millions of pounds into cyber security in government in the shape of investments in the National Cyber Security Programme and in central and local government bodies, as the UK’s public sector comes under high and sustained volumes of cyber attacks.

The sums announced today in the 2021 Spending Review and Autumn Budget total over £750m and form part of a total investment of £2.6bn in cyber and legacy IT during the period of the Spending Review – most of which will be spent on improving the government’s own cyber security. It comes on top of already-agreed funding for the National Cyber Force, which is currently being stood up .

Prominently, the Spending Review provides for a £114m increase in the UK’s National Cyber Security Programme, which the government says will enable the UK to adapt, innovate and invest to maintain and extend its competitive edge as a “responsible, democratic” cyber power on the world stage. It comes ahead of the next iteration of the National Cyber Security Strategy, which is expected soon.

02/11/2021

New Android Malware Can Gain Root Access to Your Smartphones

An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection.

The malware has been named "AbstractEmu" owing to its use of code abstraction and anti-emulation checks undertaken to thwart analysis right from the moment the apps are opened. Notably, the global mobile campaign is engineered to target and infect as many devices as possible indiscriminately.

Lookout Threat Labs said it found a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps, seven of which contained the rooting functionality. Only one of the rogue apps, called Lite Launcher, made its way to the official Google Play Store, attracting a total of 10,000 downloads before it was purged.

01/11/2021

Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App

Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.

Crooks behind a newly identified malware campaign are targeting Windows 10 with malware that can infect systems via a technique that cleverly bypasses Windows cybersecurity protections called User Account Control (UAC).

Researchers from Rapid7 recently identified the campaign and warn the goal of the attackers is to extricate sensitive data and steal cryptocurrency from the targeted infected PC.

Andrew Iwamaye, Rapid7 research analyst, said that the malware maintains persistence on PC “by abusing a Windows environment variable and a native scheduled task to ensure it persistently executes with elevated privileges.”

The Associated Risks with Poor Data Protection

support@eazi-sites.com (Eazi Business) — Thu, 21 Oct 2021 08:07:16 GMT

In last week’s blog: Data Protection and Registering with the ICO, we discussed what Data Protection is, what laws enforce and standardise data protection practices, who the ICO are, and how employing a Virtual Data Protection Officer (vDPO) can be advantageous for your business in ensuring the confidentiality, integrity, and availability (CIA Triad) of your business’s data.

In today’s post we at JC Cyber Security are going to discuss the risks your organisation may face due to poor data protection practices – with the aim of helping you understand why data protection is an important aspect to day-to-day life for every business.

If you would like help with achieving on-going compliance with the General Data Protection Regulation (GDPR), the Data Protection Act (DPA), or registering with the Information Commissioner's Office (ICO), please contact us today and one of our Cyber Experts will be happy to assist you.

Data Protection and the associated risks

Data is the cornerstone to how every organisation operates. Whether that be gathering, processing, or transferring user data, you as an institution have the trust of your employees, suppliers, and customers to lawfully handle their personal data. Therefore, ensuring you have optimal systems, policies, documentation, and practices in place can go a long way in protecting the security of your business and stakeholders.

However, to truly understand the situation, you need to know the potential consequences associated with an IT security breach or a misuse of data. Here are some common outcomes.

Compromised Confidential Data

When your information security system(s) are not at their best possible state, it invites threat-actors to pray on the confidential data your business carries. There are many different hackers with varying motivations, so think for a moment about the data you deal with daily. Customer information, payment details, bank accounts, employee and client details, credit and debit cards, details about your suppliers and other clients. The list may go on.

What would happen if that information got into dangerous hands? You can only imagine but suffice to say that the lives of your employees, clients, and customers would be greatly affected in very negative ways. This could be as innocuous as using their addresses to send them targeted junk mail. Which would be annoying but not life changing. But it could easily be something as serious as using payment details to make fraudulent purchases or simply taking money straight out of their accounts.

Negative public image

One thing we can all agree on is the integrity of on organisation is a big factor when deciding who we provide our personal data. Therefore, one of the biggest priorities from high-level management should be ensuring a healthy public image.

Nobody wants to do business with a company that is not secure or doesn’t protect their customers. It is as simple as that. Think about it, would you choose to spend your hard-earned money with a business that has just proved itself unable to handle customer data securely or too careless to put in the effort to implement optimal security controls to fix an identified vulnerability? No, you wouldn’t, and nor will your customers if your security is compromised. Poor public image can destroy an organisation, and even if you manage to implement the necessary systems after a breach, there may be no coming back when trying to repair the broken trust.

Technology and Cyber related crime is moving at a constant rate and as a result, you need to be proactive in making sure your business is protected. Failing to do so actually gives an unintended glimpse into the way your business operates. If you are not putting in the required IT security for the business, then what other aspects of your business are you failing to place proper attention in keeping up to date? This sort of negative perception is extremely difficult to come back from.

JC Cyber Security offer many different Cyber Security Solutions that can help protect your business and safeguard your public image. However, if you do not yet understand the necessary steps, or would like some assistance in achieving ongoing compliance or implementing the correct cyber solutions, we offer Advice & Consultancy, Training & Awareness, Emergency Cyber Response, and affordable Monthly Protection Plans starting from £30p/m.

Financial losses

This is a direct result of the last point because of that damage to your public image having an obvious knock-on effect on your ability to be competitive in the marketplace. If more customers don’t feel their confidential data is secure, they will choose to give their business to your competitors which will drastically hit your profits.

Depending on the nature of the IT security breach it could have other consequences as well. Such as data thieves could get access to your business bank accounts. With proper fraud protection, you could get this money back from the bank. But that sort of thing normally takes time, usually anything from a few days up to a few months depending on the amount taken and any investigations that need to be performed. If nothing else the security of your IT system would need to be considerably improved, which could require extensive investment.

Staffing problems

The issues that arise from your negative image from a data security perspective may not just affect how your business is viewed by customers and clients, but the damage could be even more far-reaching internally too. Your employees are the core of your business, and if they feel that the business doesn’t take data security seriously, they may act themselves to work for an organisation that protects their data properly.

How could your business cope if half of your staff decided to hand in their notice and you found advertising for new employees become harder due to your poor integrity regarding data protection? Have you got a contingency plan in place for this? It is unlikely, few businesses do, but the reality is that this is a very real concern when it comes to matters surrounding data security. Lives could be genuinely affected by sensitive data getting into the hands of cyber-criminals, employees will not take kindly to any company that has not taken the proper precautions with their IT security.

Employing the necessary staff or promoting those within your organisation to fill out Data Protection duties may impact your business operations. GDPR dictates that you must appoint a DPO if you are a public authority or body, or if you carry out certain types of processing activities such as regular and systematic monitoring of individuals, or large-scale processing of sensitive data.

Although other businesses are not legally required to have a DPO, the ICO recommends every business appoints a DPO to comply with GDPR and avoid fines. Thus, if you would like to ensure good data protection standardisation, but don’t have the time, money, or knowledge to implement the necessary team, outsourcing those responsibilities to a certified Virtual Data Protection Officer may the best solution.

Outsourcing responsibility to a Virtual Data Protection Officer is more cost-effective than an internal hire, particularly as you only pay for the time you require, (save on overheads, holiday cover etc). You also benefit from access to a wide team of certified GDPR practitioners, Data Protection professionals and technical experts rather than limiting your business to the experience of one individual who may need time getting used to your organisation and investment in achieving certification and training.

Legal obligations

Don’t forget that if your business deals with any sort of confidential information, then you are going to almost certainly be under some form of a legal requirement to take the proper steps to handle said information correctly. The data could be in the form of employee and client details or other confidential data. Are you familiar with what your legislative obligations are in terms of your IT security? If not, we can help.

The consequences of this are obvious and depending on the severity of the resulting data security breach, the punishment handed out could be more than your business needs to continue operating. There are different severities of consequences depending on the severity of the breach, for example, a relatively minor blip in an otherwise secure system could result in a warning or a small fine whereas a larger-scale breach or failing to comply with legislation could result in severe penalties such as much more punishing fines or even in certain circumstances a jail sentence(s).

Data Protection and Registering with the ICO

support@eazi-sites.com (Eazi Business) — Wed, 13 Oct 2021 17:02:57 GMT

A brief introduction...

Data protection is about ensuring individual customers can trust your organisation to use their information fairly and responsibly.
If you collect personal information about individuals for any other reason than your own personal use, you need to comply with UK law and legislation.
The Information Commissioner's Office (ICO) regulates data protection in the UK, offering advice and guidance while promoting good business practices, carrying out audits, considering complaints, and monitoring ongoing compliance.
GDPR dictates that you must appoint a Data Protection Officer (DPO) if you are a public authority or body, or if you carry out certain types of processing activities such as regular and systematic monitoring of individuals, or large-scale processing of sensitive data.
Outsourcing your Data Protection Officer Responsibilities can be a cost-effective method compared to internal hire, providing access to a wife team of GDPR and data protection professionals and technical experts rather than limiting your business to one individual.
The UK data protection regime is set out in the Data Protection Act 2018 (DPA) alongside with the UK General Data Protection Regulation (GDPR).

Data Protection

Data protection is the ‘fair and proper use of information about people’ and forms the fundamental right to a user’s privacy - from a business perspective, it’s about building trust between your organisation (i.e., The Controller) and your customers (i.e., the data subject) by treating everyone fairly, openly, and recognising their right to have control over their own identity and their interactions with others.

What is a ‘controller’?

A controller is usually an organisation, or a sole trader that collects, processes, and handles data. As the controller, they are responsible for ensuring that the processing of said data complies with UK laws and regulations.

What is a ‘data subject’?

A data subject is the technical term for the individual the personal identifiable information is regarding.

Data protection is not just a legal necessity, but crucial to protecting and maintaining your business. Regardless of how your organisation stores or handles data, any identifiable information regarding an individual needs to be protected. Simply put, information and personal data information in the UK is protected by law such as the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR).

GDPR vs DPA

In short, the DPA 2018 (Data Protection Act) was introduced in 1995 as a UK equivalent to the EU's 1995 Data Protection Directive – the General Data Protection Regulation (GDPR) came into effect in 2018, designed as a direct replacement for the Data Protection Act.

Data Protection Act 2018

The DPA 2018 sets out the framework for data protection law in the UK, updating and replacing the Data Protection Act from 1998 and was amended on the 1st January 2021 to reflect the UK’s status outside the EU.

The DPA sits alongside and supplements UK GDPR - for example by providing exemptions. It also sets out separate data protection rules for law enforcement authorities, extends data protection to some other areas such as national security and defence, while setting out the Information Commissioner’s functions and powers.

What data needs to be protected?

Key pieces of information that are commonly stored by your business, be that employee records, customer details, loyalty schemes, transactions, or data collection, need to be protected. This is to prevent that data from being misused by third parties for fraud through social engineering attacks (i.e., phishing scams and identity theft).

Common data that your business might store or process, may include:

Names
Addresses
Emails
Telephone numbers
Bank and credit card details
Health information

This data contains sensitive information that could relate to your: current staff and their partners or next of kin; shareholders, business partners and clients; customers and other members of the public. Protecting all this information, in accordance with the Data Protection Act, requires businesses to adhere to specific principles.

Principles

The Data Protection Act contains a set of principles that organisations, government, and businesses must adhere to, so data remains accurate, safe, secure, and lawful.

These principles ensure data is:

Only used in specifically stated ways
Used only in relevant ways
Kept safe and secure
Not stored for longer than necessary
Used only within the confines of the law
Stored following people’s data protection rights
Not transferred out of the European Economic Area

There are stronger legal protections for more sensitive information, such as:

Race
Ethnic background
Political opinions
Religious beliefs
Trade union membership
Genetics
Biometrics (when used for identification)
Health
Sex life or orientation

GDPR

The introduction of the GDPR represents the most significant shift in data security standards for several decades and although many of the underlying principles remain the same as the DPA, the fact remains that GDPR's scope is far more comprehensive and wide-reaching, meaning businesses will need to amend their data protection policies accordingly - or potentially face serious consequences.
GDPR is a UK law which came into effect on the 25th of May 2018. It sets out the key principles, rights, and obligations for most processing of personal data in the UK, except for law enforcement and intelligence agencies.

It is based on the EU GDPR (General Data Protection Regulation (EU) 2016/679) which applied in the UK before that date, with some changes to make it contextually work more effectively in the UK.
You may need to comply with both the UK GDPR and the EU GDPR if you operate in Europe, offer goods or services to individuals in Europe, or monitor the behaviour of individuals in Europe. The EU GDPR is regulated separately by European supervisory authorities, and you may need to seek your own legal advice on your EU obligations.

If you hold any overseas data collected before 01 January 2021 (referred to as ‘legacy data’), this will be subject to the EU GDPR as it stood on 31 December 2020 (known as ‘frozen GDPR’).

Data Protection Officer (DPO)

GDPR dictates that you must appoint a DPO if you are a public authority or body, or if you carry out certain types of processing activities such as regular and systematic monitoring of individuals, or large-scale processing of sensitive data.

Although other businesses are not legally required to have a DPO, the ICO recommends every business appoints a DPO to comply with GDPR and avoid fines.

Benefits of outsourcing DPO responsibilities

Provides independent advice - Obtain the insight and impartial advice needed to set your organisation’s cyber security goals and budget.
Measures security effectiveness - Better understand the effectiveness of existing security controls and procedures and receive help communicating risks to key stakeholders.
Informs strategic improvements - Gain the insight you need to identify and implement the security improvements that will be of greatest benefit to your organisation.
Supports regulatory compliance - Better understand the latest data and information security standards, how they apply to your business, and the controls needed to comply with them.

Can I outsource my DPO responsibilities?

Outsourcing a data protection officer is more cost-effective than an internal hire, particularly as you only pay for the time you require, (save on overheads, holiday cover etc). You also benefit from access to a wide team of certified GDPR practitioners, data protection professionals and technical experts rather than limiting your business to the experience of one individual.

If you would like to know more about a Virtual Data Protection Officer, you can learn more here or get in touch with one of our cyber experts today and we’ll be happy to assist you.

Registering with the ICO

The ICO (the Information Commissioner's Office) is an independent body dedicated to upholding information rights in the public interest and data privacy for individuals in the UK. The ICO enforce the provisions of the Data Protection Act and the GDPR as well as other important pieces of legislation such as the Freedom of Information Act and the Privacy and Electronic Communications Regulations.

One of the main aims of the ICO is to ensure that organisations comply with data protection laws. This entails making sure they process personal information in a fair and transparent manner that respects rights of the data subject. The ICO has a duty to investigate complaints from members of the public and can impose hefty fines on businesses that are seen to be flouting data protection rules.

Do I need ICO registration?

As part of the Data Protection Act, any entity that processes personal information will need to register with the ICO and pay a data protection fee unless they are exempt. This is the case for every type of company from sole traders and SMEs through to multinational corporations.

However, you are not required to register with the ICO and pay a fee if you are only processing personal data for staff administration, accounts and records, not-for-profit reasons, personal or family affairs, and advertising, marketing and public relations purposes. Though unlikely, you are also exempt if you only keep paper records and do not use an automated system such as a computer to process personal information.
Even if you fall into one of these categories but your business uses CCTV for crime prevention purposes, you will still need to register and pay the fee.

You can use the ICO self-assessment form to determine if you are exempt or not.

What is the data protection fee?

If you aren’t exempt, you’re required to pay a yearly fee that’s set by Parliament. The fee depends on the size of your business - most notably, how many staff you employ and your annual turnover.

There are three payment tiers ranging from £40 to £2900 - most businesses will pay either £40 or £60 per year. It may be best to opt for a direct-debit payment method, ensuring your organisation does not forget to renew the following year.

The three payment tiers and the associated annual costs are:

Tier 1 - micro-organisations - If you have a maximum turnover of £632,000 for your financial year or no more than 10 employees, the fee is £40.

Tier 2 - small and medium organisations - If you have a maximum turnover of £36 million for your financial year or no more than 250 employees, the fee is £60.

Tier 3 - large organisations - If you exceed the figures stated in tiers 1 and 2, you will be in tier 3 and the fee is £2,900.

However, one exemption is that charities and small occupational pension schemes pay £40 regardless of their turnover or staff numbers.

Registering with the ICO

You can pay your data protection fee online via the ICO website . If it’s the first time you’re submitting a payment, you’ll need to fill out a form. This can take around 15 minutes. You’ll need your company registration number (if you have one), the number of employees you have, your contact details, and your bank or card details.

ICO registration check

Businesses that don’t adhere to data protection rules and fail to pay their yearly fee can be fined up to £4,350 by the ICO, so, it is always the best practices for your organisation to pay the smaller yearly fee.

On top of this, the ICO publishes a list of all fee-paying companies . So, if your business isn’t on that list, it becomes obvious to your customers and suppliers quite quickly.

Paying the fee and getting yourself on the list not only helps you avoid financial penalties, but it’s also seen as a sign that you’re aware of your data protection obligations.

Cyber Security News - October 2021

support@eazi-sites.com (Eazi Business) — Mon, 04 Oct 2021 11:00:14 GMT

12/10/2021

Study reveals Android phones constantly snoop on their users

A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones.

The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience.

It is important to note that this concerns the collection of data for which there’s no option to opt-out, so Android users are powerless against this type of telemetry.

This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they’re not used by the device owner, and which cannot be uninstalled.

For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks.

06/10/2021

Google to turn on 2-factor authentication by default for 150 million users

Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorised access to accounts and improve security.

The development comes weeks after Microsoft introduced a passwordless mechanism that enables users to access their accounts without a password by just using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email.

Two-factor authentication (2FA) is a specific type of multi-factor authentication (MFA) that strengthens access security by requiring two methods to verify a users identity. These factors can include something you know - like a username and password - plus something you have - like a smartphone app - to approve authentication requests.

2FA protects against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.

05/10/2021

Windows 11 is out. Is it any good for security?

Windows 11, the latest operating system (OS) from Microsoft, launches today, and organisations have begun asking themselves when and if they should upgrade from Windows 10 or older versions. The requirements and considerations of each organization will be different, and many things will inform the decisions they make about whether to stick or twist. One of those things will be whether or not Windows 11 makes them safer and more secure.

01/10/2021

Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones

Cyber Security researchers have disclosed an unpatched flaw in Apple Pay that attackers could abuse to make an unauthorised Visa payment with a locked iPhone. This is achieved when threat-actors take advantage of the Express Travel mode set up in the targets IOS device's wallet.

"An attacker only needs a stolen, powered on iPhone. The transactions could also be relayed from an iPhone inside someone's bag, without their knowledge," a group of academics from the University of Birmingham and University of Surrey said. "The attacker needs no assistance from the merchant and backend fraud detection checks have not stopped any of our test payments."

The man-in-the-middle (MitM) replay and relay attack, which involves bypassing the lock screen to make a payment to any EMV reader illicitly, is made possible due to a combination of flaws in both Apple Pay and Visa's system, and doesn't impact, say, Mastercard on Apple Pay or Visa cards on Samsung Pay.

Cyber Security News - September 2021

support@eazi-sites.com (Eazi Business) — Mon, 06 Sep 2021 12:01:05 GMT

30/09/2021

Instagram Kids put on hold

Instagram has announced it is pausing the development of Instagram Kids —a version of Instagram aimed at 10-12-year-olds.

Adam Mosseri, who heads up Instagram, wrote in a blog post about the idea behind Instagram Kids:

“We started this project to address an important problem seen across our industry: kids are getting phones younger and younger, misrepresenting their age, and downloading apps that are meant for those 13 or older.”

“We firmly believe that it’s better for parents to have the option to give their children access to a version of Instagram that is designed for them—where parents can supervise and control their experience—than relying on an app’s ability to verify the age of kids who are too young to have an ID.”

View Announcement

The decision to freeze the development of Instagram Kids after the Wall Street Journal’s exposé regarding an internal survey within Facebook about the harmful effects of Instagram on its teen users.

While many would prefer for Instagram Kids to be scrapped entirely, Mosseri has made it clear that the project will be moving forward at some point in the future. He stresses that this kid-friendly version “was never meant for younger kids, but for tweens (aged 10-12)”, and promised parental permission would be a requirement to join. The social network will also show no ads, and only kid-friendly content will be present on the platform.

28/09/2021

New Trojan Steals Gamers' Epic Games and Steam Accounts

A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market.

Cybersecurity firm Kaspersky, which coined the malware "BloodyStealer," said it first detected the malicious tool in March 2021 as being advertised for sale at an attractive price of 700 RUB (less than $10) for one month or $40 for a lifetime subscription. Attacks using Bloody Stealer have been uncovered so far in Europe, Latin America, and the Asia-Pacific region.

23/09/2021

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices.

"These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers from Eclypsium said in a report published on Monday. "These tables can be exploited by attackers with direct physical access, with remote access, or through manufacturer supply chains. More importantly, these motherboard-level flaws can obviate initiatives like Secured-core because of the ubiquitous usage of ACPI [Advanced Configuration and Power Interface] and WPBT."

22/09/2021

New Malware Infiltrates WordPress Sites and Installs Backdoor Plugin

A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency.

"The malware's primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they've been infected, these systems are then used to mine cryptocurrency," Akamai security researcher Larry Cashdollar said in a write-up published last week.

21/09/2021

New Malware Infiltrates WordPress Sites and Installs Backdoor Plugin

20/09/2021

Windows 11 is no longer compatible with Oracle VirtualBox VMs

Windows 11 is no longer compatible with the immensely popular Oracle VirtualBox virtualization platform after Microsoft changed its hardware requirement policies for virtual machines.

When Microsoft first announced Windows 11, they stated that computers needed new system requirements to install the operating system, including a TPM 2.0 security processor and Secure Boot.

However, as the enterprise and software developers commonly use virtual machines to test new operating systems, Microsoft said that Windows 11 would not check for compatible hardware when installed or upgraded.

15/09/2021

You Can Now Sign-in to Your Microsoft Accounts Without a Password

Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email.

The change is expected to be rolled out in the coming weeks.

"Except for auto-generated passwords that are nearly impossible to remember, we largely create our own passwords," said Vasu Jakkal, Microsoft's corporate vice president for Security, Compliance, and Identity. "But, given the vulnerability of passwords, requirements for them have gotten increasingly complex in recent years, including multiple symbols, numbers, case sensitivity, and disallowing previous passwords."

Customers can use the new feature to sign in to Microsoft services such as Microsoft 365, Teams, Outlook, OneDrive, and Family Safety, but after linking their personal accounts to an authenticator app like Microsoft Authenticator, and turning on the "Passwordless Account" setting under Advanced Security Options > Additional Security Options.

13/09/2021

WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud

WhatsApp have announced they will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner.

The optional feature, which will go live to all of its two billion users in the coming weeks, is expected to only work on the primary devices tied to their accounts, and not companion devices such as desktops or laptops that simply mirror the content of WhatsApp on the phones.

"With end-to-end encrypted backups enabled, before storing backups in the cloud, the client encrypts the chat messages and all the messaging data (i.e. text, photos, videos, etc.) that is being backed up using a random key that's generated on the user's device" .

09/09/2021

Hackers leak passwords for 500,000 Fortinet VPN accounts

A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.

While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid.

08/09/2021

Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows

Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files.

Both Microsoft and federal cybersecurity officials are urging organizations to use mitigations to combat a zero-day remote control execution (RCE) vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents.

Microsoft has not revealed much about the MSHTML bug, tracked as CVE-2021-40444, beyond that it is “aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” according to an advisory released Tuesday.

07/09/2021

UK data watchdog brings cookies to G7 meeting

Cookies are on the menu today for the G7 as the UK's Information Commissioner's Office (ICO) proposes to the group of leading global economies that consent pop-ups should be reduced.

The ICO said it would call on fellow G7 data protection and privacy authorities – three of which used to be its fellow EU member states – to work together to overhaul cookie consent pop-ups to make people's privacy "more meaningfully protected" and help businesses offer "a better web browsing experience."

Information commissioner Elizabeth Denham, who is set to chair today's virtual meeting of G7 data protection authorities, plans to present an idea on how to improve the current cookie consent mechanism, making web browsing smoother and more business-friendly while better protecting personal data, an official statement said.

07/09/2021

Traffic Exchange Networks Distributing Malware Disguised as Cracked Software

An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications.

"These malware included an assortment of click fraud bots, other information stealers, and even ransomware," researchers from cyber security firm Sophos said in a report published last week.

The attacks work by taking advantage of a number of bait pages hosted on WordPress that contain "download" links to software packages, which, when clicked, redirect the victims to a different website that delivers potentially unwanted browser plug-ins and malware, such as installers for Raccoon Stealer, Stop ransomware, the Glupteba backdoor, and a variety of malicious cryptocurrency miners that masquerade as antivirus solutions.

06/09/2021

Netgear fixes severe security bugs in over a dozen smart switches

Netgear has released firmware updates for more than a dozen of its smart switches used on corporate networks to address high-severity vulnerabilities.

The company fixed three security flaw that affect 20 Netgear products, mostly smart switches. Technical details and proof-of-concept (PoC) exploit code for two of the bugs are publicly available.

03/09/2021

Apple delays controversial photo scanning plan

Apple is delaying plans for an update that would use detect controversial photos as they’re uploaded to iCloud Photos from iPhones, the company announced.

The reversal comes less than a month after Apple announced the change, during which the company came under heavy criticism from privacy advocates who contended it could enable government surveillance requests. Apple also delayed the rollout of a feature that would scan iMessage images sent or received by children, and notify parents if the children are young enough.

The plans stood to jeopardize Apple’s positioning as the tech giant that most valued privacy, but came as it faced pressure from governments and child advocacy groups to do more to combat sensetive materials.

“Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features,” the company said in a brief statement.

Critics said the client-side scanning plans amounted to a backdoor into its systems that could lead to further abuses, and threatened end-to-end encryption.

What is Vulnerability Management?

support@eazi-sites.com (Eazi Business) — Wed, 18 Aug 2021 18:05:53 GMT

What is a vulnerability?

A vulnerability can be defined as a cyber security risk/weakness within an application, service, endpoint , or piece of infrastructure which can be exploited by a real-world external threat actor.

Hackers aim to use vulnerabilities to escalate their privilege-control and perform unauthorised actions such as: Impacting the confidentiality, integrity, or availability of data; increasing access-control; financial gain; fraud; blackmail; revenge; carrying out political agendas; or performing espionage.

Vulnerabilities can be caused by many different factors including:

Complexity - Complex systems are hard to manage, especially if users do not have the appropriate experience, qualifications, certifications, or funding. Having complex systems increase the likelihood of misconfigurations or poor access-control.
Connectivity - The more connections to other systems or applications creates more vulnerabilities as there are more endpoints to manage.

Internet usage - The Internet is full of spyware and adware that can be installed automatically on computer devices. Ensuring staff are fully trained and aware of the potential dangers and how they can protect themselves it critical.

Zero-day exploits – A vulnerability that is unknown to, or unaddressed by, those who are responsible of patching the specific vector. "Day Zero" is the day when the interested party learns of the vulnerability, leading to a patch or workaround to avoid exploitation.

Familiarity – It can often take staff years to fully familiarise themselves with your organisations’ systems. Not having the necessary time to understand the context and purpose creates an ineffective blue-team approach if a vulnerability were to be exploited – providing threat-actors with an advantage.
Poor password management - Weak passwords can be broken with certain techniques such as brute force. Furthermore, not changing passwords regularly can allow unauthorised users such as old-staff access to data they are no longer authorised to manage.

Bugs – Applications, operating systems, and software needs consistently updating. Ensuring systems are optimally patched can ensure that there are no nasty surprises (such as the WannaCry hack)

People - The biggest vulnerability in any organisation is the human-element. Social Engineering is popular with threat-actors as user information is increasingly becoming more accessible online. Campaigns such as phishing emails are actively used to trick staff within organisations to providing threat-actors with unauthorised access. If staff are not actively trained, they will not be able to tell the difference between authorised and unauthorised users.

How to fix vulnerabilities

Reducing the impact of the hazard itself where possible (through mitigation, prediction, and preparedness)

Building capacities and implementing the appropriate security controls to withstand identified security risk

Tackling the root causes of vulnerability

Vulnerability management

Thousands of new vulnerabilities are discovered every year – Operating Systems (OS) and applications require consistent patching and reconfiguration. To proactively address vulnerabilities before they are successfully exploited, organisations who care for protecting personal data consistently perform vulnerability management to provide the highest levels of protection to identify their current security posture.

Vulnerability management is the practice of identifying, classifying, remediating, and mitigating security vulnerabilities through the following Vulnerability Assessment process:

Identifying vulnerabilities : Analysing networks through scans, Penetration Tests, Firewall logs, and vulnerability scan results to find vulnerabilities within vectors that could be exploited
Verifying identified vulnerabilities: Deciding whether the vulnerabilities identified could be exploited and classifying the severity of said exploit(s) to understand the level of risk and importance of action.
Mitigating vulnerabilities : Deciding on countermeasures and figuring out how to measure their effectiveness if a short-term solution is not available.
Remediating vulnerabilities : Updating affected software or hardware where possible.

It is important to note that formal vulnerability management doesn’t simply involve the act of patching and reconfiguring insecure settings. Vulnerability management is a disciplined practice that requires company-wide mindset within cyber security and that new vulnerabilities are found daily, requiring the need for continual discovery, verification, mitigation, and remediation.

Since cyber-attacks are constantly evolving, vulnerability management must be a continuous and repetitive practice to ensure your business consistently remains protected.

How JC Cyber Security Can Help

We understand that it isn’t cheap protecting your business and its stakeholders from threat-actors. Sometimes compromises are made depending on the availability and affordability criteria specific to your organisation.

Ensuring a cyber security first approach can ensure minimal business risk, disruption, and increased stakeholder satisfaction. If you are- currently unable to afford your very own cyber team, we recommend making use of our Cyber Security Protection Plan .

Each plan is tailored to meet different business needs and requirements. The following JC Cyber Security Protection Plans include 24*7 Vulnerability Management and/or daily Company Vulnerability Assessments.

Basic Protection Plan

£40.00

* user Per month

Endpoint Protection

Mobile Threat Defence

24*7 Vulnerability Management

Email Protection

Remote Support

Total Protection Plan

£80.00

* User Per month

Endpoint Protection

Mobile Threat Defence

Email Protection

24*7 Vulnerability Management

Managed Firewall

Daily Vulnerability Assessments

Remote Support

Elite Protecion Plan

£105.00

* User Per month

Endpoint Protection

Mobile Threat Defence

Email Protection

24*7 Vulnerability Management

Daily Vulnerability Assessments

Managed Firewall

Quarterly Penetration Tests

Remote Support

Not convinced? Try our Free Cyber Security Freebies!

FREE FIREWALL AUDIT

FREE EMAIL THREAT SCAN

Conclusion

Cyber Security protection will never be ‘one size fits all’. Your organisation’s security needs and requirements will be specific and require around the clock management. You are responsible for protecting confidential, customer data – therefore, you must take action to implement the appropriate cyber security controls. Vulnerability management and assessments are just one way of doing so. Understanding how or where to start is already difficult but affording to introduce your very own cyber security team with the appropriate certifications, experience and/or qualifications might not be physically possible right now either. Signing up with one of our Cyber Security Protection Plans is an accessible and affordable way to start specifically identifying, verifying, mitigating, and remediating vulnerabilities and improving your security posture.

Other Cyber Security Soloutions

Remote Support

24/7 Phone and email communication channels provided to provide reassurance and assistance.

Mobile Threat Defence

Provides immediate visibility and analysis of your mobile threats.

Penetration Testing

Assists business with realising the true impact of a security breach. identifies vulnerabilities, weaknesses.

Managed Email Security

Prevents unwanted malicious emails from getting into your inbox.

Managed Firewall Security

Ensures your business network is secure and protected from external malicious threats. It also can protect remote working users.

Wi-Fi and Network Security

Ensures your Wi-Fi air space and network infrastructure are securely configured.

Endpoint Protection

Used to prevent, detect, and remove vulnerabilities, zero-day threats and malware. Keeping business devices virus free.

What is Endpoint Security?

support@eazi-sites.com (Eazi Business) — Tue, 10 Aug 2021 20:43:29 GMT

Endpoint security is the practice used to secure end-user endpoints and/or entry-user entry points for devices such as laptops; tablets; mobile devices; smart devices (such as TV or watches); printers; infrastructure (such as servers) and card machines from being exploited by malicious threat actors - with the goal of removing all possible vulnerabilities and ensuring minimal business disruption.

Having evolved from traditional antivirus software, endpoint protection now provides comprehensive protection from sophisticated malware and evolving zero-day threats while also being able to cover cloud-based systems.

Endpoint security is often referred to as one of the basics of cyber security and represents one of the first places organisations look to secure. With Cyber Security becoming more important by the day, especially with the COVID-19 lockdown and restrictions, businesses of all sizes have found a larger need for more advanced endpoint protection solutions as many staff have shifted to working remotely from home.

Why Endpoint Security?

Data is extremely valuable – the only reason we give away our personal data is because those who we provide access are those who we trust. However, if our sensitive information were to be accessed, modified, or deleted by unauthorised threat actors, we run in to major problems. That’s exactly why organisations make use of technical security controls such as Endpoint Security: to ensure on-going compliance with the CIA Triad (Confidentiality, Integrity, and Availability).

What is the CIA Triad?

The CIA triad is one of the most established models for security and policy development among organisations around the world. The aim of the CIA triad is that it allows businesses to develop internal security whilst following a global standard security model. By having a set baseline in terms of having the necessary procedures and documentation ensures that businesses have a bare minimum regarding their security-posture.
The CIA triad is made up of three parts:

Confidentiality - information is stored privately and those who do have access are authorised users.
Integrity – how data is handled internally to ensure that it remains accurate.
Availability - data, information and resources are readily available to the correct people with the correct access when required

For more information about the CIA Triad, check out our dedicated blog post .

Every organisation grows at a different rate than another. Therefore, there is never a set list of rules to follow regarding protecting both entry and end point vulnerabilities. Due to this, endpoint security remains a constant importance for businesses as the threat of a breach is always possible. Every new member of staff, every new laptop purchased, and every online account created generates a new possible entry point for threat actors looking to gain access to your network.

As if that wasn’t complicated enough, there’s still the fact that hackers across the globe are also coming up with new ways to penetrate systems every day. Having the appropriate cyber security team in place with the necessary experience, qualifications and certifications isn’t always possible, especially for smaller businesses .

How JC Cyber Security Can Help

We understand that it isn’t easy managing a business while trying to protect yourselves and your stakeholders from constant cyber-threats. There’s always a difficult decision-making process where decision makers within organisations must decide between incorporating high-level, sophisticated cyber security protection or employing a different employee who can help the workload in other departments.

To counter this, we at JC Cyber Security have created the first monthly Cyber Security Protection Plan to help businesses of all sizes make their first cyber security steps – to defend their business, protect their customers and data, and become cyber secure.

Protection Plan Process

Speak with a Cyber Expert

Communicate your needs and concerns and a cyber security expert will recommend the best cyber security solution for your business. This stage is strictly consultation, you are not committing to a plan - this time will be used to ensure that your business receives the best possible support.

Implement Protection

After agreeing upon the best possible plan for your business, the cyber solutions included in your plan will be implemented into your systems, services, devices etc. This is where the necessary testing and reporting will identify any known or unknown vulnerabilities.

Identify Further Weaknesses

Results from the implementation process will be presented back to your business and used to confirm already known vulnerabilities and identify any unknown areas within the organisation that are also at risk. If further vulnerabilities are identified, further solutions will be recommended.

Other security controls on offer within our protection plans include:

Remote Support

24/7 Phone and email communication channels provided to provide reassurance and assistance.

Mobile Threat Defence

Provides immediate visibility and analysis of your mobile threats.

Penetration Testing

Assists business with realising the true impact of a security breach. identifies vulnerabilities, weaknesses.

Managed Email Security

Prevents unwanted malicious emails from getting into your inbox.

Managed Firewall Security

Ensures your business network is secure and protected from external malicious threats. It also can protect remote working users.

Wi-Fi and Network Security

Ensures your Wi-Fi air space and network infrastructure are securely configured.

Vulnerability Management

Ensures all devices are free from vulnerabilities.

Although there are pre-set protection plans, we are also able to offer bespoke plans that specifically fit your business’ needs and requirements. If you are interested to see how a JC Cyber Security Protection Plan can help your business, get in touch with one of our Cyber Experts today and we will be happy to assist you.

Basic Protection Plan

Endpoint Protection

Mobile Threat Defence

24*7 Vulnerability Management

Email Protection

Remote Support

£40.00

* user Per month

Total Protection Plan

Endpoint Protection

Mobile Threat Defence

Email Protection

24*7 Vulnerability Management

Managed Firewall

Daily Vulnerability Assessments

Remote Support

£80.00

* User Per month

Elite Protecion Plan

Endpoint Protection

Mobile Threat Defence

Email Protection

24*7 Vulnerability Management

Daily Vulnerability Assessments

Managed Firewall

Quarterly Penetration Tests

Remote Support

£105.00

* User Per month

How Endpoint Security works

Today’s endpoint protection systems are designed to quickly detect, analyse, block, and contain attacks in progress. To do this, they need to optimally collaborate with each other and with other incorporated security technologies to give administrators visibility into advanced threats. As a result, this will speed detection and remediation response times.

EPP (Endpoint protection platforms) examine files as they enter the network. Additionally, by using the cloud, Modern EPPs attempt to collate and hold an ever-growing database of threat information, so that information is not stored locally (risk of being lost), and the maintenance cost involved is as low as it can possibly be. The purpose of an ever-growing database is so that information is more accessible.

EPP allow for remote access once a centralised administration console has been installed on the intended network server/gateway. The benefit is that if any issues were to arise, those who are responsible for managing the platform and your network don’t want anytime having to travel on-site. Once the endpoint platform has been set up, any identified issues will be flagged on the system and any required updates can be installed, authentication tested, and policies enforced.

Endpoint security components

Typically, endpoint protection software includes the following key components:

Advanced antimalware and antivirus protection to protect, detect, and correct malware across multiple endpoint devices and operating systems
Insider threat protection to safeguard against unintentional and malicious actions
Proactive web security to ensure safe browsing on the web
Machine-learning classification to detect zero-day threats in near real time
Integrated firewall to deny hostile network attacks
Email gateway to block phishing and social engineering attempts targeting your employees
Data classification and data loss prevention to prevent data loss and exfiltration
Actionable threat forensics to allow administrators to quickly isolate infections
Centralized endpoint management platform to improve visibility and simplify operations
Endpoint, email, and disk encryption to prevent data exfiltration

Stay secure with a JC Cyber Security Protection Plan

support@eazi-sites.com (Eazi Business) — Wed, 04 Aug 2021 22:07:32 GMT

What is a Cyber Security Protection Plan ?

A JC Cyber Security Protection Plan is a monthly subscription service that encompasses prevention, detection, and remediation techniques through Cyber Security Solutions to determine the security posture of an organisation; identify any potential risks or gaps; and protect businesses who are vulnerable. Cyber Secuirty Soloutions are used within our Protection Plans to solve your Cyber Security Challenges.

Cyber Security Soloutions

Endpoint Protection

Used to prevent, detect, and remove vulnerabilities, zero-day threats and malware. Keeping business devices virus free.

Mobile Threat Defence

Provides immediate visibility and analysis of your mobile threats.

Penetration Testing

Assists business with realising the true impact of a security breach. identifies vulnerabilities, weaknesses.

Managed Email Security

Prevents unwanted malicious emails from getting into your inbox.

Managed Firewall Security

Ensures your business network is secure and protected from external malicious threats. It also can protect remote working users.

Wi-Fi and Network Security

Ensures your Wi-Fi air space and network infrastructure are securely configured.

Remote Cyber Security Support

24/7 Phone and email communication channels provided to provide reassurance and assistance.

Vulnerability Management

Ensures all devices are free from vulnerabilities.

Cyber Security Challenges

Complying with Policies & Regulations

You may operate in, or provide your services to, certain industries and sectors that have regulations around cyber security. We understand regulations can be a daunting area – with a cyber security protection plan, we can assist you in complying with cyber and/or data security regulations.

Protecting Critical Assets

In today’s modern world, threats are constantly on the rise – especially in cyber security. It is more important than ever to understand the risks your business, customers and suppliers are exposed to. What are you waiting for? Be proactive and join JC Cyber Security’s Protection Plan.

Cyber Security is too Expensive

There are a lot of myths in the wild that suggest cyber security is expensive. JC Cyber Security Services pride ourselves on providing both affordable and tailored cyber security protection plan soloutions that meet your businesses needs and requirements.

Managing Supply Chain Risk

You may outsource your services to associates, sub-contractors or partners. It is vital, in order to protect yourself, to ensure that whoever you are outsourcing to is cyber secure.

Sectors

(Not an exhaustive list)

Although protection plans typically come part of pre-priced and pre-set packages, they can also be bespoke - directly meeting the needs of your business. Protection plans are typically available to anyone; however, protection plans can be further tailored to certain sectors. For instance, we at JC Cyber Security Services already work with those within the following industries:

Why your business needs a protection plan

With cyber threats continuously on the rise, businesses must consider cyber security to survive.

According to the Department for Digital, Culture, Media, and Sport: "Four in ten businesses (39%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months."

- Cyber Security Breaches Survey. 2021

Therefore, it is crucial that businesses invest in advanced protection that goes beyond a firewall and traditional security controls such as anti-virus defences.

Education

IT

Property

Small Business

Finance

Manufactoring

Start-Up

Cyber Security Solutions are typically offered individually to organisations that have identified vulnerabilities within their security posture. However, many businesses:

Cannot afford to have their own in-house cyber security team

Struggle to gain or maintain cyber security certifications

Don’t have enough time to think about cyber security

Struggle to stay up to date with the latest cyber security trends

Believe their current safeguards are optimal

Believe they are too small or irrelevant to be the target of an attack

The truth is...

The Cyber world as we know it is always evolving - businesses are facing increased and more complex threats. With COVID-19 restrictions and regulations enforced during early 2021, many more cyber-attacks are happening at a far greater rate than ever before, and the damage posed is immeasurable. Some Cyber Security threats businesses face daily:

Staff Working Remotely
Data Breaches
Phishing Campaigns
Insider Threats
Fraud

Ransomware Attacks
Computer Malware (spyware, worms, viruses, and adware etc)
Denial of Service attacks
Zero-day Exploits
Rootkits

The list is endless. As a result, businesses find themselves using technology solutions without sufficient knowledge, or protection at their disposal.

That’s why we at JC Cyber Security Services developed our very own Protection Plan . We understand that cyber security is a complex, challenging and hard to understand. JC Cyber aim to be a supportive, friendly, and approachable company that helps make cyber security less complex, more understanding and less scary for businesses.

Benefits of a Cyber Security Protection Plan

With a Protection Plan and the cyber security solutions on offer, your business takes the first necessary step of becoming proactive towards cyber security. Protection Plans are designed to provide your business peace of mind by:

Securing your assets and safeguarding what is vital to your business
Ensuring secure and resilient business operations
Reducing the chance of a cyber-attack against your organisation
Providing a bespoke solution that meets your business needs
Providing ongoing compliance with regulatory and standards-based requirements
Allowing you to focus on what is important
Consistent monthly payments
A solution that is cheaper than purchasing a cyber security solution after becoming a victim (such as post-breach assessments)

Protection Plan Process

Speak with a Cyber Expert

Implement Protection

Identify Further Weaknesses

Conclusion

Cyber-crime is and will continue to remain one of the biggest threats to your business. Loss of data and business disruption can have a huge impact on both your finances and reputation. To counter this, organisations who don’t already have their own in-house cyber security team, or the financial capacity to build their own, opt for a cyber security protection plan - improving security posture, taking their first step to becoming proactive against threat actors, and remaining safe from cyber breaches while not breaking the bank. Having the peace of mind that there are those actively protecting your business will allow you to concentrate on what’s important while not leaving yourself vulnerable for attack.

If you have any questions, you may find our Protection Plan page useful, if not, don't heitate to send us an email , or give us a call .

Cyber Security News - August 2021

support@eazi-sites.com (Eazi Business) — Mon, 02 Aug 2021 11:06:02 GMT

31/08/2021

DHS urges Microsoft customers to update Azure to avoid security flaw

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is urging Microsoft cloud customers to reset their security keys in light of a recent vulnerability that may have exposed customer data.

The flaw, discovered by researchers at Wiz, would have allowed any customer using Microsoft’s Azure Cosmos database to read, write and delete another user’s information without authorisation. Cosmos DB is used by thousands of organisations, including Coca-Cola, Exxon Mobil and a number of other Fortune 500 companies.

26/08/2021

Microsoft to add secure preview for Office 365 quarantined emails

Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails.

Microsoft Defender for Office 365 provides Office 365 enterprise email accounts with protection from multiple threats, including business email compromise and credential phishing, as well as automated attack remediation. The soon-to-be-released update is designed to limit users' exposure to unwanted or malicious content by adding additional security controls to block embedded threats.

"We're changing the way users preview quarantined messages to provide additional security against embedded threats," Microsoft explains on the Microsoft 365 roadmap.

"With this change some components in quarantined messages will be distorted and not displayed by default. To see the full contents of the me ssage, users can choose to reveal the full message."

Besides secured preview of quarantined emails, Microsoft Defender for Office 365 will also roll out other key quarantine management features that will make it easier for security operations (SecOps) teams and end-users to triage emails:

Quarantine folder policy and user release request workflow
Customer organization branding
Streamlined email submission from the quarantine portal
Robust release of bulk quarantined emails
Quarantine support for shared mailboxes

25/08/2021

Modified Version of WhatsApp for Android Spotted Installing Triada Trojan

A modified version of the WhatsApp messaging app for Android has been trojanized to intercept text messages, serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without users knowledge.

"The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK)," researchers from Russian cybersecurity firm Kaspersky said in a technical write-up published Tuesday. "This is similar to what happened with APKPure, where the only malicious code that was embedded in the app was a payload downloader."

23/08/2021

Largest DDoS attack ever reported gets hoovered up by Cloudflare

According to Cloudflare and their blog post , they detected and mitigated a 17.2 million request-per-second (rps) DDoS attack - three times as large as anything they have seen before.

In a DDoS attack, a threat-actor tries to stop users from using an online service by making it so busy (overwhelming the target with requests), until the target crashes.

The target of this enormous DDoS attack was a customer of Cloudflare in the financial sector. Cloudflare reports that within seconds, the botnet bombarded the its edge with over 330 million requests.

The Cloudflare CDN is absolutely enormous, and is used by almost 20% of all websites, which means it can handle an absolutely enormous amount of traffic.

18/08/2021

Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger and Instagram DMs

Facebook on Friday (13/0821) stated that they are extending end-to-end encryption (E2EE) for voice and video calls for their Messenger, along with testing a new opt-in setting that will turn on end-to-end encryption for Instagram DMs.

"The content of your messages and calls in an end-to-end encrypted conversation is protected from the moment it leaves your device to the moment it reaches the receiver's device," Messenger's Ruth Kricheli said in a post. "This means that nobody else, including Facebook, can see or listen to what's sent or said. Keep in mind, you can report an end-to-end encrypted message to us if something's wrong." while mentioning that E2EE is becoming the industry standard for improved privacy and security.

17/08/2021

T-Mobile Confirms It Was Hacked

T-Mobile has confirmed hackers gained access to their systems in an announcement published Monday (16/08/2021).

The move comes after Motherboard reported that T-Mobile was investigating a post on an underground forum offering for sale Social Security Numbers and other private data. The forum post at the time didn't name T-Mobile, but the seller told Motherboard the data came from T-Mobile servers.

According to reports, 100 million people had their data compromised.

16/08/2021

Customer Service Credential Abuse and Data Theft on the rise according to Confidential Amazon Memo

A confidential memo from Amazon has explained that customer service credential abuse and data theft was on the rise, according to Motherboard.

Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps.

12/08/2021

Accenture Hit by LockBit Ransomware with Hackers Threatening to Leak Data

Accenture, global IT consultancy giant has become the latest company hit by the LockBit ransomware gang, according to a post made by the operators on their dark web portal, likely filling a void left in the wake of DarkSide and REvil shutdown.

"These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider," read a message posted on the data leak website. Accenture said it has since restored the affected systems from backups.

LockBit, like its now-defunct DarkSide and REvil counterparts, operates using a ransomware-as-a-service (RaaS) model, roping in other cybercriminals (aka affiliates) to carry out the intrusion using its platform, with the payments often divided between the criminal entity directing the attack and the core developers of the malware.

The ransomware group emerged on the threat landscape in September 2019, and in June 2021 launched LockBit 2.0 along with an advertising campaign to recruit new partners. "LockBit also claims to offer the fastest data exfiltration on the market through StealBit, a data theft tool that can allegedly download 100 GB of data from compromised systems in under 20 minutes," Emsisoft noted in a profile of the crime syndicate.

11/08/2021

Microsoft responds to PrintNightmare

Microsoft appears intent on turning the 'PrintNightMare' print spooler remote code execution vulnerability into an AdminNightmare, judging by its latest mitigation, which requires administrator privileges for Point and Print driver installation and update.

PrintNightmare began life as an accidentally disclosed zero-day at the end of June and permitted an attacker to run arbitrary code on Windows with SYSTEM privileges. A flaw in the Windows Printer Spooler service allowed miscreants to potentially run riot on exposed systems.

Security researchers pressed the hole and further vulnerabilities oozed out of the Print Spooler service.

Having initially told users to shut down Print Spooler, Microsoft's latest missive means it will require administrator privileges for Point and Print driver installation, a change that will hit all supported versions of Windows and turned up in this week's round of patches.

05/08/2021

The upcoming 'Super Duper Secure Mode' update for Microsoft Edge

Microsoft has announced that the Microsoft Edge Vulnerability Research team is experimenting with a new feature dubbed "Super Duper Secure Mode" which is being designed to bring security improvements without seeing significant performance losses.

When enabled, the new Microsoft Edge Super Duper Secure Mode will remove Just-In-Time Compilation (JIT) from the V8 processing pipeline, reducing the attack surface threat actors can use to hack into Edge users' systems.

Right now, when enabled, Super Duper Secure Mode disables JIT (TurboFan/Sparkplug) and enables Control-flow Enforcement Technology (CET), an Intel hardware-based exploit mitigation designed to provide a more secure browsing experience.

In the future, Microsoft also wants to add support for Arbitrary Code Guard (ACG), another security mitigation that would prevent loading malicious code into memory, a technique used by most web browser exploits.

04/08/2021

Microsoft identify new Phishing Campaigns that are using Sharepoint

Microsoft researchers have discovered that threat actors are using spoofed sender addresses and Microsoft SharePoint lures in a new phishing campaign that is said to be “sneakier than usual”. These campaigns can slip through the usual security protections with the aim of fooling users into giving up their credentials.

Microsoft Security Intelligence researchers have also discovered the campaign targeting organisations that use Microsoft Office 365 by using the file-sharing aspect of SharePoint, they revealed in a tweet on 03/08/21.

The campaign spoofs display sender addresses that contain the target usernames and domains, as well as display names “that mimic legitimate services to try and slip through email filters".

04/08/2021

Video comms org, Zoom agrees $85m settlement

Video communication organisation, Zoom has agreed to an $85m settlement after a class action privacy lawsuit was filed in the US regarding their poor privacy security controls, an uprising in zoom-bombing, and data sharing policies. As part of the agreed settlement, Facebook is ordered to delete the user data obtained via the SDK.

Reported Zoom Issues:

Zoom-bombing - when unauthorised users join privately held sessions on zoom with the intent to cause mayhem. Zoom-bombing exploded into life during 2020 and the introduction of COVID-19 lockdowns and restrictions. This disrupted many individuals and businesses who relied on the communication software to help ease business operations for remote working staff.
End-to-end encryption - Zoom also claimed to offer end-to-end encryption, when they were using something called transport encryption. They later had to clarify that they meant data was encrypted at Zoom endpoints.
Sharing data with social media companies - even if you don’t have an account with them. Zoom used Facebook’s Software Development Kit for app features, which resulted in data being sent to Facebook. The part about data being sent even without an account wasn’t made clear, according to Motherboard. As a result of the linked investigation, Zoom decided to remove the Facebook SDK. They also apologised for the oversight, and shut down “unnecessary device data” collection.

03/08/2021

Threat Actors are using Web Push Notifications to make AdRevenue

As many countries reintroduced COVID-19 lockdowns and restrictions earlier in 2021, there were once again many people stuck at home with free time - not to mention an increase in online streaming. A recent report from Trend Micro has identified that threat actors are using push notifications in a unique case of click fraud against users who make use of illegal streaming sites.

When making use of illegal sites, users are usually bombarded with many advertisements opened up in new tabs and browser windows - as annoying as this may be, it's the price some users are willing to pay for not directly subscribing to particular paid services who legally provide the content.

Although these spammy advertisements help with the website running costs, the advertisements are only reaching users who are using these sites at the time - if this were to be for a sporting event, the advertisements would only receive a lot of impressions and clicks during the time of day the sporting event is relevant.

To counter this, unscrupulous advertisers are taking advantage of the 'push notification' feature included on many internet browsers to consistently push advertisements directly to users throughout the day. Once a pop-up is clicked, the user is taken through a series of doorway pages until the user reaches a legitimate page, which you may find surprising.

This is a very specific kind of scheme in which commissioned affiliates are attempting to earn more from the security companies by tricking more users to visit their websites.

What are push notifications?

Push notifications are clickable pop-up messages that appear on your browsers. They serve as a quick communication channel enabling companies to convey messages, offers, or other information to their customers. Subscribers can be anywhere on the browser and still receive these messages as long as they’re online or have their browsers running on their devices.

What you can do
Google is reportedly trying to crack down on the abuse of the browser notification feature, as they “mislead users, phish for private information or promote malware.”. As we do not know how long this process will take, we at JC Cyber Security recommend:

Do not use untrusted websites - instead, ensure you are using a trusted source that has the permissions to display the content you are viewing
Don't accept browser notifications from providers you don't know or you don't want
Ensure your browser is doing everything it can to block unwanted content or tracking advertisements
Getting in touch with one of our Cyber Experts

02/08/2021

Fake Call Centers are Tricking Users Into Installing Ransomware

An ongoing malicious social engineering campaign (dubbed 'BazaCall') where fake call centers are tricking victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems has been identified.

BazaCall attempts to wrongly inform users through email that incoming subscription charges are due and will be charged to the victims account unless they call a certain number. Thereafter, the fraudulent call center attempts to trick the recipients by instructing unspecting users to download BazaLoader malware.

" BazaLoader (aka BazarBackdoor) is a C++-based downloader with the ability to install various types of malicious programs on infected computers, including deploying ransomware and other malware to steal sensitive data from victimized systems. First observed in April 2020, BazaLoader campaigns have been used by multiple threat actors and frequently serves as a loader for disruptive malware such as Ryuk and Conti ransomware ." - The Hacker News

Because the emails sent are free of any malware related attatchments or links, the phishing emails are less likely to be flagged by phishing and malware detection software - ensuring each campaign reaches a larger audience.

If you are sucpicious of an email, text, or communication, we recommend not clicking on any links or downloading any attatchments. Reputable services will never ask you to share any personal identifable or sensetive information directly with them. If you require any further assistance, get in touch with one of our cyber experts today.

Cyber Security News - July 2021

support@eazi-sites.com (Eazi Business) — Wed, 14 Jul 2021 17:15:49 GMT

29/07/2021

New Android Malware identified to Spy and Steal Passwords from Victims

RAT, a undocumented Android-based remote access trojan has been identified to use screen recording features to steal user sensitive information on the device, such as banking credentials, and open the door for on-device fraud.

Dubbed "Vultur", its use of Virtual Network Computing (VNC)'s remote screen-sharing technology allows the threat actor full visibility on targeted users with additional keylogging. The mobile malware, named "Protection Guard' was distributed via the official Google Play Store, attracting over 5,000 installations. It is said that banking and crypto-wallet apps from users were the primary targets.

"For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," ThreatFabric said in a write-up shared with The Hacker News.

28/07/2021

XLoader malware infects Macs by collecting keystrokes, screenshots, and more

According to reports, XLoader malware, which was previously only thought to be on Windows machines, has been identified to attack Mac OS devices also. An evolution of the malware known as Formbook, which lets attackers log keystrokes, take screenshots, and access other private information is thought to be active since 21/07/2021.

The malware, Formbook, is sold on the dark web for $49, enabling anyone to deploy it against both Windows and Mac users. The positive news is that it requires user action before the malware can be triggered.

Security researchers at Check Point discovered it. Yaniv Balmas, head of cyber research at Check Point Software, said that Mac owners shouldn’t be complacent.

"Historically, MacOS malware hasn’t been that common. They usually fall into the category of ‘spyware’, not causing too much damag e. I think there is a common incorrect belief with MacOS users that Apple platforms are more secure than other more widely used platforms. While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous. Our recent findings are a perfect example and confirm this growing trend. With the increasing popularity of MacOS platforms, it makes sense for cyber criminals to show more interest in this domain, and I personally anticipate seeing more cyber threats following the Formbook malware family"

28/07/2021

Apple Releases Urgent 0-Day vulnerability Patch for Mac, iPhone and iPad Devices

On Monday (26/07/2021), Apple rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day vulnerability that may have been actively exploited. This latest patch makes it the thirteenth known vulnerability Apple has patched since the start of 2021

The update has now gone live, after the released their latest software updates: iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5. The Apple patch fixes a memory corruption issue (CVE-2021-30807) in the IOMobileFrameBuffer component, a kernel extension for managing the screen framebuffer, that could be abused to execute arbitrary code with kernel privileges.

Apple have stated that they have addressed the issue, noting they are "aware of a report that this issue may have been actively exploited." Additional details about the flaw have not been disclosed to prevent the weaponization of the vulnerability for additional attacks.

20/07/2021

China accused of attacking Microsoft Exchange Servers

According to BBC, the attack targeted Microsoft Exchange Servers, impacting at least 30,000 organisations globally'. The UK, US and EU have all accused China of carrying out the attack which began in January 2021, where Chinese-linked group, 'Hafnium' began creating backdoors within Microsoft Exchange, so that they could continue returning. Microsoft announced the vulnerbility and have said to of patched it on March 2nd.

" We believe that cyber-operators working under the control of Chinese intelligence learned about the Microsoft vulnerability in early January, and were racing to exploit the vulnerability before [it] was widely identified in the public domain ," a security source told the BBC.

China has since denied allegations and say they oppose 'all forms of cyber-crime.'
.

19/07/2021

NSO Group spyware deployed on iPhones running latest iOS

Amnesty International, a human rights non-governmental organisation has revealed in a recent report they have found spyware made by Israeli firm NSO group deployed on Apple iPhones running the latest IOS release, IOS 14.6, and older IOS versions, hacked using zero-day, zero-click iMessage exploits. Reports also suggest that the exploit does not require any interaction from the intended target to be successful.

Furthermore, reports suggest Citizen Lab has been able to observe NSO Pegasus spyware being installed on certain iPhone models running certain versions of IOS (such as 14.4 and 14.0.1). Pegasus is a spyware tool developed by NSO Group that has been marketed as a surveillance tool only "licensed to legitimate government agencies for the sole purpose of investigating crime and terror.". This is not the only report relating documenting NSO Group's Pegasus spyware spying on users worldwide - in 2019 WhatsApp was exploited by NSO Group and sold - ultimately they were sued by Facebook.

We at JC Cyber Security will continue to monitor the latest news regarding Cyber Security and any potential risks - if you feel like you need some advice regarding your security posture, don't hesitate to get in touch.

15/07/2021

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

According to Microsoft threat analysts , with COVID-19 and the increase in staff working remotely , there has been an increase in 'consent phishing emails' also known as 'illicit consent grants'. Consent phishing attacks exploit legitimate cloud service providers (such as Google, Microsoft, Facebook) that use OAuth 2.0 authorisation, a protocol that requests user consent from third-party apps, so that they can access and perform actions on the user's behalf.

Typically, you would see phishing campaigns impersonate a trusted entity by creating fake websites/services so users with a lack of training or awareness will enter their personal credentials, however, consent phishing attacks prompt users to log in to a legitimate sign-in page first, rather than a fake one by registering an app (made to resemble legitimate businesses) on a platform that uses OAuth.

Consent Phishing Methodology

Attacker registers their malicious app with OAuth 2.0
A phishing email is sent asking for consent to access and perform actions on a users behalf
User clicks on OAuth URL
The service provider generates an authentic consent prompt
Authorisation code is sent to the attacker
Attacker gains access to personal user data
Attacker maintains persistence and can perform reconnaissance and gain further information/access over time.

Remote Working – How to Keep Staff Safe

support@eazi-sites.com (Eazi Business) — Tue, 29 Jun 2021 23:06:46 GMT

The business landscape as we know it is drastically different to what it was a couple of years ago. Since the introduction of the COVID-19 pandemic, none of us could have known the impact it would have had. Cyber related crime is at an all-time high due to a surge in staff working remotely - businesses now face more challenges than ever.

As cybersecurity experts, we at JC Cyber Security feel it is our responsibility to ensure that businesses understand the advantages, disadvantages and risks regarding staff working remotely. If you are unsure about your organisation’s cybersecurity practices and would like some advice, feel free to speak to us today .

Top 5 Cyber Security Risks when Working Remotely

With the increase of employees having to work from home, there has been a rise in the number of vulnerabilities businesses face daily. This is because the policies and regulations your business would have specific to working in-house is no longer applicable in many remote environments. One employee set-up will be different to another as the applications, systems and software required may differ depending on their role and network connection.

1. Phishing

We have already discussed a lot concerning phishing due to the Covid-19 pandemic. Phishing attacks are becoming a bigger issue for businesses. If you would like to read our previous phishing blogs, you can find them by the following links:

From the above resources, we know that phishing attacks are a social engineering attack where attackers will try to resemble a trusted source to gain the trust of an individual or business through mediums such as email, text, or phone – the primary goal of gaining access to confidential data.

Defending against Phishing attacks

One of the biggest threats to remote staff is phishing schemes. Phishing campaigns are now extremely sophisticated and effective as they are not always easy to detect, especially if your staff have not had any prior training.

Phishing Simulation training is of the best measures in cybersecurity being used to help stop phishing incidents. All an attacker is hoping for is to exploit one weak point within your organisation which can result in huge setbacks such as

Fraud
Data breaches
Damage to your business’s finances and reputation.

As part of your organisations DiD (Defence in Depth) strategy, you are responsible for ensuring that you have several safeguards and countermeasures in place for protecting both your own and your customer's personal data. Staff having the knowledge and training to detect a phishing attack supports your DiD strategy and ensures ongoing compliance.

A phishing simulation would usually entail creating a phishing attack vector and targeting certain employees with non-destructive results – the purpose of highlighting the strengths and weaknesses of your employees when it comes to their ability to identify fake communication.

2. Weak Passwords

Such as phishing campaigns, passwords are always vulnerable to threats due to the human factor. The reason attackers aim to exploit humans is because cybersecurity software is often so much harder to beat. Hackers have many methods of cracking passwords such as:

Brute Force
Phishing attacks
Social Engineering
Malware
Guessing

Another error organisations make is repeating their passwords over many different accounts. If an attacker were to crack the password, they would have access to every single account that that password is also used with. Ensuring that your staff understand the errors of weak and repeated passwords reduce the risk of successful attacks.

How to ensure good password management

Password management software

Password management tools (such as 1Password or LastPass ) ensure that users are not storing their passwords on physical devices (can be accessed by other people) or through their memory (will not be a secure password). The passwords for your whole organisation can then be managed through the appropriate members of staff who will monitor the system and be alerted by any suspicious activity. Therefore, staff will only need to remember one core password to access the software and gain access to their secure passwords. Any unauthorised users who use this password will be flagged as their IP address will be different and access to the account can then be blocked by the administration team.

Password management tools will alert users about repeated passwords while also having tools that can quickly generate and store long, hard to replicate, and secure passwords. These tools are also easily accessible and can be downloaded on devices such as mobile phones if necessary.

Multi Factor Authentication
MFA (Multi-Factor Authentication) is an authorisation method that requires two or more successful prompts to verify a user’s identity. These prompts could be a fingerprint scan, entering a pin, or even accessing another account such as their email to repeat a specifically generated code. After verifying their identity, staff will only then be given access to their account.
Having MFA decreases the likelihood of a successful cyber-attack and should form one of the core components of your IAM (Identity and Access Management Tool) policy.

Users that are required to authenticate their identity reduce the risk of a successful brute force password attack. So, if an attacker successfully guesses the correct password, they still can not access your staff’s account as the system/software they are using will require your actual staff member to authenticate that they are the ones trying to access their account.

Change passwords regularly
It is always good practice to regularly change passwords. With staff potentially leaving over time, you can never accurately account for who does and does not know what. Having policies in place that requires your staff to change their passwords on a 6-12month basis can ensure that only those who require access, gain access.

3. Unencrypted File Sharing

Although many already encrypt their data on a network, we do not always see data that needs to be transferred and shared with others being encrypted too. If sensitive information sent out to others is intercepted, it could potentially lead to ransomware attacks and identity fraud.

Ensuring your staff understand why and how to encrypt data ensures that only the intended target can decrypt the message. Your business can ensure good encryption methods by:

Using email encryption platforms
Having a phone system that can encrypt phone & voicemail communications
Using end-to-end file sharing platforms such as OneDrive, Dropbox & Google Drive

4. Insecure home Wi-Fi

With staff working remotely, each staff member will require their own network connection. Rather than just ensuring your own business network is secure, you now must ensure that all your staff are not vulnerable to attack through their own home Wi-Fi or that they understand the dangers relating to publicly accessible Wi-Fi. If you do not currently know the dangers relating to public Wi-Fi, make sure that you read our ' VPN - What, How & Why ' blog post.

Additionally, many organisations will have their own firewall protection, however, most home Wi-Fi connections will not. Even though routers and computers typically have their own Firewall, and anti-virus protection, these are usually very basic and could leave security gaps within your organisation’s security.

How to secure home Wi-Fi

Consistently update software

Ensure your staff understand the importance of updating their devices operating systems, applications, and network-related software packages. It is so easy to forget about updating our software. However, not doing so leaves your staff and their systems extremely vulnerable to an attack. When a system or application requires an update, it requires an update because it is no longer as good as it was yesterday. Developers will have found a better, more efficient way of performing its task due to it having a current vulnerability. The longer you leave these updated, the more likely they will be exploited. In today’s day and age, it is extremely easy to schedule updates – even windows 10 has a feature where you can set the user’s working hours, this way, updates will be performed out of working hours.

Firewall Management Service

Ensure your organisation has a Managed Firewall Service. Self-managing your businesses technical security controls can take up considerable resources and require constant monitoring. By having a Firewall Management service, you will have cybersecurity experts on hand 24/7 to ensure that your businesses firewall is protecting your staff, is updated whenever necessary and complies with ISO 9001 and ISO 27001 standards.

You can find out more about Firewall security by visiting the following resources:

Encrypt data with a VPN

A VPN (Virtual Private Network) is a service for privatising and encrypting a user’s online activity by connecting a device to a VPN server. Any actions or data used while connected to the VPN network will be encrypted so an attacker will not be able to identify the users or any of the personal data.

The most typical type of VPN is a client-to-Site VPN. A Client-to-Site VPN is where a client will connect to the server to access the corporate network or Local Area Network (LAN) behind the server but still maintains the enterprise level security of the network and its resources.

A Site-to-Site VPN will use the internet to extend your business network so it can be accessed by the appropriate users in multiple locations. The gateway of one location can then successfully communicate and share resources with the rest of the network.

5. Working from Personal Devices

By working remotely, staff are most likely provided with their own computer device. The risk is that your employees will feel that they have the freedom to connect to/with any other personal devices at home such as their mobile phone, printers, speakers, etc. Connecting to these devices can pose their very own cybersecurity risks.

If you cannot provide all staff with their very own laptop/computer, staff may have to use their personal computers. This again can provide a new set of vulnerabilities. A virtual computer service such as a Desktop-as-a-Service (DaaS) can transform personal tablets and computers so that they have their own area where work-related tasks can be completed on a private cloud service, with access to the companies’ network. Once they have finished working, they can log off from the service and continue to use their device for personal tasks without risking any business data. If their device were to be stolen, as the data is held on the virtual desktop, data cannot be accessed on a physical drive, only on the company’s network.

If your staff must use their mobile phone for work-related tasks, ensure that they can only do so once their device has been encrypted. IOS devices have additional features that will wipe the data held on the phone upon a certain amount of failed log-in attempts.

Working Remotely - Benefits

Less commuting

Not everyone is fortunate enough to be within walking distance of their place of work - some staff may sacrifice a lot of time and money. This can take its toll on staff who may be struggling financially or those who find themselves consistently arriving late for work. By removing the issue of travelling to an office, working remotely allows employees extra time before their shift to get in more work preparation, to fully complete their personal commitments and the bonus of saving them more money.

Another added benefit of less commuting is the environmental and health-related benefits. While not directly impacting your business, these will ensure that the world both you and your staff share is the best it can be. Some examples include:

Staff are not put at risk driving or cycling in busy areas
Staff may feel more comfortable and find less distractions working remotely
Improved equality for those who may find it difficult to travel

Flexibility

Your staff will have their own personal lives with their own commitments and responsibilities. Those who have children may have to care for them without warning. Typically, this would almost guarantee the end of the working day for staff members. Working remotely allows for flexibility as the means to complete work becomes more accessible for staff. If there is a deadline, working hours can be negotiated and discussed with more room for maneuverer than we have seen in the past.

Less financial responsibility for having office space.

As a result of your staff working remotely, they will not always be taking up space in an office and using your utilities – potentially saving your business a lot of money. If you find that remote work fits your business model and your employees better, then you may decide not to return to an office and permanently work from home.

How a JC Cyber Security Protection Plan can help keep your staff secure:

As remote work continues to become a more viable option for businesses, cybersecurity is becoming even more important. Without the time, knowledge, and infrastructure to support your remote staff, you are almost certainly going to be vulnerable to some sort of cyber-attack.

JC Cyber Security have developed our Protection Plan to provide your business with the peace of mind it deserves. We want to help businesses of all sizes so that they can take on a high level of security tailored to their specific needs. By speaking to one of our Cyber experts, we can help your business:

Identify weaknesses through a vulnerability assessment
Recommend a protection roadmap built specifically for your business
Implement the necessary safeguards and protections to keep your business secure
Reduce the risk of a cyber attack
Ensure ongoing compliance
Focus on what is important for your business

A protection plan is the first big step in becoming proactive in cybersecurity. Cybercrime is one of the biggest threats to your business and a breach can be crippling to both your finances and reputation – there might be no way to come back. If you have any questions/queries regarding keeping your business secure, do not hesitate to get in touch .

VPNs – What, How & Why?

support@eazi-sites.com (Eazi Business) — Thu, 24 Jun 2021 11:12:24 GMT

Did you know our Managed Firewall Service includes VPN capabilities to allow your staff to securely work remotely?

What is a VPN?

A VPN (Virtual private network) is an online service used for securing and privatising your internet browsing activities by connecting device(s) to an encrypted, private network. When using a VPN, anything performed online will first be sent to the VPNs server, where identifiable details such as your IP address and location will be modified, and your connection will be encrypted. Ultimately, anyone who tries accessing this data will not be able to identify you or any of your personal data.

How VPNs work

A VPN creates a point-to-point tunnelling connection only accessible by authorised users. Your device therefore connects to another network, encrypting your data and hiding your real IP address. The way a VPN does this is by masking your computers dynamic IP address with a dedicated or static IP address located anywhere around the world.

What is an IP address?

An Internet Protocol address is a string of numbers such as (192.143.1.55), which are assigned to your devices that can connect the internet. They are used to identify the location of such devices. Think of your home address, if somebody needed to send you a letter, they would use your home address – in return, if you wanted to reply, you would use their address to communicate back.

There are different types of IP addresses such as:

Dynamic IP – Assigned by DHCP (Dynamic Host Configuration Protocol) and will consistently change over time
Static IP – The opposite of dynamic, these IP addresses do not change
Public IP – Assigned to a router or network and used for external communications. Can be used to identify you
Private IP – Assigned independently to all devices on your network to identify devices connected. These IP addresses are not unique and cannot be used to identify you
Shared IP – Refers to websites who share an IP address with other domains
Dedicated IP – Refers to websites with their own dedicated IP

Different types of VPNs

Site-to-site VPNs –

A connection between two or more networks, such as an organisation with many offices/branches in different locations. This VPN will allow all offices secure access to the organisations network remotely so that they can continue to share resources and communicate safely.

Remote access VPNs –

Users away from their organisation, such as those working remotely will authenticate themselves to a remote VPN gateway for their organisations network server. Once authenticated, access will be given, and the user will have access to the organisation while on a secure, private connection.

Hardware VPNs –

Although more expensive and seen in larger organisations, Hardware VPNs can provide many benefits to an organisation such as load balancing. This standalone device includes a dedicated processor while managing to everything a typical VPN would but with increased levels of security.

DMVPNs –

A Dynamic multipoint VPN allows data exchange between sites without needing to pass through the organisations VPN server or router. By creating a mesh VPN service that runs on the VPNs routers and firewall concentrators, each remote site will have a router configured to connect to the main office branch, providing access to needed resources.

Mobile VPNs –

A mobile VPN will typically be placed on the edge on a company network allowing secure tunnelled access. Mobile VPNs provide continuous service and can allow users to switch across multiple networks, whether they are public or private.

VPN Appliance –

A router that provides protection, authorisation, authentication, and secure encryption for VPNs.

Why use a VPN?

Privacy - It is relatively easy to use an IP address to spy on somebody. But, by using a VPN your IP address is hidden and anything you do online will appear to come from the exit node (location) you selected for your VPNs tunnel. Anyone interested in viewing your history, identity and/or location will not be able to access this data as it will have been encrypted by your VPN.

An advantage of this is that if some websites or services may blacklist certain IP addresses in country A but not country B - you can use a VPN to mask your public IP address into an IP address that relates to country B to be able to access these websites. People use this method to access geo-restricted content on streaming services such as Netflix.

Another benefit with VPNs masking your identity is that it makes it extremely difficult for advertisers to identify you and advertise target specific ads.

Publicly accessible Wi-Fi – We have all been there, out and about, no access to the internet and an increasing urge to look at our emails, check our bank balance or post something online. What do you do? You look for any publicly available networks. Nothing wrong with that, right?

If you ever find yourself in a similar situation and must connect to public Wi-Fi, then we recommend:

Ensuring the public network is from a trusted source – hackers can and will create real-sounding public networks to entice people into connect to them
Only visit websites that are secure – sites with https:// are using the latest encryption protocols whereas sites using http:// are not
Make sure that your device is using an optimal firewall – We are currently offering a Free Firewall audit to help identify any weaknesses in your current firewall and a Managed Firewall Service to help you make the necersarry steps.
Do not communicate sensitive data – You are responsible for ensuring sensitive data remains private – especially if the data belongs to your customers
Do not log into online banking – only use websites that are secure low-risk such as listening to music
Use a VPN – connect to an encrypted network and disguise your activity

Why buy our Managed Firewall Service?

Improve your businesses Firewall by adding VPN capabilities:

Using a VPN service with your online devices or firewall can offer many benefits for your business - especially with remote staff. As Cyber Security Experts, JC Cyber Security have a long history of managing complex networks, infastructure, and applications in which our customers' firewalls are operating. We are proud to offer a Managed Firewall Service that can be easily tailored to your businesses needs and requirements. With the aim of providing peace of mind, we reduce risk and ensure ongoing compliance while monitoring your network 24/7, 365 days a year.

If you would like to know more about how your business can use VPNs and/or managed firewall services to secure your business, don't hesitate to speak with one of our cyber security experts today.

Managed Firewall Service – Why Your Business Needs One

support@eazi-sites.com (Eazi Business) — Wed, 16 Jun 2021 10:19:28 GMT

From our previous two blogs, ‘ What is a Firewall ’ and ‘ The Different Types of Firewalls ’, we discussed how firewalls are preventative technical security controls that provide automated protection to an IT network. We also established that they form a necessary part of the DiD (Defence in Depth) approach and BCP (business continuity plan). In this article, we are going to delve further into these statements and explain how a managed firewall will help keep your business cyber secure.

What is a Managed Firewall?

Self-managing your company’s firewall(s) can take up considerable resources and require around the clock management – not everyone has the time and expertise to do so. That is where a Managed Firewall Service comes in handy.
A managed firewall service will provide your business with peace of mind as the managed firewall service provider will deal with any firewall related tasks such as administration and maintenance. While not only being able to test your firewall’s current defences, they can also help you make important decisions on how to improve its capabilities - more details further below.

Do I need a managed Firewall?

We believe that anyone who deals with sensitive data must ensure they are doing everything they can to protect it; especially if that data involves your customer's personal information. Not only are you required to have appropriate safeguards in place, but it is also widely expected that you will be doing so from an ethical point of view. Anything less can be extremely damaging to both your reputation and finances.

If you are not 100% sure if you need a managed firewall service, the best plan of action is to create an audit of your current networking capabilities and vulnerabilities. Again, this will require somebody with a high level of networking knowledge and potential investment. If you do not have the required skills or knowledge on where to start, we recommend starting with our Free Firewall Audit .

How a Managed Firewall can help your BCP (Business Continuity Plan)

Business continuity planning is the process in which a multitude of prevention and recovery systems are put in place so that your company’s most important assets are protected in the event of a disaster (resulting in a loss of service). If anything were to happen, the BCP would kick in and ensure the least amount of panic as you will be 3 steps ahead. A BCP ensures the least amount of financial and reputational loss.

Business continuity planning is an important aspect of any business, no matter the size. Any loss of service can be devastating – therefore, ensuring that all systems have the appropriate configurations, safeguards, patches, and updates in place will decrease the likelihood of your services going offline.

The problem with not having a managed firewall service provider is that you are constantly responsible for monitoring your firewall yourself – if a vulnerability were to happen today, would you know about it? How would you deal with it? Therefore, by having a managed firewall service, if anything were threatening to try and breach your network’s defence, it is instantly reported and dealt with as a matter of urgency.

How a Managed Firewall can create a DiD (Defence in Depth)

Where the BCP aims to avoid business disruption on a general level, a Defence in Depth approach is a more cybersecurity focussed approach where a group of optimal mechanisms are layered to protect valuable assets and data.

Sometimes, the capabilities of an attacker may be too strong for your defences, the purpose of a DiD is to ensure that once one defence has been breached, the attacking entity does not immediately have access to your system. Therefore, by having several strong, well-thought-out safeguards in place, the attacker may potentially decide that their efforts are no longer warranted as it will require too much of their time and resources to continue attempting to breach your system.

The most common referred anecdote for a DiD approach is the ‘castle’. Let us go medieval for a moment. A castle’s priority is to protect its assets (any royalty, solders, or item of value) located inside. The besiegers (attackers) want to get inside because it will offer them a strategic advantage. A castle will generally have a multi-layered defence to ensure resilience. An example would include a ‘moat’, to stop infantrymen and besieging vehicles access to the walls and the ‘draw bridge’ will be lifted so that any attempt will result in huge losses for the attackers. The priority is to stay safe inside the castle walls and hope for reinforcements before they breach. This works the same in today's day and age when businesses are so often defending against cyber threats.

Why buy our Managed Firewall Service?

As discussed above, managing your firewall(s) requires resources and networking knowledge. Not every business can expect their IT department to have the budget, time, or infrastructure available to appropriately manage their network. By hiring a firewall management service from JC Cyber Security, we can reduce both cost and risk due to:

Our secure networking experience –

As cyber security experts, we have a history of managing complex networks for a variety of different clients with their own needs and requirements
We are heavily qualified and have access to multiple vendors
We understand the wider environment of network infrastructure and applications in which our client’s firewalls operate
We constantly update and test our security devices on a consistent, result-driven basis

Our 4-step proven methodology -

Secure – ensuring adequate authentication and authorisation policies are in place
Examine – constantly monitoring network activity depending on predefined safeguards and protections discussed and agreed with our customers
Test – thinking like the attacker and using a trusted entity to attack our client’s firewalls so we can assess their vulnerabilities
Enhance – collecting data and using it to build better defences

Ourpeace of mind approach –

Our 24/7, 365 days a year cyber response ensures that we are always ensuring minimal risk and business disruption with minimal downtime
All management systems and processes are audited, recorded, and fully comply with ISO 9001 and ISO 27001 standards.

Conclusion:

A managed firewall service reduces the cost and risk of self-managing your company's firewalls. To maintain security and business continuity, it is vital to configure firewalls so that they are correctly updated, patched and monitored. By having an optimal firewall that has the appropriate safeguards in place, you form a core part of a DiD (Defence in Depth) approach - reducing the likelihood of a cyber threat taking advantage of a vulnerability. However, this process can take considerable time, resources and skills to apply optimally. This is where a Managed Firewall Service comes in. By shifting the responsibility on to the service provider, they will take responsibility for ensuring your firewall system is secure by auditing, testing, enhancing, and maintaining your firewall - providing you with peace of mind.

If you would like to know more about how a managed firewall can secure your business, don't hesitate to speak with one of our cyber security experts today.

Types of Firewall Security & their benefits

support@eazi-sites.com (Eazi Business) — Wed, 09 Jun 2021 20:48:58 GMT

During 2021 and the release of our Free Firewall Audit , we are well underway with releasing a set of informative resources tailored around Firewall Security. If you would like to know more about Firewalls and have not already read our previous blog: What is a Firewall and Why Do You Need One , please feel free to do so. We will also be releasing more Firewall resources throughout June so make sure to follow our socials to stay up to date.

Recap: What is Firewall Security?

Before we discuss the benefits, it is important to understand what a Firewall is and how it helps. From our previous blog we know that Firewall Security is:

A preventative hardware or software technical security control
Automated protection to an IT network/application by preventing unauthorised access
A necessary part of both the business continuity plan & DiD (defence in Depth) approach

Firewalls will have their own pre-established rules and filters that will determine how incoming traffic (data packets) are dealt with. Therefore, not only is it important that you have a firewall, but the rules that govern it need to match what you are trying to achieve.

Is managing my Firewall easy?

We cannot expect everyone to be Cyber Security experts, nor is it fair to do so – the truth is, networks are complex and require a lot of time and expertise to keep optimal. For instance, did you know that any old, unused Firewall rules and ports left open (that are no longer necessary) will accommodate malicious attacks?

That is why we always recommend having a Managed Firewall Service as inadequate resourcing, lack of understanding or time could lead to:

Infrastructure exposure
Risk of attack
Network downtime
Compliance violations
Network performance issues
Impact on reputation

As cybersecurity experts, we are heavily invested and qualified when it comes to understanding the wider environment of network infrastructure and the applications in which people’s firewalls are operating. Not only are we well-equipped, but we follow a proven methodology that allows us to:

Ensure that all network components are well guarded (with adequate authentication and authorisation policies
Constantly monitor network activity
Assess network vulnerabilities by using a trusted entity to attack it
Collect and examine data so that better quality safeguards and policies can be created and put in place

If you feel like you need some help with your Firewall, we recommend our Managed Firewall Service . Not yet convinced? It’s your lucky day! We currently have a Free Firewall Audit promotion running right now where you find out how efficient your current firewall is – did we mention it is completely free?

Types of Firewalls and their benefits

Something we have not yet gone into detail about is the types of Firewall Security available. The type of Firewall you need will depend on your requirements.

Next-Generation Firewalls (NGFW):

Part of the third generation of Firewall technology, an NGFW includes everything a traditional Firewall will, but with increased functionality such as deep packet inspection (DPI). DPI will examine the actual data the packets are transferring rather than just the packet headers. This increased access to meta-data allows businesses to further protect themselves as all incoming data can be examined and categorised so any harmful data will be more easily identified. NGFW is a top-end firewall service and is only usually used by large organisations.

Packet Filtering Firewalls:

A Packet Filtering Firewall is a very basic Firewall security control that will use the Access Control Lists (ACLs) to separate packets depending on their source IP, destination IP, port usage and transmission route. Using the ACLs, the Firewall will look at the information based on the TCP or UPD header rather than the actual data being sent and then decide on whether to accept. Although it is not as advanced as an NGFW and user settings can still allow potentially dangerous communications through, Packet Filtering Firewalls usually are built-in to routers, extremely fast and typically only require one router set up.

Proxy Firewall:

Unlike basic Firewall Security, Proxy Firewall’s filter network traffic at an application level. A proxy is used as an intermediary between two networks. A client will send a request to its intended target that will then be checked against a pre-defined set of rules and regulations. Furthermore, a Proxy Firewall will monitor traffic for policies such as HTTP, FTP as well as five others. These policies will use deep packet inspection to detect any dangerous traffic. It has been said that Proxy Firewalls offer a balance between security and functionality as the policies they follow are not only well written but are also very robust and able to log data too.

Stateful Inspection Firewall:

Stateful Inspection is a firewall service that aims to monitor active connections on a network while also providing an additional layer of network security that goes beyond TCP. All active connections and sessions on the network will be monitored constantly.

Additionally, what the firewall is checking for and how it deals with certain connections can be fully customised by a network manager to ensure that the specific needs of the business are met.

Compared to older firewall services, such as Packet Filtering, Stateful Inspection Firewalls do more than the minimum (such as only checking the metadata in the header). Therefore, with having a better examination process, the chances of threatening connections or data passing your security decreases as data is not only constantly monitored, but the checks against it are performed to a higher standard.

Conclusion

There are many different types of Firewall Security, - even more that we have not yet been able to cover in this series. The firewall security configuration that you may need at home will be completely different to the configurations you will need in your business. Understanding the differences and advantages of certain Firewall’s is a great start, however, currently, it is not enough. That is where we come in. If you have any questions or queries, please do not hesitate to speak to one of our cyber experts today and we can walk you through getting set up with a Managed Firewall Service .

What is a Firewall and Why Do You Need One?

support@eazi-sites.com (Eazi Business) — Thu, 03 Jun 2021 11:30:30 GMT

As Cyber Security experts, with a long history of managing complex networks, JC Cyber Security understands the wider environment of network infrastructure and applications in which our customers’ firewalls operate. Reducing risk and ensuring ongoing compliance with a Managed Firewall Service ensures one of the most basic and essential forms of cyber security.

What is a Firewall?

A firewall is a preventative technical security control used to provide automated protection to an IT network and/or application(s) as part of a DiD (Defence in Depth) approach.

In short, a firewall monitors and governs the flow of traffic (data packets) between one network and another through a series of predefined rules and policies; the ultimate goal of providing authorised network access to safe connections and denying access to any unauthorised connections who may pose a threat.

As the first line of defence, firewalls aid in forming a necessary part of your business continuity plan: the protection against any cyber-related attacks to deny any data theft and/or network downtime.

What Firewalls do

Prevent unauthorised access
Ensure resilience and minimise risk

What Firewalls don't do

Don't prevent all cyber-related threats
Stop spoofing attacks - these threats can still slip through and are best managed through a Managed Email Security Service and Staff Training

Can Firewalls be both software and hardware?

Yes! Depending on your needs, both hardware and software-related firewalls can be just as important as the other. Both hardware and software related firewalls protect from hackers and any cyber threats by blocking dangerous threats from reaching the system.

Hardware related firewalls offer network-wide protection whereas software related firewalls are installed on individual devices such as computers that take a more specific approach, inspecting data from applications and programmes, ensuring there are no user-level security concerns.

Beyond the choice between physical or software-related firewalls, it is just as important to select appropriate firewall controls that provide the necessary features and security to protect your business against everyday cyber threats. If you’d like help in discussing a firewall solution, check out our managed firewall service . Not convinced? You can find out how efficient your current firewall security controls are by signing up for our free firewall audit - with no impact on your network performance.

How can a Firewall protect your business?

An optimal, well-defined firewall with appropriate policies and safeguards can provide many benefits to your business. If managed using our four-step Managed Firewall Service methodology, we believe that firewalls provide you with the tools to:

Secure - ensure that all components of a network are well-guarded with adequate authentication and authorisation policies
Examine - constantly monitor network activity in accordance with the protection and safeguards that have been put in place
Test - the ability to assess vulnerabilities of your network security policies by using a trusted entity to attack it
Enhance - the means and data to build better safeguards and ensure an appropriate DiD (Defence in Depth) approach for the future

In order to ensure these benefits, your firewall service needs around the clock management and support. Any troubleshooting or changes in configurations may cause business disruption and leave you vulnerable to cyber threats. With our Protection Plans , we can ensure a 24/7, 365 day monitored and managed firewall service that reduces risk and ensures ongoing compliance with the current threat landscape

Detecting firewall weaknesses

Did you know, many old firewall rules that are no longer required but have not been removed from the firewall as well as old, unmaintained firewall ports left open puts your business at significant risk?
We at JC Cyber Security ask our clients 5 questions to identify if there are any weaknesses concerning their firewall:

Do you have unused rules still active?
Is your firewall up-to-date and running on the latest patch?
Are you using strong passwords?
Who has access to your firewall?
Do you have configurations still active that are no longer required?

It is critical that any of your preventative security controls are performing optimally and not putting you at risk of a cyber breach. If you believe you or your business may be vulnerable concerning your firewall, we recommend using our Free Firewall Audit .

Four simple steps to becoming proactive towards cyber security

With cyber threats continuously on the rise, businesses must consider cyber security in order to survive. 2020’s cyber security threat landscape represents a 20% rise against comparable figures from 2019. Therefore, it is crucial that businesses invest in advanced protection and management services that go far beyond a standard firewall and traditional antivirus defences.

Your business can become proactive towards cyber security in four simple steps:

Speaking with a cyber expert
Identifying weaknesses
Creating a protection roadmap
Implementing optimal protection & staying cyber secure

Don’t become the next Victim

The cost of a cyber attack or breach could be crippling for any business. Cyber criminals are evolving their business model to go far and beyond and that means we all need to be proactively protecting our cyber profile.

Sound good? The team at JC Cyber Security are always happy to help with any questions or concerns you may have, so please don’t hesitate to speak with one of our Cyber Experts to start the process of defending, protecting and securing your business today.

Introducing our new Digital Marketing Assistant: James Burlton

support@eazi-sites.com (Eazi Business) — Thu, 27 May 2021 08:40:35 GMT

To end the month of May, we at JC Cyber Security are thrilled to introduce the newest member to the team: James Burlton our Digital Marketing Assistant.

Walsall born and bred, James is a courteous, eager, and geeky digital marketer who has successfully worked with a variety of high-profile clients including Jack Whitehall, Google/YouTube, Russell Brand, The San Diego County Fair, and many other clients across the UK. Passionate about all things IT, James spends his free time looking up the latest hardware and software-related trends predicting and speculating how they may impact our everyday lives.

Some of James' greatest achievements include:

Playing an active role in British comedian and actor, Jack Whitehall’s online presence by growing his online following on Facebook, Twitter, Instagram, and YouTube up to 8.4m followers
Creating and completing social media marketing campaigns for Netflix specials: Travels with my Father series 1 & 2, Sky One’s: Bounty Hunters, and BBC’s: Decline and Fall
Working alongside Google/YouTube to launch and promote YouTube original series: Training Days
Helping design, develop and maintain 50+ client websites including Jimmy Carr, Sarah Millican, Russell Brand, Frankie Boyle, Micky Flannagan, and The San Diego County Fair

James' early career and introduction to the world of Cyber Security

James’ first introduction to working life officially started in 2017 at a distinguished Oxford-based marketing agency, Mass Impressions. James and the team oversaw the transition from a web development-based business approach to a marketing-based business model due to the needs of their clientele.

This transitional period introduced James to the world of marketing as he embarked on the journey of mastering many of the core components of digital marketing such as SEO, social media management, analytics and reporting, photo/video editing, and content marketing.

Newfound passion for cyber security

After returning to his hometown in the Midlands, James identified and developed a burning passion for Cyber Security. Learning from his past experiences and with the introduction of the GDPR legislation, James understood the potential risks the future may hold as the world continues to become more dependent on technology.

To kickstart his way into the industry, James undertook a 6-month training course to achieve a certificate in Information Security Management Principles (CISMP). This passion and commitment to the world of Cyber Security is exactly why we at JC Cyber Security believe James will be an incredible fit for our growing team of cyber experts.

Want to become the next member of JC Cyber Security? We are hiring!

Are you within the Kickstarter requirements? Do you want the opportunity to start your career through an exciting paid work placement while developing your skills & employability? Then we have a great opportunity for you!

JC Cyber Security is looking for someone to help provide protection, understanding, and peace of mind from cyber threats for all types of businesses.

If you feel that you would be a good fit at JC Cyber Security as a Cyber Security Engineer, then click here to find out more.

Why is Ransomware still a problem?

support@eazi-sites.com (Eazi Business) — Wed, 28 Apr 2021 23:00:03 GMT

Ransomware has been with us now for over 30 years. Let that sink in. Ransomware was around before the modern internet as we know it and the first example was distributed on floppy disks in 1989. While the floppy disk has been thrown in to the recycle bin of history, ransomware is still with us and still poses a serious threat to businesses, governments and individuals across much of the world. What’s worse is modern ransomware attacks have evolved from simply encrypting files and demanding payment for a decryption key to complex attacks that add data extraction and extortion to the attacker’s playbook.

It Used to be Easier

From the attacker’s perspective, ransomware is popular because it is comparatively easy to go from initial infection to a cash pay-out. With stolen credit card information, for example, the attacker needs a way to get the pay-out from the card. Whether that’s by selling the cards to someone else on the dark web or using the card themselves to make purchases or get cash advances, there are extra steps involved that make the attack less attractive and less lucrative. Likewise, stolen personal information can allow a range of attacks and can be a valuable commodity on underground markets, there are additional steps between compromise and pay-out.

By using the initial attack to plant their malware and hold the victim’s encrypted files for ransom, the attacker eliminates a layer of complexity and the profit taken by middlemen – unless the attacker is using some kind of Crime as a Service, the ransom pay-out goes directly to them. No extra steps, and no paper trail as could happen with stolen credit cards. But the model wasn’t perfect.

We Learned to Defend

While ransomware originally just entailed encrypting the victim’s files and demanding payment for the decryption key, attackers still found there were weaknesses in that business model. In some cases, flaws in the malware. Weak encryption, or a sloppy implementation of the algorithm, made it reasonably easy to generate keys and break the encryption. There were publicly available tools that could recover files encrypted by several different malware strains, which limited their effectiveness – to the great relief of their victims.

Disaster Recovery and Business Continuity plans also evolved to compensate for malware attacks, including, specifically ransomware. There is an entire industry built upon providing rapid backup and restoration capabilities in the case of file loss. The current generation of cloud backups is dramatically faster and more efficient than the tape backups of old and made recovery from ransomware a fairly simple and relatively painless process.

Backups let businesses respond to a ransomware attack with “sorry, but no,” while they simply restored the damaged files from a secure backup. This backup and restore capability was already baked into many disaster recovery plans, and this alone should have been enough to turn ransomware attacks from a massive and expensive outage to barely an inconvenience.

They Didn’t Go Away

As more and more businesses embraced operational plans that account for those attacks, we would have expected to see ransomware attacks fade. That’s not even taking into account cyber security technologies that could prevent, or at least slow, these attacks before they damaged more than a handful of files. But that is not what happened.

Faced with improved defences, cyber criminals evolved their attacks. Now, before their malware starts to encrypt files and throw up the disconcerting “your files have been encrypted!” banner, they copy large volumes of their victim’s data outside the business and threaten to expose it if the victim doesn’t pay the ransom.

Now, even if the target can rely on a robust backup plan to rapidly recover from a ransomware attack, they are still subject to blackmail lest their company secrets are revealed.

Evolve and Adapt

It’s this evolution to hybrid attacks that includes holding data for ransom both through encryption and the threat of revelation, that has kept ransomware a near top-of-mind threat in the cyber security space. Our existing ability to rapidly recover destroyed files doesn’t prevent the damage that comes from having the said files released to the public. This change in attacker strategy forces us to shift our defence plan from one of recovering rapidly after the attack to one that must resist the attack in the first place.

Assume They Are Already In

In truth, resisting attacks in the first place is where cyber security should start. It is always better to keep the bad guys out so they’re not in the environment doing damage in the first place. Unfortunately, the reality is we know the bad guys will find their way in. Yes, improved perimeter defences can go a long way to keeping them out, as can risk-based user authentication systems and multi-factor authentication solutions. But we must operate from an “Assume Breached” perspective. After all, the best perimeter defences in the world are of little use when an attacker bribes an insider to plant malware or otherwise compromise the business.

The “assume breach” posture means we need to have internal defences that can identify an attack before it does serious damage. Whether that’s through micro-segmentation that helps thwart lateral movement, endpoint defences that contain malware infections, deception systems that lead attackers into revealing themselves, or security analytics that can identify an attack by the attacker’s behaviours and tie them together through context, businesses need a comprehensive security stack that can thwart even a sophisticated attacker.

Back to The Question

To answer the ultimate question of why ransomware is still a problem, it’s because cyber criminals have evolved their business model to go beyond simple ransomware. We evolved our defences to thwart their attacks and they have evolved their attacks to get around our defences in an unending cycle.

However, with a combination of solid disaster recovery and business continuity plans, and a comprehensive security stack that’s built around defences in-depth and assuming attackers can find a way in, businesses can blunt the impact of ransomware attacks – if not eliminate the threat entirely.

Do you want to defend your business from ransomware attacks? Check out our Protection Plans or get in touch with us today to find out more.

Eleven Types of Phishing

Wed, 21 Apr 2021 23:00:02 GMT

Phishing is a type of cyber crime in which criminals pose as a trustworthy source online to lure victims into handing over personal information such as usernames, passwords, or credit card numbers.

A phishing attack can take various forms, and while it often takes place over email, there are many different methods scammers use to accomplish their schemes. This is especially true today as phishing continues to evolve in sophistication and prevalence. While the goal of any phishing scam is always stealing personal information, there are many different types of phishing you should be aware of.

1. Email Phishing

Arguably the most common type of phishing, this method often involves a “spray and pray” technique in which hackers impersonate a legitimate identity or business and send mass emails to as many addresses as they can obtain.

These emails are often written with a sense of urgency, informing the recipient that a personal account has been compromised and they must respond immediately. Their objective is to elicit a certain action from the victim such as clicking a malicious link that leads to a fake login page. After entering their credentials, victims unfortunately deliver their personal information straight into the scammer’s hands.

Example of Email Phishing
The Daily Swig reported a phishing attack that occurred in December 2020 at US healthcare provider Elara Caring that came after an unauthorised computer intrusion targeting two employees. The attacker gained access to the employees’ email accounts, resulting in the exposure of the personal details of over 100,000 elderly patients, including names, birth dates, financial and bank information, driver’s license numbers and insurance information. The attacker maintained unauthorised access for an entire week before Elara Caring could fully contain the data breach.

2. Spear Phishing

Rather than using the “spray and pray” method as described above, spear phishing involves sending malicious emails to specific individuals within a business. Rather than sending out mass emails to thousands of recipients, this method targets certain employees at specifically chosen businesses. These types of emails are often more personalised in order to make the victim believe they have a relationship with the sender.

Example of Spear Phishing
Armorblox reported a spear phishing attack in September 2019 against an executive at a business named one of the top 50 innovative businesses in the world. The email contained an attachment that appeared to be an internal financial report, which led the executive to a fake Microsoft Office 365 login page. The fake login page had the executive’s username already pre-entered on the page, further adding to the disguise of the fraudulent web page.

3. Whaling

Whaling closely resembles spear phishing, but instead of going after any employee within a business, scammers specifically target senior executives (or “the big fish,” hence the term whaling). This includes the CEO, CFO or any high-level executive with access to more sensitive data than lower-level employees. Often, these emails use a high-pressure situation to hook their victims, such as relaying a statement of the business being sued. This entices recipients to click the malicious link or attachment to learn more information.

Whaling closely resembles spear phishing, but instead of targeting any employee, they go after senior executives or the "big fish."

Example of Whaling
In November 2020, Tessian reported a whaling attack that took place against the co-founder of Australian hedge fund Levitas Capital. The co-founder received an email containing a fake Zoom link that planted malware on the hedge fund’s corporate network and almost caused a loss of £6,330,000 in fraudulent invoices. The attacker ultimately got away with just £582,000, but the ensuing reputational damage resulted in the loss of the hedge fund’s largest client, forcing them to close permanently.

4. Smishing

SMS phishing, or smishing, leverages text messages rather than email to carry out a phishing attack. They operate much in the same way as email-based phishing attacks: Attackers send texts from what seem to be legitimate sources (like trusted businesses) that contain malicious links. Links might be disguised as a coupon code (20% off your next order!) or an offer for a chance to win something like concert tickets.

Example of Smishing
In September 2020, Tripwire reported a smishing campaign that used the United States Post Office (USPS) as the disguise. The attackers sent SMS messages informing recipients of the need to click a link to view important information about an upcoming USPS delivery. The malicious link actually took victims to various web pages designed to steal visitors’ Google account credentials.

5. Vishing

Vishing—otherwise known as voice phishing—is similar to smishing in that a phone is used as the vehicle for an attack, but instead of exploiting victims via text message, it’s done with a phone call. A vishing call often relays an automated voice message from what is meant to seem like a legitimate institution, such as a bank or a government entity.

Attackers might claim you owe a large amount of money, your auto insurance is expired or your credit card has suspicious activity that needs to be remedied immediately. At this point, a victim is usually told they must provide personal information such as credit card credentials or their social security number in order to verify their identity before taking action on whatever claim is being made.

Examples of Vishing

In September of 2020, health organisation Spectrum Health System reported a vishing attack that involved patients receiving phone calls from individuals masquerading as employees. The attackers were aiming to extract personal data from patients and Spectrum Health members, including member ID numbers and other personal health data associated with their accounts. Spectrum Health reported the attackers used measures like flattery or even threats to pressure victims into handing over their data, money or access to their personal devices.

6. Business Email Compromise (CEO Fraud)

CEO fraud is a form of phishing in which the attacker obtains access to the business email account of a high-ranking executive (like the CEO). With the compromised account at their disposal, they send emails to employees within the business impersonating as the CEO with the goal of initiating a fraudulent wire transfer or obtaining money through fake invoices.

CEO fraud involves sending emails to employees that appear to be from the CEO, but are malicious attacks with the goal of financial gain.

Example of CEO Fraud

Inky reported a CEO fraud attack against Austrian aerospace business FACC in 2019. This attack involved a phishing email sent to a low-level accountant that appeared to be from FACC’s CEO. The email relayed information about required funding for a new project, and the accountant unknowingly transferred £44,350,000 into fraudulent foreign accounts.

7. Clone Phishing

If you’ve ever received a legitimate email from a business only to receive what appears to be the same message shortly after, you’ve witnessed clone phishing in action. This method of phishing works by creating a malicious replica of a recent message you’ve received and re-sending it from a seemingly credible source. Any links or attachments from the original email are replaced with malicious ones. Attackers typically use the excuse of re-sending the message due to issues with the links or attachments in the previous email.

Examples of Clone Phishing

A security researcher demonstrated the possibility of following an email link to a fake website that seems to show the correct URL in the browser window, but tricks users by using characters that closely resemble the legitimate domain name. Always visit websites from your own bookmarks or by typing out the URL yourself, and never clicking a link from an unexpected email (even if it seems legitimate).

8. Evil Twin Phishing

Evil twin phishing involves setting up what appears to be a legitimate WiFi network that actually lures victims to a phishing site when they connect to it. Once they land on the site, they’re typically prompted to enter their personal data, such as login credentials, which then goes straight to the hacker. Once the hacker has these details, they can log into the network, take control of it, monitor unencrypted traffic and find ways to steal sensitive information and data.

Example of Evil Twin Phishing
In September 2020, Nextgov reported a data breach against the U.S. Department of the Interior’s internal systems. Hackers used evil twin phishing to steal unique credentials and gain access to the department’s WiFi networks. Further investigation revealed that the department wasn’t operating within a secure wireless network infrastructure, and the department’s network policy failed to ensure bureaus enforced strong user authentication measures, periodically test network security or require network monitoring to detect and manage common attacks.

9. Social Media Phishing

Social media phishing is when attackers use social networking sites like Facebook, Twitter and Instagram to obtain victims’ sensitive data or lure them into clicking on malicious links. Hackers may create fake accounts impersonating someone the victim knows to lead them into their trap, or they may even impersonate a well-known brand’s customer service account to prey on victims who reach out to the brand for support.

Social media phishing often exploits victims through fake accounts impersonating a well-known brand.

Example of Social Media Phishing
In August 2019, Fstoppers reported a phishing campaign launched on Instagram where scammers sent private messages to Instagram users warning them that they made an image copyright infringement and requiring them to fill out a form to avoid suspension of their account.

One victim received a private message from what appeared to an official North Face account alleging a copyright violation, and prompted him to follow a link to “InstagramHelpNotice.com,” a seemingly legitimate website where users are asked to input their login credentials. Victims who fell for the trap ultimately provided hackers with access to their account information and other personal data linked to their Instagram account.

10. Search Engine Phishing

Search engine phishing involves hackers creating their own website and getting it indexed on legitimate search engines. These websites often feature cheap products and incredible deals to lure unsuspecting online shoppers who see the website on a Google search result page. If they click on it, they’re usually prompted to register an account or enter their bank account information to complete a purchase. Of course, scammers then turn around and steal this personal data to be used for financial gain or identity theft.

Example of Search Engine Phishing
In 2020, Google reported that 25 billion spam pages were detected every day, from spam websites to phishing web pages. Additionally, Wandera reported in 2020 that a new phishing site is launched every 20 seconds. That means three new phishing sites appear on search engines every minute!

11. Pharming

Pharming—a combination of the words “phishing” and “farming”—involves hackers exploiting the mechanics of internet browsing to redirect users to malicious websites, often by targeting DNS (Domain Name System) servers. DNS servers exist to direct website requests to the correct IP address. Hackers who engage in pharming often target DNS servers to redirect victims to fraudulent websites with fake IP addresses. Victims’ personal data becomes vulnerable to theft by the hacker when they land on the website with a corrupted DNS server.

Hackers who engage in pharming often target DNS servers to lead victims to fraudulent websites.

Example of Pharming
Secure List reported a pharming attack targeting a volunteer humanitarian campaign created in Venezuela in 2019. The campaign included a website where volunteers could sign up to participate in the campaign, and the site requested they provide data such as their name, personal ID, phone number, their home location and more.

A few days after the website was launched, a nearly identical website with a similar domain appeared. The hacker created this fake domain using the same IP address as the original website. Whenever a volunteer opened the genuine website, any personal data they entered was filtered to the fake website, resulting in the data theft of thousands of volunteers.

Tips to Spot and Prevent Phishing Attacks

One of the best ways you can protect yourself from falling victim to a phishing attack is by studying examples of phishing in action. In general, keep these warning signs in mind to uncover a potential phishing attack:

An email asks you to confirm personal information: If you get an email that seems authentic but seems out of the blue, it’s a strong sign that it’s an untrustworthy source.

Poor grammar: Misspelled words, poor grammar or a strange turn of phrase is an immediate red flag of a phishing attempt.

Messages about a high-pressure situation: If a message seems like it was designed to make you panic and take action immediately, tread carefully—this is a common maneuver among cybercriminals.

Suspicious links or attachments: If you received an unexpected message asking you to open an unknown attachment, never do so unless you’re fully certain the sender is a legitimate contact.

Too good to be true offers: If you’re being contacted about what appears to be a once-in-a-lifetime deal, it’s probably fake.

The next best line of defense against all types of phishing attacks and cyber attacks in general is to make sure you’re equipped with reliable Endpoint Protection and Email Protection. At the very least, take advantage of our Protection Plans to better protect yourself from online criminals and keep your personal data secure.

Fileless Malware Attacks Surge by 900% and Cryptominers Make a Comeback

support@eazi-sites.com (Eazi Business) — Tue, 06 Apr 2021 23:00:02 GMT

WatchGuard report uncovers massive increases in endpoint attacks, rising encrypted malware rates, new exploits targeting IoT devices, and more.

WatchGuard Technologies, a global leader in network security and intelligence, multi-factor authentication (MFA), advanced endpoint protection and secure Wi-Fi, last week released its Internet Security Report for Q4 2020. The report includes exciting new insights based on endpoint threat intelligence. Among its most notable findings, the report reveals that fileless malware and cryptominer attack rates grew by nearly 900% and 25% respectively, while unique ransomware payloads plummeted by 48% in 2020 compared to 2019. Additionally, the WatchGuard Threat Lab found that Q4 2020 brought a 41% increase in encrypted malware detections over the previous quarter and network attacks hit their highest levels since 2018.

“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections,” said Corey Nachreiner, chief technology officer at WatchGuard. “The attacks are coming on all fronts, as cyber criminals increasingly leverage fileless malware, cryptominers, encrypted attacks and more, and target users both at remote locations as well as corporate assets behind the traditional network perimeter. Effective security today means prioritising endpoint detection and response, network defenses and foundational precautions such as security awareness training and strict patch management.”

WatchGuard’s quarterly Internet Security Reports inform businesses, their partners and end customers about the latest malware, endpoint and network attack trends as they emerge. Key findings from the Q4 2020 report include:

Fileless malware attacks skyrocket – Fileless malware rates in 2020 increased by 888% over 2019. These threats can be particularly dangerous due to their ability to evade detection by traditional endpoint protection clients and because they can succeed without victims doing anything beyond clicking a malicious link or unknowingly visiting a compromised website. Toolkits like PowerSploit and CobaltStrike allow threat actors to easily inject malicious code into other running processes and remain operational even if the victim’s defenses identify and remove the original script. Deploying endpoint detection and response solutions alongside preventative anti-malware can help identify these threats.

Cryptominers on the rise following 2019 lull – After virtually all cryptocurrency prices crashed in early 2018, cryptominer infections became far less prevalent and reached a low of 633 unique variant detections in 2019. That said, attackers continued adding cryptominer modules to existing botnet infections and extract passive income from victims while abusing their networks for other cyber crime. As a result, and with prices trending upward again in Q4 2020, the volume of cryptominer malware detections climbed more than 25% over 2019 levels to reach 850 unique variants last year.

Ransomware attack volumes continue to shrink – For the second year in a row, the number of unique ransomware payloads trended downward in 2020, falling to 2,152 unique payloads from 4,131 in 2019 and the all-time-high of 5,489 in 2018. These figures represent individual variants of ransomware that may have infected hundreds or thousands of endpoints worldwide. The majority of these detections resulted from signatures originally implemented in 2017 to detect WannaCry and its related variants, showing that ransomworm tactics are still thriving over three years after WannaCry burst onto the scene. The steady decline in ransomware volume indicates the attackers’ continued shift away from the unfocused, widespread campaigns of the past toward highly targeted attacks against healthcare organisations, manufacturing firms and other victims for which downtime is unacceptable.

Encrypted, evasive malware attacks see double-digit growth – Despite being the fourth consecutive quarter of decreasing malware volumes overall, nearly half (47%) of all attacks WatchGuard detected at the network perimeter in Q4 were encrypted. Additionally, malware delivered via HTTPS connections increased by 41%, while encrypted zero day malware (variants that circumvent anti virus signatures) grew by 22% over Q3.

Botnet malware targeting IoT devices and routers becomes a top strain – In Q4, the Linux.Generic virus (also known as “The Moon”) made its debut on WatchGuard’s list of top 10 malware detections. This malware is part of a network of servers that directly targets IoT devices and consumer-grade network devices like routers to exploit any open vulnerabilities. WatchGuard’s investigation uncovered Linux-specific malware designed for ARM processors and another payload designed for MIPS processors within the attacker’s infrastructure, indicating a clear focus on evasive attacks against IoT devices.

SolarWinds breach illustrates the perils of supply chain attacks – The sophisticated, allegedly state-sponsored SolarWinds supply chain breach will have wide implications throughout the security industry for years to come. Its effects spread far beyond SolarWinds to almost 100 companies, including some major Fortune 500s, big security companies, and even the US government. WatchGuard’s detailed incident breakdown showcases the importance of defending against supply chain attacks in today’s interconnected digital ecosystem.

New trojan dupes email scanners with multi-payload approach – Script.1026663 made its way onto WatchGuard’s top five most-widespread malware detections list in Q4. The attack begins with an email asking victims to review an order list attachment. The document triggers a series of payloads and malicious code that ultimately lead the victim machine to load the final attack: the Agent Tesla remote access trojan (RAT) and keylogger.

Network attack volume approaches 2018 peak – Total network attack detections grew by 5% in Q4, reaching their highest level in over two years. Additionally, total unique network attack signatures showed steady growth as well with a 4% increase over Q3. This shows that even as the world continues to operate remotely, the corporate network perimeter is still very much in play as threat actors continue to target on-premises assets.

In Q4, WatchGuard appliances blocked a total of more than 20.6 million malware variants (456 per device) and nearly 3.5 million network threats (77 detections per appliance). WatchGuard Fireboxes collectively blocked 455 unique attack signatures in Q4 – a 4% increase over Q3 and the most since Q4 2018. WatchGuard’s quarterly research reports are based on anonymised Firebox Feed data from active WatchGuard appliances whose owners have opted in to share data to support the Threat Lab’s research efforts. Additionally, the report’s new endpoint threat intelligence provides deeper insight into specific malware attacks and trends throughout the year 2020 based on over 2.5 million unique payload alerts gathered from 1.7 million endpoints across 92 countries.

The full report includes details on additional malware and attack trends from Q4 2020, a detailed analysis of the infamous SolarWinds supply chain attack, and key security best practices for readers. Read WatchGuard’s complete Q4 2020 Internet Security Report here: https://www.watchguard.com/wgrd-resource-center/security-report-q4-2020

If you have any questions around this blog or the Internet Security Report, please get in touch .

The weirdest hacking techniques you’ve never heard of

support@eazi-sites.com (Eazi Business) — Thu, 25 Mar 2021 00:00:04 GMT

For a while now, we have written about malware, viruses and phishing on the JC Cyber Security blog – but there are other ways to break into a computer. Here are three of the weirdest techniques we’ve heard of – and they really do work.

Keyboard Hijacking

There are many malware variants that infect computers, monitoring every button you press on your keyboard; they are called keyloggers. Some enterprising security researchers have discovered that with certain wireless keyboards they are able to bypass the computer completely.

According to their experiments, they were able to scan the radio signals passing between the keyboard and the computer – from 50 metres away. When they analysed the data it was found that many keyboards were sending that information in plain text – including passwords and payment details.

The good news is that most wireless keyboards now use Bluetooth which automatically encrypts keypress data making it almost impossible to intercept or read. However, if you are using an older 2.4Ghz wireless keyboard (they usually need a small dongle plugged into a USB port to work), you may need to consider replacing it.

Computer Fans

When hackers break into a computer, they typically use the internet to send stolen data back to themselves. To protect very sensitive information, companies use ‘air gapped’ computers that are not connected to the internet at all, making it much harder for cyber criminals to access.

Cyber security experts at Ben-Gurion University in Israel have found a way to bridge the air gap using the cooling fans built into virtually every computer and laptop. By infecting an air gapped computer with malware, they are able to adjust the speed of the fans, changing the noise they make, almost like (tuneless) musical notes.

These ‘notes’ are then assigned to a letter of the alphabet; by adjusting fan speeds, the malware can transmit stolen data (like passwords) as sounds to another nearby device that is connected to the internet. This method is very slow and unlikely to affect home users (very few of us use air gapped computers) – but it really does work.

Hard Drive Microphones

You’re probably already aware that your smartphone and smart speakers are constantly listening in your house – and that’s a calculated risk. But your computer could be listening too – and not just the microphone.

Hackers have discovered that they can use the hard drive built into your computer to do a similar job. Inside the disk, parts are finely balanced to minimise the damaging effect of vibrations; the disk stops reading and writing during a vibration. These pauses may last fractions of a second, but the more intense the vibration, the longer the pause.

Using this knowledge, hackers have been able to use the hard drive as a microphone. They can recreate the sounds, like voices, that cause the pauses. The decoded sounds can then be sent back to the hacker over the internet.

There is some good news though – hard disk drives are becoming less and less common in newer computers. They are being replaced by faster SSDs which have no moving parts and are not affected by audio vibrations.

Protect Yourself Anyway

All three of these attacks are incredibly rare and unlikely to affect users. You are still at far greater risk of malware, phishing – so you should prepare accordingly. Speak to us about our Protection Plan today to protect yourself.

3.27 Billion Reasons to Change Your Password

support@eazi-sites.com (Eazi Business) — Thu, 18 Mar 2021 00:00:03 GMT

The largest-ever compilation of stolen passwords and emails was recently posted online on a hacking forum that anyone could access . The lists contain a staggering 3.27 billion entries! The enormous database appears to be a compilation of leaked login credentials and other information from previous data leaks. The passwords and emails are from leaks not only in the UK but from all over the world. The hackers have managed to compile information stolen from different data breaches over the years and put it in a single accessible place.

Over the years, there have been billions of leaked login credentials that hackers are utilising to this day. This is why reusing your password, or using a very similar one that could easily be guessed, is never a good idea . It takes months for companies to announce that they have been hacked, giving hackers plenty of time to utilise any stolen information. You may be wondering why are companies sometimes slow to reporting data breaches? To answer this question, we have to get back to how such breaches are usually being discovered.

The breaches are usually intercepted by in-house cyber security experts or cyber security researchers, like us at JC Cyber Security, who love to poke around the internet looking for possible vulnerabilities. When such vulnerabilities are found, cyber experts, inform the affected business. Then the company takes its time to patch it. Once the exposure is fixed, and their marketing and legal teams have allowed them to announce the breach, the hacked company informs its users about the already resolved vulnerability that might have exposed personal information. The whole process can take months and ever years. You may start wondering why cyber security researchers don’t tell the world immediately?

They indeed could immediately sound the alarm, but they rarely do it because this would be unethical. Instead of helping the company, they may attract even more criminals who want to exploit the vulnerability. So long story short, consumers might need months and sometimes even years to be informed about a data breach by the hacked business. And with this in mind, regular users never really know if their information has not already been stolen. However, there are websites where you can chek if your data has been compromised.

The solution is proper password hygiene . Keep changing your passwords at least once every three months , and remember never to reuse passwords. Avoid using patterns between old and new passwords too. If you are struggling to remember all the passwords, use a password manager . By relying on a password manager, you will not have to remember tens and sometimes hundreds of passwords, but just one master password that would give you access to all of the others when you need them. Reliable software protection packages can recognise and remember all the data required to log you into your favorite services.

The fact that hackers are creating such compilations of different data breaches means that internet users continue to ignore basic password hygiene practices and continue not to change passwords often enough. It also means that users systematically reuse old passwords. With easily accessible compilations such as this one, cyber criminals are only a search away from getting access to your potentially active login credentials. Be smart and change your passwords often; you have 3.27 billion reasons why you should not ignore this advice.

How to Avoid Ransomware in Five Easy Steps

support@eazi-sites.com (Eazi Business) — Thu, 04 Mar 2021 00:00:02 GMT

As you scroll through your social media feed, a window pops up: “Your hard drive has been encrypted. You have 48 hours to pay £200 or your data will be destroyed.” You see a link and instructions to “pay in Bitcoin.” An ominous looking timer counts down the seconds and minutes for the two-day window. Nine, eight, seven….

Your thoughts immediately go to the contents of your hard drive — your daughter’s graduation video, your bank statements, a life insurance policy, pictures of your grandchildren — they all sit there, vulnerable, helpless bits of ones and zeros…and you don’t know what the heck bitcoin is.

Welcome to the world of ransomware — digital data hostage-taking only Netflix could make up. Ransomware is a security threat for people and business, and cyber security experts predict it will only get worse in the future. One cause for its popularity is the profitability of the enterprise. Cyber thieves rake in millions every year with threats to destroy or encrypt valuable data if their ransoms aren’t paid.

You don’t need to be a millionaire or multinational business to be at risk. Cyber thieves also target the data of average consumers. When they target consumers, hackers may only request a few hundred pounds ransom but when the threat includes a thousand people, it makes for quite the lucrative venture. Many ransomware victims feel the risk of losing their data is too great, so they pay up. However, this only encourages the criminals.

The best way to combat ransomware is by not becoming a victim in the first place. To that end, here are five immediate steps you can take to avoid ransomware attacks.

Step 1: Set Your Operating System to Automatically Update

The first step to avoiding ransomware is to update your operating system (OS). Anything connected to the web works better when it’s OS is updated. Tech companies like Microsoft and Apple regularly research and release fixes for “bugs” and security patches for vulnerabilities in their systems. It’s a cyber security game of cat and mouse. Cyber thieves search for “holes,” and companies race to find them first and “patch” them.

Users are key players in the game because they are the ultimate gatekeepers of their operating systems. If your OS isn’t up to date, you can’t take advantage of the security updates. Plus, your computer runs better with an updated OS.

Set your OS to update automatically and you won’t need to remember to do it manually. While Windows 10 automatically updates (you have no choice), older versions don’t. But setting auto updates are easy, whether you’re on a Mac or PC.

Step 2: Screenshot Your Bank Emails

Cyber criminals use trojans or worms to infect your computer with ransomware. So avoiding these will help you avoid ransomware. Worms and trojan malware are often spread through phishing email scams, which trick users into opening email attachments containing viruses or clicking links to fake websites posed as legitimate ones.

One of the best tips for keeping phishing emails at bay is learning to identify them. Hackers send phishing emails that look like they come from banks, credit card companies, or the IRS. Phishing emails kickstart your fears and anxieties by suggesting there are “problems with your account” or insisting that “Urgent action is required.” Who wouldn’t be scared if their bank sent them an email saying, “You are overdrawn in your account.”

Cyber criminals use this fear to distract people so they will overlook the telltale signs of the phishing email like misspellings or common fear-inducing subject lines.

Take screenshots of all of the legitimate emails from your bank, credit card companies, and others business that manage your sensitive information. Use these screenshots to compare with future emails you receive so you can spot phishing phonies and avoid ransomware.

Step 3: Bookmark Your Most Visited Websites

The next step in your ransomware avoidance journey is to bookmark all of your most visited websites. Just as with phishing emails, cyber criminals build websites that look like bank or credit card sites. Then they trick users into clicking a link and visiting them. From there, hackers steal your sign-in credentials or infect your computer with malware.

Think twice before you visit a website by clicking a link in an email, comments section, or private messaging app. Instead, bookmark your most visited or high-value websites and visit them through your browser.

Step 4: Backup Your Data to the Cloud and a Hard Drive

This step is a no-brainer. Ransomware works if you only have one copy of your data. If it’s irretrievable, then cyber thieves have the upperhand, but if you have multiple copies, you have taken away the power behind the threat.

Back up your data to both a cloud service and a hard drive. That way, you have a copy that’s available anywhere there’s internet access and one that’s physically accessible all the time. Both types of storage are relatively inexpensive and will certainly prove worth it if you’re ever a ransomware target.

After backing up your data, set up a schedule so you can keep your data current. If you haven’t backed up your data in six months, you’re probably just as vulnerable to ransomware attacks as having no backup at all.

Step 5: Install Cybersecurity Software

Congratulations! You made it to the last step. Ransomware is constantly evolving as hackers develop new, more dangerous strains. For users, preemptive steps rock, but unless you download and install a comprehensive cyber security software, your data is still vulnerable to malware infection.

Here’s a phrase worth remembering: ransomware is a nightmare. After cyber thieves encrypt your data, the chances of recovering it are slim to none…and slim just left town. The story of ransomware doesn’t have the Hollywood, happily-ever-after ending. It will definitely leave you teary-eyed…just for the wrong reasons .

Are you concerned about ransomware effecting your business? Check out our Protection Plans to see how we can defend your business.

2021: Cyber Security Predictions

support@eazi-sites.com (Eazi Business) — Thu, 25 Feb 2021 00:00:02 GMT

However you look at it, 2020 has been one of the strangest years ever. Many of us were able to work from home for the first time, online shopping became the norm, and for long periods of time, video calling was the only way we could talk to our loved ones.

So what can we expect in this new year?

An increase in scammer activity

Security researchers have recently discovered a significant hacking that has affected most of the biggest companies in the US and beyond. A popular network monitoring tool used by these organisations was compromised by Russian hackers in May – but the compromise has only just been discovered.

For the past seven months, hackers have been stealing data completely undetected. The hacking is so sophisticated that many of the affected companies are not sure if they have lost data – or even if they have managed to lock the hackers out of their networks.

What does this mean for you? If the stolen data contains personal information (passwords, credit card numbers, email addresses etc), hackers may be able to carry out identity theft or fraud. You must be vigilant over the coming months for signs that you may be a victim.

It may be worth spending a few hours changing your passwords and setting up a password manager. If hackers have managed to steal your personal data, it will be unusable.

More attacks on your devices

As governments continue to struggle to contain Covid infections, many of us are likely to be working from home for some months yet. For hackers this offers even more opportunities to try and break into corporate computer networks; if they can take control of your devices, they have a backdoor into company systems – even when working from home.

You almost certainly use a VPN to secure your connection to company systems when working from home. Or maybe an unsecured remote desktop connection (RDC) to the computer on your desk in the office.

The VPN encrypts data as it moves between your office and your computer, making it impossible for hackers to intercept. But if they can break into your computer first, they can piggyback onto the network using your VPN connection – or steal your RDC logon details.

In 2021 it will become increasingly important to use a VPN for all your activities, not just work. Using a personal VPN helps to protect your privacy as you use the internet, and to help block suspicious websites and traffic, reducing the risk of your computer being taken over by hackers.

Installing endpoint protection will help to further protect your devices. Preventing hackers from installing viruses and trojans will stop them getting hold of your personal data – or breaking into your work.

2021 – the same but different

In terms of cyber security, 2021 will probably be much the same as 2020. Hackers will develop smart new ways to attack your devices, and we will find ways to counter them. And like every year, the best way to protect yourself is to be prepared and aware that someone, somewhere is always trying to steal your data.

Want to get one step ahead of the attacker this year? Take a look at our Protection Plans or get in touch with us to find out more.

Apple Macs – more secure, but not invulnerable

support@eazi-sites.com (Eazi Business) — Thu, 18 Feb 2021 00:00:03 GMT

Over the years, Apple computers have developed a reputation for exceptional security. In fact, many people believe that Macs are completely invulnerable to malware, like viruses and ransomware.

But in an age where cyber criminals are using increasingly sophisticated attacks to break into computers, Apple owners need to know the truth.

No computer is 100% secure

The first thing to realise is that Apple computers are not completely hack proof. No computer is completely hack proof. It is completely untrue to say that Apple Macs cannot be hacked, or be infected with malware.

In fact, one of the first viruses ever created was targeted at the Apple II computer back in 1982. The virus was relatively harmless – it simply displayed a rather childish poem on screen. But the reality was that the computer’s built-in security had been breached.

More malware followed over the years, each becoming more serious as time went on.

OS X significantly improves security

With the release of OS X in 2001, Apple significantly improved the security of their operating system. The core of the operating system made it much harder for malware to install itself – and it was around this time that Apple began to attract a reputation for being 100% secure – one they did little to dispel.

Interestingly, there has been roughly one significant item of Mac malware released every year since 2004. But the fact that there are less viruses targeting OS X than Windows, helped drive the legend of invulnerability. In most cases the only way to “catch” one of these viruses was to install illegal software from a “warez” website.

Ransomware – a true game-changer

Like its Windows-based relatives, most Mac malware was designed to steal personal information. However these viruses were relatively easy to identify and remove – often before any real damage was caused.

The emergence of ransomware has completely changed the game however. These malware infections encrypt the files stored on your Apple computer so that you can no longer read or use them. The only way to decrypt them is by paying a ransom to the cyber criminal behind the infection.

Eventually the ransomware infection will make all of your files unreadable.

There’s still worse to come

Cyber criminals are also creating new attacks that use a number of different techniques to trick you installing their malware. An infected email may be followed by an official-sounding phone call for instance, encouraging you to download and install an application to assist with internet banking, or to troubleshoot a technical issue.

Hackers are also becoming more patient, sometimes spending days and weeks building trust with their victims, using a technique known as “social engineering”. Which makes these attacks all the more subtle and effective.

Mac anti-virus software is no longer optional

When Mac malware was relatively rare, the chances of your computer becoming infected were slim. Mac malware is becoming more common and sophisticated – so all of your computers need to be protected with a comprehensive security package.

Our Endpoint Protection with 24/7 Vulnerability Management helps to block malware and ransomware before it can be installed on your computer. It will also help to protect against social engineering attacks – you won’t be able to install dodgy software, even by accident.

To see how we can protect your Mac and wider business network - see our protection plans .

Why do you still fall for online scams?

support@eazi-sites.com (Eazi Business) — Thu, 11 Feb 2021 00:00:01 GMT

Most of us have grown up with computers being an everyday part of life. At work or at home computers and smart devices play an important role in daily life and most of us have learned to use them quite safely.

Yet despite an increase in general IT knowledge, people are still falling victim to cyber criminals and online scams – but why?

Scammers are getting smarter

Early email scams were very basic, such as the classic Nigerian 401 scam (also known as an advance-fee scam) which invited email recipients to obtain their share of some vast wealth. In return for a few thousand pounds, email recipients would be guaranteed several million in return.

As news of the scam spread, people became more aware of the dangers and now ignore such basic scams out of habit. So scammers have significantly improved their techniques. Phishing emails specifically designed to look legitimate have proven to be very effective, claiming thousands of new victims every year. More recently, hackers have been breaking into company networks and sending emails pretending to be co-workers, requesting sensitive data like passwords and company credit card numbers.

Cyberattacks are becoming more sophisticated

For major hacks, cyber criminals will invest months analysing their target and looking for weaknesses. This may involve breaking into hundreds of computers on the way to their goal; compromising your home computer may allow them access to systems at your office for instance.

These multi-stage attacks are very sneaky and can be hard to detect. Unless you know exactly what to look for (or using our protection plan services ) it is almost impossible to spot what is going on.

We underestimate the risk

Because we have grown up with computers, we often underestimate the risk of cyber crime. If you’ve never (knowingly) been a victim of hacking or malware, you may think it won’t happen to you. It is very easy to become complacent over time – and that leaves us at risk of becoming targets.

There are plenty of reasons we make this mistake. If you’re working from home, you may assume your employer is taking care of cyber security for you. Or you use a free ad-blocking system, not realising that it doesn’t stop malware downloads (it may also allow some ads though deliberately too). Or maybe you’re bought into the myth that Apple computers can’t get viruses (they can).

In the same way you don’t leave your wallet and phone lying around, you always need to be at least partially aware of computer security. Pay attention and treat everything – emails, websites, software downloads – with a healthy degree of suspicion. Doing so makes you well prepared to block many common attacks.

How to stay safe

Dealing with these three problems is easier than you may think:

Download and install an effective endpoint protection tool.

Stay aware of what is happening on your computer and the internet – read you emails very carefully and never click any links if you are suspicious.

Check out our Protection Plan services to see how we can defend your business.

And if you have any specific problems right now, contact us today .

Types of Spoofing Attacks

support@eazi-sites.com (Eazi Business) — Wed, 27 Jan 2021 00:00:01 GMT

Spoofing can occur in many different forms and various types of attacks you should watch out for. Here are some examples of different types of spoofing:

Caller ID Spoofing
Caller identification (Caller ID) allows the receiver of a phone call to determine the identity of whoever is calling. Caller ID spoofing occurs when a scammer uses false information to change the caller ID. Since Caller ID spoofing makes it impossible for the number to be blocked, many phone scammers use Caller ID spoofing to hide their identity. Occasionally, these scammers will use your area code to make it seem like the call is local.

Most Caller ID spoofing happens using a VoIP (Voice over Internet Protocol) that allows scammers to create a phone number and caller ID name of their choice. Once the call recipient answers the phone, the scammer will try to convince them to divulge important information.

Website Spoofing
Website spoofing is when a scammer will try to make a dangerous website look like a safe one, using legitimate fonts, colours and logos. This is done by replicating a trusted site with the intention of taking users to a phishing or malicious site. These copied sites will usually have a similar website address to the original site and appear to be real at first glance. However, they’re usually created to obtain the visitor’s personal information.

Email Spoofing
Email spoofing is when a scammer sends out emails with fake sender addresses with the intention of infecting your computer with malware, asking for money or stealing information. These fake sender addresses are created to look like it came from someone that you know, like a coworker or a friend.
These addresses can either be created by using alternative numbers or letters to look slightly different than the original, or by disguising the ‘from’ field to be the exact email address of someone in your network.

IP Spoofing
When a scammer aims to hide the location of where they’re sending or requesting data online, they’ll usually use IP spoofing. The goal of IP spoofing is to trick a computer into thinking the information being sent to a user is a trusted source and allow malicious content to pass through.

DNS Server Spoofing
Domain Name System (DNS) spoofing, also known as cache poisoning, is used to reroute traffic to different IP addresses. This will lead visitors to malicious websites. This is done by replacing the IP addresses stored in the DNS server with the ones that the scammer wants to use.

ARP Spoofing
ARP spoofing (Address Resolution Protocol) is used often to modify or steal data or for in-session hijacking. To do this, the spammer will link their media access control to an IP address so the spammer can access the data that was originally meant for the owner of that address.

Text Message Spoofing
Text message spoofing is when a scammer sends a text or SMS message using another person’s phone number. Scammers do this by covering their identity behind an alphanumeric sender ID and will usually include links to malware downloads or phishing sites.

GPS Spoofing
A GPS spoofing attack happens when a GPS receiver is deceived by broadcasting fake signals that resemble real ones. In other words, the scammer is pretending to be in one location while actually being in another. Scammers can use this to hack a car GPS and send you to the wrong address, or even to interfere with GPS signals of ships, buildings, or aircraft. Any mobile app that relies on location data from a smartphone could be a target for this type of attack.

Man-in-the-middle (MitM) Attack
Man-in-the-middle (MitM) attacks occur when a scammer hacks a WiFi network or makes a duplicate fraudulent WiFi network in that location to intercept web traffic between two parties. In doing so, scammers are able to reroute sensitive information to themselves, such as logins or credit card numbers.

Extension Spoofing
In order to disguise malware extension folders, scammers will utilise extension spoofing. Usually, they’ll rename the files to “filename.txt.exe” and hide malware inside the extension. So, a file that appears to be a text document actually runs a malicious program when it’s opened.

What is Spoofing and How to Prevent a Spoofing Attack

support@eazi-sites.com (Eazi Business) — Wed, 20 Jan 2021 00:00:01 GMT

Spoofing is a cyber attack that occurs when a scammer is disguised as a trusted source to gain access to important data or information. Spoofing can happen through websites, emails, phone calls, texts, IP addresses and servers.

Usually, the main goal of spoofing is to access personal information, steal money, bypass network access controls or spread malware through infected attachments or links. With every form of communication online, scammers will try to use spoofing to try to steal your identity and assets.

Read more to learn about how spoofing happens and how to prevent spoofing attacks.

How does Spoofing Happen?

The term “spoof” dates back over a century and refers to any form of trickery. However, today it’s mostly used when talking about cybercrime. Any time a scammer disguises their identity as another, it’s spoofing.

Spoofing can apply to a number of communication channels and engage different levels of technical know-how. For it to be successful, the spoofing attack has to incorporate a certain level of social engineering. This means that the methods that scammers use are able to effectively trick their victims into giving out their personal information. Scammers use social engineering to play on vulnerable human characteristics, such as greed, fear, and naivety.

An example of this type of social engineering is where the scammer relies on the victim’s feelings of fear in an attempt to gain information or money. The grandchildren scam is when a scammer pretends to be a family member and allegedly states that they’re in trouble and need money as soon as possible. Scammers will often target the elderly in these situations due to the preconceived notion that the elderly are less tech-savvy.

How to Protect Against Spoofing Attacks

There are many things you can do to protect yourself against spoofing attacks. Stay one step ahead of scammers with these helpful do’s and don’ts:

Do:

Switch on your spam filter: This will prevent most spoofed emails from coming into your inbox.

Examine the communication: If the potential spoof attack contains signs of poor grammar or unusual sentence structure, it may be an illegitimate request. Also, be sure to double-check the URL address of a website or the email sender address.

Confirm the information: If an email or call seems suspicious, send a message or make a call to the sender to confirm that the information you received is legitimate or not.

Hover before clicking: If a URL looks suspicious, hover your mouse over the link so that you’ll know exactly where the page is going to take you before you click on it.

Set up two-factor authentication: Setting up two-factor authentication is a great way to add another layer to your passcodes. However, it’s not completely foolproof, so ensure you’re considering other security precautions as well.

Invest in cybersecurity software: Installing cybersecurity software is the biggest defense when it comes to protecting yourself from scammers online. If you run into trouble, download malware removal or antivirus software to protect your computer from any malicious threats or viruses.

Don’t:

Don’t click unfamiliar links or downloads: If a link or download file doesn’t look legitimate, refrain from clicking on them. If they’re from an attacker, they’ll usually contain malware or other viruses that can infect your computer.

Don’t answer emails or calls from unrecognized senders: If the sender is unrecognizable, don’t answer the call or email. This can help prevent any communication with a potential scammer.

Don’t give out personal information: Avoid giving out your personal and private information, such as a credit card or social security number, unless you’re sure it’s a trusted source.

Don’t use the same password: Create stronger passwords for your logins that are harder for scammers to guess. Change them frequently in case a scammer gets a hold of one. Also, steer away from using the same password for most of your logins.

If you think you’ve been spoofed, you can file a report with Action Fraud . You can also contact your local police if you’ve lost money due to spoofing. Be sure to check out our protection plans to secure your digital life today and protect yourself against spoofing.

CIA Triad - The Model For Data Security

support@eazi-sites.com (Eazi Business) — Thu, 23 Jul 2020 07:41:50 GMT

The CIA triad is one of the most well known and established models for security and policy development among businesses around the world. The aim of the CIA triad is that it allows businesses to develop internal security whilst following a global standard security model.

So, the CIA triad, what is it? The triad is made up of three parts:

Confidentiality: The overall meaning of confidentiality is that some information is being kept incredibly private only to be read or known by a select few - if any at all. With regards to the CIA triad, this is virtually the same pretense, however, in more specific terms, it involves the information/data to be kept confidential by using security mechanisms such as passwords, usernames, access control lists (ACL’s) and also encryption. The idea is that the information is kept confidential rather than at the risk of being in the wrong hands. Most commonly, data is kept in the order of most risk to smallest risk if someone was to obtain that data, for example, someone’s full bank details and address will be kept incredibly secure; someone’s first name and country of origin will be kept secure however less than the bank details and full address. This is at the businesses discretion however this is also governed by law such as GDPR.

How to ensure this is applied: Make sure that all access control lists and all file permissions are frequently checked and updated, this ensures there are no out of date permissions or access granted where it shouldn’t be. Ensure all data is encrypted through standard methods such as strong passwords and if possible, in addition to this, via a form of two-factor authentication - this can be an email address and phone number for example.

Integrity: Alongside having confidentiality, it is incredibly important to have data integrity. Maintaining the integrity of data and how it is handled internally in businesses is important as it allows prevention of accidents when editing data by authorized members of staff/business colleagues and in even worse cases, when edited by unauthorized people, this could be classed as a data breach if it happens which is another problem in itself. Data can be protected in multiple different ways, version control is a huge positive to apply data integrity, another way you can apply and ensure data integrity is by adding in file permissions and user access controls, having these in place means that the chances of accidental deletion or editing of the files is incredibly reduced by internal staff and potential external people trying to cause a data breach.

How to ensure this is applied: Whenever documents are changed, ensure version control is updated and with the colleague/staff members name attached to it, this ensures that if something is changed with any potential malicious intent that it is recorded. Data logs are also needed to be kept which ensures when data is changed it’s recorded/updated on the log. Make sure that you have a backup and recovery process setup, if possible use a backup and recovery software, it will make it easier for you than trying to set an entire process up yourself but it still ensures there is a process in place if needs be. Ensure that your company has a regularly updated security and IT policy, employees and colleagues should be aware of any data retention policies your company has, this all helps towards having your data set up in the most secure way possible.

Availability: Having availability within the CIA triad means that the data, information and resources are readily available to the correct people with the correct access when required, this can be implemented in a huge range of ways, these are processes such as failover, RAID, redundancy and high-availability clusters. These are used to migrate any sensitive and protected data when something goes wrong, they are used as a completely secure and protected backup incase of a serious malfunction or data breach. Disaster recovery plans need to be in place as well - they will ensure, alongside your hardware, you have a plan if something does go wrong. The idea is that data is kept safe and secure however also available to the required people.

How to ensure this is applied: Make sure that as a business you have a disaster recovery plan in place, this ensures that if you do have an issue - you can get the data back that was breached or at least get to a point where all staff can then work again. Make sure you have monitoring systems on your network infrastructure, this will ensure that it is monitored at all times for potential issues. With all of the network and server applications available, it is vital that they are always kept up to date with the latest version.

The overall concept of the CIA triad can seem daunting to many people as there are a multitude of factors to consider, whilst ensuring you and your business are fulfilling the three steps. If you or your business need help in any of these steps or any other cyber security needs, please do not hesitate to contact us today and find out how we can help you become cyber secure.

SMS Scams and Smartphone Malware

support@eazi-sites.com (Eazi Business) — Thu, 02 Jul 2020 07:55:47 GMT

Smartphones have become a crucial part of our everyday lives; we shop, bank and network using our phones. But with so much valuable personal data being stored on these devices, they have become a top target for cyber criminals. If they can crack our phones, they can steal our identities, blackmail us for cash, or empty our bank accounts using scams.

As a result, hackers have been developing new ways to attack – the latest using SMS text messages.

Introducing “smishing”
For some years now hackers have used a technique known as phishing – emails pretending to be from our bank that try and trick us into handing over our account details. As people have got better at spotting phishing emails, less are falling victim, which means that hackers have changed their tactics, focusing on our phones.

Smishing is very similar conceptually; instead of sending emails however, the attackers are sending SMS text messages to their victims. Each of these texts is designed to trick people into handing over sensitive personal information – like their online banking PIN number. Others will encourage them to access a fake website, or to download an app that has been infected with malware.

How to spot a smishing message
Almost every smishing message has one thing in common – a sense of urgency. You will be told that your bank account has been compromised, and you must login using the supplied link immediately. Or that a routine security check has temporarily blocked access to your account, before asking you to confirm you password to restore access. You may even be asked to download a special app to improve the security of your account, the sooner the better.

The truth is that no bank sends urgent SMS messages; most actually rely on letters and secure emails to communicate important information. If you do receive a text message from your bank, it will never include a link – you will simply be directed to logon to the website at your earliest convenience, or to call their phone banking service.

Similarly, your bank will never send you a link to a website to download a new app. They may direct you to the official App Store or Google Play store, but most will send a push notification through their official app, rather than via SMS text message.

If you are in any doubt at all about a text message you receive, delete it. If the matter is truly urgent, your bank will contact you again. You can also give them a call to confirm whether there really is a problem.

Get protected
Finally, you should always protect your smartphone with a reputable anti-malware app. In the event that you are tricked into downloading a malicious app, the anti-malware tool will conduct a scan automatically, and advise you that there is a problem before any of your personal data is stolen.

You can even protect yourself against smishing scams right now by contacting us about our recommended mobile security app.

Keyloggers: Be careful what you type

support@eazi-sites.com (Eazi Business) — Tue, 23 Jun 2020 20:13:42 GMT

Are you one of those people who covers the keypad with their hand when they enter their PIN into an ATM? And when entering it into the supermarket’s card terminal? This basic (but effective) security measure does not require much effort and is increasingly common among users, who understand the need to take precautions to protect their banking transactions. Hiding your PIN when you use an ATM is a simple way to avoid nasty financial surprises in your bank account, but is not infallible. Cyber criminals sometimes turn to invisible spies to steal your sensitive information: keyloggers.

What’s a keylogger?
As its name indicates (“key”-“logger”), this term refers to a malicious computer program that secretly records every keystroke made by a computer user. Keyloggers are used to gain fraudulent access to confidential information such as personal details, credit card data, access credentials, etc.

There are two types of keyloggers, based on the method used to log keystrokes: software keyloggers and hardware keyloggers. Hardware-based keyloggers are rare, as they require having physical access to the victim’s device in order to manipulate the keyboard. However, software-based keyloggers are much more common, and may affect any device that is not properly protected. Usually, keyloggers are installed on target computers by other malware specimens, such as Trojans or viruses. For example, an attacker may trick the victim into clicking a malicious link, which then downloads the keylogger into the system.

The enormous danger of these 'cyber spies'
Unlike other malware specimens, which delete data or hijack files and demand a ransom for their release, keyloggers are designed to go unnoticed while recording the user’s information. That’s why they are so difficult to detect. Keyloggers are usually employed in conjunction with other malicious programs, capturing keystrokes and sensitive information (bank account numbers, passwords, PINs, etc.) which cyber criminals then leverage to steal corporate confidential data, impersonate users or carry out fraudulent financial transactions.

The infamous “PunkeyPOS” malware is a clear example of the devastating effects that keyloggers can have. This malware infected the point-of-sale (POS) terminals of hundreds of restaurants, extracting sensitive information belonging to thousands of individuals.

Another infamous example is that of “Eye Pyramid”, the cyber espionage campaign that threatened the security of many of Italy’s public institutions earlier this year. “Eye Pyramid” was a cyber espionage ring spearheaded by a brother and sister that installed a keylogger on victims’ computers to steal passwords and access confidential information. Among those affected were former Prime Ministers Matteo Renzi and Mario Monti, as well as the president of the Central European Bank, Mario Draghi, as well as other individuals in possession of sensitive data.

It’s now evident that the professionalisation of keylogger-based attacks requires that companies and institutions implement systems that ensure data security. JC Cyber Security Services offer an intelligent cyber-security platform to eradicate advanced threats. Its dynamic approach, based on the principles of contextual intelligence, allows organisations to anticipate malicious behavior and prevent data theft. Thus, the endpoint defence system is capable of detecting, blocking and remediating any attack before it even reaches its target.

Hackers Are Stealing Your Cookies

support@eazi-sites.com (Eazi Business) — Thu, 18 Jun 2020 08:02:14 GMT

Cookies can do a lot more than just track your web browsing activity. Now it appears that hackers have found a way to steal your passwords too.

What are computer cookies?

A cookie is a tiny file that websites store on your computer. They are normally perfectly harmless – and quite useful too. In fact, many of the websites you use every day rely on cookies to work properly.

What are cookies used for?
Cookies were designed to be a reliable mechanism for websites to remember information or to record the users browsing history. These tiny text files can be used for storing login information, credit card information and help advertisers show ads they think will be relevant to your preferences.

Cookies can be useful, saving time to type in previously visited website login information for instance. Cookies do not directly display passwords, instead they contain a hash that stores your password. When a password has been hashed, it has been scrambled so only the website it came from can read it. The website uses a unique encryption algorithm to encode and decode the hash.

Why do hackers want your cookies?
Normally hackers love to steal passwords, but stealing your cookies may be just as good. By installing your cookies with hashed passwords into their web browser, the criminal can immediately access your account , no login required.

Your cookies can be used to easily compromise social media, email and many other services.

How do hackers steal cookies?
If hackers can access your computer or your network , they can probably steal your cookies. Sometimes they can steal them directly from an insecure web server too.

People are getting smarter about protecting their computers against malware, by installing a reputable anti virus solution. As a result, criminals are having to resort to more advanced techniques, like stealing information passing through public WiFi networks .

All a hacker needs to hack your cookies is a Firefox extension called Firesheep. Firesheep is an extension that uses a technology to detect and copy cookies that are sent sent over a wireless network. As the extension discovers cookies, it creates a list on the hacker’s computer. They can then simply click on the cookies, and it logs into the website as the unsuspecting user.

What can I do to protect my cookies?
A simple but effective way to stop hackers from stealing your personal information is to simply clear cookies on a regular basis . Experts recommend doing this every 7 to 14 days . They also advise never storing credit card information on a site unless it is trusted . Deleting cookies does have one drawback however – you will have to re-enter passwords and personal information next time you logon to a website. This may be inconvenient and annoying, but it is also much safer in the long run, protecting you against cookie theft.

And if you have problems remembering lots of passwords, consider using a password manager, such as LastPass, to keep them safe and secure for you. Take a look at our guide How To Protect Your Password and Keep Hackers Away to learn more.

A History of Cyber Attacks: from Barrotes to WannaCry

support@eazi-sites.com (Eazi Business) — Wed, 10 Jun 2020 21:27:11 GMT

Cyber attacks are continually evolving. With the Internet now an everyday tool in our lives, they have become something of a constant, and have increased both in frequency and sophistication. Because of this, they have a huge global impact on economies, national security, elections, data theft, and personal and company privacy. Cyber attacks have become an extremely common way to commit fraudulent activities. A World Economic Forum report shows that 76.1% of experts expect infrastructure hacking to increase, while 75% believe that cyber attacks seeking money or data will increase.

But in order to develop the best strategies, tools, or services to stop these attacks or minimise their impact, it is essential to be at the cutting edge of technology, using economic and technological resources and tracking criminal activity. Not only this, but it is also vital to learn from history and incorporate what it can teach us into how we act. Here, we take a look at some of the cyber attacks that have made an impact over the last three decades.

Barrotes (1993)

Known as the first Spanish virus, this malware was sent via an infected floppy disk, which were commonly used at the time to share files or pirated software. It was a small program that, upon entering systems, wrote its malicious code on executable files (.com and .exe on MS-DOS), staying hidden until the 5th of January, when it was released and activated by overwriting the boot disk. As a result, every time the computer started up, the screen was covered in bars, making it impossible to use the device.

CIH/CHERNOBYL (1998)

Originating in Taiwan, this is considered to be one of the most harmful viruses in history because of the millions of dollars of losses it caused all over the world, and how quickly it spread. Its modus operandi was lethal: Once installed on a computer, it deleted all of the information from the entire computer, even corrupting BIOS so that the system couldn’t boot. It is estimated that it affected over 60 million Windows 95, 98 and ME users.

Melissa (1999)

Melissa is one of the first cyber attacks carried out using social engineering techniques. Users received an email with an attachment (called List.doc), which supposedly contained login details to access pornography websites. However, once the document was opened, the virus accessed the victim’s Microsoft Outlook agenda and forwarded the email to the first 50 contacts in their address book. It also infected every Word document on their computer.

I love you (2000)

This worm, programmed in Visual Basic Script, also used social engineering and email to infect devices. The user received an email with the subject “I LOVE YOU”, and an attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs”. When this document was downloaded and opened, it replaced a multitude of files (.jpeg, .css, .jpg, .mp3, .mp2 and others) with a Trojan that aimed to get hold of sensitive information. So great was the impact of this malware that it infected millions of computers around the world, including devices in the Pentagon and the British Parliament.

Mydoom (2004)

Another piece of malware sent via email, but this time using an error message. Mydoom used most of Windows’ security tools and options to spread throughout the system and to every file. It started operating on the 26th of January, 2004 and was ready to stop on the 12th of February. It had dramatic consequences, and is still considered catastrophic today: it reduced world Internet traffic by 10% and caused losses of around £32 billion.

Stuxnet (2010)

Stuxnet is is the first known example of a cyber warfare weapon; it was designed to attack Iranian critical infrastructure. This worm, which was spread through removable USB devices, carried out a targeted attack against companies with SCADA systems, with the aim of gathering information and then ordering the system to self-destruct. It used the Windows vulnerability MS10-046, which affected shortcuts, to install itself on the computer, specifically on Windows 2003, XP, 2000, NT, ME, 98 and 95. It was also able to get onto devices that were not connected to the Internet or a local network.

Mirai (2016)

Mirai is the botnet behind one of the largets denial of service (DDoS) attacks to date. It affected such large companies as Twitter, Netflix, Spotify, and PayPal. This malware infected thousands of IoT devices, remaining inactive inside them. The creators of Mirai activated it on October 21, 2016, using it to attack DNS service provider Dyn. Both its services and its clients were down or experiencing problems for hours.

WannaCry (2017)

WannaCry was a ransomware attack that started with a cryptoworm of the same Targeting Windows computers, it encrypted their data and demanded ransom payments of £240 in bitcoins. It was stopped a few days later thanks to emergency patches released by Microsoft and the discovery of a kill switch that stopped infected computers from continuing to spread the malware. The attack is estimate to have affected over 200,000 computers in around 150 countries, including devices in the NHS and Renault.

Petya/NotPetya (2016-2017)

The ransomware Petya, discovered in 2016, runs on computers, encrypting certain files, while blocking the boot sector of the compromised system. This way, it stops users from accessing their own computers unless they enter an access code, after having paid the ransom, which restores the operating system as if nothing had happened. The variant NotPetya, which appeared in 2017, mainly targeted the business sector. One thing that made it particularly notorious is the fact that often, even when the ransom was paid, the victim’s files were not recovered. Although this ransomware infected networks across multiple countries, researchers suspect that it actually intended to hide a cyber attack targeting Ukrainian institutions.

Ryuk (2019)

The ransomware Ryuk endangered critical infrastructure and large national and international companies in the last quarter of 2019. Among its victims were the city hall of Jackson County in Georgia and Everis. This malware, whose origins lie with the Russian group Grim Spider, encrypts the files on infected devices, and only allows the victim to recover their files if they pay a ransom in bitcoins. Ryuk seems to be derived from Hermes, a similar piece of malware that can be bought on the dark web and personalised to fit the buyer’s needs.

Incidents such as these, along with experience, has allowed us to develop a unique cyber security model. A model based on machine learning to reveal malicious behavioral patterns and create advanced cyber defenses against known and unknown threats. In the end, it’s all about continuing to do what we do best: protecting our customers for many years to come.

Protecting your email against phishing attacks

support@eazi-sites.com (Eazi Business) — Thu, 04 Jun 2020 08:00:03 GMT

How can you protect yourself against phishing?
Email is one of the most popular ways people stay in touch, for both at work and at home. One report found that there were 246 billion emails sent every day in 2019 – and this is expected to rise to 280 billion by 2021.

Much of our day-to-day business is conducted online now – take banking for instance. Many banks produce electronic statements which are stored in our online accounts; they send us a monthly email to remind us to check our records online. We simply click through the supplied link and log into our online account.

Be careful with your emails
Because you can do so much through online banking, your user name and password are highly valued by hackers . Armed with those details, they can log into your account and make digital cash transfers to steal all your money.

To help steal your logon details, hackers send emails that look almost identical to the ones sent by your bank – a scam known as phishing. Clicking through the links in these fake emails will take you to a site that looks just like your bank’s. But when you try to logon, instead of seeing your account details you will receive an error message. Meanwhile, the cybercriminal has already captured your username and password, allowing them to get to work emptying your bank account immediately.

So how can you protect yourself against phishing?

1. Check what your bank says about their emails
Your bank will almost certainly have a page on their website about helping you to identify fake emails. This example from Lloyds Bank shows the things you need to look out for, including:

Incorrect sender’s email address.
A generic greeting (your name is not used).
The email includes a direct link – emails from Lloyds do not.
The email makes threats about suspending your account, or suspicious activity.

Visit your bank’s website and check the help section for details about how to tell if an email is genuine or not. By learning what to expect, you will be better able to spot phishing emails when they arrive in your inbox.

2. Never click links in emails from your bank
To avoid being duped into accessing a fake website, never click the links in any email claiming to be from your bank. Instead, type the address into your browser bar direct – that way you will always land on the official website.

3. Install security software
Modern anti virus software is very good at detecting phishing attemps automatically, immediately alerting you to anything that looks suspicious. This automated warning lets you know immediately that you may be at risk of becoming a phishing victim.

Protecting against phishing scams is a combination of education, common sense, and technology. To help better protect yourself, contact us about our endpoint protection and email security services.

What is Phishing?

Wed, 27 May 2020 15:39:25 GMT

No doubt you have wondered and asked yourself on more than one occasion, what is phishing and how can it affect you.

All of us know that it is some type of scam, although perhaps there are many who don’t know exactly what it is or the techniques used by hackers and cyber criminals.

So, exactly what is phishing? Basically, also known as email phishing, it involves sending emails, which appear to come from trusted sources, such as banks etc, though really they are aimed at stealing confidential information from users.

These emails usually include a link which when clicked, takes you to a spoof web page. These pages appear genuine though they are really like a mirror that hides the criminals whose sole aim is to steal your personal data.

The problem is that users think they are in a trusted site and therefore enter the requested data. However, this confidential data will fall straight into the hands of the scammers and can then be used for some type of fraud.

That’s why it is always best to access web pages by typing the address directly in the browser.

How to recognise a phishing message
It’s not always easy to recognise phishing messages, particularly if you are a client of the company from which the message has supposedly been sent.

Even though the ‘From:’ field of the message shows the address of the company, it is not difficult for a criminal to alter the source address of the email in any mail client.

The email may have the logos and trademarks of the organization, yet these can easily be lifted from the company’s website.

The link in the email seems to point to the company’s website, though really it takes you to a fake page which will ask you for your user name, password, etc.

Very often these messages contain spelling or grammatical errors that you would not normally expect in official communications from the genuine company.

It’s also important to bear in mind that although phishing has traditionally used email, now, with the increasing popularity of smartphones and social networks, there are new channels of attack.

Another thing to be aware of is that although we normally talk about phishing in the context of banks, cyber criminals often use any popular website or platform (Ebay, Facebook, Paypal, etc) as bait for stealing personal data.

But remember, no company will ever ask you to send them your personal details via email. If they do, be very suspicious!

If you would like to find out how you can protect yourself from phishing attacks, contact us today.

How to protect yourself from cyber attacks that exploit Covid-19

support@eazi-sites.com (Eazi Business) — Thu, 14 May 2020 08:13:22 GMT

The current coronavirus COVID-19 pandemic is changing the business landscape. The most immediate change that has been seen in many countries is the sudden increase in the amount of people working from home. Because of this change, the attack surface has increased significantly, forcing companies to strengthen their cyber security measures to ensure they don’t suffer at the hands of cyber criminals.

However, the increase in the attack surface is not the only cyber threat related to the current global situation.

Malicious campaigns exploiting Covid-19

Our partner researchers constantly search for samples in malicious coronavirus-related campaigns. They have analysed hundreds of malware detections since the lockdown. They’ve broken down several of these campaigns in a study.

Spam using coronavirus as bait
A common tactic amongh cyber attackers is to imitate an official organisation related to public health. In doing so, they hope to increase the likelihood of their victims downloading malicious content or clicking on links. Among the examples of coronavirus-related spam are the following:

“Latest Coronavirus Updates”: This campaign was detected in the UK. The email comes with an attachment in .dat format, supposedly containing the latest news about COVID-19. This file contains a piece of malware.

“Coronavirus: important information about precautions”: In this case, the campaign targeted users in Italy, a country severely affected by the pandemic. In both the subject and the body of the email is the text “Coronavirus: important information about precautions”. In the body of the email, the sender claims that the attachment is a document prepared by the World Health Organisation (WHO) and strongly recommends that the reader download the compromised Microsoft Word attachment. The malicious file contains a Trojan.

“Exclusive: Coronavirus Vaccine Detected”: this campaign was spotted in Portugal. It contains a link, supposedly to a page containing more information about the alleged vaccine, but actually contains malware.

Malicious domains related to Coronavirus
Right now, many people are turning to the Internet to try to find answers to the questions they have about the pandemic. Cyber criminals have taken advantage of this situation; our partner researchers detected a notable increase in domain names using the word “corona” combined with words commonly used in Internet searches for the disease, such as “vaccine” or “emergency”. There is a more extensive list in the report, but the following are some noteworthy examples of domain names:

acccorona [.] com
alphacoronavirusvaccine [.] com
anticoronaproducts [.] com
beatingcorona [.] com
beatingcoronavirus [.] com
byebyecoronavirus [.] com
cdc-coronavirus [.] com
contra-coronavirus [.] com
corona-crisis [.] com
corona-emergencia [.] com
coronadetection [.] com

One of the most recent examples of malicious domains using Covid-10 to trick its victims was seen in the UK. A group of bad actors created a website that looks like the official British Government portal for those who have been affected by the pandemic to claim economic help. The link arrives by SMS. However, if the victim introduces their bank details, the cyber attackers use this information to steal their money.

Advanced protection to halt these campaigns
As is the case with any cyber threat, the first line of defense is prevention. To begin with, the most important thing is to educate employees about the risks involved in downloading attachments from unknown senders. It is also important to stress the harm that clicking on links in emails from strangers can do. Another vital measure is good password hygiene: Use complex passwords and change them frequently.

Another essential step in any cyber security plan are advanced solutions. JC Cyber Security Services offer continuous monitoring of all system activity, stopping any unknown process and blocking it until it is analysed and it is determined whether it is legitimate or malicious.

Unfortunately, the cyber attacks and spam campaigns that exploit the current pandemic will most likely continue to try to harm the computer systems of companies and users around the world. Make sure you have the necessary protection with JC Cyber Security.

COVID-19 is a big opportunity for scammers

support@eazi-sites.com (Eazi Business) — Mon, 11 May 2020 20:44:49 GMT

The current COVID-19 crisis has changed the way we work, with more people than ever working from home – many for the first time ever. But cyber criminals are taking advantage, particularly of people unused to working remotely. Here are some of the scams that are currently causing problems.

Examples of common scams
One of the most common scams the in UK during this pandemic is emails and SMS messages asking for donations to help the NHS to buy Personal Protective Equipment (PPE) and to fund the fight COVID-19 as a whole. The main targets seem to be the elderly, many of whom are self-isolating. Current estimates suggest that scammers have already stolen around £1.6m using this technique.

Another similar scam is text messages apparently from the UK government issuing fines of £250 to people for leaving their house more than once daily during lockdown. Because these messages are fake, the “fines” are paid directly to the scammers. And there are email versions of this scam circulating too. By following the links in a scam email, bank details, accounts and passwords can be stolen, allowing hackers to empty bank accounts completely. So far there have been 2192 reported COVID-19 phishing attempts, but this number is increasing rapidly with over 50 new reports daily.

Effect of the corona virus and how hackers benefit
As industry shuts down, people are losing their jobs at a dramatic rate, causing them to become desperate to find a new job or source of income. Some scammers are calling the unemployed, offering positions as key workers but demanding an advance fee for vetting or background checks. However, these jobs do not exist – scammers are just keeping any money they receive.

The majority of reported crimes are related to online shopping, particularly as more people are relying these services while they practice social distancing. Because these products are in very high demand, people are paying for face masks, gloves and hand sanitiser which never arrives.

Many scams are related to email, and the fact that more people are working from home using computers, provides more opportunities for scammers. By exploiting tragedies and well-publicised global issues, it is easier to trick people because they are anxious and uncertain about the events taking place.

No mercy from cyber criminals
The uncertainty created by COVID-19 and the global shutdown is providing scammers with plenty of new opportunities to rob and steal. Many people will be unfamiliar with working from home, leaving them vulnerable to the clever techniques used by hackers. And because official advice about the pandemic appears to be unclear and confused, it is no surprise that people are being tricked by messages that look they come from official sources.

To better protect yourself and to avoid falling victim to a COVID-19 scam, take a look at our guide to Protecting your email against phishing attacks. We also have a handy guide to protecting yourself against “smishing” and SMS scams.

Finally, make sure that malware can’t take over your computer or steal your data by contacting us to find out how we can secure your systems.

How To Protect Your Password and Keep Hackers Away

support@eazi-sites.com (Eazi Business) — Thu, 07 May 2020 08:27:57 GMT

Passwords are the most common way to prove we are who we say we are when it comes to using websites, social media accounts, email, and even the computer itself. Passwords also give us and others access into mobile phones, bank applications, work log-ins, and confidential files. For many online systems, a password is the only thing keeping a hacker from stealing our personal data. Read on to learn how cyber criminals can hack passwords and password protection techniques.

Why It’s Easy for Hackers to Hack
While creating a password may seem like a safe bet, large, reliable companies such as eBay, LinkedIn and most recently Facebook have all been breached, compromising passwords for many of their users. According to the chief executive of specialist insurer Hiscox, cyber crime cost the global economy more than £359 billion and over two billion records were stolen. Why is it so easy for hackers to access accounts and obtain secure passwords?

First and foremost, we reuse our passwords. Over 60 percent of the population use the same password across multiple sites. And since 39 percent have a hard time keeping track of passwords, we become incredibly susceptible to hackers when we keep passwords for years or even decades.

People are also incredibly predictable. We tend to use passwords that are personalized in some form to our lives, because they are easier to remember. Because of our visual memory capacity, it is easier to remember images and information that we are already familiar with and have some meaning to us. This is why we often create easy to remember, predictable passwords based on things like family members, pets, or birthdays.

The average user also has about 26 password-protected accounts, but only has five different passwords across these accounts. That makes us more susceptible to hacks, especially brute force attacks. With more than 85 percent of Americans keeping track of online passwords by memorizing them in their heads, it’s nearly impossible to memorize up to 26 passwords. And with a plethora of passwords, it’s important to install a password management program. However, a shocking low 12 percent of Americans actually have one installed.

The standard rule of thumb used to be to change passwords every 90 days. However, in recent years this method has been defined as ineffective by the FTC Chief Technologist and Carnegie Mellon computer science professor, Lorrie Cranor. She found that when people are forced to change their passwords on the regular, they put less mental effort into it. This is another way that hackers can take advantage of people’s lack of effort or desire to change or diversify their passwords.

How Long it Takes Cyber Criminals to Determine Your Password
If you have a password as simple as “password” or “abcdefg”, it would only take a hacker 0.29 milliseconds to crack it according to BetterBuys’ password-cracking times . Even more surprising? The password 123456789 is cracked 431 times during the blink of an eye. Even more complicated passwords are being hacked faster. What used to take hackers three years to crack is now taking under two months.

Hackers first go after the easiest and most common worst passwords, then move on to passwords with the least amount of characters. While a password with seven characters may take only 0.29 milliseconds to crack, one with 12 characters can take up to two centuries. The longer that passwords are, the longer it will take for the hackers to get the right combination.

How Cyber Criminals Hack Passwords
So how do hackers actually do their dirty work? First off, it’s important to understand that this is their job. For most modern, successful hackers, this is what they put their time and effort into on a daily basis. The most common ways that hackers can access your accounts through your credentials are:

keylogger attacks
brute force attacks
dictionary attacks
phishing attacks

Keylogger Attacks

A keylogger is a type of surveillance technology used to record and monitor each keystroke typed on a specific device’s keyboard. Cyber criminals use keyloggers as a spyware tool to seal personal information, login information, and sensitive enterprise data.

How to Protect Yourself:

Use a firewall to prevent a keylogger from transmitting information to a third party. You can also install a password manager, which will autofill your passwords and prevent keyloggers from accessing your credentials. Make sure to also keep your software updated, as keyloggers can take advantage of software vulnerabilities to inject themselves into your system.

Brute Force Attacks

We use passwords that are simple, relevant and can be guessed within a few tries. When using the brute force method, hackers use software that repeatedly tries several password combinations. This is a reliable way to steal your information, as many users use passwords as easy as “abcd”. Some of the most common password stealing softwares include Brutus, Wfuzz, and RainbowCrack.

How to Protect Yourself:
There are a number of ways to prevent brute force attacks. First, you can implement an account lockout policy, so after a few failed login attempts, the account is locked until an administrator unlocks it. You can also implement progressive delays, which lock out user accounts for a set period of time after failed attempts, increasing the lock out time after each failed attempt.

Another solution is using a challenge-response test to prevent an automated submission to the login page. Systems such as reCAPTCHA can require a word or math problem to make sure a person is entering credentials rather than a hacking system.

Dictionary Attacks

In 2012, more than 6 million passwords were hacked on LinkedIn due to a dictionary attack. A dictionary attack works by systematically entering every word in a dictionary as a password. Dictionary attacks seem to succeed because people have a tendency to choose short, common passwords.

How to Protect Yourself:

Choose a password that is at least 8 characters. Avoid any words in the dictionary, or common predictable variations on words. Use SSH keys to connect to a remote server to store your password. You should also only allow SSH connections for certain hosts or IP addresses so you know what computers are connecting to your server.

Phishing Attacks

Phishing attacks involve hackers using fake emails and websites to steal your credentials. They are most commonly emails that disguise as legitimate companies, asking you to download a file or click on a link. Most commonly, phishing attacks can involve a hacker masking as your bank provider, which can be especially detrimental.

How to Protect Yourself:
Be cautious of emails that come from unrecognized senders, are not personalized, ask you to confirm personal or financial information, or are urging you to act quickly with threatening information. Do not click on links, download files, or open attachments from unknown senders. Never email personal or financial information to even those you trust, as your email can still be breached.

Creating a Fool-Proof Password
Cyber criminals have become experts in determining passwords. 50 percent of small to midsize organizations suffered at least one cyberattack in 2017. That’s half of all small businesses, not to mention the large corporations such as T-Mobile, JP Morgan, and eBay who have suffered massive cyber attacks affecting hundreds of millions of customers. That’s not even the scariest part.

According to this WordPress’ UnMasked study, even high-level executives like the senior engineer at PayPal or the program manager at Microsoft have faulty, predictable passwords. This could seriously impacted their businesses. When creating a password, there are a few tips that can significantly help you keep your accounts safe and hackers out.

A password that is at least 14 characters is ideal. Eight characters is the shortest that a password should be. Make sure to use a variety of characters, numbers, and letters that have seamlessly no correlation or direct link to you or your hobbies.

Avoid predictable patterns in letter capitalization like at the beginning or end of your password, or for proper nouns. Also, try to use your entire keyboard, and not just characters you use on a daily basis, as hackers know this and will target the common characters.

Password Protection: Keeping Your Passwords Safe
In order to keep your passwords locked and secure, it’s important to create quality passwords and use security measures when creating new accounts. While many studies used to say to change your password every 90 days, the newest guidelines actually suggest changing your passwords when necessary, as changing too often can actually hurt you rather than help you.

Also, make new password hints as these are easy ways for hackers to receive a “recovery email” with your account information. Try to use uncommon answers such as obscure teacher names, or even create random answers and write these down to remember. Another technique is to create a sentence or acronym that only applies to you but is random enough to fool hackers.

Use a password manager such as, LastPass. These tools generate and store complex passwords for you. The password managers live in your browser and can fill in your login information whenever on a site.

Lastly, install endpoint protection software for password protection across the internet. Install your endpoint protection on all devices, in order to keep tabs on suspicious activity and keep unknown downloads from installing on your computer.

The technical challenges brought by COVID-19

support@eazi-sites.com (Eazi Business) — Thu, 23 Apr 2020 08:13:17 GMT

The panic around the novel coronavirus (COVID-19) continues to result in disruptions rarely seen before in human history. The forefront challenges caused by the virus are certainly with economic and health flavour. However, the millions of people losing their jobs and the tens of thousands of people already killed by the virus are only one part of the problems caused by the disease. With COVID-19 spreading around the globe at rapid rates, hundreds of millions of people have started telecommuting leading to heavy internet traffic. The global bandwidth demand is a test of the internet itself, and it is a cause for trouble for high-tech companies offering remote conferencing services, video streaming providers, online gaming, etc.

Zoom , an application that provides a remote conferencing service that combines video conferencing solutions, has been receiving tons of negative publicity because of the privacy and security issues uncovered since the world went into quarantine. Even the company CEO publicly admitted that things are far from perfect . The demand for streaming platforms has increased too. YouTube had no other option but to shift default video quality to standard definition amid the sudden increase in traffic caused by hundreds of millions of people thirsty for entertainment. Xbox Live also went down as people were looking for ways to kill some time at the beginning of the quarantine. The sudden increase in social media traffic led to misinformation that continues to spread like wildfire – the Facebook-owned WhatsApp had even to limit message forwarding to counter coronavirus misinformation.

Hackers use the chaos to attack – currently, millions of remote workers are out of their comfort zone and away from the IT support that usually keeps an eye on them while in the office. Zoom’s CEO admitted the company’s privacy and security faults and missteps but also defended the remote conferencing service provider saying that over the last few weeks, Zoom’s popularity has brought types of users whose backgrounds are significantly different than the company’s general userbase.

Up until the end of January, Zoom’s most active user crowd mainly consisted of enterprise customers with seasoned IT teams. He called the newcomers “very different,” implying that those are the type of people who are not as technology savvy and are people who may be more susceptible to cyber-attacks. Zoom verified accounts are continuously appearing on the dark web . In some cases, hackers do not even look for monetary compensation. They make the stolen information (email addresses, passwords, meeting IDs, host keys, and names) available to everyone so others can 'troll' the meetings.

If you are working from home, especially if you are using personal equipment, you have to make sure that your device is protected with reliable endpoint protection software – the last thing you want is to compromise company privacy or somehow be the cause for a company data breach.

Book a Free Cyber Clinic today to see how we can Defend Your Business.

Enquire today to see how we can find out if your emails or accounts have been compromised!

Tuesdays Top Tips

support@eazi-sites.com (Eazi Business) — Mon, 13 Apr 2020 23:40:33 GMT

An archive of JC Cyber Security's #TuesdaysTopTips

Tip #1 - You are a target to hackers.

Hackers are always on the look out for vulnerable systems to attack and cause a business to fall over. Don't ever say "It won't happen to me" or "I won't get hacked" because the chances are you will. In fact, last years statistics show that 64% of SME's were breached. If you think hackers won't attack because you're a small business, then you're wrong! We are all at risk and the consequences are high - to your

personal and financial well-being, and to your businesses standing and reputation. You MUST ensure that your systems are as secure as possible.

Tip #2 - Keep software up to date.

Installing software updates for your operating system and programs is CRITICAL . Always install the latest security updates for your devices:

• Turn on Automatic Updates for your operating system.

• Ensure all of your applications and programs are kept up to date. When an update is available, install it.

• Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.

• Make sure to keep browser plug-ins (Flash, Java, etc.) up to date.

Tip #3 - Avoid Phishing scams - beware of suspicious emails and phone calls.
Phishing scams are a constant threat - using various social engineering techniques, cyber criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information.

Phishing scams can be carried out by phone, text, or through social networking sites - but most commonly by email.
Be suspicious of any official looking email message or phone call that asks for personal or financial information.

Tip #4 - Practice good password management.

We all have too many passwords to manage - and it's easy to take short-cuts, like reusing the same password. A password management program can help you to maintain strong unique passwords for all of your accounts. These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically.

There are several online password management services that offer free versions, and one that we highly recommend is LastPass - a free application compatible with most, if not all, devices.

Here are some general password tips to keep in mind - if you choose to use LastPass, it will cover all these tips:

Use long passwords - 20 characters or more is recommended.
Use a strong mix of characters, and never use the same password for multiple sites.
Don't share your passwords and don't write them down (especially not on a post-it note attached to your monitor).
Update your passwords periodically, at least once every 6 months (90 days is better).

If you are interested in LastPass and would like some tips and guidance, feel free to contact us!

Tip #5 - Be careful what you click.
Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that will automatically, and often silently, compromise your computer.

If attachments or links in the email are unexpected or suspicious for any reason, don't click on it. Especially during these unprecedented times, it is more vital that you are on the look out for suspicious emails. If you have any worries about suspicious emails, let us know and we can provide an email address for you to forward the email onto us so we can look into it. Moreover, if you have clicked on a link that you believe to be malicious give us a call and we can scan your machine for any malware.

Tip #6 - Never leave devices unattended
The physical security of your devices is just as important as their technical security.

If you need to leave your laptop, phone, or tablet for any length of time - lock it so no one else can use it.
If you keep sensitive information on a flash drive or external hard drive, make sure to encrypt these and lock it with a password.
For desktop computers, shut-down the system when not in use - or lock your screen.

Tip #7 - Use mobile devices safely
Considering how much we rely on our mobile devices, and how susceptible they are to attack, you'll want to make sure you are protected:

Lock your device with a PIN or password - and never leave it unprotected in public.
Only install apps from trusted sources.
Keep your device's operating system updated.
Don't click on links or attachments from unsolicited emails or texts.
Avoid transmitting or storing personal information on the device.
Most handheld devices are capable of employing data encryption - consult your device's documentation for available options.
Use Apple's Find my iPhone or the Android Device Manager tools to help manage the impact of loss or theft.
Backup your data.

Tip #8 - Install Anti-Virus Protection

Only install an anti-virus program from a known and trusted source. Keep virus definitions, engines and software up to date to ensure your anti-virus program remains effective.
Through our Protection Plan , we can take the worry of endpoint protection away by fully managing this service for you.

Every Tuesday a new tip will be added. By following these tips and remaining vigilant, you are doing your part to protect yourself and others.

Why is it called a computer virus?

support@eazi-sites.com (Eazi Business) — Thu, 09 Apr 2020 13:01:47 GMT

Viruses are everywhere in the news at the moment, but have you ever wondered why malware is sometimes called a “computer virus”? The fact is that a computer virus is very similar to influenza, coronavirus and other viral infections.

Here’s some of the similarities.

Email is like a sneeze
Have you ever had cold that makes you sneeze all the time? Every time you sneeze, tiny droplets containing the virus leave your body at great speed. If someone else comes into contact with those droplets, they could catch your viral infection.

Cyber criminals use a similar technique – spam . Tens of thousands of emails are sent out, each carrying an infected attachment. Anyone who opens one of those attachments will (probably) install a virus – just like breathing in infected droplets.

Malware infections can kill
Serious viral infections can cause serious illness – or even death. And computer viruses also have the potential to kill.

In most cases, computer malware cause data loss, steal personal information and occasionally, cause physical damage to the infected computer. But if cyber attackers target national systems, like the electricity grid or hospital computers, there is a very real chance that the knock-on effects could kill.

Computer viruses are highly infectious
The influenza virus has naturally evolved to use an infected person’s body to spread. Sneezing is not just a side-effect of the infection – it also helps to ensure the virus can infect other people too.

Computer viruses rarely stop at a single infection. Most are designed to spread to other computers whenever possible. Some will hijack an infected computer to send out infected emails, while worms use clever network exploits to attack other computers on the same network. The more computers a hacked can infect, the more data they can steal or add to a botnet under their control.

You can be infected without showing any symptoms
Many viruses take time to grow inside the human body – it may be several weeks before the infected person even realises they are sick. During this ‘incubation period’ they are still infectious, and may pass the virus onto other people – again without realising there’s a problem.

The same is true of computer viruses – particularly botnets and trojans. These malware variants will remain on your computer undetected until triggered remotely by a hacker. This dormant period may last weeks or months, although it may try to spread itself to other computers in the meantime.

Anti-malware, the computer vaccination
Many serious viruses – measles, mumps, rubella, polio, tuberculosis – now have vaccines that prevent people from becoming infected. Children are routinely vaccinated against these viruses to prevent infection as they grow.

Computers can also be vaccinated against viruses with an anti-virus. Like medical vaccines, anti-virus tools identifies potential viruses and prevents them from being installed – or from infecting your computer.

By preventing your computer from becoming infected you also avoid the trouble of trying to recover lost data, reinstalling software and repairing any damage to the system. You can protect yourself today – get in touch to find out how.

Working from home: 5 tips to protect your company

support@eazi-sites.com (Eazi Business) — Mon, 23 Mar 2020 10:07:05 GMT

Technology changes, life habits change and the way we work changes too. And however we work, one thing that does not change is the inescapable duty we have to protect our assets in order to ensure perfect business continuity, to protect the information we manage, and to maintain business secrecy.

Unsurprisingly, technical complexity and an increasingly scattered perimeter have increased the attack surface over the last few years. It is no longer enough to protect the perimeter ; it is now vital to ensure that countless endpoints, such as laptops, mobiles, tablets, and many Internet of Things (IoT) are also secure.

That perimeter has been scattered further by practices like telecommuting. This way of working is increasingly common among modern businesses. In fact, over the last 15 years, the amount of people working from home has increased by 140%.

The last few weeks, however, have seen a sudden increase in the number of people working from home. The reason for this sudden surge in teleworking is the global coronavirus COVID-19 crisis. To try to contain the contagion, many companies have begun to promote teleworking. However, many of the companies that have promoted this increase in telecommuting have done so with haste, perhaps without having considered all the corporate cybersecurity concerns it could entail.

5 tips to secure remote access to the corporate network
In order to access the corporate network, most companies provide computers and a remote connection so that the employee can access corporate services via their own Internet connection. But, how can we ensure that the entire connection process is secure?

1. The computer trying to connect obviously needs to be protected with an advanced protection solution (Anti-Virus as a minimum). However, to reinforce security, it is of vital importance to have an endpoint defence system that can certify that all processes run by that computer are trustworthy. This way, we can stop cyber attacks that don’t use malware, as well as advanced attacks that could get onto the corporate network through our computer. In many cases, workers also use their own (personal) computers to access corporate resources. In these cases, the company must require that they install the same security solutions on these computers, or ask them to not use their own computers for corporate tasks. Otherwise, they could be jeopardising the company’s assets without even realising.

2. The connection between the computer and the corporate network must be secured by a VPN (Virtual Private Network) at all times. This is a private network that allows you to create a secure local network without the need for its integrants to be physically connected to each other. This also allows them to remotely use their office’s servers’ data tunnels.

3. Passwords used to access corporate services, and those we use in general, must be complex and difficult to decipher in order to avoid being found out. Unsurprisingly, to certify that the connection is being requested by the right user, and it is not an attempt at identity fraud, it is important to make use of multi-factor authentication (MFA). Thanks to this double certification system for user access to company services, we can more effectively protect access to the VPN, to employee logins for corporate portals and resources to, to cloud applications. It will even help us to comply with data protection requirements.

4. Firewall systems , whether virtual or physical, have proven to be the first line of defense in corporate network security. These systems monitor incoming and outgoing traffic, and decide whether to block or allow specific traffic based on a set of previously defined security logics. These systems are therefore basic elements in protecting the corporate network, more so if we consider the extra traffic that telecommuting generates to establish a barrier between secure, controled and trusted internal networks and less trustworthy external networks.

5. Monitoring services for networks, applications and users, and services to respond to and remedy the setbacks that may arise, are totally necessary to monitor and ensure business continuity when working remotely. It is important to prepare them for the volume that these will have to support over the coming days. Because this increase in remote work can also put an extra burden on network monitoring tools, or detection and response services, since they will now find a greater number of devices and processes to be monitored. One of the resources that must be monitored with special attention are documents that contain sensitive or confidential information. For this, you need to have a tool capable of auditing and monitoring unstructured personal data on computers: from data at rest to data in use, and data in motion. This way your company’s data will be protected, wherever it is.

Good teleworking habits
In addition to the dangers to the company network, having employees work outside of the office can also be challenging in terms of security hygiene tasks.

For starters, many employees will use USB drives to take data out of the office, increasing the possibility of loss of sensitive information due to the distribution of information, and even the loss of these devices. What’s more, the situation may make it more likely for employees to take steps such as sending documents containing company data to their personal emails to make working at home easier. In these cases, the protections on these email addresses may be weaker than for corporate email addresses.

With this expanded attack surface, and with employees outside the corporate network, the most important thing is to exercise caution. The first thing is to educate employees about the risks of teleworking, as well as the restrictions on the use of the devices they use while working remotely. They mustn’t visit suspicious websites or open emails – and especially attachments from unknown senders to avoid falling for phishing techniques.

Because, apart from the risks that the rise of teleworking can pose, cyber criminals have also taken advantage of the health crisis to carry out phishing campaigns. Since January, bad actors have been sending coronavirus-themed emails to try to trick users into downloading malware. Some of these emails impersonate public institutions sending information about the virus; others are designed to look like purchase orders for face masks to get employees to send money to the cyber criminal. There have also been cases that promise information about company policy regarding teleworking to try to steal credentials.

This increase in teleworking due to exceptional circumstances is, for many reasons, going to be a difficult test for many companies. In no area is this more true than cyber security. Take advantage of all the resources that technology can provide your company to ensure reliable, stable and calm telework.

If you have any questions around this blog, or want to discuss cyber security when working from home, please don't hesitate to get in touch with us via phone or email!

Coronavirus, Self-Isolation and Work From Home Security

support@eazi-sites.com (Eazi Business) — Fri, 20 Mar 2020 14:10:40 GMT

As governments across the world struggle to contain the COVID-19 virus, businesses are being asked to allow their employees to work from home. For many people this will be the first time they have ever been able to work remotely – which could cause some serious IT security headaches for their employers.

Cyber criminals are aware of the rush – and the potential for mistakes that could let them break in. Which means you have a part to play in protecting your employer. Here’s a few tips to get you started.

Email malware is set to increase
Email is already essential for business communications. For many remote workers it will become the primary way by which they share information with colleagues.

In the coming weeks you should expect to see an uptick in fraudulent emails. Many will have malware attached, waiting to infect your computer. Some will be subtle phishing messages, designed to steal your passwords and other sensitive information.

Malware is particularly dangerous for home workers as most people will be using their own (personal) computers. These machines will not have the same security safeguards as the one they use in the office, making them less secure. If your home PC is compromised, hackers can use them to attack your company network from the inside.

You can do your part to prevent malware problems by learning to spot the signs of a fraudulent email. You should also ensure that you have an effective anti-virus installed on your computer – talk to us about sufficient protection today.

Social engineering attacks
Because the rush to adopt remote working has been so rushed, many employees will not have been properly trained in the usual protocols and procedures that protect the business. This makes them more vulnerable to social engineering attacks.

Social engineering is very low-tech – and very effective. Typically a scammer will make contact by phone or email, pretending to be a colleague, like an IT helpdesk operator. They will then ask for sensitive information, like login credentials which allow them to break into the company network.

You should always take a moment to think whenever someone asks you for sensitive information. No matter how much the caller tries to pressure you, if you are in any doubt, do not give them the details. Your employer would rather you play it safe and create a delay than give cyber criminals easy access to company resources.

Take it slow
Getting used to remote working may take a little longer than expected. You are effectively on your own, doing many of the IT security tasks that are normally handled by the IT department. In these unusual circumstances it will take you a while to achieve maximum productivity.

In the meantime you must ensure that you are working as safely as possible. If you have any questions on keeping yourself cyber secure while working from home, get in touch with us today, we'll be happy to help.

Keep an eye on the JC Cyber Security blog for more tips and tricks in the coming weeks. We are in unprecedented times, but by working together - we can get through this! Remeber to stay safe both physically and digitally.

Protect Your Business from the 'Trickbot' Banking Trojan

support@eazi-sites.com (Eazi Business) — Mon, 02 Mar 2020 11:44:22 GMT

What is Trickbot?

Trickbot is an established banking trojan used in cyber attacks against businesses and individuals in the UK and overseas. Trickbot attacks are designed to access online accounts, including bank accounts, in order to obtain personally identifiable information (PII). Criminals use PII to commit identity fraud.

In some cases, Trickbot is used to infiltrate a network. Once inside it can be used to deploy other malware, including ransomware and post-exploitation toolkits.

Trickbot targets victims with well-crafted phishing emails, designed to appear as though sent from trusted commercial or government brands. These emails will often contain an attachment (or link to an attachment) which victims are instructed to open, leading to their machine being exploited.

What can Trickbot do?

Trickbot can download new capabilities onto a victim’s device (as well as updating those it has already deployed) without interaction from the victim.

Trickbot can:

steal sensitive information, including banking login details and memorable information
gather detailed information about infected devices and networks
steal saved online account passwords, cookies and web history
steal login credentials for infected devices, including domain credentials
connect infected devices to malicious, criminally-controlled networks over the internet, giving criminals full control of them
spread across a victim’s network by infecting other devices, including those on trusted domains (known as lateral movement), often using SMB shares
download further malicious files such as Remote Access Tools, VNC clients and ransomware

Dealing with a possible Trickbot infection

Victims of Trickbot have observed a number of malicious activities, including:

unauthorised access attempts to online accounts
successful, fraudulent bank transfer activity
unauthorised changes to their network infrastructure

To protect business and personal banking facilities (including where employees have accessed personal banking from work devices) you should:

consider changing passwords and memorable information for any corporate, business or personal internet banking facilities (or other online resources) accessed from the infected network
review bank and credit card statements for suspicious activity, and report any findings to your bank
advise any employees who have accessed online banking facilities from the affected network to do likewise

If you (or your employees) have been the victim of fraud, report it to Action Fraud .

Protective action to take now

Run a full scan on all devices using up-to-date antivirus software. This should detect and remove any Trickbot infection.

Mitigations

Use the latest supported versions of operating systems and software, apply security patches promptly, use antivirus and scan regularly to guard against known malware threats.
Keep antivirus software up to date, and consider the use of a cloud-backed antivirus product that can benefit from the improved threat intelligence and advanced analysis which large scale operations bring. Ensure that antivirus software is capable of scanning MS Office macros.
Make sure important data is stored in an offline backup, to reduce the impact of ransomware.
Use multi-factor authentication (MFA), also known as two-step verification or 2-factor authentication (2FA).
Prevent and detect lateral movement in your enterprise networks.
Implement architectural controls for network segregation. This would help mitigate the exposure of the SMB issues described above.
Set up a security monitoring capability so you can collect the data needed to analyse network intrusions.
If supported by your operating environment, consider whitelisting permitted applications. This will help prevent malicious applications from running.

Regularly Test Your Systems

It is important to regularly test your systems and stay one step ahead of the attacker. Find out how we can help you by booking a FREE Cyber Clinic and receive a no obligation quote from our cyber experts.

Book a Free Cyber Clinic today to see how we can defend your business.

71% of ransomware attacks target SMEs

support@eazi-sites.com (Eazi Business) — Mon, 24 Feb 2020 08:22:46 GMT

Cyber crime is an undeniable constant in the business landscape these days. The cost of cyber crime is constantly rising—it is estimated that by 2021, it will have reached £5.2 trillion. Cyber attacks on large companies tend to grab headlines all around the world because of their spectacular impact. However, there is one sector that, though it doesn’t normally generate headlines when it suffers a cyber attack: SMEs.

SMEs: the main victims of cyber criminals

According to a report published by Google last year, SMEs—which make up 99% of the United Kingdom’s business fabric—are the main target of cyber crime. In 2018, the period analyzed in the report, this kind of business suffered 102,414 cyber attacks. One of the main reasons for this is the fact that most of these companies don’t think they are an attractive target for cyber criminals. This statistic is the reason that almost 3 million companies are poorly protected, or completely unprotected, against cyber attacks.

When we consider the repercussions for an SME of a cyber incident, this attitude to cyber security may even seem reckless. According to the report, the average cost of a cyber attack for an SME is £29,700. More worrying still is the fact that 60% of SMEs are forced to close down six months after being targeted by a cyber attack.

SME cyber security problems

As well as believing themselves to be immune to cyber attacks, or simply showing a lack of interest, may SMEs have other habits that can endanger their IT security. Only 36% of the companies surveyed use security protocols such as two-factor authentication, while just 14% regularly update their passwords. Just 21% of SMEs regularly create backups. This last measure is a vital part of the protocols needed to recover from a ransomware attack.

A global problem

The cyber security problems in SMEs aren’t limited just to the UK; all over the world, this business sector has to deal with cyber security issues. According to Beazley Breach Response Services, 71% of ransomware attacks target SMEs. The average ransom demand for this kind of attack is £90,000.

In more general terms, 43% of all cyber attacks target this kind of company, while just 14% of these businesses are prepared to defend against their effects.

Awareness: an essential tool

In the business world, cyber security awareness is the main challenge; employees’ actions are often the first line of defense against a cyber attack To ensure that a cyber incident doesn’t cause serious damage to a company, it is important that its employees follow a series of vital tips:

Never open attachments from unknown senders. 92% of the malware in the world arrives via email.
Don’t plug in an unknown USB device. It may contain malware that could cause grave problems for the company.
Get into the habit of updating passwords. This way, even if a password is leaked in a data breach, it won’t become a security risk.
Update the system. Updates for the system and for third party applications are an important barrier against security breaches.

Cyber security solutions: an essential tool

In line with the data discovered in these studies, we can conclude by stating that cyber security measures are vital in all kinds of organisations, whether they are small, medium or large enterprises. This is why it is necessary to strengthen our company’s defenses in order to stop a cyber attack from paralysing our economic activity, or even bring about its end.

Using the right tools for each company is a must to keep computers safe. A defense method capable of protecting against malware of all kinds, even before it can attack, is indispensable. Solutions such as Adaptive Defense, which integrates endpoint protection and endpoint detection and response (EDR) capacities with the 100% Attestation Service. All of this is provided via a single, lightweight agent, and facilitates risk and security alert management in your company. Our advanced cyber security solution provides a detailed overview of all activities on every endpoint, total control of running processes, and reduction of the attack surface. This way, your system is secured against attacks originating both inside and outside the company.

Adaptive Defense is one of the many solutions offered in The Protection Plan .

Book a Free Cyber Clinic today to see how we can defend your business.

Critical Bug in WordPress Plugin Opens 200,000 Sites to Hackers

support@eazi-sites.com (Eazi Business) — Tue, 18 Feb 2020 08:13:30 GMT

Many of us know of and probably use WordPress and we all know about the ease of installing any plugin you like to add extra functionality to your website. However, WordPress also offer theme plugins to allow you to change the style of your website. A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs.

The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development company ThemeGrill.

ThemeGrill Demo Importer plugin has been designed to allow WordPress site admins to import demonstration content, widgets, and settings from ThemeGrill, making it easier for them to quickly customize the theme.

What could an attacker do?

When a ThemeGrill theme is installed and activated, the affected plugin executes some functions with administrative privileges without checking whether the user running the code is authenticated and is an admin.

The flaw could eventually allow unauthenticated remote attackers to wipe the entire database of targeted websites to its default state, after which they will also be automatically logged in as an administrator, allowing them to take complete control over the sites.

Here we see, in the screenshot above, that there is no authentication check, and only the do_reset_wordpress parameter needs to be present in the URL on any 'admin' based page of WordPress, including /wp-admin/admin-ajax.php.

This vulnerability affects ThemeGrill Demo Importer plugin version 1.3.4 up to 1.6.1, all released in the last 3 years.

This is a serious vulnerability and can cause a significant amount of damage. Since it requires no suspicious-looking payload, it is not expected for any firewall to block this by default, and a special rule needs to be created to block this vulnerability.

What happens now?

This vulnerability was responsibly reported to ThemeGrill developers, who then released a patched version 1.6.2 yesterday. Please check to see if this patch is available and install it as soon as possible.

The WordPress Dashboard automatically notifies administrators when a plugin needs to be updated, but we recommend that you choose to have plugin updates automatically installed instead of waiting for manual action.

A BEC scam leads to a healthcare data breach

support@eazi-sites.com (Eazi Business) — Mon, 17 Feb 2020 17:13:28 GMT

BEC (Business Email Compromise) scams are an ever present problem in the business world. This scam consists of impersonating someone important within an organisation’s structure in order to trick an employee into making a fraudulent bank transfer. According to the Financial Crimes Enforcement Network (FinCEN), these scams generate around £232 million every month , or £2.7 billion every year .

While this kind of scam generally aims to steal money, we have also seen cases where cyber criminals have other ends in mind. The latest such case was in New York.

A medical center in New York: victim of a BEC scam

On December 30, 2019, a medical center in New York City reported that it had suffered a BEC attack. The victim, who works in the VillageCare Rehabilitation and Nursing Center (VCRN), received an email that seemed to come from a senior staff member at the institution requesting information about VCRN patients.

According to the Notice of Data Privacy Incident statement published on the center’s website, “The unauthorised actor requested certain information related to VCRN patients. Believing the request to be legitimate, the employee provided the information.”

Thanks to this ruse, the attacker exfiltrated information on 674 patients, including names and surnames; dates of birth; and medical insurance information, including the name of the provider and ID number.

VCRN explains that, “Once it became apparent that the email received by the employee was not a legitimate request, we immediately launched an investigation with the assistance of third-party forensic specialists to determine the full scope of this event.”

The medical center has stated that it is unaware of any of the patient information having been used in any malicious activity since the incident. The VCRN has said that it intends to carry out a review of its cyber security.

The center has taken measures to inform the patients that have potentially been affected, and has advised them “to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution.”

Healthcare: a sector vulnerable to data breaches

Healthcare is one of the sectors that suffers most when dealing with the consequences of a data breach. According to the Ponemon Cost of a Data Breach Report, healthcare is the sector with the highest data breach costs: an average of £4.95 million per breach . What’s more, the cost per file in a healthcare sector breach is also the highest: £330 per files , 60% higher than the average cost.

In the sector, the consequences of a data breach also go beyond the financial aspect: abnormal customer turnover in healthcare after an incident of this kind is also the highest of any sector: 7% of customers are lost .

It is possible to protect yourself against BEC scams

As we’ve seen, BEC scams can have serious repercussions for a company falls victim to one, even if no money is stolen. As well as financial loss or information theft, a cyber attack of this type can have a negative impact on an organisation’s reputation.

The most important thing to protect against BEC scams is to have a zero-trust stance. This means not trusting any emails that seem out of the ordinary. If you have even the slightest doubt about the legitimacy of anything, don’t open it, don’t reply, and don’t open any attachments.

Even though the final phase of a BEC scam is an act of social engineering, malware is often employed in the attack as well. The messages must seem to come from trusted email addresses; for this reason, cyber attackers use spyware to steal credentials. This information is then used to create emails that are believable both in form and content, which can convince the victims that the request is legitimate.

This use of spyware or other kinds of malware means that it is vital to use an advanced cyber security solution. Adaptive Defense constantly monitors all activity on the network. This way, you can be sure that neither spyware nor any other kind of advanced threat will endanger your organisation.

BEC scams are a trend that is showing no signs of slowing down. What’s more, cyber criminals are finding ever more innovative ways to keep compromising the systems of organisations all over the world. Make sure your company isn’t the next victim.

It is important to test your systems

Even if you have the most advanced cyber security solutions in place, hackers will always find a way to get in. We can stay on top of this by regularly testing your systems to ensure vulnerabilities are discovered and patched. We can also perform BEC attacks against your business to see if your staff can spot unwanted emails.

Book a Free Cyber Clinic today to see how we can test your systems and Defend Your Business.

Mac Malware Becomes More Common – Are You A Victim?

support@eazi-sites.com (Eazi Business) — Mon, 17 Feb 2020 16:51:34 GMT

Behind the fancy interface and icons, the MacOS operating system which powers Apple computers is significantly different to alternatives like Microsoft Windows. The system has been built from the ground up to increase security and protect users.

This design has been incredibly successful, allowing Apple to create the impression that iMacs and MacBooks are invulnerable, that hackers cannot break into their machines. However, iMacs and MacBooks are only as secure as the person using it and it is still quite common for people to leave their Mac unprotected by not installing anti-malware software.

But as Mac computers have become more popular, cyber criminals are devoting more time and attention to developing malware to target them. And many people are simply unaware of the risks they face.

Introducing the Shlayer trojan

Most will never have heard of the Shlayer trojan for instance – despite the fact that it has been attacking Mac computers since 2018. Researchers believe that around 10% of all Macs – millions of computers – have been targeted by the malware over the last two years.

The trojan spreads using website pop-ups, usually advising users to download an Adobe Flash Player update to access video content. The malware installer walks the victim through the process of installing the application before downloading additional malicious content itself.

Once installed, Shlayer hijacks the Safari browser to display targeted ads as the user surfs the web. The scammers are paid by advertising networks for every ad – a scam that may be worth millions of pounds every year.

This may not be the most damaging form of malware – but it’s very, very annoying. It also defrauds the companies paying for ads.

A warning for Mac users

Shlayer tells us two things. First, Apple computers can be – and are – infected with malware. There are security weaknesses in the operating system and cybercriminals are exploiting them.

Second, although Shlayer is relatively harmless, other hackers will inevitably use the same techniques for more malicious activities. Expect to see Mac malware becoming more dangerous, stealing passwords and identities and sensitive data.

Time to protect yourself

While Shlayer has been quietly infecting machines since 2018, tools to protect Apple computers have been in existence for much longer. Take The Protection Plan for Mac for instance, which provides comprehensive defence against malware and all types of computer viruses.

As with any anti-malware toolkit, our Protection Plan works best when installed before infection. The good news it’s not too late – we can still detect and remove Shlayer infections from your computer.

We fully expect to see new examples of Mac malware appearing in the near future – so it’s time to protect yourself now.

Defend your business with The Protection Plan. Book a Free Cyber Clinic Today.

Access data of 515,000 servers and IoT devices leaked online: Remote control via Telnet possible

support@eazi-sites.com (Eazi Business) — Tue, 11 Feb 2020 21:08:15 GMT

Cyber criminals have published the access data and IP addresses of over 515,000 servers, routers and IoT devices on a hacker forum. This data can be used to control vulnerable devices using the remote maintenance service Telnet. This could allow attackers to connect to the devices, install malware and use it for their own benefit, for example to set up a botnet for Distributed-Denial-of-Service (DDoS) attacks. In a DDoS attack, a targeted system and its Internet services become unusable due to a deliberately induced overload. In practice this means massive interruptions of all internet-based services and devices, resulting in immense costs. In many cases, such devices even become irreversibly unusable.

Where does the data come from?

According to a report on ZDnet, the data comes from a provider of DDoS services. On the forum, the hacker reported that he had automatically scanned the entire network for devices with open Telnet access. Then he started to experiment with default passwords or easy-to-guess combinations. He collected the extensive list of access data—a so called bot list—and published it. In the past, comparable collections have been used for large-scale attacks and to spread malware. For example, in June last year, the malware Silex destroyed 2,000 IoT devices in just a few hours. Brickerbot destroyed around two million devices in 2017. To do this, the malware logged into the infected IoT devices with standard access data and overwrote disks and partitions with random data. Silex also deletes the firewall settings, removes the network configuration and then switches off the device, rendering the IoT devices are unusable.

Protection Plan customers are protected

As a customer of our Protection Plan , with the soltion Adaptive Defense 360 you have nothing to worry about. Adaptive Defense 360 ensures the security of all endpoints on your corporate network by using advanced technologies and self-teaching systems. In order to prevent malicious processes, all data is centrally monitored in real time and classified 100%. This is how anomalies get noticed and attacks that attempt to install malware via an IoT device will be stopped before any malicious activities can occur.

Defend your business with The Protection Plan. Book a Free Cyber Clinic Today.

Why Are People Worried About Huawei?

support@eazi-sites.com (Eazi Business) — Mon, 10 Feb 2020 07:00:39 GMT

The UK government was the centre of a storm of criticism surrounding plans for the country’s new 5G mobile network. Although the new network is desperately needed, experts are concerned about the decision to include Huawei technology.

What’s the problem with Huawei?

In China, successful companies tend to be very closely aligned with the government. This means that they agree to operate according to very strict rules – and to share information if requested.

Information sharing is absolutely vital to the way that the Chinese population is monitored and controlled. And tech companies like Huawei play a role in making state surveillance possible.

As the relationship between Huawei’s senior management and the Chinese government has become clearer, many governments have voiced concerns. If Huawei technology is used to spy on Chinese citizens, it could also be used to spy on foreign countries too.

An unusual decision

These concerns make the UK’s decision to permit Huawei technology in the construction of critical national infrastructure all the more unusual. The USA and Australia have already banned the Chinese supplier from their own projects and others are expected to follow their lead.

The UK believe they have controlled any risk of espionage by limiting Huawei to supplying equipment at ‘the edge’ of the network. They will not be allowed to assist with the construction of the ‘core’.

What does this mean? The core of the network is where the most sensitive data and communications are transmitted; if a foreign government could access the core they could spy on communications – or even disrupt the network entirely.

The edge describes equipment like the wireless transmitters that connect our mobile phones to the network. Although important, there is less risk of government data being stolen, or the network being taken offline.

By allowing Huawei to supply equipment, the UK hopes to lower the overall cost of building the new 5G network. And by limiting Huawei to the edge, they hope to contain potential risk.

But there are two problems. First, the UK does not fully understand the potential risks posed by allowing equipment that may have been compromised into the network. With a backdoor into the network, state-sponsored hackers could still work to take control of the core.

Second, government data may be protected, but our personal data still passes through the edge. It is possible that ordinary peoples’ information is stolen and misused as a result of Huawei’s involvement.

Even if the worst case scenario never happens, the UK’s decision to invite a hostile foreign player into their secure systems is a cyber security lesson for us all. As you use your PC or mobile device, think carefully about who you are inviting in. Every password you share or app you download opens a door that could be used by a hacker. It is always safest to block access whenever you have the chance.

The Hotel Hijackers

support@eazi-sites.com (Eazi Business) — Fri, 17 Jan 2020 18:40:07 GMT

After all these years we’ve been in cyber security, there is one thing we know for sure: a cyber-criminal’s main motivation is always money. That’s why the hackers use Trojans to get the confidential data: the always-multiplying, information-stealing bugs that infect our computers and devices. One example of this is CryptoLocker, a popular attack that uses ransomware to encrypt important information then forces the victim to pay a ransom to get it back. Over time, we’ve witnessed both the “classic” malware and the new attacks that are devised specifically for each victim, and how companies are dealing with these attacks. Most recently, these cyber-criminals have been going after hotel chains.

Why Hotels?

Hackers see hotels as juicy business. When a phisher considers a hotel, they are thinking of how they can “fish” from the millions of rooms, used by millions of customers, which generates millions of pounds. From booking a room to the payments made at shops and restaurants, hotel chains have complex networks that save enormous amounts of sensitive and private data, just waiting to be compromised. If you stayed at a hotel recently, you might want to double-check your credit card statements…

A Promised History

Most of the hotels, regardless of size, have been victims of cyber-crimes. Cyber-criminals also have their eyes set on companies that provide services for the hotels.

Some Examples…

White Lodging manages a number of well-known hotels like the Hilton, Marriott, Hyatt, Sheraton, and Westin hotels. Although they are more of a hotel management company than a hotel chain, they were still victims of a big cyber-attack. Customer credit card and debit card information was compromised from fourteen of their hotels. A while later, they suffered another attack, this time hitting ten hotels (some of them were also victims of the previous attack). The hackers came back for more: stealing data from credit cards like customer names, numbers, security codes, and expiration dates. This affected 24 hotels.

The luxurious Mandarin Oriental was attacked too. Malware infected POS (Point-of-Sale) terminals from some of the group’s hotels in Europe and America. The malware was specially designed and directed towards these type of machine systems, allowing them to steal credit card information.

One of the biggest cyber-attacks in hotel history. The Hyatt hotel chain confirmed that a press release resulted in infected point-of-sale terminals from 249 hotels of their hotels in 54 countries. Their POS terminals were infected, and all customer credit card information was stolen.

This is not a fantasy

There is real economic interest behind these attacks and curiosity about remaining unknown. The hotel sector has become one of the main targets for cyber-criminal gangs. Along with motivation, there is malware that is designed specifically to scrape important credit card information from the POS systems, making it clear that these hackers won’t be going away anytime soon. This alarming situation not only affects the sector economically, but it endangers their reputation, causes panic among their customers and destabilises the business.

We must be alert

Malware that infects point-of-sale terminals to steal credit card data, and targeted attacks against hotel systems to steal confidential data, are two examples of what can happen during a cyber-attack. These kinds of attacks have severe repercussions to a hotel’s finances and reputation. Hotels need to reinforce security on their network, devices and systems, and know how to choose the right protection system for their business. Not any protection system will work for this sector, because not all of them offer the same level of security, and not all of them can protect in any digital ecosystem or business environment.

The Solution

To protect against advanced threats and targeted attacks, we need to have a system that guarantees Data Confidentiality, Privacy of Information and Business Reputation, and Legacy.

JC Cyber Security’s Protection Plan offers first and only cyber security service that combines the most effective traditional anti-virus and the latest advanced protection with the capability of classifying all executed processes.

Packages on offer can detect malware and strange behaviours that other protection services cannot because it classifies all running and executed processes.

Thanks to that, it can ensure protection against known malware and advanced Zero-Day Threats, Advanced Persistent Threats and Direct Attacks.

We are able to oversee everything that takes place on the network: timeline of threats, flow of information, how the active processes behave, how the malware entered the system, where it is going, who intended to do what and how they got that information and more!

Protect your business and customers now, talk to us about The Protection Plan.

What is Cyber Security?

support@eazi-sites.com (Eazi Business) — Fri, 17 Jan 2020 18:25:16 GMT

Cyber threats are constantly evolving and unfortunately there is no way to avoid them. But there is a way to protect you and your business against them. In today’s online landscape, attacks are becoming more prevalent and sophisticated. As days go by, more and more people willingly share their information online. With that in mind, it is simple to see why understanding cyber security and having a plan in place is vital if you want to keep your business and customers safe for the foreseeable future.

What Is Cyber Security?

Cyber security is a subcategory of information security – specifically focusing on protecting computer systems and their components. This includes hardware, software, data and digital infrastructure. What are we protecting them from? They are protected from attack, unauthorised access, or being otherwise damaged or made inaccessible. Data centres, websites, programmes, servers, end user devices, or accounts can all be exploited through a ‘cyber-attack’.

In recent years, cyber security has come under intense media scrutiny due to the rapid development of cyber risks in both size and number, and the degree of impact on individuals, governments and organisations. Most well-informed organisations now consider cyber security a critical business issue.

In short, cyber security is the act of safeguarding and defending your business and customer from cyber-attacks.

Why Is Cyber Security So Important?

While cyber security is important for individuals, it is crucial for businesses of any size. In addition to confidential company information, business deal with sensitive customer data, including credit card information, addresses, phone numbers and a wide range of other sensitive information. Many customers freely give you their information in exchange for goods and services. Often this is done with little thought as to how securely you are safeguarding their information. All may seem very well, until you suffer a cyber breach.

Even though your customers may be quick to trust you, they’re even quicker to take business elsewhere when something goes wrong. Customer trust is fragile, and there is no quicker way to lose that trust than to let their sensitive data get into the wrong hands. Data breaches are expensive not just in lost business but also in a very immediate monetary sense. In fact, according to the “2019 Cost of Data Breach Report” from Ponemon Institute and IBM Security, the global average cost of a data breach has grown by 12 percent in the last five years to $3.92 million.

When a cyber breach or attack occurs, the time of proactiveness has passed. Without a cyber security plan in place, businesses leave themselves vulnerable to hackers that thrive on sensitive information. If you haven’t considered, or revisited your cyber security systems or processes, now is the time. Do not neglect your security; become proactive towards cyber security and be prepared before a cyber breach or attack is performed against you.

What Are the Elements of Cyber Security?

Cyber security is made up of people, processes and technology. All three are vital in order to have an effective and proactive cyber security program. Sufficient cyber security in today’s environment also necessitates a holistic approach. This holistic approach to cyber security is proactive instead of reactive, and it includes incident response and remediation, prevention and detection. Visibility is also key.

Superior cyber security technology and tools are of little importance if you don’t have the right processes in place or the right people overseeing those processes. Without a doubt, cyber security is a specialised effort. Hunting for and mitigating threats is only possible with focus and the right people, technology and processes all working together.

What Types of Cyber Security Threats Should You Be Aware Of?

Cyber security threats are becoming more advanced. From the zero-day vulnerability attacks to WannaCry ransomware that hit the NHS, these threats pose a significant risk, both to businesses and their customers. Unfortunately, there are several avenues of unauthorized access cyber criminals can take advantage of. Here are a few of the more common types of cyber security attacks to be aware of:

 Malware (including ransomware, spyware, worms, viruses and adware)

 Phishing Emails

 Rootkits

 SQL injections

 Zero-day exploits

 Man-in-the-middle attacks

 Denial-of-service attacks

How Does JC Cyber Security Services Help You with Cyber Security?

While it is physically and technically impossible to fully prevent all security threats, there are many ways to mitigate risk and improve your security posture. JC Cyber Security pride ourselves on valued customer service, taking the worry of cyber security away from you and your business. Through our Protection Plan we can do this. We ensure you have the correct cover, documentation, protections, and processes to be able to defend you against cyber-attacks. Additionally, we work tirelessly to uncover new threats and provide guidance and expert opinions through blogs, whitepapers, webinars and seminars to help you say on top of pressing cyber security dangers.

The time to address cyber security is now, and JC Cyber Security Services are here to help.