Cyber Security Training from QA

Cyber Pulse: Edition 5

Read the latest edition of Cyber Pulse, our roundup of Cyber news.


9 March 2018

GDPR news: Most UK firms 'struggling' to secure data ahead of GDPR

More than two-thirds of British businesses cannot secure customer data effectively, a key tenet of the EU's incoming General Data Protection Regulation (GDPR), a new survey has found. Mere months before GDPR is enforced on 25 May, a study of 750 IT decision-makers demonstrated that security is a key concern for many firms. The study, for Claranet's Beyond Digital Transformation report, found that 69% of respondents admitted to this lack of data security management capability, while another 45% said they face problems around securing customers' details when trying to improve the digital user experience. The survey also discovered that IT teams are trying to acquire the skills and expertise that are essential to tackling this disparity. Four in 10 respondents acknowledged that security is one of the biggest challenges facing their organisation's IT department, and 43% specified improving security as one of the priorities for their IT departments over the next 12 months. Indeed, the amount of money spent on IT security by European businesses is set to increase by over a third (37%) over the next three years, the research found, when compared to the previous three years. This focus on heavier investment in security bodes well for the future, and the fact that businesses are aware of where they are deficient means that they have the right mindset in place. However, it's important to recognise that much still needs be done in terms of increasing cyber security capabilities at a pace rapid enough to ensure GDPR readiness and overall preparedness. Businesses are aware of the challenges they face, but the current level of available expertise can hold back initiatives.

ICO raids companies suspected of sending 11 million nuisance texts

The Information Commissioner's Office (ICO) has raided two addresses in Greater Manchester as part of an investigation into companies suspected of sending 11 million unsolicited text messages. Enforcement officers for the data watchdog searched offices in Stockport and a house in Sale as part of an ICO investigation into companies believed to be responsible for sending the deluge of unwanted text messages to UK mobile numbers between January 2017 and January 2018. The ICO said it had received 3,297 separate complaints. The messages themselves were mainly to promote financial management services such as pensions and loans and also claims management for issues such as PPI and flight cancellations. The ICO said that recipients were unable to identify who the calls were from or opt out of them which is also against the law. The unnamed companies had computer equipment and documents seized for analysis. The ICO's enquiries into alleged breaches of the laws surrounding unsolicited telephone marketing continue. Andy Curry, the ICO's enforcement group manager, said that such messages like this are a real problem for people as seen in the number of complaints the ICO has received in this case alone.

Cortana flaw enables hackers to load malicious websites from the lock screen

Two independent Israeli researchers discovered that anyone with access to a Windows 10 PC could use Cortana and a USB-based network adapter to download and install malware even if the machine remained locked. This was accomplished using voice commands directed to Cortana, which could load up a malicious website in a browser without unlocking Windows. The PC could also be moved to a wireless network controlled by the hacker. The two researchers presented their method in a session called 'The Voice of Esau: Hacking Enterprises Through Voice Interfaces' during a Kaspersky Security Summit. In their scenario, a hacker could sit down in front of a locked Windows 10 PC and insert a network adapter into one of the USB slots. After that, the hacker could verbally tell Cortana to open the web browser and head to any specific HTTP-based address that doesn't rely on a secure connection (HTTPS means the connection is encrypted). The inserted adapter receives the outgoing command but directs the web browser to a malicious website instead.

It's back! Infamous Gozi banking malware makes unwelcome return

Over ten years ago, a new malware – dubbed Gozi – began targeting banks and other financial institutions to steal funds for the malware's coordinators. Many arrests were made in the early years of this decade, with the mastermind of the Gozi trojan, Nikita Kuzmin, successfully prosecuted in 2011. This infamous banking malware has now made a return and is using the Dark Cloud botnet to evade detection by law enforcement agencies. The malware reaches unsuspecting victims via email, typically containing malicious Microsoft Word documents, which, when downloaded, install the malware onto the victim's device. Gozi's original creator was caught and prosecuted but catching the malware's current operators is likely to be more difficult, as they are employing new techniques to improve anonymity. Attackers are continuing to modify their techniques and finding effective new ways to obfuscate their malicious server infrastructure in an attempt to make analysis and tracking more difficult. Talos has identified the Dark Cloud botnet being used for a multitude of malicious purposes.

Phishing campaign found to be targeting humanitarian organisations

Security researchers recently uncovered a phishing campaign that suspected Korean hackers had, since August 2017, unleashed on humanitarian aid organisations by using topics on North Korean politics. The phishing campaign, dubbed Operation Honeybee by researchers at McAfee, not only involved the use of political themes to draw the attention of humanitarian aid organisations, but also involved the use of Word compatibility messages, thereby enticing victims to enable content in malicious Microsoft Word attachments sent to them. The said Microsoft Word attachments were found to contain a Visual Basic macro that had previously been used by hackers in other campaigns. The macro has the capability to execute an implant known as SYSCON which can, in turn, extract data from systems and send such data to remote C&C servers while taking steps to avoid detection. Upon further research they found that the Visual Basic macro was part of several campaigns using North Korea–related topics, and a unique key used by the Visual Basic script had been used by hackers since August last year. The malware is capable of exfiltrating information to a server outside the targeted organisation but also can upload/download and execute files. If victims were infected, possible information and files could be in hands of the attackers.

Dangerous banking malware discovered lurking on brand-new Android phones

A data-stealing Android malware has been found infecting various Android models. Currently, over 40 Android models have been affected, though security researchers suspect that the actual number of infected models may be much higher than this. The malware infects a vital component of the Android operating system called Zygote, which is used to launch all applications. This allows Triada the ability to infect other applications and perform various malicious activities without the knowledge of the user. Triada is seriously nasty malware. It buries itself deep within the Android operating system's core and operates primarily in memory, which makes it very difficult to detect and remove. It's also highly modular, downloading additional components to perform whatever insidious actions its criminal controllers want it to. That could include stealing data from apps, spying on SMS messages or hijacking web browsing and searches.

Cyber Security training from QA

QA have uniquely positioned themselves to help solve the Cyber skills gap from our CyberFirst and Cyber Apprenticeship programmes and Cyber Academies to Cyber Challenges, Training and Certifications and Consultancy for Cyber Security.

They offer end-to-end Cyber training and certifications from Cyber Awareness to deep dive Cyber Programmes and solutions; from Cyber Investigations, Cyber Crisis Management, Proactive Security to Offensive Defence. QA only employ world leading Cyber trainers who have the expertise to deliver bespoke Cyber solutions, GCHQ accredited courses and proudly the CyberFirst programme. This is all to support in tackling the UK's National Cyber Security skills shortage.

QA also have state-of-the-art CyberLabs, where companies can simulate real-life Cyber-attacks on their infrastructure, helping them to prevent & combat breaches without risking their own network.

Take a look at QA's CyberLabs

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

Useful links

Cyber Pulse: Edition 1

Cyber Pulse: Edition 2

Cyber Pulse: Edition 3

Cyber Pulse: Edition 4

 

Edited and compiled by

 

James Aguilan

James Aguilan

Cyber Security Specialist

James has worked on many high complexity eDiscovery Projects and Forensic Investigations involving civil litigation, arbitration and criminal investigations for large corporation and international law firms across UK, US, Europe and Asia. James has assisted on many notable projects involving: one of the largest acquisition and merger case of all time – a deal worth $85 billion, multijurisdictional money laundering matter for Government bodies, and national cyber threat crisis including the more recent ransomware, phishing campaigns, and network intrusion. James has comprehensive knowledge of the eDiscovery lifecycle and forensic investigation procedures in both practise and theory with deep focus and interest in Forensic Preservation and Collection and Incident Response. In addition, He holds a first class bachelor’s degree in Computer Forensics and is accredited as an ACE FTK certified examiner.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.