ICYMI: Skills gap? Mirai; GDPR; £14.5m centre; ApplePay vulnerable

News by SC Staff

In Case You Missed It: Skills gap real? Mirai hits DT; GDPR ignored; £14.5m cyber-centre; ApplePay vulnerable to two threats

Is there really a cyber-skills gap or is it just a marketing ploy to sell certs?

As the government heavily invests in supplying enough staff into the cyber-security industry to keep everyone safe, one question remains: are we trying to solve the wrong problem?

It's a well-rehearsed idea in the cyber-security industry that there is an escalating skills shortage that will do everything from harm companies as they will lack the manpower to protect themselves from cyber-attacks, and damage the economy on a national level due to larger companies suffering at the hands of increased cyber-warfare.

It is for this reason that the Department for Culture, Media and Sport (DCMS) yesterday launched a new initiative to encourage teenagers to register their interest in taking part in a new cyber-security schools programme.

The initiative will see thousands of the best and brightest young minds given the opportunity to learn cutting-edge cyber-security skills alongside their secondary school studies through a nationwide network of extracurricular clubs, activities and a new online game, according to a release from the DCMS.

Up to £20 million has been made available to deliver the programme..



Mirai Botmaster behind Deutsche Telekom router hijack pleads guilty

A 29-year-old hacker has plead guilty in German court to an attack last year which downed internet service all across the country.

A Mirai botmaster has plead guilty in a German court on July 21. The 29-year-old hacker, calling himself “BestBuy” or “Popopret”, admitted to the hijack of 900,000 Deutsche Telekom (DT) customers last year as well as a similar attack a short while later on over 100,000 British routers. He will be sentenced on July 28 and is currently facing up to ten years in prison.

The incident was an attempt by BestBuy to to add to his botnet, by deploying a variant of Mirai malware on the hundreds of thousands of routers.

BestBuy was arrested in London toward the end of February after an international arrest warrant was issued by the Cologne police.

The hacker used a variant of Mirai to build his botnet which he would rent out to bidders.



Majority of UK boards neglecting GDPR while retail suffers breaches

Companies are likely to be closed down by swinging EU penalty fines next year given the failure of the C-Suite to prepare for GDPR despite rising breaches in the retail sector.

Sixty-nine percent of board-level executives are neglecting to ensure the UK businesses they run will comply with the incoming General Data Protection Regulation (GDPR), according to new research from cloud solution provider Calligo.

The findings show only 31 percent of respondents said they had governance sponsorship for GDPR at board level, and just nine percent said their compliance departments were giving them full support.  



£14.5 m cyber-security technology innovation centre plans announced

The UK Department for Digital, Culture, Media & Sport is to spend £14.5 million over three years on an innovation centre to foster the next of generation of cyber-security technology.

Today the UK Department for Digital, Culture, Media & Sport  announced an invitation to tender in a competition to develop and design a £14.5 million innovation centre to foster the next of generation of cyber-security technology.

The investment will be made over the next three years to bolster the UK's cyber security defences. It will bring together large firms to work with innovative startups and industry experts to develop the new technologies businesses will need to protect themselves. The aim is for the startups to be able to access access expert technical mentoring, business support and advice as well as securing crucial investment to help them to grow in their early stages.



BlackHat: security researcher says ApplePay vulnerable to two separate attacks

Positive Technologies' Timur Yunusov says ApplePay's security measures mean that on paper it appears to have the perfect defence. But that's not case.

Two separate attacks which can be used against ApplePay, Apple's mobile payment system have been found by a senior researcher at security firm Positive Technologies.

Announced in a session at Blackhat USA 2017, the company said in a release that, while one will require a jailbroken device, the other does not.

The attack which can be performed against any device is carried out by intercepting and/or manipulating SSL transaction traffic, and allows attackers to replay or tamper with transaction data: change the amount or currency being paid, or change the delivery details for the goods being ordered. This can be done without any sophisticated equipment or skills says the researcher.



Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews