If you are having trouble viewing this email, click here to view this online



   ISSUE 69

28 April 2017

Article of the Month Around the World

What Lies Ahead? Top Security Trends For 2017



Cybercrime is typically driven by three main factors:

  -Criminal profit incentives ($, �, �, bounty, rewards, fame, etc.)
  -Malice or political incentives
  -Geopolitics or espionage opportunities.

And to achieve these aims, cybercriminals undertake a range of different scams and attacks on UK enterprises. So what are the typical attacks that form the threat landscape for UK businesses? Here I�ll assess three of the most common forms of cyberattacks that you should be alert against and protect your business from as we enter 2017.



Ransomware is a relatively new type of malware which prevents or limits users from using their system. Ransomware attacks are primarily carried out for money � it�s called ransomware because it effectively holds your computer hostage until you pay the attacker a certain amount of money. You usually have to make the payment through a certain online payment platforms and within a limited time period. Once you make the payment, you are again free to use your own system or to get your data back.

SMEs (as well as big corporates) are more and more often getting specifically targeted by ransomware type malware, including as Cryptolocker, CoinVault or CTB-Locker. There are several ways it can infect your system. Most commonly it can be downloaded by users, usually through visiting a compromised website. Ransomware can also be downloaded in conjunction with another file � either dropped into your system by another malware or sent as an attachment in a spam email for example.

The impact of these attacks can be dramatic and crippling, as this malware will encrypt all your data, making everything completely unusable unless you have the key. Paying the ransom to the hacker is supposed to be the only way to solve the problem and often is sometimes seen as the lesser price to pay than the cost of recovering your systems by other means. However, as with ransom demands in the movies, there is no guarantee.

Denial-of-service attacks

Denial-of-service attacks give criminals another way to target individual organisations. By overloading critical systems, such as websites or email, with Internet traffic as a way of blocking access, denial-of-service attacks can wreak financial havoc and disrupt normal operations.

Distributed denial-of-service (DDoS) attacks are not a new development, but sadly they are growing in intensity and frequency. We had a live example quite recently with the 1Tbps+ DDoS attack faced by DNS provider Dyn which was likely the largest ever seen. In this example, attackers used the Mirai IoT botnet composed of compromised CCTV cameras, among others. Dyn�s official report on the incident said it had seen traffic from �tens of millions of IP addresses.�

In 2017, we will see an increase in the use of DDoS attacks being used as a smokescreen to distract IT teams while other incursions infiltrate networks to steal sensitive data (aka ransomware). My prediction is that ransom demands associated with DDoS attacks will increase exponentially in 2017, fuelled by the increased automation of DDoS attacks and the ability to buy them off the shelf. The �Lizard Squad� are one example of a group of hackers who sell DDoS attacks-as-a-service for as little as $6 a month.

To protect themselves, companies should deploy a combination of on-premises and cloud-based solutions to handle attacks of varying types and sizes � effectively a multi-layered network security approach

Healthcare Threats

The healthcare industry is going through a major evolution as patient medical records go online and medical professionals realise the benefits of advancements in smart medical devices.

Similarly, patient medical records, which are now all online, are a prime target for hackers due to the breadth of sensitive information they contain. According to a poll by Health IT News and HIMSS, 75% of hospitals surveyed have been hit by a ransomware attack over the past year. With hospitals and medical facilities still adapting to the recent digitalisation of patient medical records, hackers are capitalising and exploiting the many vulnerabilities in these organisations� security layers. Breaches within the healthcare industry will likely continue in 2017 until the industry is able to get a better grasp on the mass amount of digital patient data now under its control.

Mobile Malware

One of the key contributors to the threat from mobile malware is the proliferation of applications that conduct real business using access-sensitive and confidential information. Typical users may have banking, credit card, hotel, airline and corporate applications installed on their mobile devices. This access is secured, at minimum, with username and password controls.

Cybercriminals are practical actors; they follow the money. They are turning their focus and attention to the mobile platform because of the growth in mobile devices coupled with the opportunity to harvest a wealth of information from each device. Unlike work desktops and laptops, which typically contain only job-related information, mobile devices often combine work and personal information and applications.

Advanced Persistent Threats � highly targeted attacks

Targeted attacks have evolved from early novice intrusion attempts to become an essential tool in the cyber-espionage field. Industrial control systems (ICS) are prime targets for attackers whose motives for executing these attacks are typically a matter of national security.

In view of the growing sophistication of these attacks, good IT security is essential and broad cybersecurity practices should be the norm. Well-funded state operations are not the only threat. Patriotic hackers (the self-titled �hacktivists�), criminal extortionists, data thieves and other attackers may also use similar techniques � but with fewer resources and less sophistication.

In 2017 I believe email-based attacks will continue much as before and web-based attacks will grow increasingly sophisticated. Espionage based attacks will use more exploit kits, which involve bundling together exploits rather than using just one attack. Exploit kits have been used in e-crime for many years, but cyber-espionage attackers have now adopted them too.


Protecting your business

There are a number of steps you should take to help ensure your organisation can remain secure against these types of attacks.

Here are the top 10 practical information security measures that should be on your security agenda:

1. Regularly review the personal data you hold and encrypt, encrypt, encrypt
2. Build a managed security ecosystem around you
3. Create access management policies
4. Adopt patch management and malware approach
5. Backup and minimize your data
6. Review logs regularly
7. Stay informed of the latest vulnerabilities
8. Train your staff
9. Understand your cloud service provider security model
10. Choose your service providers amongst those who are ISO27001 or CyberEssentials accredited



This article was first published in:http://www.informationsecuritybuzz.com/articles/lies-ahead-top-security-trends-2017/

























1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru

  Microsoft fixes Windows 10 upgrade tempo and timing to placate enterprises


"....Microsoft yesterday announced it will target March and September as the launch months for all upcoming Windows 10 feature upgrades, a return to regularity that has been demanded by enterprise customers.

"We've ... heard our customers want more predictability and simplicity from [the Windows 10] update servicing model to help make deployments and updates of Microsoft products easier," said Bernardo Caldas, general manager of Windows marketing, in a Thursday post to a company blog..."




"...The Defense Logistics Agency is in the process of optimizing its existing 16 data centers and eventually consolidating to two, but first, it has to know what it has.

Enter ARServices, a tech consultancy based in Alexandria, Virginia. The company recently won a contract to help DLA optimize its data centers and meet requirements laid out in Data Center Optimization Initiative, established by the White House last year....."

  Singapore, Japan, Korea among least prepared for new EU data laws

'...More than half of businesses in Singapore, Japan, and South Korea are among the least prepared for the upcoming European Union's data privacy laws, with a quarter of their counterparts in Australia and the US fearing a shutdown as a result.

With a year to go before the General Data Protection Regulation (GDPR) would take effect on May 25, 2018, some 56 percent of Singapore-based companies had expressed concerns they would not be able to meet the deadline for compliance......'

Ransomware incidents surge, education a hot bed for data breaches, according to Verizon



'...Ransomware incidents have surged 50 percent from a year ago, educational institutions are becoming a playground for cyber espionage and 68 percent of healthcare security threats are internal, according to Verizon's 2017 Data Breach Incident Report (DBIR).

Ransomware: An executive guide to one of the biggest menaces on the web
Ransomware: An executive guide to one of the biggest menaces on the web

Everything you need to know about ransomware: how it started, why it's booming, how to protect against it, and what to do if your PC's infected.

Read More
The DBIR is based on data from 65 organizations, 42,068 incidents and 1,935 breaches in 84 countries.....'



'....The federal government�s biggest challenge in defending its civilian, military and intelligence networks from hackers isn�t technology, it�s people...'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in March 2017
  Statistics - Sri Lanka CERT|CC

NoTrove threat actor delivering millions of scam ads

'...Researchers at RiskIQ have identified NoTrove, a threat actor that is delivering millions of scam ads that threaten consumers and further undermine the digital advertising industry. NoTrove was so effective that one of his pages ranked as one of the internet�s most visited pages for one day.......'

Got MilkyDoor? Android malware lets attackers infiltrate your phone's connected network

"...A newly discovered Android malware called MilkyDoor turns mobile devices into "walking backdoors" that give attackers access to whatever network an infected user is connected to, Trend Micro warned in a blog post on Thursday. Affected phones essentially act as proxy servers that link legitimate networks with malicious command-and-control servers via Socket Secure (SOCKS) protocol, allowing bad actors to exfiltrate data....."
Apple Releases iOS 10.3.1 Security Update for iPhone and iPad to Fix Wi-Fi Issue

�..The iOS 10.3.1 point release is here to address a Wi-Fi issue that made devices running iOS 10.3 vulnerable to attacks where a nearby hacker could run arbitrary code on the Wi-Fi chip. In the security notice, Apple describes the bug as a stack buffer overflow, which the company addressed by improving the input validation....�

...Today, internet of things devices outnumber humans. Internet-enabled children�s toys, household appliances, automobiles, industrial control systems and medical devices�new IoT devices are being designed and released every day but many of these devices are built with little-to-no security in place. Given the rapid growth of these devices and unregulated market, it�s no surprise that these devices represent a growing threat as well as a major opportunity for hackers.....

Notice Board
  Training and Awareness Programmes - April  2017

Brought to you by: