Bello: An Unpleasant Hello

October 15, 2014 — Leave a comment

One of the most prestigious universities in the world has just been hacked. The IT department of University College London has announced or better to say admitted that almost 25,000 students and staff member emails got spammed and compromised. That is not a lesson you want to teach your students.

All the troubles started with a simple Bello in the spam emails. How come none of the youngest and brightest students could not see it coming? Well, you do not expect a spam email from the University’s President or the top managers, do you? So, what happened to the top IT security standards?

When you are on the top, you are supposed to be on the top of many things, including the cyber security, as well. These types of institutions are all about the prestige. Why risk it all for an appropriate software solution, which could have prevented it in the very first place? That was a simple question.

You do not have to be a rocket scientist to ensure the proper cyber protection. All you need to do is to do some thinking on time, and to include some preventive measures. There is no point crying your academic tears over the spilled cyber milk. You need to make sure it does not happen again. Right?

Huge Breaches – Small Awareness

October 12, 2014 — Leave a comment

OK. You do not have to read our or any other security blog to know what is happening out there. It is a nasty and merciless world of the cyber pain. Yet, you should know some basics. Right? How about some of the biggest IT security breaches in the recent history? If you forget it, then what is going to happen?

You do not have to be a rocket scientist to know that these unpleasant things will happen again. More than 77% of people in the USA are completely unaware of the eBay, Home Depot or Health Clinics data breaches. Does it really have to happen to you or your loved ones so you can start paying attention?

Maybe that is our worst cyber enemy, our ignorance and reckless behavior. We behave in a way all hackers in the world can only wish for. Millions and millions of people get affected on a daily basis. Yet, we have the careless days of our lives somewhere at the end of our cyber rainbow.

What is the alternative? Should we act as the android paranoid? That is not a solution. For what is worth, you should read some other news sections besides the sports, celebrities and finances. One minute of cyber awareness can save you at least one year of crumbling cyber pain. Enough for you?

The BlackEnergy On The Run Again

October 6, 2014 — Leave a comment

Who or what is the BlackEnergy? Well, to be quite honest, no one can tell for sure. We can only speculate. However, we can make a wild guess, which sounds extremely reasonable. From what it is known, the BlackEnergy has humble DDoS beginnings. Then, all of a sudden everything has changed for this group.

They have become more sophisticated. In addition, it is more than indicative that the primary targets were in both Ukraine and Poland. This somehow strangely coincides with the recent political and military confrontation in Ukraine. That is why the rumors about the state’s support were born.

But, which state? Well, you do not have to guess twice, do you? Russia is the usual suspect in this story. This does not imply that the USA and other NATO allies do not have cyber black ops teams of their own. Yet, when you have the government’s fingers involved, then the things become even more serious.

What is the point if we keep fighting the cyber menace, which has a state’s support and origin? Solving of all political crisis in the world will not eliminate all cyber threats. Nevertheless, we can certainly decrease their numbers. The most dangerous hackers are the ones wearing state’s uniforms.

Former Employees – Future Worries

October 5, 2014 — Leave a comment

You do not have to be a rocket scientist to know that former employees should not have the access to the company’s IT infrastructure as once they used to do. Yet, you would be surprised to find out in how many cases we forget to lock the IT door after someone leaves a company this way or another.

Why? It seems that we worry much more about the contract, social security, cancellation period, and all other more important issues that IT security in these cases seems like a trivial thing. We do not have time to clean the cyber working space after our former colleagues, but we do not forget the other things.

Believe it or not, there is a higher probability that your former employee will “hack” your company than any hacker you can possibly think of on this planet. The worst thing about it is that we leave an open door. Any unauthorized access is potentially extremely dangerous for your company or business.

This includes cases, when your former employee feels nostalgic about his old company’s account or wants to do you harm because he was fired. It only takes a couple of minutes to change passwords and adjust new security settings. Yet, we miss to act accordingly. This is how our former employee becomes our future hacker.

Don’t Feel Free With The IC3

October 1, 2014 — Leave a comment

Who or what is the IC3? The IC3 stands for the Internet Crime Complaint Center, which was launched as the partnership between the FBI and the National White Collar Crime Center (NW3C). It was supposed to protect you and work in your best interest. Then, how come the FBI has issued the warning about the IC3?

Well, it seems that we have matched our match with these hackers, who were able to disguise themselves as the IC3 itself. You cannot believe how detailed and credible they were with their plan. You were lead to believe that the IC3 is addressing you directly about the certain legal issue.

They ask you for some money to solve this matter without further troubles. People fall for it, because these hackers have done their homework properly. Now, the FBI itself has to warn you about this serious threat. So, what is the moral of this story? Well, there is more than one, that is for sure.

We should learn from these hackers. They were methodical, patient and above all, they examined the existing security system from A to Z. They have done our homework, actually. If they can do it, so can and should we. You need to know your enemy in order to defeat him. This is how it goes. Right FBI?

When Enough Is Enough

September 29, 2014 — Leave a comment

It seems that the US financial institutions just enough. They are apparently sick and tired of constant and damaging cyber attacks. So, they have decided to do something about it. It may sound as some kind of a bad joke, but of all the business entities in the world, they can certainly afford it.

So, what they have done? The Soltra is born. It comes as the direct result of a special partnership between the Financial Services Information Sharing and Analysis Center (FS-ISAC) on the one side and The Depository Trust & Clearing Corporation (DTCC) on the other side. Really impressive, indeed.

However, is it enough to ensure the adequate protection for the US finance engines? For what is worth, this is a remarkable change. It is not enough to take hands and dance in a circle hopping for the best. Yet, as soon as you join forces, resources and start information exchange you are on something serious.

The next step definitely worthy of our admiration would be to have the international financial security system launched as soon as possible. That would be something really special, wouldn’t it? If the hackers all over the world can easily unite and work together, so should we. No matter who we are and what we do.

The Broken Chains Of The Home Depot

September 25, 2014 — Leave a comment

Is this a new world record for the biggest commercial security breach? More than 56 million payment cards have been compromised. It is just like you have hacked the entire population of some of the largest European countries such as Germany, France or Italy. Let us focus on the aftermath of these events, shall we?

On the other hand, it would be wrong and unfair to blame it on all on the Home Depot. We can say that the Home Depot is actually a victim of the poorly protected and definitely outdated system. In a certain way we can dare to claim that is very likely that this negative event will have some very positive consequences.

It seems that we have been waiting for something like this to happen in order to seriously examine the possibility of introducing the latest smart payment cards based on the chip-and-PIN technology. Unfortunately, this would be the first time for the US customers enjoy all the benefits of this technology.

All is well that ends well. Can this also be true in the IT security field? Well, itndepends where you stand when a certain change occurs. For the 56 million users it is a weak comfort that this trouble was the very reason for the new protection technology introduction. Better ever than never. How about this one?

Public Interest – Private Security

September 24, 2014 — Leave a comment

This year’s NATO summit passed under the blinding spotlights of the recent events in Ukraine. No wonder so many things associated with this organization went below the radars of our attention almost unnoticed. Yes, cyber boys and girls the NATO had enough time to discuss cyber security, as well.

Are you surprised or intrigued? Or both? The NATO Industry Cyber Partnership (NICP) has obviously decided to thoroughly change some things about its cyber security measures and structure itself. Well, when it comes to this one, we have two important questions to ask. Can you dare to make a wild guess?

The first one is naturally to examine the motivation for this “sudden” and surprising acknowledgment of cyber security’s importance. What went wrong? Or, maybe the NATO prepares itself for something huge. Russia or China, for example? The second question is definitely more important.

Why it has to be a private sector to handle these sensitive things on behalf of the NATO? What is happening with the top government agencies in this field? Should we be worried or flattered? Is this some kind of a recognition for a quality work or an indication of some new waves in the restless cyber sea?

Cyber Threat Alliance

September 22, 2014 — Leave a comment

It brings back the feelings of the good old days, doesn’t it? McAfee, Symantec, Fortinet, and Palo Alto Networks are the heart and bone of the Security Threat Alliance. These four riders are supposed to deliver the apocalypse to the doorstep of some of the most notorious hackers in the cyber world.

The basic premise in this case is actually quite simple and efficient at the same time. If the hackers all over the world can unite, how come we haven’t done the same already? What is keeping us from launching the United IT Security Colors of Benetton? Finally, someone has realized what needs to be done.

The real enemy is out there. The IT security players have finally figured out that there is no point fighting each other. The competitors in the IT security business are not the enemies. Hopefully, these guys can now focus their attention to fixing real problems instead of fighting each other.

The real question is, what is keeping us from making one international security threat alliance? Imagine all IT security experts acting as one. Imagine all IT security companies working on the same task. The trouble is, we need more people with proper motivation than with the unrealistic imagination.

IMELA Software Blog

4 out of 5 dentists recommend this WordPress.com site

Cyber Attack