Cybersecurity provider NTT Security reports that five countries are the most common sources to 50 percent of global cyberattacks (Figure 2). Akamai states that two-thirds of Distributed Denial of Service (DDoS) cyberattacks originate in ten countries. Symantec, another provider, adds 13 more countries for a total of 23 countries, which are homes to the worst cyber offenders and who are responsible for two-thirds of all malicious internet activity.
Cyber Security
Especially while many people are still remote, technology has become more and more central to people’s lives, and we are talking about ways that things will or will not return to normal. As we hear about more and more cyber security incidents, each supposedly carried out by ‘sophisticated threat actors with unprecedented capabilities’, it’s time to talk about the mystique of cyber security and the problem it has with public perception.
Ransomware, Insurance, and Backups
Most people are not aware of the real impact and threat of ransomware campaigns going on almost constantly. While I’m sure everyone knows of the ransomware attack on the Colonial pipeline and the more recent similar attack on JBS, these are only the latest and most visible in a continuous stream of attacks. These are just the tip of the iceberg. The true scale is hidden not only by the media but also by a reluctance to talk about the problem.
Introduction to Steganography
All the techniques of steganography share one core concept, trying to hide a message. When children draw stick figures as secret messages to each other, they are practicing steganography. Modern steganography is usually a lot more malicious. It is used in malware command and control and the exchange of illicit information and material. If you do not know where to look it is frighteningly hard to detect.
Cyber Security and Humans
Over 2020 cyber security and technology have only soared in terms of profile and importance, with talk about threats to remote working from technology, difficulties, and some dramatic outages. Logistics, enabled largely by technology, have been essential to keep things moving and give people support and normality.
Counter-Ambush Tactics for Security Professionals – Part 2
The first two of these tenets involve soft skills which are sometimes referred to as Protective Intelligence (PI) and include situational and tactical awareness skills (route analysis and surveillance detection). The third tenet, Defend, requires hard skills such as the use of firearms and security driving. These hard skills may be required if we were unable to prevent or avoid an attack, and we end up in a situation where we have to survive an ambush. Continuing where we left off in Part One, we will finish covering some of the soft skills involved in Protective Intelligence and then move on to discuss the hard skills.
Hiding from OSINT
It often comes as a surprise just how much is available, and the nefarious uses it can be put to. OSINT can be applied towards defensive purposes, but we will be looking only at malicious purposes. One of the biggest challenges of OSINT is not merely recognising it as a threat, but encouraging the behavioural change needed to protect against it widely enough. It is not enough simply for a principal to stop posting Instagram pictures of their travels in order to hide them – their colleagues, friends, family, and employees also need to be aware of the need to take care with information which could be misused.
Industry News
We cast our eye over the main stories impacting the security industry. Here’s what’s appeared on the radar since the last issue.
Counter-Ambush Tactics for Security Professionals – Part 1
By far the best method to accomplish this goal is to adopt a predictive, preventative strategy for protecting clients based on the tenets of Detect, Deter, and Defend. To effectively employ these tenets, we need some very specific soft and hard skills. In the protective operations world, the “soft” skills are sometimes referred to as Protective Intelligence (PI) while in other security disciplines they are referred to as situational and tactical awareness skills. If we are unable to prevent or avoid an attack, we need to have some expertise in specific “hard” skills such as use of firearms and security driving so that we can survive an ambush.
Russia World Cup 2018 – Threat Analysis
With so many people heading to the World Cup, it’s important to have a situational awareness of the state of play in Russia. This can help you to plan ahead and mitigate potential threats.
Building Global Cyber Maritime Defence Standards
Shipbroker Clarksons confirmed its computer systems were breached in a major cyber-security attack. Today, more than ever, cyber security has to be the number one priority for the shipping industry. Naval Dome will be working with key stakeholders to establish global cyber maritime defence standards and guidelines
A View of Cyber Risk Security
Cyber risk security is becoming more common due to the advanced technology which daily continues to improve our already comfortable lives. We are undoubtedly living in a new era of constantly-evolving threats, which force us to re-think our defence plan. The old idea of being able to protect your data behind a wall, and block all ‘bad’ influences, is over.
Zero Day Vulnerabilities
There is no better time than now to dive into the world of zero day vulnerabilities. This article looks at how zero days behave, assesses some of the most infamous examples of them, and perhaps most importantly, provides best practices for how to deal with these elusive threats.
Cyber-Security Offshore
Over the past few years we have seen many incidents of cyber-attacks in the maritime and offshore oil and gas sectors including the tilting of oil rigs, malware riddled platforms and even port facilities industrial controls systems being hacked. Despite these incidents there seems to be a distinct lack of awareness throughout organisations.