News Briefs January-February 2015
Illustration of Ring of Fire
»Radware's Global application and security report, Ring of Fire, shows that the likelihood of attack (highest at the centre) has increased for all categories except finance – which Radware regional director UK & Ireland, Adrian Crawley, noted to SC, has invested heavily in defence in recent years – though Sarb Sembhi, director of Storm Guidance suggested this may also be due to a ‘glut' of financial details in the market pushing down their value.
Attacks are larger and longer lasting, using a mix of vectors, with some organisations under constant attack. The growth is both in volumetric attacks and application attacks – 50:50. Application and reflection techniques are pushing DDoS attacks up to 100GB and beyond. They are also dynamic. One retailer blocked all traffic from Russia, and the attackers switched location on the fly to China.
The attack was launched by the ‘Guardians of Peace' (GOP) group who threatened to expose the company's ‘top secret data' if their demands were not met.
SPE subsequently hired FireEye's Mandiant forensics team to clean up the damage from the attack which the US Federal Bureau of Investigation (FBI) has been investigating.
North Korea was suspected as being behind the move - although it has denied it, and some security experts agree. In one of the biggest data breaches in recent times, five films including one unreleased, were leaked onto file-sharing websites, while thousands of employee records were also compromised.
SPE was then reported to be launching distributed denial of service (DDoS)-type attacks on websites containing its stolen data. A report on US website Re/code said it was using hundreds of computers in Asia to execute the attacks via Amazon's Web Services (AWS) cloud computing unit.
If Sony is responsible, it is apparently using a method of restricted access to “make the website crawl.” Tony Reeves, IT security expert at PA Consulting Group, told SCMagazineUK “Instead of bombarding the address, it is a slow trickle attack on it. A crawling attack makes it awkward to access the information: it chews up bandwidth but doesn't deny it.”
Hackers GOP have since demanded a halt to the release of ‘The Interview' - a comedy film which features a plot by the CIA to assassinate North Korea's leader Kim Jong-un.
»ATMs and electronic ticketing machines are facing further hacks as fraudsters focus on inadequately defended environments.
European cyber-criminals have created new ‘Daredevil' malware that explicitly targets electronic ticketing machines and kiosks such as those found in train stations.
And in another leap by the bad guys, users of European bank ATM machines are being hit by a new, almost invisible ‘wiretapping' device which eavesdrops on the customer's cash transaction.
»CESG, the information security arm of GCHQ, launched - in partnership with APM group – the CESG Certified Training (CCT) scheme late last year giving the CESG stamp of approval to 12 cyber-security training courses and eight training bodies.
These courses range from digital forensics to the recruitment of the appropriate cyber-security staff, and are open to individuals and companies (acting on behalf of their employees).
Chris Ensor, deputy director for the National Technical Authority at CESG, explained to SCMagazineUK at the time that the course is part of the wider National Cyber Security Programme Objective 4: Building the UK's cyber security knowledge, skills and capability.
Ensor told SC that a primary purpose is for those in the industry seeking to improve or demonstrate their skill level to have independent criteria to help them navigate through the cyber-security training landscape and choose from the options available.
»Symantec revealed the discovery of Regin customisable malware – said to be more advanced than Stuxnet – which has been observing and stealing data from governments, telcos, energy companies and SMEs since 2008.
Most interestingly however, the firm said that the malware ‘bears the hallmarks of a state-sponsored operator' – a comment which was followed up by Dutch IT firm Fox-IT suggesting it was likely to be the work of NSA/GCHQ. Targets included Russia, Saudi Arabia, Ireland, Belgium and Austria.
However, Fox-IT - and various other security firms- have since faced criticism in other quarters for not disclosing details on the malware earlier, having known about it for many years. Fox-IT has faced tough questioning in particular following an interview with Mashable, where the CEO said the firm didn't want to “interfere with NSA/GCHQ operations.”
»KPMG released a surprising report which revealed the real problems UK businesses are having in terms of recruiting the right staff – in so far as almost half are considering hiring former hackers or those with a criminal record.
Surveying 300 senior IT and HR professionals in organisations employing 500 or more staff, the consultancy found that three in four of these (74 percent) believe that new cyber-challenges will require new skills, with 64 percent admitting that these skills are different to those offered by conventional IT.
Skills shortages were most keenly felt in data protection and privacy (70 percent of firms admit they lack expertise in these areas), while almost half (57 percent) admitting concern at holding onto those with specialised skills.
Most interestingly, 53 percent said that they would consider hiring a hacker or someone with a criminal record – something which did not go down well with leading experts.