Category Archives: IT Security News

Tamite Apple Mac support Sussex believe FBI v Apple court case may open Pandora’s Box

Governments around the world struggle to come to terms with the issues surrounding the security of data.

We try to keep you informed about Apple Mac related stories Sohail Yousaf who provides Apple Mac support Sussex for Tamite has been following this story for us.

The Apple v FBI case currently being played out in US courts is the culmination of a long running row that has been brewing between intelligence agencies and the technology industry.

Governments or rather intelligence agencies have been long-time critics of the growing availability of encryption, a technology which is being increasingly used to make data secure on networks and devices and only available to authorised users and intended recipients.

Encryption is an old technology literally thousands of years old, Caesar wasn’t just responsible for creating salad dressings he also had his own cypher.

Sohail of Tamite Apple Mac support Sussex comments that with the advent of computing and the development of more complicated algorithms has resulted in encryption that to all intents and purposes is unbreakable. Yes of course all encryption is in theory breakable, but when the time taken to break it is greater than the average lifetime then it becomes a pointless exercise.

As an expert in IT security and a specialist in Apple Mac support Sussex Sohail points to the fact our own GCHQ have been stressing over the fact that the encryption gives any self-respecting terrorist the ability to communicate securely with a minimal chance of the content of the message being read by hostile agencies.

On a more positive note they are probably finding it quite difficult to snoop on the rest of us.

So what is to be done, well the authorities would like to have back doors built in to the security so that they can access the information that encryption increasingly denies them.

The industry argues that by providing backdoors for government agencies, will be counter-productive, criminals and terrorists will just refrain from using systems that they know will be compromised. By building in vulnerability the same back doors are available to potential hackers, building in vulnerabilities goes against the grain for companies that have spent time and money on trying to eradicate vulnerabilities to make their products more secure for the end user.

Because of the issues surrounding Cybercrime customers are becoming increasingly aware of the volumes of data our every-day devices store, the companies behind those devices have responded to those concerns by adding layers of security to the devices.

Tamite Apple Mac support Sussex comment on the Apple vs FBI case
The Apple vs FBI case

The FBI and Apple are fighting a public battle in US courts that may have long term ramifications for the IT Security industry.

The FBI want Apple to assist it in removing a security barrier on the iPhone of Syed Farook, one of the people responsible for killing 14 people in San Bernardino last year.

The fact that Farook’s iPhone may hold vital evidence led to the legal cases between Apple and the FBI in America, the FBI believe that Farook’s IPhone may hold vital clues to the case but are unable to access it without Apples assistance, Apple and the majority of the technology industry who are watching developments anxiously feel that by unlocking Farook’s iPhone they may just open a Pandora’s box.

Sohail of Tamite Apple Mac support Sussex concludes that It is easy to see how the situation could easily repeat in the UK, the British Government’s Draft Communications Data Bill (AKA the snoopers charter) shows the anxiety of UK Intelligence Agencies when faced with the new digital reality.

To access the iPhone, the FBI have asked Apple to effectively hack their own device, as since iOS 8, Apple has included device-specific encryption methods but claims the FBI would get around this by rolling back to a previous operating system.

Apple – and other Silicon Valley firms – believe that setting such a precedent would harm American citizens and by extension the rest of us, and is fighting the case in a California court and Congress.

Meanwhile, the judge overseeing the court battle between the two organisations has heard that criminals have been switching to the newer iPhone models as their “device of choice” to commit offences thanks to the tough encryption present in each handset.

Of course the cynical amongst us might point out that Apple are in something of a win win situation here. Win or lose Apple have demonstrated that their devices are taking data security seriously and that they are willing to stand up to governments to protect the integrity of their products.

West Sussex Apple Mac specialist says Safari Crashes due to bug

West Sussex Apple Mac specialist asks has your Apple Mac, IPhone or IPad been acting as if it were possessed

Well join the club, according to West Sussex Apple Mac specialist Sohail “the problem you have been experiencing was due to an update issue on 26th January and was responsible for introducing a bug that caused Safari to crash when Mac and iPhone / iPad owners attempted to search within the address bar; The issue lasted for several hours”.
According to Apple “only people whose Safari suggestions data storage updated during early AM hours” were affected.

The bizarre bug caused the hugely-popular iOS web browser to CRASH whenever a user tried to enter a new search or URL into the address bar.

Apple say the issue only affected iOS and OS X users whose Safari Suggestions data was updated late on the 26th January, Greenwich Mean Time.

Apple has now rolled out a fix for the glitch, but some users could still be experiencing the infuriating bug.

“Apple now believes it has resolved a bug with its Safari browser on both OS X and iPhone that caused the web browser to crash for users around the world”.

If you are still experiencing issues we suggest

Apple Clear history image
Clearing your history may help

 

West Sussex Apple Mac specialist Sohail suggests; “If you’re still having trouble, your iPhone or iPad almost certainly still has the problematic data cached

Clearing the cache should solve the issues for good. To do that, head to Settings > Safari then tap Clear History and Website Data”.

“This will wipe the web history from any devices signed into your iCloud account, so don’t panic if your MacBook also loses any record of your browsing”.

The latest update from Apple has now resolved the issue, which made Safari on iOS unusable so finally check your IOS version is the most recent version iOS 9.2.1

Reached through Settings>General>Software Update

Tamite IT provide support for both Windows PCs & Servers and are specialists in Apple Mac support

 

 

TalkTalk Data-breach

Talking the TalkTalk – The TalkTalk Data-breach

The databreach at Telecoms provider TalkTalk has brought into sharp focus the havoc that can be created and the fallout brands experience as a result of a data breach. Especially if as is the case with TalkTalk and parent company Carphone warehouse you are serial offenders.

At the time of writing as a result of the TalkTalk data-breach more than 10% has been wiped off of the groups share price representing some £360 Millions in value.

Tamite Secure IT believe the time has come for companies of all sizes to look at their individual risk and commit to spending on security commensurate with the risk. If you are in the Telecoms industry with lists of customers that include banking details you must realise you are high up on the Cyber criminals list of high value victims.

Between them Carphone Warehouse and TalkTalk have been victims three times this year and in Talk Talks case it really could be three strikes and you are out.

carphonewarehouse TalkTalk2

 

 

 

 

Dido’s Stuttering Performance on TalkTalk Data-breach

Dido Harding Talk Talks Chief Executive is taking lots of flack and rightly so, but the Chief Executive has been either incorrectly briefed or she has been incapable of accurately presenting the situation around the TalkTalk data-breach, maybe she thought nobody understands IT anyway, as some of her statements have been well off the mark; so in case you are reading this Dido.

For your information, the TalkTalk data-breach was not the result of a DDoS attack, data is not leaked as a result of DDoS attacks in fact almost the opposite, your servers are so overwhelmed by incoming requests they are incapable of supplying the data they are supposed to, serving up “webpages”, let alone divulging the contents of the company database.

When you said sequential attack I think you probably meant SQL Injection attack. The second most common database exploit on the net, and you really should have had that one covered.

The fact that a fifteen year old from Ireland has been detained as part of the investigation seems to add weight to the growing feeling that TalkTalk have not been as diligent as they should have been when it comes to protecting customer information.

The possibility that a fifteen year old could have orchestrated the DDoS attack and carried out the SQLi attack is not beyond the realms of probability. DDoS tools can be readily accessed and attacks need surprisingly few resources.

SQLi hardly qualifies as a zero day threat and the information on how to go about it is out there.

Bearing in mind Dido Hardings recent pronouncements that TalkTalk are head and shoulders ahead of their competitors when it comes to Cyber Security we can only fear for the rest of the industry.

Reaction to the TalkTalk Data-Breach

Since the breach TalkTalk’s website has displayed a list of data that is thought to have been released.

talktalk

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

On the plus side TalkTalk put their hands up early and made statements to the effect they knew they had been hacked but couldn’t be sure how much data had been exposed, just demonstrated how little confidence they had that it wasn’t all of it.

Baroness Harding said she reported the security breach to BAE Systems and detectives from Scotland Yard’s cybercrime unit are also investigating the crime.

She told the Daily Telegraph: “Do I wish I had done more? Of course I do. But would that have made a difference? If I’m honest I don’t know.

“This is happening to a huge number of organisations all the time. The awful truth is that every company, every organisation in the UK needs to spend more money and put more focus on cyber security – it’s the crime of our era.”

The police are investigating ransom calls to TalkTalk last week seeking payment.

Baroness Harding warned that it would be “naïve” to think an attack like this would not take place in the future.

She told The Guardian: “It would be naive to say something like this will never happen again to any business.

Some financial commentators have already made the point that TalkTalk are by no means in shape to weather this particular storm.

Performing as they do in a tough and competitive environment TalkTalk have been making bold statements about taking costs out of the business and setting tough financial targets for the coming year. Indeed some of these were based on reducing customer churn, they must now have a hollow ring, when put against the cost of rescuing a reputation that had already been damaged by shortcomings in customer services recently highlighted by the telecoms regulator.

Neither Talking the TalkTalk or Walking the WalkWalk.

Ironically Baroness Harding who was elevated last year to the peerage, possibly rashly announced that rather than seeing the position as a cushy extra, Dido Harding is determined to make her time on the red benches count.

Announcing to the press that she is in a race to make the internet safer for children and families. (Read More)
Her shaky grasp of the state of IT in her own company would appear to make her ideal material for her other governmental post UK Business Ambassador for the Technology and Communications Sector.

She has certainly done her bit when it comes to showcasing the state of IT Security in many British companies.

Yesterday TalkTalk came out with a statement to the effect it could have been worse. I think your customers and shareholders might have the final say on that one.

The damage done to the TalkTalk Brand has been immense, it may even have been damaged fatally.

What the Data Commissioner will make of all this is yet to be seen but don’t be surprised if they are inclined to be punitive, wanting to make an example of such a high profile breach.

Also don’t be surprised if the TalkTalk brand is consigned to history as The Carphone Warehouse may seek to dispose of a fatally damaged brand in a fire sale as soon as the dust has settled.

Haywards Heath IT security specialist asks what can we learn from Kaspersky

The way that data breach has been handled by these two organisations provides valuable insight into how it should be done.

Haywards Heath IT security specialist Gary Johnston has been taking a particular interest in events at Kaspersky and the US Office of Personnel Management.

As an IT security specialist when stories of this kind unfold it is always interesting to see how they are dealt with by the companies involved, very often unfortunately the answer is badly.

Haywards Heath IT security specialist Gary Johnston says Kaspersky and The US Office of Personnel Management provide contrasting examples of how to deal with a data breach.

Tamite Haywards Heath IT security specialist comment on Kasperky & US Office of Personnel Management data breach

Kaspersky have given a text book demonstration of how to handle the potentially embarrassing fact that they have been the victim of data breach. Kasperky disclosed the fact that during the testing of a new product designed to search for APTs (Advanced Persistent Threats) they had actually discovered an intrusion on their own network.

The phrase not knowing whether to laugh or cry comes to mind. I should imagine that the event was akin to the head designer at Dyson plugging in the latest design, pushing a button, watching his own workshop disappear up the nozzle and saying to the assembled audience, “well that worked”. Presumably the new product has passed its Beta testing with flying colours.

Kaspersky unlike previous victims of this type of event, have actually in some ways turned what could have been a hugely embarrassing event into something a little more positive. They promptly admitted to the breach and the investigation showed that the attack was highly advanced. Using what Kaspersky have dubbed Duqu 2.0 which presumably infers a link to Duqu 1.0 (BBC News) which was famously uncovered by Kaspersky in 2011 to eves drop on the organisation.

Gary Johnston of Haywards Heath IT Security specialist Tamite Secure IT comments that Kaspersky appear to have been open about the scope of the breach from the start, including the extent and the timeline of the attack and the fact that within a short period of being discovered it appeared to uninstall itself and attempt to cover its tracks (Computer Weekly), it makes fascinating reading and gives a real feel for the sophistication of the APT.

July was also a good month to bury bad news as the events at Kaspersky were possibly over shadowed news wise by the events at The US Office of Personnel Management (US OPM) who managed to leak tens of millions of records relating to government employees. (BBC News)

In contrast to Kaspersky the reaction of The US OPM went through the usual phases, of denial, to grudging acceptance while still understating and minimalizing the extent of the breach. The classical pattern was almost complete when after having been over taken by events, The US OPM finally resorted to a hand wringing confession to the true extent of the breach. The final phase was marked by the inevitable and ritual decapitation of the person deemed most culpable. In this case the Director of US OPM Katherine Archuleta who announced she would step down to help the department “move beyond the current challenges”.

However of the two events, the one at Kaspersky is the more troubling, it seems to be a universal fact that governments don’t do a great job of IT or IT Security per se and in any case the USOP have what is known as previous. The fact that Kaspersky who do IT Security well have been spied upon for an indeterminate period should be seen as sinister.

Gary Johnston Haywards Heath IT Security Specialist goes on to say that there are three scenarios that have been mooted.

1. The Israelis who have plenty of “previous” spying on the Iranian Nuclear Arms proliferation talks and wanting early warning if their latest piece of Spyware has been exposed.

2. GCHQ, Nation state China, US NSA etc. a security service wanting to know how to circumvent the latest security products.

3. Three Cyber criminals least likely but similar motive.

The comments in this blog represent the thoughts of Haywards Heath IT security specialist Gary Johnston of Tamite IT

Email on the dark side – Spear Phishing

The need for spear phishing awareness training is demonstrated by the events at US Office of Personnel & Kapersky 

 I think we need to come clean about the purpose of this weeks blog on the subject of Spear Phishing and come right out and admit that it has been written with the intention of gaining your attention and trust, with the ultimate aim of (shock horror) selling you our spear phishing awareness training and other services.

Why do I feel the need to say this, before we get into the main topic of this weeks blog.  Well it’s because the stories we want to draw your attention to this month all probably began with a carefully crafted message.

At this point I will point out that our “carefully crafted” message has been produced with the intention of increasing your awareness of the risks that cyber crime poses both to the individual and business. We know that any effort at tackling Cyber security begins with awareness of the issues. Not in a scary technical way. Just the basics of why, what and how.

Kaspersky-Labandusdop

There have been two major stories this month, one hacking and the other a combination of hacking and the use of advanced spyware known as Ducu 2.0.

Both Kapersky the Russian security software specialist and the American Government have suffered major breaches. In the case of the American Government the breach resulted in millions of employee records being stolen, these records are now being sold on the dark Internet presumably for the purposes of identity theft.

The Kapersky breach was in all probability espionage as the tools used in the breach were state of the art and probably the product of a spy agency, fingers are being pointed at Israeli Intelligence but who knows. (I will be publishing blogs covering both breaches in more detail next week).

The thing that both breaches have in common is they probably came about as the result of what is known as a Spear Phishing attack, where email carrying a carefully crafted and targeted message (yes probably even better than this one) are directed at an individual or individuals in an organisation.

Because the email comes from someone or an organisation (possibly posing as internal mail) they trust and contains information on a subject that is of current interest and because the criminals have already been researching the victim to find out what they are interested in.

Because the victim believes in the validity of the sender and the message they make a single simple mistake. Almost certainly in each case the carefully crafted (Spear Phishing) email was received by the carefully targeted victim and they opened it and possibly followed a link. Unfortunately from that point on they have unleashed a series of events that eventually will lead to a full- fledged breach.

So what can I as a business owner do to protect myself against these threats?

The first thing we would recommend is that you look at the way you are dealing with SPAM; Probably you haven’t thought much about it and have gone for the default position which is to use the filtering built in to Microsoft Outlook or whichever mail client you presently use. You may even be using something slightly more sophisticated that came with your Antivirus software and if you are lucky this will result in at least some Spam being automatically removed.
Most likely you have never put any real thought into it.

Well luckily for you, we have. Our conclusion is that the best option in almost all cases, is to deal with Spam before it even reaches your desktop. Using highly sophisticated cloud technology that results in most of the Spam around 98% being removed before it ever reaches you. Even the dangerous stuff.

So now you have more time to deal with the messages you need to deal with and less time deleting the dross.

Consider spear phishing awareness training for your staff.
Spear Phishing is something we all need to be aware of, when someone of the sophistication of Kapersky fall victim it is an indicator that we all need to be on our guard.

Protecting your customers data and your companies own assets is vital, as it is central to what you do.

This is why you need IT Security to be part of the responsibility of every employee. Basics of IT Security & Spear Phishing awareness training need to become intrinsic to your company operations.

Gary Johnston
IT Security Product Director
Tamite Secure.IT

Spam Filtering out the bad guys

Protecting yourself from the watering hole predators

In my previous blog I spoke about watering hole attacks, where legitimate websites are used by criminals to pass on malware to the website owner’s customers. This month I thought I could expand upon the theme, and would explain a little about how businesses can protect themselves from the threat of Malware, and exploits that are often inadvertently introduced to the network by unsuspecting employees.

It is a simple truth that most malware is introduced and social engineering (The Internet phrase used for being tricked into letting someone scam us) is perpetrated during the browsing of websites or via email. Adding to this mix increasingly is Social media such as Facebook.

Almost all Infections are introduced because we make bad decisions at a critical point. Because we can be overwhelmed by the quantity of email presented to us, the Social engineering call from the scammer has come through at a time when the PC is running slowly and time is precious. When presented with overload of information. Our decision making becomes erratic. We may inadvertently delete valuable leads, or even more potentially damaging, open something that contains malicious code. We may even let someone purporting to be from Microsoft take over our PC. In the case of browsing the Internet, we don’t spot the warning signs that something is amiss.

In the case of Spear Phishing the message might seem to have all sorts of information about us that leads us to trust the sender. Scarily in this case, they probably do have some of this personal information, and you are being specifically targeted.

Some of these issues can only be addressed by making your employees aware of the risks, and arming them with the knowledge to recognise suspicious behaviours. A basics of IT security awareness course would benefit most people both in the office and at home..

But, wouldn’t it be good if someone were to check the websites we browse are safe before we look at them, maybe even checked the content of my emails to make sure they were legitimate and not trying to scam me. In fact as Social Media is now often used by Internet criminals to insert their malware, it would be good if they also performed a similar function with my Social Media. Well this is what Web Security and Email Spam filtering seek to achieve, and the good news is that once they are in place, not only will I be safer in my interactions with email and the web. I will find that because all the junk is filtered out before it reaches me, I don’t have to sort through hordes of irrelevant emails before I get to the ones that are relevant. In addition by adopting filtering of email & web pages at the cloud level, you will reap an additional side benefit of your company becoming more efficient and effective as a result, each user possibly saving 30 minutes a day sorting through irrelevant and dangerous information.

Using Spam filtering and web filtering as part of a layered strategy for the defence of your network means you are removing some of the burden of decision making from your users. The decision to block a site or quarantine a suspect email is mad at the cloud level before it even lands on your network.

A browser can be infected in seconds with little intervention from the user, in the case of Forbes it was achieved via a regular pop up related to Astrology. When just a single click on an infected email attachment can infect a machine or unleash a devastating encryption of your documents as part of a ransom ware

Apple Mac support Crawley warn of MacBook security flaw

Apple Mac support Crawley – specialist warns of security flaw in MacBooks

Sohail Yousaf who provides Apple Mac support Crawley warns of a new security flaw that has been demonstrated to affect MacBook’s. The exploit has been christened Thunderstrike as it uses the Thunderbolt connection to update the ROM of the victims’ computer.

Apple Mac support Crawley, thunderbolt port
The infection is passed using the Thunderbolt port

The Malware technically known as a Root Kit will be undetectable at present by most proprietary Anti-Virus software, in any case Root Kits are notoriously difficult to detect and remove.

The infection is passed using the Thunderbolt connection that will typically be used to connect Apple Macs to high end storage devices. Once infected the computer can potentially be accessed remotely by Cyber Criminals to gain access to data.

Sohail of Tamite Apple Mac support Crawley suggests users of MacBook’s etc. be on their guard as Apple have yet to roll out the Firm Ware update necessary to patch this exploit.

No date has been given for the security update at this point in time.

The good news is that because this exploit is dependent on being introduced via the Thunderbolt port, you would be very unlucky to become a victim, as it is necessary to have physical access to the machine for the malware to be passed. As a precaution Tamite Apple Mac support Crawley suggest users refrain from sharing devices that access the Thunderbolt port.

What this does underline is that the days when the Apple Mac community could rely purely on the famed Apple brand promise for their security are long gone.

Good security is no longer optional for Apple Mac users

thunderstrike screen describing the results of infection
What would happen if your Mac Book is infected by malware using the Thunderstrike vulnerability.

 

Tamite Apple Mac support Crawley urge all our Apple Mac customers to adopt a robust attitude to security. Installation of antivirus software is no longer an optional extra.

In a future blog Sohail will discuss how we go about ensuring that your Apple Mac is as secure as possible as Cyber Crime is now a major issue for everyone.

Was Sony IT Security flawed. The Big Picture

IT Security Stories dominated at the end of the year

Last year ended with a flurry not of snow, but big IT Security stories involving the world of entertainment, Sony Playstation and Microsofts Xbox platforms were both the subject of cyber attacks over Christmas.

IT Security experts say the omission of The Interview was maybe significant. As it was not among the films made available as a result of the hacking
Maybe significantly “The Interview” was not among the films made available as a result of the hacking.

Of course Sony Pictures Entertainment had already been at the centre of one of the years’ big hacking stories, the release of confidential company emails, correspondence not to mention copies of unreleased movies and subsequent media coverage, have certainly put the spotlight on Cyber-crime and Cyber warfare and demonstrated that certainly in this case the difference can be difficult to distinguish. In the recent history of IT Security incidents involving hacking, the sheer scale of the leaked data was breath taking the hackers identifying themselves as “Guardians of Peace,” claim to have obtained some 100 terabytes of data stolen from Sony servers. To put that into perspective, 10 terabytes can hold the entire printed collection of the Library of Congress.

NSA IT Security intelligence was behind the FBIs’ allegations of North Korea involvement.

IT Security analysts claim the group responsible was called "The Guardians of Peace" and warned that if its demands were not met, secret data would be "shown to the world". Crucially though it did not outline its demands.
The group responsible called itself The Guardians of Peace and warned that if its demands were not met, secret data would be “shown to the world”. Crucially though it did not outline its demands.

The FBI claim they have information supplied to them by the IT Security group within the NSA and that the finger of suspicion points to North Korea. Apparently the NSA have been running an operation to infiltrate and infect PCs in the region with malware that allowed them to track the North Korean hackers and so they have been able provide this information to the FBI. If this was the case and they were aware of plans to infiltrate Sony this appears strange in that Sony appear not to have been informed before or even during the event. So we are seeing claim and counter claim, most notably IT Security specialist John McAfee formerly the head of the Antivirus company that bears his name, has this morning claimed to be in communication with “The Guardians of Peace” the group who have taken responsibility for the hacking and is emphatic in his assertion that the link to the North Koreans is a red herring. The United States government  through various outlets have consistently been pointing the finger of blame at the North Koreans. Unfortunately without corroborating evidence this is likely to prove a bad political move and a bad precedent to set. Inevitably as a result of the stance adopted by the USA when the next hacking takes place on a Russian company, they may well point the finger at the Americans and refuse to provide evidence to substantiate their claims. In what to some might appear to be a fit of petulance American government officials have attacked IT security companies who have pointed to the lack of corroborating evidence and told them to shut-up. As the political repercussions rumble on this story has certainly made interesting viewing and certainly when and if we are ever told the full story, we may have to re-write this article all over again. In any event you can be assured wherever this story ends the hacking of Sony will make interesting reading.

Hacking incidents at Media companies are not unknown and as we found can be a challenging enviroment

At this point I will say that a few years ago I was responsible for carrying out an IT Security project and investigation into the suspected hacking and subsequent disruption of a UK based Film Production Company.

What I found was that the nature of the business of film production, mobile film units etc. resulted in a network that was in a state of constant flux. What also initially hindered us was that log files and records necessary to carry out any meaningful investigation were in most cases absent, so we were faced with putting in place procedures and logging to make sure we could capture the event.

While Tamite IT Security were able to harden the network to try to ensure the event shouldn’t happen again, the exercise really amounted to the shutting of stable doors.

Strangely the problem mysteriously failed to manifest itself again after I arrived on the scene, so in that much I was successful.

The stable doors at Sony appear to have been of a prodigious size judging by the size of the Horse that issued forth. I would hazard that the legendry security which Sony have always managed to extend to its’ bricks and mortar assets didn’t extend to IT Security and the company’s digital assets. They are probably coming to realise that in common with lots of other companies these days the digital assets are just as big a prize to the criminals.

Avoiding the Cyber Sting – Advanced Persistent Threat

The Advanced Persistent Threat is just a variation on a good old sting
The Sting – if remade today would probably depict an Advanced Persistent Threat

To any one over the age of forty, who will have almost certainly seen the 1973 film The Sting starring Robert Redford and Paul Newman, you will not find the concept behind the Advanced Persistent Threat (APT) too difficult to grasp, of course if you are younger you may have to ask your parents.

Substitute shady Eastern European characters with computers, for Newman and Redford with a protracted ingenious and complicated master plan for the infiltration your network, culminating with the pay off or sting. We not only have the screen play for the remake of The sting for a computer age audience but also a fair description of how an Advanced Persistent Threat unfolds, a bit simplistic, maybe but all of the components are there.

Complicated, planned, flexible and evolving with a definite pay off at the end. Until relatively recently APTs have been the province of government sponsored espionage and spying activities, recent evidence suggests that the Advanced Persistent Threat is now being adopted by organised crime gangs specialising in Cyber Crime.

How a Typical Advanced Persistent Threat may unfold

The hook
Spear Phishing through email or social media

Reconnaisance – The attacker gathers information on the target from a number of sources which may include social media.

Incursion – Attackers gain access to the network using methods such as Social Engineering, often a Spear Phishing attack may be the chosen route.

Discovery- The attackers adopt a low and slow policy to avoid detection and attempt to map the victims network and defences from the inside, with the information gathered they create a battle plan. The strategy will often be to deploy multiple and parallel ploys to gain the objective. Attackers may mine personal information on key individuals within an organisation to make the Social Engineering attack more targeted

The setup
Your network is infiltrated using a low and slow strategy to avoid detection.

Capture – The attackers infiltrate systems and capture data over an extended period. Malware may be installed to carry out functions such as screen / keystroke capture and possibly disruption.

Exfiltration – The captured data is sent back to the command centre responsible for the attack, for analysis and exploitation

Pesistence – The attackers cover their tracks while remaining present on the network in the long term to capture new data as it is produced by the victim organisation.

Advanced Persistent Threats have definate objectives
Multiple parallel strategies are pursued all targeted at gaining the objective, access to your data.

The Payoff – The attack is orchestrated and managed by a central control who have access to and deploy the full range of tools. Spear phishing, hacking, zero day malware and rootkits may all be part of the arsenal deployed to achieve the desired goal. Because of the sophistication of the APT threat and the determination and persistence by which the goals are pursued the traditional approach to network defence will no longer suffice.

The Conclusion

When faced with the possibility of  the Advanced Persistent Threat, you will require advanced products such as Cyber Spears Persistence that provide re-assurance and early intervention in the event of a breach as it monitors your network on your behalf 24/7 365 days a year.

Zero Day Threats & Advanced Persistent Threats

security breach1Monday, Tuesday Wednesday, Thursday, Zero Day.

Welcome to the new working week

Unless you are an IT Security Specialist the terms Zero Day Threats and Advanced Persistent Threat are either new to you or are just phrases you have come across, you probably haven’t got a clear grasp of what they are, or considered the implications and what they could mean to your business.
The first thing to say is that “Zero Day” just means it hasn’t been identified yet, we hope in the best possible world  that they are quickly identified and added to the list of known exploits, but we have to accept that they may as was the case with Heart Bleed be in circulation for tens of years.
To clarify things I will give you a short description of the main Zero Day things you may come across beginning with the Zero Day Exploit which is a vulnerability in code or software, from the moment the software is released with the fatal flaw it opens what is known as the Vulnerability Window a sequence of events that usually unfold in the following fashion.

  • The developer creates software containing an unknown vulnerability.
  • The attacker finds the vulnerability before the developer does (or while the developer is aware of but has neglected or been unable to fix it).
  • The attacker writes an exploit while the vulnerability is either not known to the developer or known but still not closed (e.g., due to an internal assessment of the threat’s potential damage costs being lower than the costs of developing a fix), usually also using and distributing it.
  • The developer or the public becomes aware of the exploited vulnerability and the developer is forced to start working on a fix, if not already working on one.
  • The developer releases the fix.

(Thank you Wikipedia for the timeline above)

Provided we update the software with the relevant fix the vulnerability window closes for us, this is why patches are so vitally important.
The Zero Day Virus is a piece of Malware that hasn’t come to the attention of the Malware researchers employed by the major Antivirus companies, who compete to become the first to identify this week’s completely new model or variant of an existing piece of malware. Variants happen as the originator of the threat tweaks it to make it more effective at its job or just to try to prevent detection. To confuse matters once a piece of Malware is out there in what is termed the Wild (what we would call my computer or server) it is available for any enterprising Cyber Criminal to re-engineer to make yet another variant. It has been estimated that the release rate of malicious code and other unwanted programs are in all probability exceeding that of legitimate software applications.
Of course occasionally something truly terrifying emerges such as Regin (Nothing to do with hair loss) which is akin to the bird flu of the computer world.
The worry for you and your IT team is the potential of the Zero Day Threat that is sitting on your system today having eluded all of your defences including your Antivirus software, which is blissfully unaware of its existence. Our undetected Zero Day threat although unknown and undetected could easily become the conduit for Cyber Criminals to infect or hack your network either spreading malware or as part of an Advanced Persistent Threat (APT). Tamite IT of Haywards Heath have created IT security seminars to explain the myriad threats you face and explain strategies to protect you and your network.
APTs, Zero Day Threats and Root Kits are all extremely difficult if not impossible to detect using traditional approaches. To detect these threats you need something a little more sophisticated and agile, something that is more nuanced and targeted such as Cyber Spears Persistence.