Education & Training: The Downfall of File-less Attacks (AVT)

Whilst we are all aware of the file-less or zero-footprint attack, the growth in their use has been alarming. With regular anti-virus tools less likely to detect them, how can the ‘savvy’ CIO ward against them?

The answer lies squarely in the need for the education and training of employees, ensuring they fully understand exactly what an advanced volatile threat (AVT) is and what to do should one be suspected.

AVTs live in memory; they never touch the disk and can only steal information when the computer is running. The exposure ends when the user shuts down the machine.

From a technical point of view, the only way to deal with AVTs is with anomaly-based detection tools, which live on each individual computer/server. These tools look at all system activity, even down to keystroke patterns and analyze normal from abnormal behavior.

In the case of an AVT, detection is likely because it will probably open a service, to enable an external connection. It is through this service that data, is sent. Hence, the behavior would be deemed abnormal, detected and shut down.

The Business Continuity Institute’s (BCI) Cyber Resilience Report called for improved user education after revealing that nearly two thirds (64%) of global firms have experienced at least one cyber ‘disruption’ in the past year. The report comprised of interviews with 734 respondents from 69 countries, showing that user education is a global issue.

Phishing and social engineering were found to be the primary cause of more than half (57%) of disruptions, highlighting the urgent need for improved user education.In the case of an AVT, detection is likely because it will probably open a service, to enable an external connection. It is through this service that data, is sent. Hence, the behavior would be deemed abnormal, detected and shut down.

The Business Continuity Institute’s (BCI) Cyber Resilience Report called for improved user education after revealing that nearly two thirds (64%) of global firms have experienced at least one cyber ‘disruption’ in the past year. The report comprised of interviews with 734 respondents from 69 countries, showing that user education is a global issue.

Phishing and social engineering were found to be the primary cause of more than half (57%) of disruptions, highlighting the urgent need for improved user education.

Click here to read the full article in Info Security Magazine

GDPR Breach: Ready, Get-Set, Go!

So here we go, GPPR has been in force for just under two months and already two well known brands have been caught in its net.

Luxury retailer, Fortnum & Mason, have detailed the loss of some 23,000 customer records, which include emails, telephone numbers and delivery addresses of customers who filled out a survey, or took part in an online competition, being affected.

Fortnum had used Typeform, who specialise in creating such surveys, to organise these forms. It was Typeform who discovered that an unknown third party had gained access to its server and downloaded the data.

And, Travelodge has announced that 180,000 personal details of its clients were taken, which included date of birth, passport numbers and billing information.

As a result and under the new GDPR regulations (disclosure within 72 hours of a breach), both company’s have been forced to contact each person whose data has been lost, all of whom will need to change their details, such as passwords, and will need to monitor their personal credit rating closely, as well as any bank accounts and credit card statements, as there could be indications of ID fraud.

Colin Tankard, Managing Director of data security company, Digital Pathways, suggests, that this level of diligence can go on for a couple of years. Stolen data could be held for such a period until the ’heat goes down,’ with those affected forgetting about their details being taken, then the hackers strike.

Image of Colin Tankard, Managing Director of Digital Pathways    Colin Tankard, Managing Director of Digital Pathways

“If both of these brands had encrypted their data, they would not need to contact each customer as, under GDPR, if the data is encrypted, it is only the Information Commissioners Office (ICO) who need to be advised, as the encryption protects the data from being read.

“Data discovery tools can locate any sensitive data which has been created and stored within a network, even in back up tapes. And, such tools make a subject access request simple, as the name of the requester is used for the search and any relevant data is tagged and its location identified.

Click here to read the full article in Global Security Magazine