Simon Quicke
February 1, 2012 12:25 PM

With people more likely to fall victim to cyber crime rather than physical acts of violence or robbery the security industry is facing a need to deliver more user education.

One of the main themes that came out of a recent UKFast roundtable was that the chances of someone being a victim of cyber crime were now much greater and more likely than previously and more had to be done to encourage awareness of users around passwords and best practices.

“It is vital to protect your information as well as possible. Passwords need to be long, complex and changed regularly. Most importantly, we should have different passwords for each account, so if one account is compromised we are not gifting access to every one of our accounts and profiles,” said Neil Lathwood, UKFast’s IT director.

Recent figures from the latest Norton Security report 2011 have tried to size the problem being faced by users and Tony Dyhouse, cyber security director with the ICT Knowledge Transfer Network, used those figures to put the the threat into context.

“Fourteen people every second are falling victim to cyber crime and more than two thirds of online adults have been a victim of cyber crime in their lifetime – that’s 431m adult victims every year and a very significant number,” he said.

David Cook, solicitor advocate and cyber security expert at the Manchester office of Pannone, said that the losses due to cyber crime were now matching the annual worth of the drugs market.

“Comparing cyber crime to street crime, anyone can be a victim of cybercrime because everyone has a computer, a mobile device or a set top unit and it’s very easy for anyone to commit a cyber crime. Most people wouldn’t have the bottle to break into a house but a hell of a lot of people would find it easy in a room at home on their own to click a few buttons and see where they could go,” he said.

MicroScope contributor
June 27, 2011 2:25 PM
By Steve Pao, VP of product management and Oliver Wai, product marketing manager at Barracuda Networks.

Recent high-profile Web security breaches have caused organisations in both the private and public sectors to take a deeper look into the security measures they have in place as well as to question why there is such a recent concentration of attacks. We believe there are a few trends underlying the recent increase of attacks:

• The first is the prevalence of hacking tools and “how-to-guides” that are now available online on how to launch attacks. Whereas attacks used to be perpetrated by sophisticated hackers, now almost anyone can launch attack using these resources and automated tools. Just Google “how to hack [system]“, “hacking tools” and you will find a plethora of tools and tips on how to accomplish these objectives.

• The second trend is economics. Traditional money making scams and threats like spam are increasingly ineffective as tools to protect against these threats have increased ion use among organisations. On the other hand, there is a thriving black market for stolen credit cards, emails, identities, zombie computers, etc. so data breaches are extremely profitable for hackers, and as a result, they are turning more attention to profitable endeavours like hacking Web sites.

• The final trend is an increase in web attacks for strategic purposes. Many of the most recent attacks like the ones on defense contractors, RSA/EMC, and Gmail are extremely sophisticated and seem to have a strategic purpose or sponsorship to them.

Unfortunately, many of these attacks are happening because the right security measures are not in place at many organisations. This is not because there are not very effective solutions available, but instead there is a general lack of awareness and education about how these solutions can protect against such attacks. In many cases, a breach itself serves as the defining lesson for why Web application security tools – such as a WAF (Web Application Firewall) should be in place. In addition, the need for security layers within any organisation’s infrastructure is also very important.

Overall, organisations need to know of the importance of having the right technology at each layer to protect their resources and the recent attacks can serve to reinforce this need:

• “Protect your email infrastructure with an email filtering solution or service
• “Secure your Web sites and Web applications with a WAF
• “Reinforce your network perimeter with a next generation firewall
• “Strengthen your network against malware, drive-by-downloads and other threats with a Web filtering device or service

Simon Quicke

June 24, 2011 1:13 PM

Simon Quicke
June 24, 2011 11:29 AM

Alex Scroxton
June 16, 2011 12:13 PM

Microsoft has warned end users and partners of a growing internet-based scam whereby criminals pose as IT security engineers and cold call potential targets claiming to represent legitimate firms.

The scammers tell their victims they are providing free security checks and mislead them into thinking their equipment is compromised in order to con them out of cash for a patch that never materialises.

The con gained prominence late last year when a survey conducted for the UK’s annual Get Safe Online week first highlighted the issue.

MicroScope was subsequently contacted by several IT support services VARs who were left to pick up the pieces when end user businesses fell for the hustle.

At the time Microsoft was named as one company whose name was frequently appropriated by the perpetrators to lull their marks into a false sense of security.

By Grace Fairley 09/06/2011

Sony’s PlayStation Network – the infrastructure that allows PS3 owners to play online games, as well as buy movies and other downloadable content was infiltrated between April 17 and April 19. Over 77 million user’s details were compromised due to this attack by an unknown hacker due to a security breach.

The hackers, apparently Xbox users, obtained the names, address, country, email address, birthdate, PlayStation Network password, login and password security answers of up to 77 million gamers. Sony also says it is possible they may have accessed users profile data, ‘including purchase history and billing information’. Consequently the hackers may also have attained credit card details, excluding the 3-digit security number.

Sony shut down its PlayStation Network on April 20 after discovering the breach, one of the biggest one data infiltrations ever. However they did not tell the pubic about the theft immediately – in fact taking a week to notify its customers.

Sony warns its customers that there will be phishing scams as a result of the hack and that PlayStation will not at anytime request their users to re-enter their details. Most users will not be aware if someone is holding their data until they attempt to use it; so keep a close eye on your emails and make sure you have junk filters in place to prevent seemingly legitimate emails appearing in your inbox. Please also be aware of your credit/ debit card statements, and look out for any unusual transactions, if you find any inform your bank immediately.

The network was reopened on May 16, but only the ability to play games online was restored, it wasn’t until June 2 that the PlayStation Shop limped back to life; six weeks after the initial attack.

This ‘unprecedented situation’ is estimated to cost about £105m to recover from the attack, and Sony has strengthened its security safeguards against unauthorised activity to provide consumers with greater protection of their personal information by making a number of additional security improvements. Sony has been working with “several respected outside security firms” to do this.

“The company has made considerable enhancements to the data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls,” Sony’s official blog reads.

The company also added a variety of other measures to the network infrastructure including an early warning system for unusual activity patterns that could signal an attempt to compromise the network.”

The company has released a system software update, 3.61, to customers to run before they are allowed to log on to the PlayStation Network again, and they will have to create new PSN passwords.

Although many PlayStation gamers were extremely frustrated with the breach, it isn’t all bad news ; Sony has released a ‘Welcome Back’ package for affected PSN users. It includes free games, free movie rentals, 30 free days of PlayStation Plus, a free month of subscription for subscribers to PlayStation Plus and Qriocity’s Music Unlimited and 100 free virtual items.

For PS3 Users, they will be able to download, for free, two of the following five games: Dead Nation, inFAMOUS, LittleBigPlanet, Super Stardust HD, Wipeout HD + Fury.  PSP users will be able to download two of the following four games: LittleBigPlanet (PSP), ModNation Racers, Pursuit Force and Killzone Liberation. The games will be available during a 30-day period after the restore; and can be kept forever.

With PlayStation users content for now, we can only hope the new security features in place prevent anymore security breaches.

bbc news 06/06/2011

Nintendo has become the latest company to suffer an online security breach due to an attack by hackers, Lulz Security.

The Japanese game company said that a server of one of its affiliates in the US was attacked by the group some weeks ago.

Lulz Security is the same group that attacked the websites of Sony over the past few weeks.

However, the maker of the Wii said that no consumer data or company information was lost.

“There were no third-party victims,” company spokesman Ken Toyoda said.

“But it is a fact, there was some kind of possible hacking attack,” he added.

‘Utmost priority’

Over the past few months, there has been a spate of attacks by hackers on the websites of leading companies resulting in the loss of valuable consumer data.

Japanese electronics maker Sony suffered a massive security breach earlier this year when hackers targeted the PlayStation Network and the details of 77 million users were compromised.

However in this case, Nintendo says there was no consumer data stored on the server accessed by the hackers and the company insists it is constantly working to ensure consumer safety.

“The protection of our customer information is our utmost priority,” said Tomokazu Nakaura of Nintendo Japan.

“Therefore, we constantly monitor our security,” he added.

Simon Quicke
May 6, 2011 11:45 AM

UK based Sophos, best known for its anti-virus expertise, has snapped up privately held US outfit Astaro in an undisclosed deal to bolster its network security efforts.

As well as strenghtening Sophos ability to provide endpoint protection the deal recognises the direction the security market has been heading in with a need for greater defences in an age of greater staff mobility.

“Demand for network security solutions with more comprehensive and high-quality protection is accelerating fast, and yet companies are struggling with the complexity of multiple security solutions to serve these needs,” said Jan Hichert, CEO at Astaro.

As the companies combine the product portfolios there will be a benefit for Sophos resellers looking to pitch a more agressive endpoint protection story.

“The combination of Astaro’s comprehensive portfolio of network security solutions alongside our endpoint, mobile, and email and web threat and data protection capabilities will enable us to continue to deliver on our vision of providing complete security without complexity wherever the user and company data resides,” stated Steve Munford, Chief Executive Officer, Sophos. 

Directly addressing the channel Sophos stated: “Partners can deliver coordinated threat and data protection, and policy from any endpoint to any network boundary with solutions that can be deployed in any way: software, virtual, appliance, via a cloud services platform and backed by security updates from Sophos Live Protection.”

MicroScope contributor
April 14, 2011 11:35 AM

In recent weeks there have been a number of high profile security attacks including RSA Security, Trip Advisor, Play.com and the data breach at Epsilon. Linda Endersby examines the effects on the channel

Significant security breaches are always big news; the reverberating effects across the community can go on indefinitely, particularly if highly sensitive data has been put at risk. Many groups within the channel are seeing a definite increase in security awareness and concern in their customers.

Ross Walker, director of distribution & small business UK & Ireland at Symantec, believes that security is at the forefront of customer’s minds,

“Whether you’re a social surfer, small business owner, public sector agency or corporate entity, security is the number one priority for 2011. With this in mind, the opportunity for growth and customer acquisition has never been greater for the channel. With an influx of mobile technology and social networking tools within the enterprise world, businesses have never been more aware of the potential security vulnerabilities. In our latest Internet Security Threat Report we looked into these issues. It revealed that 2010 saw 163 vulnerabilities in mobile device operating systems – a significant jump from 115 in 2009, so this really is an area businesses need to focus on.”

Scott Tyson, EMEA channel manager at Bradford Networks,  agrees there has been increasing awareness in recent months.

“There seems to be increasing awareness due to the frequency and variety of threats emerging out there and the publicity they receive. Of course, it’s nothing new to IT security professionals, but awareness is increasing outside of those functions – within other departments of an organisation, and even outside the business environment altogether as consumers like you and I have received notices from our banks, healthcare providers, and internet service providers that some portion of our personal information may have been exposed.”

Roy Pickard, Enterprise Channel Manager, UK & Ireland, SafeNet, adds that the recent high profile breaches have been a real “wake-up call” for some users.

“Securing only one part of the information lifecycle risks information breaches. They are asking themselves if their authentication security is sufficiently protected.  A good outcome of the recent incidents is that they will make organisations raise the standard of their data protection strategies.

Understanding the threats
“It also questions the value of the perimeter defence model as an effective part of a data protection strategy. Already this approach was tarnished and we would regard the recent wave of security breaches as further eroding its credibility,” says Pickard.

Indeed concern from many customers is the risk to their business. Understanding the threats, their vulnerability, and the best advice for protection is paramount. In addition to the concerns of the IT teams at board level there is increasing worry over the value of data and potential liability.

Paul Davis, Director of Operations Europe at FireEye that the awareness around security might be high but customers are looking for help cutting through the confusion.
“The issue is the ability to quantify and qualify the broad range of threats. They’re looking for clarity – real insight into the nature of these advanced threats. Clarity that conventional defensive technologies fail to deliver

On 12 January 2010, Google disclosed it was one of more than 20 companies successfully targeted by a coordinated effort using Modern Malware to gain access to sensitive systems and confidential information. Companies known to be targeted were within a variety of industries, including the financial, technology, and chemical sectors. These attacks later became known as ‘Operation Aurora’ and are a very useful example of what modern attacks and malware actually look like–and how commonly used security technologies failed to combat these advanced, persistent threats. Every day there is another story highlighting a breach somewhere in Europe” Paul goes on to caution; “At the same time, more and more businesses and consumers are storing data on the network, or “in the cloud,” and conducting transactions through the Internet making cyber crime more attractive than ever.”

Johnathan Cooper the ArcSight EMEA Channel Manager advises those resellers that are treading a well-worn and familiar sales pitch to be aware it might not have the same impact in the current climate.

Consulting community
“Customers are becoming increasingly aware that the approach they’ve taken to security in the past is no longer sufficient to protect them going forward, and as a result are looking to the vendor and consulting community for help. The space in which ArcSight operate, which Gartner calls Security Information and Event Management, is one of the fastest growing security segments with a CAGR of over 20% according to IDC, while Information security itself continues to be one of the fastest growing IT market segments.”

Channel players are placing emphasis on two areas with their approach to customers. Firstly communication and education, and equally, ensuring a strong link with partners to cover all concerns.

Paul Davis Director of Operations Europe at FireEye reports “We haven’t adjusted our approach, but we’re looking to accelerate the engagement and on boarding of new partners. We need that partner reach, the trusted relationships they have, to reach more organisations. Partners get it, customers are concerned, the threats are real. We need to ensure our revolutionary approach to addressing these advanced threats reaches more organisations.”

Chris Cesio, VP Worldwide Channel Sales at Imperva advises that business has increased dramatically with the new threats “Our adjustments to our customers have been to increase our partner support team, increase awareness and education programs and most importantly be proactive in helping our customers solve their security concerns”

But that growth in the awareness of threats and the subsequent pleasant knock-on in business comes with its own challenges for channel partners.

“The key challenge is to make sure there is effective communication to customers without creating panic within the customer base. In the first instance customers want to be able to make informed decisions and radio silence is not an option. In the case of security compromises, no news isn’t good news,” says Etienne Greeff, Professional Services Director, SecureData.

Simon Leech CISSP CISM, Manager, Solution Architects EMEA, Enterprise Business, HP TippingPoint Group agrees; “We have certainly used the attacks as an opportunity to share information with our customers, and have published a number of blog entries regarding different aspects of various attacks. These have served to provide a different viewpoint on the attacks, as well as suggestions on how organisations can protect themselves from falling prey to such attacks”

With these concerns in mind, what can customers and indeed, those within the channel do to best protect themselves?

The Information Security Forum suggests “Recent high profile security attacks have certainly raised awareness both amongst security providers and customers of the need to take responsibility for personal and business data irrespective of whether this is held on-site or by a third party.  Whilst many organisations may have previously felt that their data was in “safe hands” these recent attacks demonstrate that there is no such thing as totally safe and it is incumbent upon organisations that hold such data to ensure that they are applying the most appropriate controls to manage risk in this area.  For organisations that have outsourced or handed over data to a third party, then the time is now right to re-assess and review the security processes being applied by that third party.”

The ISF goes on to advise its members and other organisations to “review its critical supply chain providers and conduct third party assessments on these key organisations in order to be aware of the risk profile that may or may not be acceptable to them.  With any provider we propose members work through the ISF four-step approach to working with external suppliers: identify and classify the suppliers you wish to work with, agree the security parameters that are acceptable to both parties, validate the third party’s security and agree the termination process.”  

Security policy
In addition many partners are again emphasising the three main areas of risk and how to assess and strengthen them leading by example and many resellers will have to accept the need to have their own security policy is under constant review to make sure it adequately protects  digital assets.

Accepting the huge impact of new technologies and the cyber-criminals that research them, Vinod Chamdal, Sales Director, UK and Ireland, Astaro agrees that looking at people and processes are also vital to protection”With new technologies like cloud or mobile computing advancing, it is getting more challenging for IT departments to effectively protect a company on all angles as a single Firewall in the main office is not enough anymore. “Astaro has analysed and evaluated most of the latest security issues that have occurred, as well as having talked to hundreds of partners and customers to better understand their needs and pains.

“We have developed guidelines for our channel partners and their customers to ensure that every important aspect of IT security is evaluated and a plan put in place to ensure they can achieve best possible protection for their company, employees and data, while making sure all areas are on the same security level.

“Each of the listed areas needs to be taken care of in order for the wall to be stable: If one block is disregarded, the whole wall can de-stabilise and collapse. If you do that, you are farther ahead of the average company when it comes to IT security.”

BOX: Keeping up
The common view is that with the speed of change and development in the IT world the challenge of security and the mitigation of risk is huge. No single area can be seen as lacking, nor can any one action protect against threats now and in the future. Organisations across the channel and individuals at home will be reviewing their security as a result of every high profile issue and the ISF advise that the size and scope of reviews will vary widely but offers the following advice:

“Such attacks are a very real challenge for security departments everywhere, and it is causing them to reflect I think on the way they need to adapt to become more proactive and aligned with the reality of business today.  The days of blocking and stopping are gone – as security professionals we need to adopt a much more strategic, visionary perspective and put in place policies and controls that take this forward looking approach and allow us to anticipate and plan for the unexpected.”

The ISF would offer these three guidelines:
1. Evaluate contingency arrangements – plan for the worst and hope for the best
2. Undertake business impact assessments
3. Introduce common risk language and understanding by the business of the threats posed to the organisation, whilst seeking pragmatic ways to assess and manage risk holistically.”

So the channel and governing bodies agree on the holistic approach. However while the cybercriminals seem to be working on similar lines there seems to be much work to do to keep these stories from hitting the headlines.