The Threat of Fileless Trojans

The growth in the use of fileless or zero-footprint attacks is alarming. And while they seem to have been targeted at corporate networks so far, they will spread wider.

Fileless attacks do not rely on installing new software but use legitimate applications in the OS. An advanced volatile threat (AVT) does not write itself onto the hard drive but stays in the memory and is deleted once the system is reset. And it can be paired with other malware types to deliver multiple payloads.

All this means that regular anti-virus tools are less likely to become more successful. So what can be done to mitigate the likelihood of becoming a victim to a fileless attack? Read more

UK Councils Must Get Their Cyber Security ‘Act Together’

UK councils must get their cyber security ‘act together’ according to Colin Tankard, Managing Director of data security company, Digital Pathways

Human beings are always the weakest link in the cyber security arena and the only way to stop this is by providing excellent training and awareness programmes, according to Tankard.

He says, “My experience of working with these organisations is that, more often than not, the data owners or managers of departments do not consider who has access to their data and they leave the decisions to the IT Department expecting them to know who can access the data and what they can do with it. Then, when things so wrong, it is the IT staff that get the blame. This is wholly inadequate and short-sited.”

Read more

Tackling Push Payment Scams

The Payment Systems Regulator (PSR) has announced an industry-wide action plan to tackle push payment scams. A push payment is where a bank or other payment service provider (PSP) is instructed to transfer money from a customer’s account to another account. When a customer gives consent for a transaction to be processed, it becomes an authorised push payment.

Push payment scams are the second biggest cause of payment fraud in the UK, claiming £100m from 19,000 people between January and June 2017 alone. Authorised push payment scams occur when customers are tricked into authorising payments to an account that doesn’t belong to their intended payee.

From a digital security perspective, authorised push payments scams are a type of man-in-the-middle attack. These attacks happen when digital communications between two systems are intercepted by an outsider. There are several forms of man-in-the-middle attack, but two are especially common. Read more

Cybersecurity Predictions for 2018 – Part Two


In the first part of our overall look at 2018 predictions, we determined six of the top 11 trends that were predicted for this year. In this second installment we will look at the remaining five overall topics that are expected to shake cybersecurity in 2018.

IoT Legislation
The Internet of Things (IoT) may be the most affected sector by the Meltdown and Spectre bugs, but it’s the legislation that many determine will be the biggest game changer. Gary Hayslip, chief information security officer of Webroot, said: “Legislation will require IoT manufacturers to be responsible for producing products without known defects.”

It is also predicted that the power of IoT will be felt by businesses in a repeat of the Mirai botnet activity. Paul Barnes, senior director product strategy at Webroot, predicted a mass IoT breach spanning consumers and businesses, but this time with little ability to remediate based on the attack disabling hardware and demanding a ransom payment. Read more

Cybersecurity Predictions for 2018 – Part One

Over the course of December and into the New Year, my inbox fills up with predictions for what 2018 will bring cybersecurity.

At the end of 2016 we assessed a whole host of industry predictions and determined 12 topics that would dictate 2017: skills gap, ransomware, poor routine IT practices, political disruption, CIO activities, social media attacks, AI, advanced cyber-criminals, GDPR, a cloud vendor compromise and better security collaboration.

Most of that came true, although the predictions on ransomware came nowhere close to the impact that WannaCry and NotPetya would come to have. So with an inbox bursting with predictions for 2018, I triaged all of the comments into 11 themes. In no particular order, here are the first six:

It is no surprise that this features so highly after 2017’s headlines. In terms of evolution, it was predicted that after the mass distribution we would see more targeted attempts, with Eric Klonowski, senior advanced threat research analyst at Webroot, predicting the first health-related ransomware targeting devices like pacemakers. “Instead of ransom to get your data back, it will be ransom to save your life.” Read more

GDPR: The Silver Lining

ARE there four letters presently capable of generating greater fear and anxiety for organisations around the world than GDPR? Colin Tankard, managing director, Digital Pathways, seeks to alleviate those concerns

The majority of conversations surrounding the imminent arrival of GDPR – General Data Protection Regulation – strike a tone similar to the way citizens were prepared for nuclear Armageddon during the Cold War. But all is not what it seems; there are definite benefits to the GDPR and here are a few of them.

Before the digital era, businesses had a finite capacity for data storage. As filing cabinets looked ‘fit to burst’, it was time to assign non-useful or irrelevant documents to the shredder. The transition from hard to digital copy left the need to maintain ‘good housekeeping’ somewhat redundant with data very much out of sight, out of mind.

But storing data is costly, as is the storage of back-ups. It is estimated that over half of all information stored and processed by organisations has an unknown commercial value, with at least a third estimated to be redundant, obsolete or trivial! Read more

GDPR: new warning about data security, including job applications

There’s a new warning being issued for estate agents and all other businesses to ensure they are prepared for the General Data Protection Regulation, coming into effect on May 25 this year.

GDPR will impact how agents collect data from prospective clients in-branch, over the telephone, and how they communicate with portal leads. In practical terms it means that communications can only contain information a client specifically consents to receive.

GDPR replaces the 1998 Data Protection law and aims to protect individuals and organisations against data breaches by reducing risks which could allow data to be exploited by hackers or others. The law will apply across the EU and will take effect in the UK irrespective of the Brexit referendum and negotiations. Read more

Securing email is essential

Colin Tankard, Managing Director, Digital Pathways, examines why email is now such an essential communications and collaboration tool for both employees and consumers

According to the Radicati Group, there are currently more than 3.7 billion people using email on a worldwide basis, which it estimates will grow to more than 4.1 billion by the end of 2021. Part of this growth is anticipated to come from the migration of premise-based mailboxes to those based in the cloud.

The development of email was a revolution in communications. As a result, email has become the single most used application for the typical corporate user and is the primary method for sending information in and out of an organisation.securing Read more

Content filtering a potential challenge in digital single market

The proposed digital single market directive is intended to harmonise e-commerce and copyright throughout the European Union, but concerns have been raised over the technological impact this would have on UK industry

Cloud storage providers often use encryption to protect their users’ content, which could hinder content filtering. “Dropbox and other cloud storage providers talk about their content being encrypted as it is going into store,” says Colin Tankard, managing director of Digital Pathways. “So the ability to actually scan that content for any licence infringement becomes impossible.” Read more

Predictions for the Data Security Market in 2018

November 2017 by Colin Tankard, Managing Director of data security company, Digital Pathways

2017 was another year of major data loss and hacks. These breaches have increased pressure on business and individuals alike, to clearly focus on the importance of securing data. Whether the warnings are heeded, remains to be seen.

Colin Tankard, Managing Director of data security company, Digital Pathways, offers the following 10 predictions for the cyber market in 2018.

1. A major cloud player will be shut down for 24 hours due to a cyber attack and data loss. This will trigger users to question their existing providers as to levels of encryption, where are the keys held and who in the cloud organisation has access to the keys? This will see the growth in third party security services such as Bring Your Own Key (BOYE) will be the mantra, as companies will no longer trust a single cloud vendor and will spread their data around a number of providers to lower the overall risk of data outage.

2. IOT security will remain weak, even with the launch of light encryption. This will be due to manufacturers still using old chipsets that have security flaws.

Read more