Home
Articles
Resources
FAQ
Members
About
Report Incident
My
Contact

Poll

Would you consider a cyber security certification for your business?


Yes, it's a potential USP, you can't put a price on that
No, it's not worth the time investment
Yes, provided it was cost proportionate to my size of business
No, they're too expensive
Yes, it demonstrates my commitment to the security of the data I hold
 
 
Icon representing Cyber-attacks: would your business get caught out?
 

Cyber-attacks: would your business get caught out?

Via CERT UK

Executive summary of the attached report.

Cyber-attacks are in the UK are on the rise with no sign of let-up. CERT-UK sees repeating attacks and have created three attack scenarios to demonstrate some of the threats that exist, and steps to defend against them.
Intellectual property theft via a targeted phishing attack

 An attacker searches social media and public records to find information about senior executives in the firm
 A staff member is sent a message spoofing a senior executive’s email address with an attachment containing the malicious payload which causes a subsequent breach when opened
 The attacker’s first target does not have sufficient access so they escalate privileges in order to find and exfiltrate the desired information

Key points: limit information online that can be used by an attacker; be aware that human factors are often the weakest link and user education is critical; spear phishing is one of the most common forms of attack; and ensure that you carry out regular patching to fix vulnerabilities.

Watering-hole (drive-by) attack using an exploit kit
 The attacker finds a website likely to be visited by the intended target and places redirect code on it – this is the ‘watering hole’
 An employee visits the watering hole website and is redirected to one controlled by the attacker
 This website contains an exploit kit which identifies vulnerabilities in the visiting browser and breaches it in order to delivers malicious payload to the target’s network
 The attacker gives themselves administrative privileges then finds and exfiltrates the desired information regarding a business deal
 The attacker then decides to disrupt the deal by destroying large amounts of data

Key points: take steps to ensure that your web browsers cannot be automatically redirected; ensure that you have good backup as part of a disaster recovery plan; and ensure that you carry out regular patching to fix vulnerabilities.

Supply chain attack – using a trusted network connection with a supplier
 An IT company advertises the fact that it has won a contract with an engineering company that is the ultimate target
 The engineering company is well protected, so the attacker is better able to breach the IT company first and then take advantage of its integration with the engineering company in order to infiltrate that company’s network
 The attacker finds and exfiltrates data whilst also turning off security measures
Key points: ensure that your supplier has a security posture that matches your own; ensure that your infrastructure is appropriately segregated to limit how far suppliers can travel through your network; and ensure that you carry out regular patching to fix vulnerabilities.
Portable document format
Portable document format 721,98 KB
May 11th 2016 08:16