Tag: Cybersecurity

Security Stop Press : LLM Malicious “Prompt Injection” Attack Warning

Posted on by Paul Stradling

The UK’s National Cyber Security Centre (NCSC) has warned of the susceptibility of existing Large Language Models (LLMs) to malicious “prompt injection” attacks. These are where a user creates inputs intended to cause an AI model to behave in an unintended way e.g., generating offensive content or disclosing confidential information.

This means that businesses integrating LLMs like ChatGPT into their business, products, or services could be leaving themselves open to risks like inaccurate, controversial, or biased data content, data poisoning and concealed prompt injection attacks.

The advice is for businesses to establish cybersecurity principles and make sure that they are able to deal with even the worst case scenario of whatever their LLM-powered app is permitted to do.

Security Stop Press : FraudGPT

Posted on by Paul Stradling

Researchers from Netenrich have reported finding “FraudGPT” being sold on the dark web. It’s been described as a subscription-based generative AI tool for creating malicious cyberattacks. It’s been reported that the tool can do anything from writing malicious code and malware to creating phishing campaigns, thereby making putting advanced attack methods available to even inexperienced attackers, potentially democratising weaponised generative AI at scale.

This highlights the importance, not just of businesses prioritising their cyber defences, but also the need for AI-based defences at the start of what some have described as an ‘AI arms race.’

Security Stop Press : 60 Million Individuals & 1000 Businesses Hit By MOVEit Hack

Posted on by Paul Stradling

It’s been reported (Emsisoft) that the hack of MOVEit software by the Russian Cl0p ransomware gang may have impacted nearly 1,000 organisations and 60 million individuals.

The supply chain attack ‘payroll hack,’ which exploited a vulnerability in Progress’s popular MOVEit software (used to move sensitive files like employee addresses or bank account details), is reported to have stolen and exposed the information of major companies including British Airways, Boots, the BBC, and almost 1000 others worldwide.

This highlights the importance of businesses having comprehensive cyber security in place including effective backup, and business continuity and disaster recovery plans.

Security (P3) : Securing Staff In Summer Holidays

Posted on by Paul Stradling

In this final instalment of a three-part series, here are more ways that staff can maintain the right level of security when using their devices in the summer holidays:

Make Use Of Two-Factor Authentication (2FA). Enable 2FA for all your important accounts. This adds an extra layer of security, making it harder for unauthorised users to gain access.

Limit Sharing of Location Information. Be careful about sharing your location on social media. This can alert potential thieves that you’re not at home or in your office.

Lock Your Devices. Always lock your devices when you’re not using them, even if you’re just stepping away for a few minutes. This can prevent unauthorised access.

Disable Auto-Connect. Turn off the auto-connect feature on your devices to prevent them from automatically connecting to public Wi-Fi networks, which can be insecure.

Monitor Your Accounts. Regularly check your financial and digital accounts for any suspicious activity. Early detection can help mitigate damage.

Security (P2) : Securing Staff In Summer Holidays

Posted on by Paul Stradling

In this second instalment of a three-part series, here are more ways that staff can maintain the right level of security when using their devices in the summer holidays:

– Install a Reliable Security Suite. Being away from the home/office means re-installing everything on laptop for example would be a nightmare. Make sure you have a reliable security suite installed on your devices, which includes antivirus, anti-malware, and firewall protection.

– Backup Your Data. Regularly backing up your data ensures that if your device gets lost, stolen, or compromised whilst you’re on your travels, you’ll still have access to your important files.

– Use Encrypted Messaging Apps. If you need to share sensitive information (e.g. giving family members a hotel door code), use encrypted messaging apps to ensure your communication is secure.

– Avoid Public Charging Stations. Being on holiday means you’re often away from secure charging ports more often and scammers know this. Public USB charging stations can be a security risk. Use your own charger and plug it into a power outlet whenever possible. Alternatively, use a mobile-power-bank.

– Use a Password Manager. Remembering passwords whilst you’re out and about is a challenge! Password managers can help you create and store complex, unique passwords for each of your accounts, improving your overall security.

Security Stop Press : Cyber Attack On Ambulance Patient Records System

Posted on by Paul Stradling

A cyber-attack aimed at Sweden-based health software company Ortivus has left several of its UK NHS ambulance service trust users struggling to record patient data.

The affected trusts, including South Western Ambulance Service Trust and South Central Ambulance Service Trust serve 12 million people.

With electronic patient records unavailable, staff have reportedly been told that efforts to patch servers are ongoing. Ortivius has said in a statement that “No patients have been directly affected”.

Tech Insight : What’s Involved In a ‘Pen-Test’?

Posted on by Paul Stradling

If you’d like to know what a ‘Pen Test’ is and the sorts of things you can expect from one, this article will give you a helpful overview.

Pen Tests 

Put simply, pen testing is short for “penetration testing” and in a virtual situation (we’ll concentrate mostly on virtual in this article) acts like a security health check for computer systems and networks. Just as a person may go to the doctor for regular check-ups (if you can get an appointment!) to catch any health issues early, businesses and organisations use pen testing to find and fix potential weaknesses in their digital defences before bad actors can exploit them.

Physical pen tests essentially refers to experts creating simulated attacks that mimic criminals’ actions to gain (unauthorised) physical access to things such as sensitive equipment, data centres or sensitive information. Examples of how this is done could include testing barriers, doors and locks, fences, alarm system, or conducting tests involving security guards and other employees to try and gain access.

Why Are Pen Tests Needed? 

The main reason why pen tests are needed is due to the increaslingly high levels of cybercrime and the wide variety of cyber threats that businesses face daily. Within this broader context, there are a number of other reasons why businesses need pen testing. For example, these include:

– Helping businesses to discover the kinds of weaknesses and vulnerabilities in their computer systems, networks, applications, and other digital assets that may be unknown (as yet) to the business but could potentially be exploited by cybercriminals.

– As a way of proactively assessing defences to identify potential entry points before malicious hackers find them, thereby staying one step ahead of cyber criminals.

– To comply with specific data protection and security regulations and standards, and to demonstrate a commitment to safeguarding sensitive data.

– To protect customer data by helping to prevent data breaches. Many businesses handle sensitive customer data (e.g. personal details and financial data) and a successful cyberattack could lead to a data breach, compromising customers’ trust and resulting in legal, financial, and reputational repercussions.

– Cyberattacks can lead to significant financial losses, including costs associated with data recovery, system restoration, legal actions, and potential damage to a company’s reputation. Pen tests, therefore, can help prevent these losses by mitigating security risks.

– Businesses may have valuable intellectual property such as trade secrets or proprietary information that needs protection and pen testing helps ensure that unauthorised access to this such sensitive data is minimised.

– For businesses that collaborate with third-party vendors or partners who might have access to their systems, pen tests can help assess the security of these partners and identify potential risks to the business and value-chain.

– Demonstrating a commitment to security by conducting regular pen tests can enhance a company’s reputation and build trust with customers, clients, and stakeholders.

– Pen tests can also help businesses evaluate their incident response procedures. By Identifying and addressing any security gaps, businesses and organisations make changes that can enable them to respond more effectively to any real cybersecurity incidents.

Regular Testing Is Needed 

Since cybersecurity is an ongoing process, conducting regular pen tests allows businesses to continuously improve their security measures and adapt to new threats and technologies.

What Kinds Of Cyber-Attacks / Cybercrime Can Pen Tests Help Protect Against? 

The types of cyber-attacks regular pen testing can reduce the risk of include:

– Malware Attacks, by assessing the effectiveness of defences against malware, such as viruses, ransomware, and trojans. Testers can try to infiltrate systems with various types of malware to evaluate how well the organisation can detect and prevent such threats.

– Phishing and Social Engineering, by simulating these attacks to check if employees are susceptible to social engineering techniques. These tests help businesses and organisations to educate their staff about potential risks and reinforce security awareness.

– Brute Force and Password Attacks. For example, testers can attempt to crack passwords using brute force or other password-guessing methods to assess the strength of authentication mechanisms and password policies.

– SQL Injection, by identifying any vulnerabilities in web applications that cyber criminals could try to use to target databases.

– DDoS (Distributed Denial of Service) Attacks. In this case, pen tests can evaluate how well an organisation’s network and infrastructure can withstand DDoS attacks, which aim to overwhelm systems and disrupt services.

– Man-in-the-Middle (MITM) Attacks. Here testers can attempt to intercept and manipulate data between two parties to assess the effectiveness of encryption and network security measures.

– Privilege Escalation, by helping to identify any vulnerabilities that may allow attackers to gain unauthorised access to higher levels of privileges within a system, which could potentially leading to more extensive compromises.

– Zero-Day Exploits. Since these are attacks target previously unknown vulnerabilities with companies having no time (i.e. ‘zero days’) to do anything about them, pen tests can be used to possibly identify similar types of vulnerabilities to zero-day exploits.

– Insider Threat, by helping to assess how well a business / organisation is protected against internal threats posed by employees or contractors with malicious intent or simply making accidental but dangerous mistakes.

– Data Breaches. Pen tests help to identify security weaknesses and prevent unauthorised access to sensitive data, reducing the risk of data breaches and safeguarding customer information. Reducing the risk of data breaches can save businesses a lot of expensive damage.

– IoT (Internet of Things) Vulnerabilities. With the increasing use of IoT devices, pen tests can evaluate the security of these interconnected devices and their potential impact on the overall network.

Who Carries Out Pen Testing? 

Penetration testing is typically carried out by skilled cybersecurity professionals known as “penetration testers”, “ethical hackers” or “security consultants.” These are experts in the field of cybersecurity and have in-depth knowledge of various attack techniques and security best practices.

There are essentially two primary categories of professionals who conduct penetration testing:

1. Internal Penetration Testers. These are cybersecurity specialists employed directly by the organisation or business they are testing. They work as part of the organisation’s security team and have a good understanding of the company’s systems, networks, and applications. Internal penetration testers are familiar with the organisation’s security policies and protocols and may focus on assessing specific internal threats and risks.

2. External Penetration Testers. As the name suggests, external penetration testers are independent third-party experts or cybersecurity firms hired-in by businesses and organisations to conduct (hopefully) unbiased assessments. They are outsiders with no prior knowledge of the company’s infrastructure, mimicking the perspective of an external attacker. The advantage of external testers is that they can bring a fresh and objective view to the evaluation, helping to identify potential blind spots that internal teams might overlook.

In some cases, a combination of both internal and external testers may be the best way to conduct comprehensive assessments.

Recent Advances In Pen Testing 

This year, penetration testing has seen several notable advancements aimed at improving the accuracy and effectiveness of assessing cybersecurity defences. For example, four notable trends are:

– Realistic Simulation Scenarios. Pen testers are increasingly focusing on mimicking real-life cyberattack scenarios to gain a better understanding of an organisation’s vulnerabilities. This approach encompasses technological weaknesses and human factors like employee behaviour, providing a clearer picture of potential risks.

– Automated Testing Tools. Automated penetration testing tools have become essential in streamlining vulnerability detection. They can efficiently scan networks for known flaws and misconfigurations while keeping up to date with emerging threats, reducing manual workloads for security teams.

– Social Engineering Testing. With cybercriminals employing psychological manipulation, social engineering testing has become vital. This approach identifies weaknesses in employee awareness and response strategies against targeted attacks, helping raise organisational preparedness.

– Machine Learning and AI Integration. Inevitably, pen testing incorporating machine learning and artificial intelligence is being adopted to achieve more sophisticated vulnerability detection and response capabilities. This includes identifying unusual patterns in network traffic, adapting to emerging threats, and simulating potential future attacks.

Drawbacks of Pen Testing 

There are, of course, some drawbacks to pen testing. The include, for example:

– Limited Scope. Pen tests focus on specific areas, potentially missing vulnerabilities elsewhere.

– Point-in-Time Assessment. They provide a snapshot and may not address emerging threats (hence the need to keep conducting them).

– Disruption and False Positives. Testing can cause disruptions and lead to false alarms which can be stressful and waste time and resources.

– Cost and Resource Intensive. Pen testing can be expensive and requires skilled professionals.

– Lack of Real-World Impact. It could be true to say that some controlled tests may not fully replicate actual attacks and, therefore, may lack real-world value.

– Human Error and Subjectivity. It’s possible that in some cases, tester expertise can influence results.

– Overconfidence in Security. Successful tests can lead to unwarranted confidence which can lead to businesses making themselves vulnerable by essentially letting their guard down to an extent.

– Legal and Ethical Considerations: Unauthorised testing can have legal repercussions! I.e. pen testing requires authorisation from the business – they must be asked first.

Examples Of Virtual and Physical Pen Tests Your Business Could Use 

Here are summarised examples of the kinds of virtual and physical pen tests that could be used (by cybersecurity professionals) on your business.

In a virtual penetration test, cybersecurity experts simulate cyberattacks on an organisation’s digital infrastructure without physically accessing their premises. Examples of virtual pen tests include:

– A Network Vulnerability Assessment. This is where testers use automated tools and manual analysis to identify weaknesses in the organisation’s network, such as open ports, misconfigurations, and outdated software.

– Web Application Testing. In this stage, security professionals assess web applications for vulnerabilities like SQL injection, cross-site scripting (XSS), and insecure authentication mechanisms.

– Phishing Simulation. Here ethical hackers send bogus phishing emails to employees, testing their susceptibility to social engineering and identifying areas where security awareness training is needed.

In a physical penetration test, experts try to gain unauthorised access to the organisation’s physical premises and sensitive areas. Examples of physical pen tests include:

– Social Engineering. In the physical scenario, testers use various techniques to manipulate employees, such as tailgating (following authorised personnel into secure areas) or pretexting (posing as legitimate individuals to extract sensitive information).

– Physical Access Control Testing. This is where security professionals assess the effectiveness of physical security measures like access badges, CCTV surveillance, and door locks.

– Dumpster Diving. Although an American term, this means testers examining the physical waste (going through the bins) to find discarded sensitive information that could be exploited by attackers.

Report 

Companies typically receive a detailed report at the end of a penetration test. The report outlines the findings, vulnerabilities, and weaknesses identified during the testing process. It provides a comprehensive overview of the organisation’s security posture, detailing potential entry points and areas that need improvement.

What Does This Mean For Your Business? 

Regardless of whether the testing is carried out internally or by external professionals (which can sometimes be expensive) the goal of penetration testing is a worthwhile one – to identify vulnerabilities and weaknesses in the digital infrastructure of a business, thereby helping businesses to bolster their security defences before attackers get there first.

Both virtual and physical penetration tests provide valuable insights into security weaknesses and in doing so, can help a business strengthen its overall cybersecurity posture. Combining both approaches can, of course, create a more comprehensive assessment of a business or organisation’s resilience against cyber threats.

Even though, as highlighted above, pen testing can have its drawbacks, it’s always better to be prepared and, if a business knows more about its weaknesses, it at least has the opportunity to reduce known risks and avoid some of the very painful consequences, e.g. legal, financial, and reputational of data breaches and other potentially devastating attacks.

Security-Stop-Press : Hacker Backdoor Found In World’s Critical Infrastructure Tech

Posted on by Paul Stradling

Dutch researchers from cybersecurity firm Midnight Blue have reported discovering a deliberate hacker’s backdoor in the TETRA radio technology that’s used in 120 countries to control critical infrastructure like power grids, gas pipelines, trains, airports, and communications for emergency services.

The backdoor in the encryption algorithm, could easily be hacked, reportedly in just minutes, and used to disrupt critical infrastructure worldwide with dire consequences. The researchers have warned organisations using radio technologies to check with their manufacturer if their devices use TETRA and what fixes are available. As yet, many critical infrastructure companies are reported to be unresponsive and could still be at serious risk.

Tech Insight : What Are ‘Zero-Day’ Attacks?

Posted on by Paul Stradling

In this tech insight, we look at what ‘zero-day’ attacks are, then look at some recent high-profile examples and ultimately at what businesses can do to protect themselves from zero-day attacks.

Sophisticated Attacks That Highlight Vulnerabilities 

In the ever-evolving landscape of digital threats and cyber warfare, one term often sends chills down the spines of cybersecurity professionals: Zero-Day Attacks. These sophisticated and stealthy cyber-attacks represent a significant challenge in today’s interconnected business world. They symbolise not just the advancement of cybercriminals’ tactics but also highlight the vulnerabilities that exist within our most trusted digital infrastructures.

Exploiting Zero-Day Vulnerabilities 

Zero-day attacks are attacks by threat actors that exploit zero-day vulnerabilities. These are undisclosed software vulnerabilities (unknown to vendor or victims) that hackers can exploit to adversely affect computer programs, data, additional computers, or a network.

Vulnerabilities targeted in zero-day attacks can be found in operating systems, web browsers, Office applications, open-source components, hardware and firmware, and the Internet of Things (IoT).

Why “Zero-Day”? 

The term “zero-day” comes from the fact that software developers and those in charge of digital security have zero days to fix the vulnerability because it is simply not known to them until the first attack. This means that attackers can exploit the vulnerabilities before developers become aware and are able to issue any patches or remediations.

How Big Is The Problem? 

Although zero-day vulnerabilities fell by almost a third in 2022, it was still the second highest year on record (Mandiant research) with 55 zero-day vulnerabilities exploited and products from the three largest vendors (Microsoft, Google, and Apple) were the most commonly exploited (for the third year in a row).

What Can Happen? 

Zero-day attacks commonly result in unauthorised data access, data theft, or service disruptions. These, in turn, can result in reputational damage, lost customers, fines (e.g. legal action by those affected an/or ICO fines), plus possibly the loss of the business itself if the attack is serious enough. Secondary attacks on the business and those affected by data theft could also come from the first attack,.e.g. malware, ransomware, phishing, social engineering attacks, and more.

Cybersecurity experts, therefore, continually work to discover these types of vulnerabilities before hackers do, to try and prevent potential attacks.

Vulnerabilities, Exploits, Then Attacks 

After threat actors have discovered a zero-day vulnerability, the next stage is ‘zero-day exploits’ – the blueprints that outline how these hidden flaws can be taken advantage of, often traded on the dark web. The zero-day attack itself is, therefore, the act of exploiting the flaw/vulnerability, using the guidance of the exploit, before a patch can be rolled out, leaving a digital system scrambling in the wake of the unforeseen breach.

Who? 

These under-the-radar strikes are often orchestrated by advanced cyber criminals, state-sponsored hacking groups, or unscrupulous entities with nefarious motives. The objectives are as varied as the threat actors themselves. For some, it’s about monetary gains whereas for others, it’s a tool for intellectual property theft, infiltrating state secrets, or merely sowing seeds of chaos. Corporate espionage and political machinations are just the tip of the iceberg when it comes to reasons behind these attacks.

Recent High-Profile Examples 

Some recent, high-profile examples of Zero-Day attacks include:

– In 2023, a critical vulnerability was uncovered in the secure managed file transfer (MFT) service provided by MOVEit, a transfer platform widely used by large companies in a variety of sectors including healthcare, government, finance, and aviation. The Russian-based Clop Ransomware group exploited the vulnerability and were able to steal data from eight UK organisations including BBC, British Airways, Aer Lingus, and Boots.

– In 2022 the CVE-2022-30190, a.k.a. Follina vulnerability in Microsoft Diagnostics Tool (MDST), was exploited and victims were persuaded to open Word documents which enabled attackers to execute arbitrary code. The government of the Philippines, business service providers in South Asia, and organisations in Belarus and Russia were all subject to the same zero-day attack.

– The notorious Microsoft Exchange Server hack in early 2021, widely believed to have been sponsored by a nation-state, exploited several previously unknown vulnerabilities in Microsoft’s email server software. The damage was widespread and profound, with tens of thousands of organisations worldwide left grappling with the aftermath before a security patch could be rolled out.

– Google’s Chrome suffered a series of zero-day threats in 2021, causing Chrome to issue updates. The vulnerability was a bug in the V8 JavaScript engine used in the web browser.

– A zero-day attack on video conferencing platform Zoom in 2020 where hackers accessed a user’s PC remotely if they were running an older version of Windows. The hackers targeted the administrator, allowing them to completely take over their machine and access all files.

– In 2020, the Apple iOS was attacked twice with zero-day vulnerabilities and one zero-day bug allowed attackers to compromise iPhones remotely.

How Businesses Can Protect Themselves 

So, how can businesses protect themselves against the threat of zero-day attacks? Given their nature, these attacks pose a formidable challenge, but protective measures that can be taken include:

– Regularly updating software updates and staying up to date with patching.

– Employing advanced threat detection tools that utilise behaviour-based detection techniques to pinpoint anomalies and unusual activity in network traffic (often the first sign of a zero-day attack).

– Conducting regular penetration tests and vulnerability assessments. These proactive practices can unearth previously unknown vulnerabilities within systems, allowing businesses to patch them before they are exploited. Following the principle of least privilege – limiting user access rights to the bare minimum needed for their work – can also help reduce the extent of potential damage should an attack occur.

– Beyond technological defences, investing in comprehensive cybersecurity awareness training for employees is crucial. An informed team acts as the human firewall against cyber threats, understanding the risks, recognising signs of possible attacks, and knowing how to respond swiftly and effectively.

What Does This Mean For Your Business? 

In the face of the ominous threat of zero-day attacks, businesses must adopt a proactive and comprehensive approach to digital security. A robust defence strategy isn’t a luxury but an absolute necessity in today’s digital age. It involves a constant balancing act of risk management, regular system updates, advanced threat detection, routine penetration testing, and vulnerability assessments, regular system audits, and maintaining a culture of security vigilance throughout the organisation.

A multi-layered security approach and a zero-trust model could, therefore, provide a solid foundation for defence although, because some vulnerabilities may still not be known until it’s too late, zero-day attacks remain an ever-present threat.

The potential devastation of zero-day attacks and their aftermath is unquestionable, but it is not an insurmountable challenge. By being as vigilant and proactive in defence measures as is realistically possible, businesses can steer through the murky waters of the cyber threat landscape, securing their digital assets, and upholding the trust of their customers and partners. The world of cybersecurity may be akin to a never-ending arms race, but with the right preparation and resilience, staying one step ahead must be an achievable goal.

Security-Stop-Press : Websites Hijacked Through WooCommerce Plugin Flaw

Posted on by Paul Stradling

Wordfence warned that large-scale attacks are under way against a vulnerability (CVE-2023-28121) in the in the WooCommerce Payments WordPress plugin.

The flaw in the plugin, which is installed on over 600,000 sites, gives attackers authentication bypass so they can impersonate arbitrary users, and perform some actions, including as an administrator, potentially leading to site takeover.

Wordfence says patches for the bug were released by WooCommerce in March 2023, and WordPress has issued auto-updates to sites using affected versions of the plugin.