Archive for January, 2017

RaaS: Hacking Made Easy

Monday, January 30th, 2017

Do you know what the greatest motivator in 2016 was for cyber attacks?

If you answered “ransom,” you were correct.

Known as the year of ransomware, a whopping 49% of businesses fell victim to cyber ransom attacks. Based on these numbers, IT professionals certainly have cause for concern. Especially when taking into consideration “hacking made easy,” or what we know as Ransomware as a Service (RaaS).

What is Ransomware as a Service?
Modeled after software-as-a-service, RaaS extends hacking to would-be cybercriminals. Drawing in participants with a minimum of script kiddie abilities, they execute by:

  • Accessing a darkweb TOR site and registering with a Bitcoin address. From there, they tailor and download their own version of the malware.
  • Using multiple Bitcoin addresses to run simultaneous campaigns.
  • Employing typical infection vectors for the executable. Targeted spear-phishing, spray-and-pray phishing campaigns, malvertising with contaminated ads on websites compromised with Exploit Kits are available for criminal affiliates. Unknowingly, the malicious files are downloaded, manually hacking Linux servers or brute forcing terminal servers.
  • In the end, 5%-25% of all ransom collected goes to the original developers. By creating free and easy malware that doesn’t require specialist knowledge to deploy, the ransomware bosses can score big profits with a large number of infections.

    The remaining income goes directly to the script kiddies who get a taste of easy criminal profits. With access to hacking made easy tools like insider statistics and campaign settings, they can continue to conduct ransomware campaigns with little effort.

    Just $39.99 a Month for Our Hacking Made Easy Toolkit!

    It sounds like a cheesy infomercial, but hackers understand that hooking perspective evildoers is big business. A cryptoware program called Stampado, being sold on the darknet for $39 even had a YouTube video promoting the RaaS subscription.

    While less experienced online attackers might be drawn in by the “hacking made easy” value proposition. More sophisticated actors will go after stable, flexible, and refined vectors.

    In the wild we’ve seen this through the use of a Cerber variant, tied to a $2.5 million dollar a year RaaS ring. According to research reports, the RaaS ring included 161 active campaigns with eight new campaigns launched daily. In July 2016, it was estimated that criminals earned close to $200,000. Victims paid approximately 1 bitcoin ($590) to decrypt files locked by the Cerber ransomware.

    Protecting Against RaaS
    We urge victims against buckling to extortion if at all possible. Each time a ransom is paid, malicious actors gain resources to do more damage. While sometimes paying for decryption is unavoidable, we suggest taking these steps for the best possible outcomes.

  • Use a product that guarantees its protection technology. SentinelOne assures users that if we’re unable to block or remediate the effects of a ransomware attack, we’ll pay for it. We’ll reimburse your company or organisation up to $1,000 per endpoint, or $1,000,000 in protection overall for the company.
  • Go beyond signature-based endpoints with behavioural detection. Malware authors understand that endpoints identify malware based on structure. By using behavioural detection instead, it can watch the malware’s path and actions before taking steps to protect.
  • Backups are essential in neutralising the threat. Using 10-minute interval snapshots and sending the data to the cloud can provide insurance in the event of an attack.
  • Educate end users on Ransomware as a Service. In 2017, it’s likely that we will continue to suffer from ransomware attacks. The first line of defence is a knowledgeable workforce that understands the ramifications of opening a curious email or clicking a malicious ad. By giving them experience through simulated phishing attempts, you can gauge the preparedness of users to spot keepers of ransomware strains.
  • To learn more about the impacts of ransomware, visit our Global Ransomware Study 2016 infographic. Or for greater detail, view our research data summary.

    Please note the below has been produced by SentinelOne. To view the original article click here.

    Palo Alto Networks Launches Cybersecurity Guide for Directors and Officers

    Monday, January 30th, 2017

    Actionable Advice, Insights and Best Practices From Cybersecurity Experts and Top Advisors on Risk, Leadership, Human Resources, Legal and Reputation Management

    Palo Alto Networks® (NYSE: PANW), the next-generation security company, has announced the publication of “Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers – United Kingdom.” This guide will provide U.K. boards, executives and C-level officers at enterprises, government agencies and other organisations with practical, expert advice on how to raise the bar on cybersecurity.

    As threats continue to grow in number and complexity, new EU legislation, in the form of the General Data Protection Regulation (GDPR) and the Network and Information Security (NIS) Directive, provides a unique opportunity for business leaders to rethink how they can build state-of-the-art cybersecurity strategies and systems fit for current and future challenges. As such, the guide helps start necessary discussions and determine the next steps toward preventing cyber breaches and maintaining trust in our digital age.

    Building on the success of the U.S. edition of the guide launched in October 2015 with the New York Stock Exchange (NYSE), the U.K. edition was written in conjunction with U.K. thought leaders from the public and private sector, and published by Forbes.

    Collecting the expertise and experience of CEOs, CISOs, lawyers, consultants and former government officials, this U.K. guide is intended for those new to the cybersecurity topic as well as seasoned leaders in the field. It contains practical and expert advice on a range of cybersecurity issues to allow business leaders to start, or continue having, the conversation on such topics as EU legislation, enabling innovation, executive responsibility, your security leadership team/hiring the next generation CISO, and responding to crisis.

    Quotes:

    “A chief executive’s role is to balance both the risks and the op­portunities in all situations. Good governance around cybersecurity – essential risk manage­ment – can be a defining factor in organisation­al excellence, building compliance, enterprise-wide awareness, and commitment…this book is an indispensable tool to support indi­vidual leaders and teams that make the choice to master this risk rather than to fall victim to it.”

    Sir Iain Lobban, former chief of the U.K.’s intelligence and security agency, GCHQ, and now a senior adviser to a range of global companies on cybersecurity risk and governance; taken from “Preface – Mastering Cyber Risk in 10 Steps.”

    “What we are now seeing is the evolution of what is known as ‘privacy architecture’, a set of guidelines and principles that are embed­ded into your business and technology pro­cesses from the ground upwards, rather than overlaid upon it. This bakes cyber resilience into your operating DNA, with reduced compliance overhead and resource require­ments.”

    Gregory Albertyn, senior director, and Avi Berliner, manager, PwC; taken from “Chapter 1 – What is the Process for Achieving State-of-the-Art?”

    “The CISO position is now widely recog­nised—but they must understand the objec­tives of making a return for investors. An effective CISO is not expected to apply more controls and barriers across an organisa­tion. They need to be acutely commercially focused…”

    Chris Bray, Gavin Colman and Giles Orringe, partners, Heidrick & Struggles; taken from “Chapter 11 – Hiring the Next-Generation CISO.”

    “Our digital dependence is another business challenge with both risks and opportunities. We should not underestimate its breadth of impact, but we should also not burden boards of directors with overly technological conversation.”

    Edward M. Stroz, founder and executive chairman, Stroz Friedberg; taken from “Ensuring Your Board is on the Same Page Regarding Cyber Response.”

    “Upcoming EU legislation is an opportunity to raise the bar on cybersecurity, but there’s often a language disconnect between the virtual front line and organisational leadership. We’ve worked with experts, across public and private sectors, to translate complex topics into guidance that enables business leaders to join forces with cybersecurity teams on developing state-of-the-art preventative security strategies. In doing so, we hope to help them prevent cyber breaches and preserve trust in the digital age.”

    Greg Day, vice president and regional chief security officer, Europe, Middle East and Africa, Palo Alto Networks

    Other contributing authors include:

  • Joel Harrison – partner, Milbank, Tweed, Hadley & McCloy LLP
  • Ian West – chief of cyber security, NATO Communications and Information Agency
  • Sir Michael Rake – chairman, BT and Worldpay
  • Conrad Prince – cyber ambassador, Department for International Trade’s Defence and Security Organisation
  • Ryan Kalember – senior vice president of cybersecurity strategy, Proofpoint
  • Mark Hughes – president, BT Security, BT Global Services
  • Lee Barney – head of information security, Marks & Spencer
  • Troels Oerting – group chief security officer, and Elena Kvochko, CIO, group security function, Barclays
  • Alan Jenkins – associate partner, IBM Security
  • Mark Weil – CEO, Marsh UK and Ireland, Marsh Ltd
  • Richard Meredith and George Little – partners, Brunswick
  • To learn more about cybersecurity from leading experts and contributors, and download your own copy of the guide, visit: https://get.info.paloaltonetworks.com/webApp/ceos-navigating-the-digital-age-global-uk-en

    For more best practices, use cases, and expert advice on managing cybersecurity risks, visit: www.securityroundtable.org

    To learn more about how Palo Alto Networks helps organisations prevent successful cyberattacks with its Next-Generation Security Platform, visit: www.paloaltonetworks.com

    Ruckus Adds R510 to Unleashed Portfolio Plus Some Exciting New Updates!

    Wednesday, January 25th, 2017

    simply-better-wireless

    The Ruckus Unleashed access point line now includes the popular R510 802.11ac Wave 2 AP which is ideal for all enterprises and their wall-mount H510 802.11ac Wave 2 AP which works great as an in-room access point.

    In addition, with the upcoming 200.3 firmware release, Unleashed access points will now support Gateway Mode enabling direct connectivity to a cable or DSL modem leveraging built-in DHCP server and NAT support. This enables a service provider, owner or installer to deploy Unleashed APs in multi-dwelling units (MDU), small single-site retail shops and smart-homes. Here are the highlights:

    This enables the deployment of Unleashed APs in multi-dwelling units (MDU), small single-site retail shops and smart-homes. Here are the highlights:

    • R510 / H510 Unleashed APs – Ruckus’ popular 802.11ac Wave 2 APs now Unleashed
    • Gateway Mode – ease installation of an Unleashed AP directly to a cable/DSL modem
    • SpeedFlex – built-in speed test tool enabling troubleshooting between Mesh connected Unleashed APs
    • Unleashed Management App – installation of Unleashed APs will now be even easier
    • Static Client IP Addresses – connected clients can preserve assigned IP addresses

    One of the updates we are most excited about is the launch of the Unleashed management app. This app will further simplify an already easy to install portfolio of Unleashed access points.

    The app will be available in February 2017

    iboss Launch Special Bundles for EDU

    Monday, January 23rd, 2017

    iboss-platform
    iboss have launched a number of discounted bundles in time for the BETT show.

    All pricing is below. If you’re down at BETT, iboss will join Net-Ctrl on stand C63.

    We also have the option to book a meeting room with iboss on their stand to deliver an iboss demo and answer any questions. If this is of interest please PM with your preferred day and time to meet.

    iboss Network Security is a leading provider of innovative APT Defence, Web Security and Mobile Security Solutions. Unlike legacy technology, iboss industry-leading solutions were built from the ground up to meet the challenges of a mobile-enabled world, with the goal of increasing security without jeopardising business efficiency.

    Bundle 1 – 2160-AM appliance (3 year maintenance incl.)
    300 x 3-Year SWG licenses & Maintenance.
    Max Users: 300. Max Bandwidth: 100MB
    £5,000.00

    Bundle 2 – 4560-AM appliance (3 year maintenance incl.)
    1000 x 3-Year SWG licenses & Maintenance.
    Max Users: 1000. Max Bandwidth: 300MB
    £8,500.00

    Bundle 3 – 14600-AM appliance (3 year maintenance incl.)
    2000 x 3-Year SWG licenses & Maintenance.
    Max Users: 10000. Max Bandwidth: 1GB
    £9,500.00

    Bundle 4 – 2160 AM Cybersecurity Bundle (3 years maintenance incl.)
    300 Users -2160-AM appliance -IWR 3960 reporter -SWG & ATP Licenses Included.
    Max Users: 300. Max Bandwidth: 100MB
    £10,000.00

    Bundle 5 – 14600 AM Cybersecurity Bundle – (3 years maintenance incl.)
    2000 Users -14600-AM appliance -IWR 5960 reporter -SWG & ATP Licenses Included.
    Max Users: 10000. Max Bandwidth: 1GB
    £15,000.00

    Learn how to beat Ransomware with iboss and Net-Ctrl on Stand C63

    Friday, January 20th, 2017

    iboss-logo
    iboss will join Net-Ctrl on stand C63 at BETT 2017. We are offering product demonstration sessions to all attendees with an iboss expert.

    If this is of interest please email marketing@net-ctrl.com with your preferred day and time to meet.

    iboss Network Security is a leading provider of innovative APT Defence, Web Security and Mobile Security Solutions.

    Unlike legacy technology, iboss industry-leading solutions were built from the ground up to meet the challenges of a mobile-enabled world, with the goal of increasing security without jeopardising business efficiency.

    iboss goes beyond protecting the web browser; designed to secure any organisation, anywhere, any time, any device, direct to cloud:

  • The only cloud security able to detect protocols such as TOR that circumvent traditional web browser security
  • Secures HQ plus all branch offices and road warriors direct-to-cloud in seconds
  • Delivers instant, infinite scalability on-demand
  • Eliminates the need to backhaul data for remote sites and mobile users
  • Offers options for all-cloud, all on-premises or hybrid configurations
  • The Prevent Duty Act

    More than ever it is essential that schools and educational establishments have the correct filtering and security in place to safeguard their students or else face repercussions from Ofsted and other governmental bodies. Ofsted needs to know how the schools will identify strange behaviour and what the safeguarding representative does to protect the students.

    To comply with the duty, you must provide an approved solution to the school which iboss does comply.

    Meet us at BETT

    Iboss will join Net-Ctrl on stand C63. We also have the option to book a meeting room with iboss on their stand to deliver an iboss demo and answer any questions.

    If this is of interest please email marketing@net-ctrl.com with your preferred day and time to meet.

    Consumers increasingly aware of online security risks, but hold businesses responsible for data breaches, finds Gemalto study

    Wednesday, January 18th, 2017

    Gemalto, the world leader in digital security, today released the findings of its 2016 Data Breaches and Customer Loyalty report, revealing that consumers put responsibility for protecting their personal data firmly at the hands of the organisations holding their data – and not themselves.

    According to the 9,000 consumers surveyed in Australia, Benelux, France, Germany, Russia, UAE, Saudi Arabia, India, Japan, United Kingdom, and United States, 70% of the responsibility for protecting and securing customer data lies with companies and only 30% of the responsibility with themselves. Yet, less than a third (29%) consumers believe companies are taking protection of their personal data very seriously. This comes as consumers are becoming increasingly fearful of their data being stolen, with 58% believing it will happen to them in the future. More than 4.8 billion data records have been exposed since 2013 with identity theft being the leading type of data breach accounting for 64% of all data breaches[1].

    Where consumers see most risk
    Despite becoming more aware of the threats posed to them online, only one in ten (11%) believe there are no apps or websites out there that pose the greatest risk to them and consumers are not changing behaviour as a result:

  • 80% use social media, despite 59% believing these networks pose a great risk
  • 87% use online or mobile banking, with 34% believing they leave them vulnerable to cybercriminals
  • Consumers are also more likely to shop online during busy commercial periods such as Black Friday and Christmas (2% increase online versus -2% decrease in store), despite 21% admitting the threat of cyber crime increases a lot during these periods
  • Consumer attitudes on data breaches
    Nearly six in ten (58%) consumers believe they will be a victim of a breach at some point, and organisations need to be prepared for the loss of business such incidents may cause. The majority of consumers who currently use the following, say they would stop using a retailer (60%), bank (58%) or social media site (56%) if it suffered a breach, while 66% say they would be unlikely to do business with an organization that experienced a breach where their financial and sensitive information was stolen.

    How data breaches affect consumers
    The study found that fraudulent use of financial information has affected 21% of consumers, with others experiencing fraudulent use of their personal details (15%) and identity theft (14%). More than a third (36%) of those who have been a victim of a breach attribute this to a fraudulent website. Clicking a bad link (34%) and phishing (33%) were the next highest methods consumers were caught by. In keeping with the theme of putting the blame at the organisation’s hands, over a quarter (27%) attributed the breach to a failure of the company’s data security solutions.

    Lack of security measures influence consumer confidence
    The lack of consumer confidence could be due to the lack of strong security measures being implemented by businesses. Within online banking, passwords are still the most common authentication methods – used by 84% for online and 82% for mobile banking, and more advanced transaction security the next highest for both (50% and 48% respectively). Solutions like two-factor authentication (43% online and 42% mobile) and data encryption (31% online and 27% mobile) trail behind.

    Similar results can be seen in both the retail space, with only 25% of respondents that use online retail accounts claiming two-factor authentication is used on all their apps and websites, and in social media, with only 21% using the authentication for all platforms. Only 16% of all respondents admitted to having a complete understanding of what data encryption is and does.

    “Consumers have clearly made the decision that they are prepared to take risks when it comes to their security, but should anything go wrong they put the blame with the business,” said Jason Hart, CTO, Data Protection at Gemalto. “The modern-day consumer is all about convenience and they expect businesses to provide this, while also keeping their data safe. With the impending threats of consumers taking legal action against companies, an education process is clearly needed to show consumers the steps they are taking to protect their data. Implementing and educating about advanced protocols like two-factor authentication and encryption solutions, should show consumers that the protection of their personal data is being taken very seriously.”

    Related Resources
    Download the full 2016 Data Breaches and Consumer Loyalty Report here
    Download the Infographic here and video infographic here

    [1] According to Gemalto’s H1 2016 Breach Level Index

    Secure Response Services will Exhibit on Stand C63 at BETT 2017

    Wednesday, January 18th, 2017

    SRSNet-Ctrl provides a 24 hour, 365 days a year Alarm Receiving Centre through our partner SRS who will be joining us at BETT 2017.

    Net-Ctrl has been working in collaboration with Secure Response Services to offer a 24 hour, 365 days a year Alarm Receiving Centre.

    Their expert team are available 24/7 to provide you with tailor-made support for all your security needs – from guarding and CCTV to physical security and consultation services.

    At the centre of this service is their ARC (Alarm Response Centre). It’s the hub of their secure services, where they monitor activity, receive alerts and develop responses, with state-of-the-art software and an experienced incident management team.

    Any incidents that come into the ARC are dealt with using clearly defined response protocols, developed to suit the individual needs of each of our clients. This enables them to react to the facts of an incident quickly and efficiently.

    ARC Services

    The ARC provides a number of services, including:

      • Intruder alarm monitoring and response
      • Lone worker monitoring and response
      • Energy efficiency control
      • Video wall patrols and monitoring
      • Access Control Monitoring
      • Call handling and incident recording
      • Remote access control
      • Video motion detectio

    Standards and accreditations

    Our ARC and the team have the following accreditations:

      • BS5979 – Structure of the ARC
      • BS8418 – Video Motion Detection
      • BS7858 – Screening and vetting of employees
      • CCTV SIA Licenses – All staff fully licensed in all CCTV duties
      • CCTV SIA Door Supervisor/Guarding – All staff fully licensed for Guarding

    We will have security experts on the stand to discuss your needs and requirements, answer any questions, and work with you to build your own secure response offering.

    For more information, please email maketing@net-ctrl.com.

    CEM Access Control and Aperio Wireless Locking Technology join forces with Net-Ctrl on Stand C63

    Monday, January 16th, 2017

    CEM-logo     Aperio_logo

    At BETT 2017 we will be showcasing two integrating solutions to secure your premises with some of the latest technology on the market.

    CEM Systems is a leading provider of access control and fully integrated security management systems. CEM manufactures both the access control system hardware and software. This uniquely offers unparalleled levels of flexibility in selecting a complete access control solution to meet your security needs.

    AC2000 Access Control – AC2000 provides a highly stable, proven solution for installations where security is of paramount importance. It has the ability to integrate with and display alarms from third party security systems such as video, intrusion, intercoms and perimeter detection making it a complete security management system.

    The CEM system integrates seamlessly with the Assa Abloy Aperio Wireless Locking Technology.

    This integration provides customers with a convenient way to add the flexibility of wireless locks to any door in an AC2000 secured facility. The Aperio locks are also managed through the AC2000 security management system, enabling the remote monitoring of alarms and remote door opening.

    Aperio wireless locks can be operated with the same access cards you use for your existing system. With a wide range of high security, certified battery-powered locks for many different applications Aperio cuts energy costs, reduces maintenance and is the logical choice for schools and colleges of all sizes looking to upgrade their access control systems.

    • Connect more doors to your access control
    • Solve the lost key problem by using existing cards
    • Install locks in less than 2 minutes
    • Reduce energy consumption by up to 76%
    • Cut maintenance costs by up to 67%
    • Increased battery life with 2-year replacement

    We will have a range of equipment on the stand as well as a host of technical resource to discuss your building management project, answer any questions, and work with you to build your own building management system.

    MOBOTIX will exhibit on stand C63 with Net-Ctrl at BETT 2017

    Friday, January 13th, 2017

    MX-banner
    MOBOTIX IP cameras have been known for their high-quality video performance and low bandwidth consumption thanks to their “decentralised architecture”.

    The cameras themselves execute video analysis & event detection internally and manage their video ring buffer on a NAS or server by themselves.

    MOBOTIX video systems are very reliable and need fewer servers, fewer workstations and less network infrastructure than other brands. Encrypted recording by the camera itself guarantees data security and privacy

    Key Features:

    6MP “Moonlight Sensor Technology“, which is very light sensitive and produces brilliant videos even in difficult low-light conditions without any motion blur

    MxAnalytics • Video Analysis and Behavioral Detection – produce heat maps and to count objects in user-definable corridors with automatic reports. It also analyses the behaviour of moving objects and can generate automatic alarms.

    MxActivitySensor – detects moving objects even in worst weather conditions like heavy rain and snow fall. Scene irritations like shaking trees and swaying camera poles caused by heavy wind are compensated as well.

    The MOBOTIX portfolio includes:

    • Weatherproof External Cameras
    • Internal Cameras
    • Thermographic Cameras
    • Video Door Entry Systems

    Each camera comes with a range of lens, housing and mount options.

    We will have a range of equipment on the stand as well as a host of technical resource to discuss your IP-CCTV project, answer any questions, and work with you to build your own High-Res IP-CCTV system.

    Ruckus Wireless will exhibit on stand C63 with Net-Ctrl at BETT 2017

    Monday, January 9th, 2017

    Ruckus-Wireless
    Ruckus Wireless will be joining Net-Ctrl at BETT 2017 on stand C63 with their range of ‘Smart Wi-Fi’ solutions.

    Ruckus Smart Wi-Fi technology redefines what’s possible in wireless network performance with flexibility, reliability and affordability.

    Ruckus has never relied on off-the-shelf, reference design radio technology—it doesn’t deliver the capacity, range or interference mitigation necessary to make real the dream of wireless that works everywhere, all the time. Ruckus delivered the industry’s first adaptive antenna technology to overcome RF interference on Wi-Fi networks.

    What make Ruckus, well, Ruckus..

  • Performance – Ruckus’ deep history of technical innovation means superior, dependable wireless performance. Everywhere, all the time.
  • Simplicity – Ease of install and management for IT? Ease of use for end users? These are just a given.
  • Flexibility – Ruckus provides the utmost flexibility for all the wireless networking scenarios a school or college might have.
  • Moving Beyond Wi-Fi

    Ruckus Wi-Fi itself is now much more than super-fast connections, it’s a platform for a host of capabilities—like location analytics and engagement technology.

    Visit Net-Ctrl and Ruckus Wireless on stand C63 to find out more about Ruckus’ portfolio of ‘Smart Wi-Fi’ solutions.

    BETT 2017 is going to be held at the Excel in London from the 25th-28th January. Book your free ticket now.