Cyber Security Training from QA

Cyber Pulse: Edition 16

Read the latest edition of Cyber Pulse, our roundup of Cyber news.


25 May 2018

ICO: Beyond 2018 – data protection laws built to last

Elizabeth Denham welcomes the new Data Protection Act 2018 alongside the GDPR. Organisations and data protection professionals could use this as an introduction to the new Act. The previous Data Protection Act, passed a generation ago, failed to account for today's internet and digital technologies, social media and big data. The new Act updates data protection laws in the UK, and sits alongside the General Data Protection Regulation (GDPR) which is also due to take effect in two days' time. The Act implements the EU Law Enforcement Directive, as well as extending domestic data protection laws to areas which are not covered by the GDPR. The UK's growing digital economy relies on consumer trust to make it work. The Act, along with the GDPR provides a modernised, comprehensive package to protect people's personal data in order to build that trust. The creation of the Data Protection Act 2018 is not an end point, it's just the beginning, in the same way that preparations for the GDPR don't end on 25 May 2018. From this date, we'll be enforcing the GDPR and the new Act but we all know that effective data protection requires clear evidence of commitment and ongoing effort.

Malware Surge 'Could Indicate Imminent Attack'

Cisco has warned of a possibly imminent cyber-attack on the Ukraine, after a strain of what it believes is state-backed malware was found to be rapidly spreading in the country. Previous malware outbreaks in the Ukraine have spread worldwide, including the June 2017 'NotPetya' attack that UK and US officials said was the most destructive cyber-incident to date. The malware in question, which Cisco called VPNFilter, has infected at least half a million routers and storage devices in dozens of countries. Cisco's Talos computer security unit said it believes the malware is used by the Russian government, because it shares code with malware previously used in cyber-attacks the US government has attributed to Moscow. Talos found that the malware is likely state-sponsored or affiliated in some respect with a nation state. The code of the malware in question overlaps with versions of the malware which was responsible for massive targeted attacks on devices in Ukraine – BlackEnergy. The researchers warned that VPNFilter is infecting Ukrainian hosts "at an alarming rate", using a command and control (C2) infrastructure dedicated to that country. Although the research into VPNFilter has not been totally completed, Talos chose to share the findings early due to the danger that malware presents.

Roaming Mantis malware is now 'spreading across the globe'

The DNS-hijacking malware that originated in Asia is now targeting iOS devices. A malware that infects smartphones through Wi-Fi routers - dubbed 'Roaming Mantis' - is rapidly spreading across the world after first emerging only a couple months ago. Through DNS hijacking, the malware uses compromised routers to infect Android smartphones and tablets, redirect iOS devices to a phishing site, and run CoinHive, a cryptomining script, on desktops and computers. Having until now mainly affected users in Japan, Korea, China, India and Bangladesh, Roaming Mantis has added two dozen more languages - including Arabic, Russian, and a host of European languages - and is rapidly spreading around the world, according to Kaspersky Lab, a cybersecurity company. Roaming Mantis has chosen the simplest and most effective form of DNS hijacking, according to Kaspersky, which involves hijacking the settings of compromised routers and forcing them to use their own rogue DNS servers, meaning a user will be redirected to a malicious site if using a device connected to the compromised router.

Greenwich University fined £120,000 for data breach

The University of Greenwich has been fined £120,000 ($160,000) by the Information Commissioner. The fine was for a security breach in which the personal data of 19,500 students was placed online. The data included names, addresses, dates of birth, phone numbers, and signatures and - in some cases - physical and mental health problems. It was uploaded onto a microsite for a training conference in 2004, which was then not secured or closed down. The Information Commissioner said Greenwich was the first university to receive a fine under the Data Protection Act of 1998 and described the breach as serious. Whilst the microsite was developed in one of the University's departments without its knowledge, as a data controller it is responsible for the security of data throughout the institution. Students and members of staff had a right to expect that their personal information would be held securely and this serious breach would have caused significant distress. The nature of the data and the number of people affected have informed our decision to impose this level of fine.

BMW cars found to contain more than a dozen flaws

BMW's car computer systems have been found to contain 14 separate flaws, according to a study by a Chinese cyber-security lab. They could, in theory, let hackers take at least partial control of affected vehicles while in use. The researchers identified ways to compromise the cars by plugging in infected USB sticks, as well via contactless means including Bluetooth and the vehicles' own 3G/4G data links. BMW is working on fixes. Its customers have been advised to keep an eye out for software updates and other counter-measures from the German company over the coming months. Keen Lab - a division of the Chinese technology giant Tencent - began its investigation in January 2017 and shared its findings with BMW just over a year later. It said the vulnerabilities were found mostly within three different parts of the cars' electronics: (1) the internet-connected infotainment systems - which provide sat-nav guidance, radio-station playback, car diagnostic information, and in some cases voice-recognition services. (2) the telematics control unit - the electronics and software that allow a vehicle's location to be tracked. (3) the central gateway module - the information bridge that controls the flow of data between the vehicle's various electrical components. The researchers are holding back their full findings until 2019, to give BMW more time to tackle the problems.

Google Chrome WARNING - Terrifying malware can steal YOUR credit card details

Google Chrome fans have been warned about a new strain of malware that can steal saved credit card details from the hugely popular internet browser. Security experts from Proofpoint are putting Google Chrome fans on alert about a malware researchers have dubbed Vega Stealer. The malware is a variant of the August Stealer strain that was discovered back in December 2016. That piece of malicious software was capable of stealing saved passwords, documents and sensitive data from Chrome, Firefox, Skype and Opera. The Vega Stealer malware is being distributed through a spam e-mail campaign. It tries to trick people into clicking on it with subject lines likes 'online store developer required'. The e-mail includes a Microsoft document called 'brief.doc' that contains malicious macros that deliver the Vega Stealer payload. Once Vega Stealer has infected a computer it starts stealing data and searches the victim's desktop for different file formats. This is done for exfiltration purposes and then the malware sends the data to a remote command and control server. Proofpoint added: "While Vega Stealer is not the most complex or stealthy malware in circulation today, it demonstrates the flexibility of malware, authors, and actors, to achieve criminal objectives."

 

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

Useful links

Cyber Pulse: Edition 15

Cyber Pulse: Edition 14

Cyber Pulse: Edition 13

Cyber Pulse: Edition 12

Cyber Pulse: Edition 11

Cyber Pulse: Edition 10

Cyber Pulse: Edition 9

Cyber Pulse: Edition 8

Cyber Pulse: Edition 7

Cyber Pulse: Edition 6

Cyber Pulse: Edition 5

Cyber Pulse: Edition 4

Cyber Pulse: Edition 3

Cyber Pulse: Edition 2

Cyber Pulse: Edition 1

 

Edited and compiled by

 

James Aguilan

James Aguilan

Cyber Security Specialist

James has worked on many high complexity eDiscovery Projects and Forensic Investigations involving civil litigation, arbitration and criminal investigations for large corporation and international law firms across UK, US, Europe and Asia. James has assisted on many notable projects involving: one of the largest acquisition and merger case of all time – a deal worth $85 billion, multijurisdictional money laundering matter for Government bodies, and national cyber threat crisis including the more recent ransomware, phishing campaigns, and network intrusion. James has comprehensive knowledge of the eDiscovery lifecycle and forensic investigation procedures in both practise and theory with deep focus and interest in Forensic Preservation and Collection and Incident Response. In addition, He holds a first class bachelor’s degree in Computer Forensics and is accredited as an ACE FTK certified examiner.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.