Cyber Security

The Phishers Are On The Run

September 11, 2014 Leave a comment

image

McAfee Labs Threats Report for August 2014 has some bad news. It seems that phishing definitely pays off for the hackers all over the globe. Unfortunately, that is only the beginning of our troubles. It may come as a surprise, but our beloved hackers are profit oriented mean machines. They are extremely careful when it comes to investing their time and resources.

If we are able to fix one weak IT security point, you can be rest assured they will look for the new one. On the other hand, if something works just fine for them, you can expect that they will stick to it including the inevitable improvements. This is exactly what happened to the phishing itself. This is the new El Dorado for hackers.

The trouble with the curve in this situation is that after a series of successful phishing activities the hackers will become even more patient. In addition, it is worth mentioning that they only need one good catch. No more. No less. One open door, and they can infiltrate the entire system before you even realize what happened.

Oh dear, what are we supposed to do? We have to remind you again that there is no successful phishing without your active participation. Therefore, better think twice before you follow certain link, open a suspicious email or visit a funny looking website. That is why it is so complex, because it is so simple. Right?

HealthCare Hack Was Fair?

September 9, 2014 Leave a comment

image

Here come our Uncle Sam and he says to us, I have a bad and a good news. Which one you want to hear the first? The bad news is that someone hacked into the HealthCare website. The good news is that no serious or obvious damage has been done. At least what we know or speculate about.

Seriously? Are we supposed to buy this? How in the first place you can hack one of the most important government sites in the country? Maybe, this was an action of some teenage or newbie hacker, who was eager to get some recognition and respect among his or her friends. Some other option?

Russian or Chinese state supported teams were practicing a little bit. Let us stop here, or else. We will get hurt even without the real damage. Or, as a comforting thing we can sing a song, how fragile we are. Now, when we are done with signing let us do some thinking. What can we do about this one?

First things first, the IT security should be among our top priorities. We mean real priorities, not only priorities on our list of wishes. Otherwise, who knows what is next. We may wake up in some other country in cyber terms one fine day. We sure hope that the lesson is being learned properly.

Who Will Guard The Guardians?

September 2, 2014 Leave a comment

image

Here is the story. Here is the trouble. One of the top ranking US government officials in charge of the cyber security is arrested. OK. Can you leave with that? Can you accept this fact? As soon as you hear the very reason, you will definitely make up your mind about this one, that is for sure.

This cyber guardian faces some very serious criminal charges directly associated with the most recent case of child pornography. When you hear something like this, it simply leaves an extremely bitter taste in your mouth. It comes without saying that he was using his skills for something unspeakable.

So, what are we supposed to do? To whom can we really believe? Is it necessary to thoroughly scan all IT security experts at key decision making positions? We are heart broken, at least to say. And, we know what to ask. This case has to serve as an example. All circumstances are to be included.

This guy has to get an extra penalty. One regular for the crime itself, and something in addition, because he was supposed to protect us, and not abuse his position in the unthinkable way. We need IT guardians of impeccable professional and personal ethic. There is no other way to ensure top protection.

Russian Cyber Mafia

September 1, 2014 Leave a comment

image

Although,  this post’s title may sound similar to the Swedish House Mafia, you can rest assured it has nothing to do with music. As a matter of fact, while someone’s fingers were playing the digital music of destruction, the other side was at the very edge of its tears and complete desperation.

So, let us see who are the main characters of our story. On the one side, we have the top Russian hackers. On the other side, we have the very symbol of the corporate America. This is how you end up with a breaking news: JP Morgan was hacked by the Russian hackers. Oh, this one sound terrible.

You know how it goes in the aftermath of this and similar events, don’t you? If a dinosaur such as JP Morgan cannot be safe, what about the IT security of the rest of us the mortals? At least JP Morgan can afford the top class IT protection. They have invented the money as we know it today.

How about a little spending for justified IT causes? The Russian IT school, including its hacker’s department has one hell of a reputation. However, not even they are almighty with the proper IT security measures. Unless something is done with this one, their next address can easily be the White House.

Facebook Inaugural Internet Defense Award

August 28, 2014 Leave a comment

image

Finally, someone has realized that there is no such a thing as a bad investment in IT security. Finally, some positive news from the Facebook’s kitchen after the troubling series of events associated with the privacy controversies. This is what we need. A little bit of both to improve our IT security.

We need contests with prizes and bug bounty programs with awards. Facebook has generously awarded two German researchers with $50K for their paper “Static Detection of Second-Order Vulnerabilities in Web Applications.” The great thing about this news is that Facebook is willing to go to the next level.

The logic with this is quite a simple one. If we can detect these extremely important vulnerabilities, the next thing to do is to find a way to eliminate them successfully. Facebook is looking forward to seeing some additional research in this field. It will also invest some money for it, as well.

It comes without saying that is better to invest time and money in these kinds of IT security researchers, rather than to spy on your own users including all kinds of secret experiments, which threaten our privacy. Our hats off to Facebook for this one. We sure hope this is only the beginning.

Ex Workers + Current Access = Future Troubles

August 23, 2014 Leave a comment

image

At the very core of every major serious cyber trouble, there is and always be a human related factor or error. Would you be so kind to write down this simple rule a couple of hundreds of times, for your own cyber well-being. Here is something to include in the field of corporate IT security.

You will be surprised to find to which extent ex-employees still have limitless access to almost all of the companies IT infrastructure. In the absolute majority of all cases the people in charge of HR or IT administration are simply lazy to do all what is necessary. Do not jump to the wrong conclusions.

We are not saying that as soon as you leave your company, you will become a vigilante hacker. Yet, who is stopping you to take an advantage of the situation. It is almost impossible to resist when you have a chance for some payback to a company, which fired you in the worst possible moment.

Just as you are required to clean your working desk, someone also has to clean your cyberspace after you. Eventually, the last thing you need is to be blamed for some hacker’s attack on your ex-company, which used your old data. Let bygones by bygones, focus on a new job and new passwords. Right?

Simpler, Better, Hacker…

August 11, 2014 Leave a comment

image

To have an idea that the most successful hackers are top rocket scientists, who at one moment turned to the dark side is at least to say childish. In most of the cases they are educated fools with money on their minds. What is even more important to say they need a helping hand. Who could that be?

Unfortunately, when it comes to the cyber trouble you cannot believe how many times we are the accomplices of our own misfortune. The hackers themselves, on the other side, are practical people who look for the imperfections of the system and the negligence of the users. That is the catch.

Instead of whining about the endangered privacy and compromised cyber security, we can question our own behavior and habits for a change. At least what we can do is to make hackers work harder for their dirty profit. Do not leave them an open door and do not act as if it is not going to happen to you.

We all know these simple truths, and we keep forgetting them all the time. How strong and devastating a cyber blow into your face has to be in order for you to start learning and applying some basic IT self defense techniques? Be a quick doer and a careful listener in this one, will you?

Cyber War Games by Deloitte

August 4, 2014 Leave a comment

6_2177_imela_1

Here is something you do not expect to see in a company, which is a synonym for white collars and strict formality. For what is worth, the Deloitte Cyber Risk Service has introduced the new cyber war-gaming and simulation service. What does it do and what is supposed to solve in the first place? Well, Deloitte brings the cyber war into your company.

The main purpose of this simulation activity is to test your defense readiness and vulnerability points to a cyber attack as the closest possible to the real life situation. So, what is the catch with this one? Why do we have to pay Deloitte to play cyber war games? How come we cannot do it on our own? Deloitte has a nice answer to these questions.

Deloitte’s cyber war games are carefully designed and earth shaking events, which include all segments of your company, including top management and CEOs including all people involved in crucial business process execution. In addition, its scenarios are the closest to the real thing you will ever get to your business.

It comes without saying that is always better to simulate a cyber attack than to participate in one or experience it first-hand. Deloitte has an offer of top class cyber wars and simulations that are crying for some attention and honest appreciation. Better to go into a virtual war with Deloitte, than into a real one with merciless hackers.
 

Gaza Cyber Warlords

July 31, 2014 Leave a comment

5_2177_imela_3

The endless news flow about the Gaza conflict with a number of victims increasing on both sides and troubling potential for further escalation has completely camouflaged some other equally important events taking place in the background. One of them is definitely an unparalleled Israeli hacking school, which fights its virtual battles with the same or even greater intensity.

It is an intriguing and proven fact that the Israeli IT infrastructure is one of the most endangered and attacked in the world. This fact provides the Israeli hacking school with an absolute abundance of real-life scenarios and practicing material. Israeli hackers are among the best in the virtual battlefield. Is this true?

Well, we can never be quite sure about this one. As long as the system is functioning as it supposed that means someone is doing a proper job. The experts from the Israeli hacking school say that they regular job is to handle up to 10,000 different cyber attacks every single hour. How about that for a change?

We need peace in Gaza as soon as possible, in both real and virtual world. We are quite aware that this is an easy thing to say and almost impossible to achieve at the moment. Unfortunately, we cannot hear or see the cyber guns, but we can certainly experience their harmful effect first-hand once they occur.