Showing posts with label Cyber Attack. Show all posts
Showing posts with label Cyber Attack. Show all posts

Monday, 16 January 2017

The 5 cyber security statistics you need to know in 2017

‘Cybercrime is the greatest threat to every company in the world’ says IBM’s CEO, Ginni Rometty. If you’re already working on boosting your security – or haven’t started yet – now’s the time. Here’s five reasons why…


1. Cybercrime cost to hit £2.41 trillion a year - Juniper Research


Cybercrime is expensive. Get hit and you’ll feel it in your profits. For example, a successful DDoS attack will force your systems offline and can cost you upwards of £100,000 every hour. 2016 reported a 22% increase in cybercrime and it certainly didn’t go unnoticed in the media. Big names like Yahoo, TalkTalk, Tesco, Netflix, Sony and even the presidential election were victim to cyber-attacks.

Get EC-Council’s Certified Ethical Hacker certification to help defend against attacks.


2. Cyber security spending to exceed £815 billion by 2021 - CSO Online


Businesses continue to realise the need to spend more on cyber security products, like software and training. In 2016, over £6.5bn was spent worldwide on information security (Gartner).

Despite this growing demand for training, a 2016 government report highlights that there’s still much to be done for businesses. With just under a fifth of businesses ensuring their staff take part in cyber security training in 2016, staff and the general public are still too unaware of their responsibilities in this regard.  

3. Unfilled cyber security jobs to reach 1.5 million by 2020 - (ISC)² 


There’s a severe shortage of qualified cyber security professionals. What’s more, the average salary for a CISSP certified professional is now £62,500.

The effect of this shortage means businesses are struggling to implement the security measures needed. A recent study by Cybersecurity Ventures of over 1,000 IT Professionals globally found that IT security managers reported significant obstacles in implementing desired security projects due to lack of expertise (34.5%) and inadequate staffing (26.4%).


4. Four billion people online by 2020 (Microsoft)


Double the current number of people will be online by 2020. As 91% of attacks begin with email phishing (Mimecast), the potential exploitation for hackers here is massive. Avoid social engineering attacks by educating your employees on information security.

More worrying statistics concerning the growing number of employees online and with access to sensitive data, came from AXELOS. They found that 75% of large organisations and nearly a third of small organisations suffered staff-related security breaches in 2015 and 50% of the worst breaches of the same year were caused by human error.   

A simple and cost-effective way to test your employees cyber security knowledge is through EC-Council’s Certified Secure Computer User (CSCU) test. This will help benchmark the cyber security awareness and competence of your workforce.


5. 200 billion IoT devices will need securing by 2020 (Intel)


More internet connected devices – from thermostats to fridges - in the hands of the public means more opportunities for hackers to infiltrate home networks.

Take a look at the recent hack of the DNS provider Dyn, which brought down major organisations, as a result of an army of 100,000 IoT devices being hacked. Dyn Vice President Scott Hilton stated that the compromised devices had been hit with the notorious Mirai malware that scans for IoT devices that are still using their default passwords. It then enslaves those devices to a botnet army, which was used to force Dyn offline.

As technology develops and individuals and businesses increasingly adopt these novel technologies, the phrase, “with great power, comes great responsibility” has never rung truer. 

Are you prepared for the next cyber-attack?  

Friday, 21 October 2016

Twitter, Spotify and Reddit taken offline by a DDoS attack. Is anyone safe!?

Distributed Denial of Serivce (DDoS) has struck again, this time knocking some of the largest websites offline including the likes of Twitter, Spotify and Reddit.

Domain Name Servers (DNS) act as the Internet’s phone book. They facilitate your request to go to a certain webpage and make sure you are taken to the right place. So, when the DNS provider that gives you access to some of the world’s largest sites is hacked by a DDoS attack, you and I can't access those websites.

The attack happened early this morning. Some websites are coming back for some users, but problem looks by no means to be fully resolved.

Dyn posted the following update on its website: “Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available".

Here’s a list of websites that readers have told us they are having trouble:
  • Reddit
  • Spotify
  • Esty
  • Twitter
  • PayPal
  • Yammer
  • Wired.com
  • Yelp
  • Starbucks
  • Airbnb
As these businesses slowly return to functioning as they should, a lot of us may just shrug it off and return to re-tweeting and streaming music. But often these attacks are used as 'smokescreens' to hack your personal and confidential information. So stay up to date with how this story unfolds. 

The frequency of DDoS attacks have sky-rocketed in the past couple of years and this attack only confirms this reality. Having increased 125% over the past year and with more than 2,000 attacks observed worldwide by Arbor Networks, its time you secure your business.

The size and duration of these attacks is also on the rise with a 35% increase in attack duration and a 73% increase in attack size since last year. Worryingly, the average size of an attack is 986Mbps, enough to take most organisations completely offline.



Make sure you're not next

Firebrand Training are offering a DDoS Defence in a Day training course aimed at teaching you the skills to avoid being the next headline of a DDoS attack. We’ll educate you on the growing threat and ramifications of a DDoS attack.

In just one day you'll:
  1. Understand a DDoS attack, how it's executed and the implications to your business
  2. Experience demonstrations of DDoS attacks and their effects in real-time
  3. Learn the tools to detect, analyse and mitigate DDoS attacks
DDoS attacks have become commonplace. Learn the skills to protect your business before it’s too late. 




Get the skills to defend against a DDoS attack!

Falling victim to a Distributed Denial of Service (DDoS) attack can cost your business £1.2 million in damages. In the past year alone, DDoS attacks have increased 125% in frequency and 35% in attack duration and the average DDoS attack is now large enough to throw most organisations completely offline.

It’s time you ask yourself, how well can I defend myself and my business from a DDoS attack?

To help you answer this and get educated on the growing threat and consequences of a DDoS attack, Firebrand have launched a one-day DDoS Defence training course in the heart of London this December. In this short, accelerated training you’ll:
  • Understand a DDoS attack, how it’s executed and the implications to your business.
  • Experience demonstrations of DDoS attacks and their effects in real-time
  • Learn the tools to detect, analyse and mitigate DDoS attacks
If you're looking to avoid the relentless, everyday threats of a DDoS attack, this is the event for you. You’ll leave us with a clear understanding of what a DDoS threat is and how you can bolster your defence against such attacks.

 What is a DDoS attack and why do I need to know about it?


A DDoS attack is an attempt to overwhelm an online service with traffic from multiple sources. In short, it prevents legitimate users from accessing a server’s information or services because it is overloaded or ‘flooded’ with requests.

The ramifications of this kind of attack on your business are huge. The costs of being forced offline can exceed £100,000 per hour. If you’re not as fortunate, costs may escalate up into the millions. This was found in a survey where 21% of IT professionals said a DDoS attack would cost their business more than £50,000 per hour. Following this, 52% of consumers are found to lose trust in your organisation as a result of the outage.

The potential repercussions can include; financial losses, reputational damage, consumer agitation and legal issues. 

On our DDoS Defence in a day event, you will not only learn what DDoS is and why it should top your chief of security's list of fears, but you'll also learn the real-life practical skills you can use to defend your business.  

Think this won’t happen to you?


There’s no doubt that DDoS attacks are now commonplace yet there is still a clear disconnect between people acknowledging the risk of DDoS and doing something to mitigate it. With 124,000 DDoS attacks observed worldwide each week, the failure to prepare yourself for this threat means it’s a matter of when and not if you join the long list of organisations thrown offline.

And it’s not just small businesses that need to be worried. The BBC, MI5, HSBC and PayPal are all recent victims of a DDoS attack. The damages range from being forced offline for several hours to millions in damages. PayPal experienced 3.5 million in damages and had 100 workers spend three weeks repairing the damage following a DDoS attack.

Here’s (some of) what you’ll cover:

  • Demonstrations of DoS attack tools and their effect
  • Using simple widely available tools to launch DoS attacks to highlight the skill levels required
  • The concepts of DDoS; Moving from a single source to multiple sources, amplification and reflection
  • Demonstration of Botnet launching a DDoS attack, controlled from a single source
  • Mitigation measures for DoS and DDoS, including services provided and methods used
  • NCA national DDoS strategy

What you’ll get:

In addition to excellent training from one of our most experienced cyber security experts, you’ll receive:
  • Five free EC-Council CSCU exam vouchers worth £495: The Certified Secure Computer User exam is an easy way to benchmark the IT security knowledge of you and your staff. These will be provided before the course.
  • Seven hours of learning towards maintaining your certifications with CPEs: Contribute to Continual Professional Education for maintaining certifications from IT security vendors including EC-Council, (ISC)2 and ISACA.
  • Courseware and tools: All course materials including access to the tools demonstrated will be provided for future use.
  • Lunch, snacks and refreshments: These will be provided throughout the day. 

Who should attend?

This course, which combines both theory and practical examples is ideally suited to both technicians and managers responsible for cyber security. Whether you're defending on the front line or managing strategy, this course will be of benefit in preventing DoS.

Want to find out more?

If you’re interested in keeping your business safe then join us on December 20th for a one-day training event in Central London. 

If you want to find out more or purchase tickets, please visit our course page

If you have any unanswered questions then just drop us an email at one@firebrandtraining.co.uk



Monday, 30 November 2015

Cyber security red alert on Cyber Monday


Cyber Monday creates an ideal opportunity for malicious hackers to attack your business systems. As company servers are hammered by millions of genuine requests from eager buyers, the opportunity for a hacker to breach your system undetected increases. The consequences of which can be severe, considering the financial and public image implications a single breach can create. 

The current strain being exerted on IT infrastructure is strikingly similar to a common hacking technique. The tactic involves a single hacker targeting a network, followed by hundreds of hackers joining the attack to create a diversion. The noise created by the hundreds of additional hacker presents a smoke screen, enabling the initial hacker to breach the system. 

Attacks like these can collapse your infrastructure, forcing websites and whole servers offline. They are becoming all too common as cyber criminal look to cash in on the details stolen. 


Protecting your assets on Cyber Monday 


Today, on Cyber Monday, you should remain vigilant, especially if you're an online retailer. Loyal customers are currently creating the diversionary tactic which could allow a hacker to breach your system. If your attention is being distracted by sales, you should start focusing on security. 

A single breach could expose your data to criminals, or take your website offline for hours. Not only will you miss out on the valuable revenue created by these marketing ploys, the financial ramifications of a breach could collapse your business. Take TalkTalk for example, November’s breach of the telecoms giant is estimated to cost the organisation in the region of £30-35 million. 

Take the following steps to protect your assets on this busy day: 
  • Ensure you follow routine daily security checks – do not let your IT team be distracted by sales
  • Segment systems on separate protected networks – this tactic ensures that if one system or network is breached, an attacker won’t then have free roam to take down multiple systems simultaneously 
  • Increase monitoring of endpoint devices – pay regular and close attention to public facing systems to ensure any suspicious activity doesn’t go undetected. Now is the time to be paranoid, it’s the ideal time for an attack 

Future planning 


Whilst Cyber Monday is high risk, it’s important to prepare for the long term. A cyber-attack can happen at any time, it’s vital you and your team have the security skills implement a long term strategy. 

Investing in training employees is critical. Certification courses like the Certified Ethical Hacker and CISSP will develop the technical and strategic skills required to protect your company assets. You can learn to attack your own systems to identify weaknesses or devise a comprehensive and water tight security system. Stay vigilant.

Friday, 4 October 2013

Adobe suffers data breach affecting 2.9 million


By 


Adobe’s been hit by a major data breach. According to the company’s announcement, the attack affected 2.9 million of its customers. The stolen data contained names, passwords, as well as credit and debit card numbers.

Brad Arkin, Adobe's Chief Security Officer said: "We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident."

Adobe stated that all personal data was encrypted, therefore the risk for fraud or identity theft is low.
However, there are no details on the kind of encryption or security Adobe used for the stolen data.


Besides the initial breach, Adobe suffered a second attack, resulting in the loss of source codes to products, such as Acrobat, ColdFusion and ColdFusion Builder.

As a corrective measure Adobe started to reset some passwords and contact customers whose debit or credit card details were affected. 

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 24 May 2013

Why we have to take cyber-attacks more seriously



By 


The US defence secretary has said that cyber-terrorist attacks can be as devastating as a physical attack.

Leon Panetta said US intelligence showed "foreign actors" were targeting control systems for utilities, industry and transport to subvert computer control systems and wreak havoc. So the country is preparing to take pre-emptive action if a serious cyber-attack becomes imminent.  

"An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country" stated Mr Panetta in a speech to business leaders on the Aircraft USS intrepid. “Such a destructive cyber-terrorist attack could paralyse the nation and create a profound new sense of vulnerability," he continued.

Mr Panetta explained that smaller scale cyber-attacks are now common. In the last few weeks, many firms have suffered such attacks. He also discussed Shamoon attacks - where oil companies in Qatar and Saudi Arabia have had their computer data replaced with random code.

To know more about such attacks and to trace them, the US defence department developed tools, and a cyber-strike force to attack the source.

"Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests, if we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation, when directed by the president." Panetta concluded.

We all must be prepared for a cyber-attack, and to understand how much damage it can do. Companies are spending more money every day, to develop protection and to secure their database.

Cyber-attacks are the weapons of tomorrow.

Want to learn more about IT security?


Opportunities in IT security are appearing everywhere so why not take it? You could earn on average £50,000 according to ITJobsWatch.co.uk with the fasting growing sector in the IT industry. Find out more on our top four IT Security certs blog post.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Friday, 11 January 2013

Greatest threat to the UK armed forces - Cyber attacks



By 


A Cyber attack has now been said to be the biggest threat to the UK armed forces.

Despite this, MPs recently stated in a report that there are as of yet no plans to protect soldiers, warships and aircraft from hackers.

Almost everything has become reliant on technology and the internet which now-a-days can be easily compromised by a 15 year old in the comfort of his own house.

If radar and satellite systems were compromised and came under attack it could be fatal for our armed forces, the commons defense committee stated.

To add to our worries, the government seems to have no contingency plans meaning that the military would not know how to act in the event of a cyber attack.

Chairman James Arbuthnot stated “If it has none, it should say so, and urgently create some”. He also accused ministers of being complacent about the threat.

Last year, despite budget cuts in defense spending, Prime Minister David Cameron said that £650 million has been earmarked for a cyber security initiative. You can watch a video report on effectiveness of the investment here: Video: McAfee's CTO on UK government cyber security spending - 18 Dec 2012 - Computing News.

In another report by the Cabinet Office, British businesses have suffered about £21 billion a year from cyber crime.

Be part of the defense  join the counter attack and take advantage of the opportunity. Gain an IT security certification and earn up to £100,000.

Read here: http://www.crisp360.com/news/top-5-it-security-certifications to find out the top IT security certifications.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, , IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.

Friday, 16 November 2012

Sale: Access to corporate computers


In a recent report by the BBC, Cybercriminals are openly selling illegal access to the computer networks of many of the world’s biggest companies for just a few pounds.

The underground network of cyber criminals is even renting out access to use the machine to design their own scams.

Criminals will have the chance to attempt a massive hacking attack on big companies by using them as a springboard.

The underground network that offers these servers, was uncovered by Brian Krebs, a security researcher. It took him two weeks to access the forums and gain the  complete list of the corporate networks offered.

Right now the site is said to have 17,000 servers up for sale but he estimated that about 300,000 have been listed since 2010, when it first appeared. Since the discovery of the site, it has been changed to members-only.

Brian Kreb stated that the site was a broker for hackers that already had access to networks from separate attacks and wanted to sell them.

"They maybe individual hackers that have no use for these but know they have value and are re-selling them” he stated.

Companies are becoming more and more aware of the dangers of hackers and are increasingly searching for IT security professionals to defend them. IT security has become one of the fastest growing sectors in the IT industry.

Taking the opportunity
Opportunities in IT security are popping up everywhere so why not take it? Get the right security certification and earn on average £50,000.

Become an ethical hacker and get paid for it
The average salary of an ethical Hacker is over £40,000! (itjobswatch.co.uk). Aka a white hat hacker is someone who hacks and exploits zero days from companies who are looking to increase their security. That's right, they will pay you to find and exploit zero days in order and get rid all possible risks.


Tuesday, 30 October 2012

A new Cold War - worlds most complex virus

Stuxnet was what many call a wake-up call to countries around the globe (read about Stuxnet here). Iran has already responded to this attack by amassing the second largest online army in the world. The internet has taken over and is quickly becoming the next platform for war. The only problem is, you don’t know who is waging it.

Stuxnet was a weapon, and the first to be made entirely from code. Since then, several viruses have been identified. One in particular, which has been dubbed Wiper was believed to be deleting data in the Middle East and from computers belonging to the Iranian oil industry.

Future Cyber Security
By DGH source: Technology Moral Dilemma blog
July 1, 211
Wiper was so complex and sophisticated that even Kaspersky, the Russian security could not find the virus or any information on the creator/s. The malware wiped hard drives clean, including its own coding.

But who could finance this kind of technology? It was clearly not a teenage boy in his room doing a prank. This virus had a goal and a target.

The 15 year old security firm did not give up. They eventually found an MD5 hash and file name on computers in Iran. When they put everything together they found something big, of a complexity never seen before… Flame.

Kaspersky Lab researcher Alexander Gostev stated that “Flame is a huge package of modules almost 20mb in size when fully deployed. Because of this, it is an extremely difficult piece of malware to analyse”

He added “Overall, we can say Flame is one of the most complex threats ever discovered. In addition, the geography of the targets and the complexity of the threat leave no doubt it being a nation state that sponsored the research behind it.”

Competitor security firm Symantec agreed with Kaspersky, stating that “This code was not likely to have been written by a single individual but by an organised, well-funded group of people working to a clear set of directives. Certain file names associated with the threat are identical to those described in an incident involving the Iranian oil ministry.”

Morgan wright – Cyberterrorism Analyst stated that the virus had 20 times more coding in it than Stuxnet, the virus that knocked down Iran’s nuclear centrifuges. He added that Flame was not only designed for recognisance, but also to steal documents, audio data, screenshots and to wipe clean hard drives with important information.

For the victims of Flame, it was like having a spy with direct control of their computer.

Learn how to take Flame and Stuxnet apart and use forensic techniques to uncover the culprits. The EC-Council C|HFI v8 certification course will teach you the entire digital forensics process. You'll learn how to secure the scene, collect evidence, and send it to the lab for testing. You will learn the following:
  • How to investigate cyber crime, and the laws involved
  • Different types of digital evidence, and the examination process
  • The first responder toolkit - how to secure, preserve and evaluate the electronic crime scene
  • How to recover deleted files and partitions in Windows, Mac OS X, and Linux
  • How to use steganography, and the AccessData forensic toolkit
  • Password cracking and how to investigate password-protected file breaches
  • Log capturing and management
  • How to investigate logs, network traffic, wireless attacks, and web attacks
  • How to track emails and investigate e-mail crimes
Train to be the police of the future - get certified.

Here is an interesting video on the deconstruction of the Flame virus:


Friday, 17 August 2012

Cyber Attack on Worlds Largest Oil Company


The world’s largest oil company, Saudi Aramco, has reportedly been struck by a cyber attack. The company stated that almost all of their workstations have been hit by malware, adding that it is similar to the attack on the Iranian systems on April.


Since the report, the company have disconnected their network from the internet and expect their systems to be up and running by the end of the week. As of yet, no one has taken responsibility for the attack but oil-production industrial equipment seem to be unaffected and production of oil has not been altered.

Representatives of the company stated that “The company employs a series of precautionary procedures and multiple redundant systems within its advanced and complex system that are used to protect its operational and database systems”

Since the Y2K scare back in 1999, most of the world’s oil companies started embracing Windows-based systems with the addition of the massive expansion of the Internet there has been a huge increase in the chances of cyber attacks occurring in the energy industry.