Just how serious is the threat of cyber-attack to the UK? Are our government and industrial secrets being targeted globally by cyber criminals? Most people have been lulled into something of a false sense of security. They are aware of the fact that governments and businesses take great care to protect their valuable assets and information, using intrusion protection and advanced penetration testing to filter out the threats, and that by and large such practices have managed to keep a lid on the problem.
It’s a well-known fact that small businesses are more susceptible to cyber-crime than many of their larger counterparts. A lack of funding and resources means that few small to medium-sized businesses can afford to pay for vulnerability assessments or penetration testing of their network security. But just how much money is this failure to protect online networks costing small businesses? Well, according to Federation of Small Businesses it’s something in the region of £785 million every year. That staggering figure is the price SMEs pay when they fall victim to fraud and malware.
If you ever doubted that security risk management was critical for businesses and enterprise, then your opinion might be changed after reading the information contained in the recent Verizon report. The latest study was published to coincide with Infosec – an annual security conference in London.
The UK government has launched a scheme designed to promote greater information sharing on cross-sector cyber threats between businesses and government. The Cyber Security Information Sharing Partnership (CISP) will establish a cyber-attack monitoring operations room, known as a Fusion Cell, where cyber security experts from industry will operate alongside the experts from GCHQ, MI5 and the police for the first time in an attempt to combat the growing online threat to Britain’s firms.
The internet around the world was slowed down last week in what network security experts are describing as the biggest cyber-attack of its kind in history. As network security attacks go, they can’t have come much bigger than this one. The slow-down was caused because of an escalating row between the spam-fighting group, Spamhaus, and a hosting firm, Cyberbunker. This led to a series of retaliation attacks which eventually affected the wider internet. Experts are now expressing concerns that this row has the potential to escalate even further and could eventually affecting global banking and email systems. The threat of the retaliation attacks was so overwhelming that five national cyber-police forces are now running investigations.
You may never have heard of Gil Shwed, yet there’s every likelihood that your home or business is using internet security software that has been designed, or influenced, by the company he founded, Check Point. Shwed is an Israeli programmer and entrepreneur who is rightly regarded as one of the founding fathers of modern Internet security.
The UK’s national cyber security strategy, published in November 2011, set out the government’s intentions to encourage industry-led standards and guidance for organisations to manage the risk to their information. However there is still confusion around which standards are best followed. As a consequence the government has announced that it plans to select and endorse a preferred organisational standard that best meets the requirements for effective cyber risk management.
Cyber criminals have targeted government officials in more than 20 countries in a complex online assault rarely seen since the turn of the millennium. The attack, dubbed ‘MiniDuke’ by researchers, has infected government computers in an attempt to steal geopolitical intelligence, according to security experts.
Facebook and Apple have become the latest companies to reveal they had been the target of a “sophisticated cyber-attack” by hackers last month. Although security was breached both companies confirmed that they had found no evidence any user data had been compromised.
In a blog post on its website Facebook explained what it knew of the cyber-attack:
A botnet that was believed to have illegally infected somewhere between 300,000 and 8 million machines and was raking in an estimated $1 million a year has been shut down by security experts. The Bamital botnet was shut down when teams working with Microsoft and Symantec anti-virus specialists raided several data centres in the US. Microsoft and Symantec claim that the computers infected by the Bamital botnet were being used illegally for identity theft. Thousands of affected users have been offered free tools to help to clean up infected machines.
Last weekend the Foreign Secretary, William Hague, signed up to a new World Economic Forum set of principles on cyber-resilience on behalf of the UK government. The UK has joined 70 companies and government bodies across 25 countries and 15 sectors in demonstrating their commitment and determination to taking a responsible and collective approach to ensure secure, resilient digital global networks that are safe, yet open to all.
Here’s a question for you. Which continent is better prepared to cope with cyber-security issues, the United States, Europe or Africa? Well, Microsoft believes that Western Europe is best equipped to deal with the problems, closely followed by the United States. Unfortunately the developing world lags far behind, and that could have security implications for all of us.
It’s been a torrid old time for Oracle over the last few months. Targeted by hackers, Oracle has rarely been out of the news. There were hopes that the recently-released Java 7 Update 11 would solve the problems once and for all, unfortunately the patch, which was meant to mitigate two zero-day vulnerabilities in Java that were being actively exploited by attackers, has not delivered according to cyber-security experts. They maintain that all that has happened is that the threat has been relocated, and therefore that Java is still vulnerable.
The hunt for a major cyber-attack that could have been stealing confidential documents since 2007 is finally over after the Red October malware was discovered by researchers at Russia’s Kaspersky Labs. The malware had been targeting government institutions, embassies, oil and gas institutions and nuclear research centres. Red October, named after the Russian submarine featured in the Tom Clancy novel The Hunt For Red October, was designed to steal encrypted files, and was so sophisticated that it was even able to recover files that had been deleted. Experts are hailing the discovery as ‘very significant’.
If you ever wanted proof that website security is a major issue, or that hacking and cyber-attacks are a serious global problem, then you need look no further than the statement issued by Microsoft recently. Microsoft, the world’s largest software producer, has admitted that hackers have uploaded viruses and malware which can help them steal people’s personal data on to millions of new PCs and laptops. After an investigation the company revealed that it had found malware in counterfeit copies of Microsoft Windows which would allow hackers to remotely switch on and control devices like microphones and cameras on machines that were still factory-sealed.