Cyber attacks: the inconsistencies among UK companies facing DDoS threats
Cyber attacks: the inconsistencies among UK companies facing DDoS threats Read More »
4 November 2015
Cyber security 2015: “still room for improvement”
Cyber security 2015: “still room for improvement” Commentary from Herve Dhelin, Worldwide Marketing Director at Efficient IP Neustar’s latest DDoS Attack & Protection report shows that companies are now deploying hybrid security solutions against DDoS attacks (31 percent of respondents); which is a 55 percent increase over previous years, stating that “Firewalls alone are not sufficient; during attacks, they often create bottlenecks and accelerate outages”. I’m not at all surprised businesses are looking to increase their security solutions. When we released the 2014 DNS Security survey, in conjunction with IDC, we weren’t very surprised about the figures then either. Most of the companies surveyed had experienced DNS attacks with massive business impacts. But IDC noticed that most of the respondents were still using basic protection (i.e. firewalls) to protect their DNS infrastructure, even though this isn’t an adequate solution to DNS Threats. Most interestingly, the Neustar report shows that 77 percent of respondents detect the attacks in less than two hours, and 68 percent also respond to attacks in less than two hours. However, the financial risk of these attacks is measured at 100K per hour and 64 percent of the respondents need more that six employees to mitigate an attack. Looking at the statistics, it’s clear that even if though there’s been a big increase in the action taken to address DDoS attacks there’s still a huge problem – as most of the respondents need about four hours to detect and respond to an attack. At 100K per hour, it’s still approximately a 400k risk using at least six employees. Would your business be happy with those figures? In the particular situation of a DNS DDoS attack, it means that for at least during four hours, your employees aren’t able to use any business applications: web, email, VoIP etc. We can’t accept that in the best-case scenario your company will need four hours to detect and respond to attacks. It’s crystal clear to me that traditional solutions just aren’t sufficient. When we released DNS Blast last year, our aim was to ensure an answer to all queries, without valid queries being blocked by security solutions or because the server wasn’t performing as expected. The 17 million queries per second DNS Blast can absorb is enough to mitigate most of the attacks with just one DNS appliance. It also reduces the complexity of the DNS infrastructure. But most importantly, it’s done without any time needed to detect and respond to attacks or downtime for business as usual activities; DNS Blast absorbs the DDoS attack and reports in real-time to the network or security team. No need to deploy several staff and wait around for hours, losing money. Furthermore, DNS Guardian accurately analyses, in real-time DNS queries to understand what the attack is, and only blocks the bad queries – limiting false-positives which can be dramatic for the business. Just recall the Rackspace story in late 2014; an 11 hour incident blocked a large proportion of legitimate traffic from reaching rackspace.com. In addition, when hackers are using new techniques, such as Sloths or Phantom attacks, legacy security solutions can’t detect anything. Business continuity is the absolute priority; DNS Servers are supporting ALL business processes in any organisation and deserve the security they need to protect the company. Businesses cannot accept such poor performances as the best they can get to mitigate DDoS attacks. [su_button url=”http://www.efficientip.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]For more on Efficient IP click here[/su_button]
Cyber security 2015: “still room for improvement” Read More »
Redline expands its Sectors for Security Solutions
Redline expands its Sectors for Security Solutions Now an internationally-recognised provider of security solutions and training, it’s hard to believe that Redline began its days as a Post-It note on the fridge of one of its co-founders. Back in 2006, the leading quality assurance provider was the brainchild of Jim Termini and Paul Mason, whose shared experiences in the military and airline industry led them to Redline as it is known today. “Jim became an airline pilot and identified a need for better training in aviation security around the world,” says former flight instructor Paul. “My background has always been in teaching, so we put together a business plan to seek accreditations individually and plug those gaps, which were a world away from the security standards needed given our experiences.” In less than a decade, Redline has now managed to build up an internationally-acclaimed reputation, not only in aviation security but also in the protection and quality assurance of landmark buildings and high value assets. “We work with a range of clients from the high ranking global airports to global sporting events such as the Olympic Games” says Paul. One of the biggest achievements for Paul however was Redline’s awarding of the Airport Operators’ Authority Small Business Award in 2011. “To achieve that, you have to be recognised by the UK major airport groups. To do that, as a relatively young company, and with the competition we’re up against, was both rewarding and energising,” Paul says. With a new vision for 2015, Redline is now seeking higher climes, having recently secured a five-year quality assurance contract with Aeroports de Paris. As part of Redline’s new vision, Paul has two goals: targeting new sectors, and internationalisation. While the company is known for its foundations in aviation, Redline is also looking to provide cost-effective, difference-making solutions and services for the corporate, events, cyber security and Critical National Infrastructure sectors. How exactly are they aiming to achieve this? With simple “first principles,” says Paul. “The biggest change for Redline is the continual innovation to make sure the needs of a certain sector are serviced, and this is down to first principles. “We have a core product that is tailored to a specific industry. For example, an x-ray machine, no matter where it is, will require its operators to have a basic understanding of its first principles – that is ‘can I actually correctly interpret an x-ray image?’ We aim to understand these principles and encourage this in our teaching.” Geography is no obstacle for Redline either. As Paul explains, branching out into Europe has made them realise just how far a reach Redline’s security solutions can have across the world. As such, the company has recently implemented technology led “deployable classrooms” whereby students around the world can learn digitally through tablets. “We can deliver state of the art learning environments at the cost of just one trainer, giving all countries, regardless of organic capability, the ‘edge’ required be meet international standards” explains Paul. Certainly, working with Europe has inspired Redline to deliver its standards throughout the world, and Paul hopes to take these standards to every corner of the globe over the next five years. “Two thirds of Europe are lagging behind whilst the UK and US are leading the field of aviation security. “We aim to close that gap through our internationalization programme, providing the same customer experience with our established franchise model in a number of languages.” Whilst Redline have certainly got an exciting future ahead of them, the vision doesn’t stop there. Having worked with regulatory bodies such as the Security Industry Authority, the team at Redline are looking to evolve even further. “For the foreseeable future we’re going to focus on a franchise model of core training, quality assurance services and security management systems with integrated innovative technology led solutions. Once we’ve achieved that however, we will look into becoming a globally recognised ‘benchmark’ for quality and standards. “our focus throughout remains and ensuring the output of any of our services or products exceeds expectation, remains highly cost effective whilst offering the flexibility of being able to adapt with the environmental factors that affect our clients” [su_button url=”http://www.trustredline.co.uk/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Redline[/su_button]
Redline expands its Sectors for Security Solutions Read More »
13 reasons you need a Guard Tour System
13 reasons you need a Guard Tour System A guard tour system is a system used to help companies and organisations to organise, log and execute guard tours and patrols in their assets ensuring that the officers will accomplish their tasks within the predefined time intervals. There is a wide variety of guard tour systems, which can be divided in two major categories: Wand guard tour systems based on handheld devices and cloud guard tour systems based on modern mobile and cloud technology. Guard tour systems provide a means to check and record the time that a guard executes his guard tour by scanning specific checkpoints assigned on the area he patrols. Checkpoints are placed in certain points either on buildings or on other locations of a site or remote area and help the managing staff to identify each different location and each portion of a specific territory. The on-site officers can scan checkpoints, send SOS alerts, track and record events and conduct and send reports to the managing staff or the clients, even in real-time. Which industries need a Guard Tour System The implementation of a guard tour system will help companies to monitor their officers accurately in time and manage their assets more effectively, upgrading their security services. So, many different industries can take advantage of the use of a guard tour system: Security companies, to monitor officers / Lone Workers, manage guard tours and conduct reports. Educational Institutes, to increase the safety of their students Real Estate organisations, to manage their buildings and protect them from damage Public transportation services, to direct activities and manage daily incidents Finance Institutes, to be safe from external threats Warehouse departments, to assure the security status of their merchandise Manufacturing facilities, to protect from damages and record incidents in every aspect of manufacture process Cleaning and maintenance services, to manage their installations and workers Why use a Guard Tour System 1. Simplicity Imagine an officer conducting his daily guard tours by carrying a paper notebook and using it every time he passes from a specific checkpoint. He will have to write down any incident, describe the difficulties he may come up with or make any recommendations to improve the safety status of the patrolled region. Maybe there will be also an incident booklet that he should mark during his guard tour or fill in a paper form and spend some time recording what he just executed. If all officers follow the same procedure, a ton of paper should be used, many different notebooks should be examined by the managing staff and extra workload would be added in order to evaluate or combine information from all the different sources. Too much work and too much paper load? Guard tour software make things simple. No need for personal notebooks, no need to keep data in paper format. The officers send the reports by a simple tap of buttons on a smartphone or a rugged device and the monitoring centre receives information automatically. All they have to do is to scan some checkpoints and use a simple interface to describe all of their activity. They could also program their activities and guard tours and manage all of their work via a mobile device. No need to sign in booklets and describe events, no need to carry on booklets from the managed territories to the monitoring centre in order to be examined and get it back again. Simplicity is the core of any daily work and guard tour software eliminates paper load and reduces worktime, letting companies and officers focus on more significant aspects of their work. 2. Accountability Our daily life is deluged by data and numbers. We need data and information to evaluate processes, take decisions, visualise problems and suggest solutions. No company or organisation could survive today without gathering and analysing data and utilising it to afford solutions and manage workflow. Getting back to security guard industry and taking into consideration guard tours executed without a guard tour system (either wand or cloud based), we have to deal with a major problem: How to eliminate paper load? It is impossible to keep thorough recordings of any work process without using computer based system which automates procedures and eliminates paperwork. Even if there are strict guidelines in the delivery and conduct of reports and other necessary documents, there is no a reliable way to track and manage the whole procedure without losing information or valuable time. Certain doubts could arise in any stage of the patrolling process, such as: Which was the exact time a guard executed the guard tour? How many checkpoints were missed and for which reason? Are there any missed inspections that are not mentioned on the paper reports? Which are the exact time intervals a security officer accomplished the checkpoints scans? Are the reports delivered in the predefined time? How will a scheduled guard tour will be supervised without reliability issues arise? How easy would it be to search for guard tours and patrols executed six months ago? What if there is a device (e.g. hard drives, USB sticks) damage or archive loss? All of the above provoke trouble. It is obvious that there cannot be a trace of accountability. Even if there is some, the data acquired is totally non- reliable, and you need so much time to index, record, log and search for documents and reports. Use a Guard Tour System Accountability is the second key reason you need a guard tour system. All of your data can be stored in secure databases and retrieved at any time and from any location (in case of a cloud based guard tour system). You can track activities, organise schedules and create digital footprints of your officers in order to validate that guard tours are executed properly in time. Turning into a guard tour software configuration for your daily needs, you will add value to your work. Accountability and documentation will also make your life more simple, eliminating time consuming
13 reasons you need a Guard Tour System Read More »
Zaun wins MEI physical security award
Zaun wins MEI physical security award Zaun Group has won the Physical Security Award 2015, presented by former England cricket captain Graham Gooch at the Major Events Summit in London. Trade body Major Events International (MEI) has established the summit as what it plans to become an annual flagship event to showcase the expertise of its members and offer a peer to peer knowledge sharing forum for the sector. The summit is taking place over two days with day one covering safety, security and resilience and day two, venue technology and operations. Gooch OBE – England’s second highest ever runs scorer with 8,900 from 215 innings at an average of 42.58, with 20 tons and 46 fifties – made the presentation at an awards dinner on the middle evening. Zaun were joined by Saracens and England full back Alex Goode on their table at the dinner. Zaun joined MEI a year ago to extend its opportunities to supply temporary high security fencing systems to major sporting events worldwide. MEI has provided international business services and market penetration for more than eight years to companies who want to take advantage of Olympic and World Cup opportunities and win more business in major events. It interfaces with the international mega sporting events market and can offer in-country early entry support including proposal development, translation, sustained customer contact and market intelligence. MEI boasts contacts and connections with the key players in the UK, Europe, Russia, Qatar, Brazil, USA, China, Japan and Australasia. Zaun supplied temporary high security fencing for last summer’s 20th Commonwealth Games in Glasgow and for the 2012 London Olympics and Paralympics. Zaun also provided the security fencing for the NATO Conference in South Wales a year ago; the Nuclear Security Summit in The Hague in March 2014; the 2013 G8 Summit in Northern Ireland; and the 2013 Bilderberg conference at The Grove in Watford. [su_button url=”http://www.zaun.co.uk/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]For more on Zaun click here[/su_button]
Zaun wins MEI physical security award Read More »
Chinese government website compromised, leads to Angler
Chinese government website compromised, leads to Angler Zscaler, the Internet security company, has noticed a compromised Chinese government website that led to the Angler Exploit Kit with an end payload of Cryptowall 3.0. The “Chuxiong Archives” website, www.cxda[.]gov.cn, was compromised with injected code, but the compromise does not appear targeted and the site was cleaned up within 24 hours. The Threatlabz team have noticed some recent changes to Angler, as well as the inclusion of newer Flash exploits. The Zscaler team’s full analysis can be read below: Introduction Despite a recent takedown targeting the Angler Exploit Kit (EK), it’s back to business as usual for kit operators. On 30-October-2015, ThreatLabZ noticed a compromised Chinese government website that led to the Angler Exploit Kit with an end payload of Cryptowall 3.0. This compromise does not appear targeted and the compromised site was cleaned up within 24 hours. We have noticed some recent changes to Angler, as well as the inclusion of newer Flash exploits. A set of indicators for this compromise is at the end of this post. Compromised Site The “Chuxiong Archives” website, www.cxda[.]gov.cn, was compromised with injected code. The site has a similar lookand feel to both the Chuxiong Yi Prefecture and Chuxiong City websites and appears somewhat inactive, but surprisingly the site was remediated in less than 24 hours. The full infection cycle from compromised site to encrypted payload is shown in the fiddler session below. The injected code was before the opening HTML tag and was heavily obfuscated. The code, shown below, is very similar to other recent compromises we’ve observed and was present on every page of the site, suggesting a complete site compromise. Consistent with other recent examples, the injected code appears to target Internet Explorer (IE) since Firefox and Chrome consistently throw errors when attempting to execute the code and no redirection occurs. IE has no issues executing the code, however, which unsurprisingly decodes to an iframe leading to an Angler EK landing page: While we did not have access to the server-side code, it likely retrieves landing page URLs from a remote server since we observed iframes leading to multiple different Angler domains within a brief period of time. Landing Page The landing page for Angler is immediately recognisable, but with some notable recent changes. For example, instead of using a long block of around seven-character long strings inside divs tag, the newer landing pages use ‘li’ tags and most of the strings are only about two characters long. Additionally, there’s a conspicuous ‘triggerApi’ function toward the top of the main script block: Outside of these changes, the functionality of the landing page appears unchanged, and the goal is naturally to serve up a malicious SWF: Malicious SWF – CVE-2015-7645 Kafeine already broke the news that Angler is exploiting Flash 19.0.0.207, and we can corroborate that with the samples we’ve observed. In fact, we compared the sample from his recent post with one obtained from this infection and the structure is identical, with very few changes in the actionscript. The biggest change we saw was in the embedded binary data. Upon successful exploit cycle, a new CryptoWall 3.0 variant from the crypt13 campaign is downloaded and installed on the target machine. The image below shows a decrypted Command & Control (C&C) communication message from the CryptoWall variant which also contains the total number of files encrypted on the target system: Final Thoughts As stated, this seems to be business as usual for Angler EK operators. While these attacks were not targeted in nature, this is the first instance where we saw EK operators leveraging a government site to target end users. One interesting observation is that we no longer see any Diffie-Helman POST exchange to prevent replaying captured sessions for offline analysis. Additionally, there was a much larger number of C&C servers than we’ve previously observed, and some of the domain names seem to suggest multi-use hosts (e.g.: spam, bitcoin mining, etc). Note that none of the C&C servers are pseudo-randomly generated domains. ThreatLabZ will continue to track new developments with the Angler Exploit Kit. [su_button url=”https://www.zscaler.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]For more information on Zscaler click here[/su_button]
Chinese government website compromised, leads to Angler Read More »
Nedap Lunch & Learn sessions certified by CPD
The Lunch & Learn sessions that Nedap developed as a part of its Consultant Programme have been certified by the Continuing Professional Development (CPD) Certification Service. The Certification Service is the leading independent accreditation institution for the United Kingdom. CPD is becoming a more and more mandatory segment of a construction professionals career development. Ross Bale, Security Expert at Nedap says: “We believe that we, manufacturers, and consultants should exchange market and product knowledge to ensure that end users get a security system that truly meets their needs. That’s why we’re developing close working relationships with consultants, for whom Nedap has appointed single points of contact. For example, I’m personally supporting consultants in the UK with projects and answer any questions they may have.” He adds: ”We also started giving Lunch & Learn sessions on location, which aim to share knowledge and experience. These sessions don’t serve as a platform for promoting brand-specific products or solutions. They cover industry trends, including technological developments and legislation. For this reason, they have been certified by the CPD Certification Service as appropriate material to improve the professional knowledge of consultants. The sessions provide expert insight to support consultants in giving their clients the very best service. At the same time, the sessions enable us to learn from their practical experiences.”
Nedap Lunch & Learn sessions certified by CPD Read More »