Cyber Round-up

Welcome to Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.

Why security is everyone’s problem?

October is an important time of the year in Cyber as it marks the European Cyber Security Month (ECSM). ECSM is a campaign that runs from the 1st to 31st October every year, to promote the awareness of Cyber Security to both businesses and the general public.

The objectives of the ECSM include providing general Cyber awareness and the promotion of safer internet use for everyone. Each campaign is typically aligned to a general theme or message. This year’s theme is ‘Cyber security is a shared responsibility!’.

Too many times we see individuals and organisations making the same mistakes and this is primarily due to a lack of awareness and education. They do things like, focus their security purely on technology, focus only on the external threat, or in terms of organisations, make the IT department solely responsible for Cyber and Information Security.

All these are bad decisions, and if we consider that most IT departments and even IT companies today, are still not properly trained or educated in Cyber, we can see how this decision can end in tears.

The reality is, it’s our People that remain the biggest threat and thus the weakest link in Cyber Security today.

A common error made is to think that attackers won’t target you, as you have nothing of value or your business is too small to be attacked. This couldn’t be farther from the truth. Every individual has an identity and personal information that is of immense value to a cybercriminal. Combining this fact with the ever-increasing breach notifications released on a weekly basis (recent breaches including Facebook, Instagram & British Airways), ensures that any one of us could become a target at any time.

Email is still the biggest cause of compromise, with over 95% of successful attacks using email and phishing for their method of attack. Most people have at least one email account, so all it takes is for one person to fall victim to a phishing email, for our network and systems to be compromised.

Although not a silver bullet, Cyber awareness aims to help us educate the masses, preventing people from being click happy, getting them to pause for thought and consider whether they should, or really need to click that disguised malicious email link, which is masquerading as your bank, supplier or cloud provider etc.

If you are ever in doubt it is safer to delete the email and NEVER click any links.

Whether it’s to protect your organisations network and data, or your home networks and personal devices from compromise, we need to educate our families, friends, and co-workers to use good practice when using technology and the internet. We need to realise that this is not just IT’s or someone else’s problem, if we all work together, maybe then we can start to truly share the responsibility of Cyber Security.

@CyberSecMonth #CyberSecurityAwarenessMonth

https://cybersecuritymonth.eu/about-ecsm/whats-ecsm

Cyber-attack costs UK Council £2m

Copeland Borough Council located in Cumbria has revealed the Cyber-attack which compromised its systems in August 2017, has racked up costs of approximately £2 million, but they will never know if they were the ultimate target, as they host the Sellafield Nuclear Power plant.

The August Bank Holiday attack infected multiple UK borough councils with a new zero-day variant of Ransomware, which encrypted the council’s files and demanded a ransom in the form of Bitcoin payment. The impact to the Council was huge making it impossible to carry out day to day activities.

It is understood that the council was without basic IT functionality for approximately 10 weeks, which had a huge knock-on impact to other systems such as finance and payroll. Land registry charges, planning and providing fuel for the fleet all suffered, homes could not be purchased, while the backlog of council tax and business rates reached levels of more than 8000.

Copeland’s chief executive said: “We will never know if we were targeted because we host the largest nuclear site in Europe and are home to 80% of the UK’s nuclear waste.

“But we are of the view that this was a sustained, resourced professional attack. This wasn’t a spotty kid in a bedroom. It was an interstate attack.”

The extent of the attack meant that systems and processes were not full restored until February 2018.

This is another example which highlights a successful attack due to a lack of Cyber awareness and training, pressing home the shared responsibility of Cyber security. Copeland have since introduced multiple measures to improve its security, included mandatory cyber security training for all staff and members.

Earlier this year a report by Big Brother Watch said that it had received responses from 395 local authorities and that; 114 had said their systems had been breached, 25 reported they had experienced a data loss or breach as a result, and the majority of successful cyber-attacks began with so-called phishing emails designed to trick staff into revealing passwords and other data.

As a result of generally poor local authority Cyber practices and a number of high-profile attacks, the NCSC in collaboration with the DCMS and iDEA, are conducting a series of assessments across all UK local authorities, with a goal to improve the security posture and bring them in line with the Cyber Essentials baseline.

https://local.gov.uk/copeland-borough-council-managing-cyber-attack

VMware DoS Vulnerability

This week VMware disclosed an Important security vulnerability in its virtualisation hypervisor software, that can result in a Denial of Service.

VMware vSphere ESXi, VMware Workstation and VMware Fusion are all vulnerable to this flaw, which is found in the 3D-acceleration feature. An attacker with standard user privileges to a guest virtual machine, can cause an infinite loop in the 3D rendering shader, this results in the guest VM becoming unresponsive. This is not isolated to a single VM though as the same issue can occur on other guests, while the physical host running the guest VMs can also become unresponsive.

This vulnerability only exists if the 3D acceleration feature has been enabled. ESXi has this feature disabled by default while on Workstation and Fusion it is enabled.

Unfortunately, there is no security update to fix this issue, and the workaround is to simply disable the 3D-acceleration feature. You can find how to do this using the knowledge base links below.

VMware state: “There is no patch for this issue, customers must review their risk and apply the workarounds if applicable.”

Workstation and Fusion: https://kb.vmware.com/s/article/59146

ESXi Security Hardening guides: https://www.vmware.com/in/security/hardening-guides.html

Advisory: https://www.vmware.com/security/advisories/VMSA-2018-0025.html

And that’s it for this week, please don’t forget to tune in for our next instalment.

Sign Up

To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailList

You can also follow us using the social media links provided.

If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReview

 

Ironshare – Security Simplified

 

Edition #12 – 12th October 2018