G4S Africa supports small business development thr... » The latest product in the G4S Deposita range is a smart safe system called mini-pay that holds up to... Commissioner's statement following incident in Man... » This is an utterly appalling attack. My thoughts are with the people of Manchester as they try to co... UPDATE: Policing events in the Capital » Following the horrific terrorist attack in Manchester last night, in which 22 people were killed and... Statement from Assistant Commissioner » Statement from Assistant Commissioner Mark Rowley, Head of National Counter Terrorism Policing: The... Met intensifies policing activities in London fol... » The Metropolitan Police Service (MPS) has increased police numbers and operations across the Capital... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTORA... » Please visit also: www.scorpionnewscorp.com SERIES: BUHARISM AND THE FIERCE URGENCY OF NOW A treat... Home Secretary’s statement on the Manchester attac... » I know that some people will only just be waking up to the news of the horrific attacks in Mancheste... Checkpoint Systems unveils Bug Tag 2 loss preventi... » Checkpoint Systems has announced the launch of Bug Tag 2 – an innovative loss prevention solution th... Edesix launches new head and torso mounted body wo... » Edesix has announced the launch of new head and torso mounted cameras. The X-100 is a side-mounta... Banknote Watch offers essential advice as old £5 i... » As of Friday 5th May 2017, the paper £5 note was officially withdrawn from circulation and no lo...

CLICK HERE TO

SOCIAL BOOKMARK

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Case Studies

Following up on the global cyber attack story, Ilia Kolochenko, CEO of High-Tech Bridge has a number of additional thoughts which you may consider for any story:

 

"This incident exposes how a two-month old vulnerability can cause global panic and paralyze the largest companies and governmental institutions on all continents. Worse, cybercriminals could have easily released this worm just after the NSA's 0day was leaked two months ago, and this would have led to much more destructive consequences.

There is nothing new in this particular attack, and the main cause of the epidemic is our failure to adhere to cybersecurity fundamentals.

Many companies were infected because they failed to maintain a comprehensive inventory of their digital assets, and just forgot to patch some of their systems. Others, omitted or unreasonably delayed security patches. Last, but not least – malware's capacity to self-propagate leveraged the lack of segregation and access control within corporate networks.

It would be unreasonable and inappropriate to blame the NSA for any significant contribution to this attack. Similar 0days are bought and sold almost every day, and many other organizations participate in these auctions - virtually anyone can (un)intentionally leak an exploit and cause similar damage. The real problem is that in 2017, the largest companies and governments still fail to patch publicly disclosed flaws for months. Practically speaking, the NSA doesn't really need a 0day to get their data - their negligence "invite" attackers to get in.

Companies and organizations that have fallen victim to this attack, can consider contacting their legal departments to evaluate whether their IT contractors can be held liable for negligence and breach of duty. Failure to update production systems for over two months - can certainly qualify at least as carelessness in many jurisdictions."

Also, if you want to take the ransomware angle, Paul Barber, from managed service provider IT Specialists:

“It is appalling that our health service would be targeted, but we must focus on employee education and insist on vigilance at all times, especially as it seems that this is a ransomware attack. Of course, updating all software to the latest patched versions, installing and updating your AV, and having robust security solutions will help, the most important thing is to ensure daily offsite backups are in place, to protect business data. These steps will guard against other malware and non-malicious incidents.

Email continues to be the most common way to be infected by ransomware which highlights the critical need for employee education. The lack of this education is manna from heaven for cybercriminals, who can click and send mass emails to generate profit, as they calculate that at least some of the emails will be opened.

While public sector bodies have a civil duty to share the devastating effects of a cyber-attack, we think this news of attacks is just the tip of the iceberg, and many go unreported, especially within the SME community.

Government offices will have IT teams and funding to restore information, even if it was not backed up adequately. However, we believe that the greater threat lies with the small businesses that have installed an anti-virus and believe they have adequate protection.”