Author: Cyber Security Helpdesk

Categories
Cyber Attack Incident Response

What Should I Do If My Website Is Hacked?

What to do if your website is the victim of a hack?

Ideally, to ensure this doesn’t happen or to mitigate fallout, you should be stopping new malware attacks before they reach your site by:
• Scanning and monitoring your site for malware.
• Fixing existing malware or hack issues fast.

However, the above is a question that we are constantly asked by our clients.

A typical example is where your site has been spammed or a third party has been able to access the files and deposit Malware.

Well, depending on the type of problem and the extent of the damage done, this could be an easy fix by you or your hosting company (who sometimes have a clean up product or service for an additional fee), or you may need to call a specialist response and remediation company such as us here at Cyber Security Helpdesk.

If you are well versed in dealing with the backend of your site and have access to the actual data files and if you know all about FTP (File Transfer Protocol), then you can probably do this yourself and “disinfect” or clean up the corrupt / spam files.

If on the other hand you don’t know your FTP from your DDoS, like most business owners, then you will need to call an IT or Data Security specialist.

Some site owners will not know that their site has been spammed or infected with Malware, until either it is too late and their problem involves their entire IT system which has been accessed through the corrupt site. Others who have a decent hosting service, will be notified by their hosting company – we usually advocate using a reputable hosting company who provide such assistance and who can sort out the problem quickly.

A typical message from a reputable Hosting company will read as follows:

[fusion_imageframe image_id=”2086″ style_type=”none” stylecolor=”” hover_type=”none” bordersize=”” bordercolor=”” borderradius=”” align=”none” lightbox=”no” gallery_id=”” lightbox_image=”” alt=”” link=”” linktarget=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=””]https://www.cybersecurityhelpdesk.co.uk/wp-content/uploads/2018/04/Screen-Grab-Malware-Message.png[/fusion_imageframe]

Once it is fixed, to prevent future infections, be sure to follow these simple post clean-up instructions:

1) Change all admin passwords associated with the site (FTP, admin panel, cpanel, etc)
2) Be sure to keep all software (plugins, theme, CMS) up to date
3) Run an anti-virus scan on your laptop/workstation
4) Put your website behind a firewall
5) If you have any old/backup versions of the website on the server it’s best to remove them

If your site has been hacked or you are a victim of a Cyber Security Incident and you need a rapid response company, then DON’T DELAY AND CALL US TODAY:

EMERGENCY HOTLINE: 0800-22-CYBER (0800-222-9237)
EMAIL: [email protected]

Categories
Business Advice Cyber Attack Cyber Attack Preparation Cyber Security

Preparedness for Cyberattacks

Preparedness for cyberattacks should consist of prevention (secure procedures and systems) and a plan for what happens if, a successful attack occurs.

UK Government Communications Headquarters (GCHQ) cyber security guidance recommends that organisations:

• Establish an incident response and disaster recovery capability that addresses the full range of incidents that can occur.

• Test incident management plans regularly (GCHQ: Cyber security guidance for businesses).

The internal and external consultants that should form the response team are dealt with further below. Organisations should prepare and circulate contact details of who to contact internally in the event of an attack.

The contact details of trusted external advisers – such as Cyber Security Helpdesk Limited! – in respect of IT, legal and PR matters (we can assist with all of the above!) who are likely to form part of the response team should similarly be kept and updated in a form which can be accessed and circulated following discovery of a breach.

Where incident response policies and procedures are documented, they should be available in formats that would not be inaccessible due to the attack (for example, policies may be inaccessible if encrypted by a virus on a compromised shared drive).

In assessing risks, consider the extent to which the operation of each aspect of the business would be affected by different forms of attack and prepare accordingly.

According to insurance industry surveys, take-up of cyber insurance remains low, with only around 10% of large businesses having any form of cyber insurance. Policies may cover loss and damage to digital assets, organisation interruption, notification expenses, theft of money or assets and even reputational damage.

In the absence of a cyber-specific policy, a comprehensive crime insurance policy or other, more general insurance policy may also cover cybercrime, but this should be confirmed in advance.

 

Categories
Cyber Security Infosec UK News

UK “Hardest Target For Cyber Crime”

There were 188 high-level cyber attacks in the UK between October 2017 and January2018, as dangerous and sophisticated attacks against both the government and businesses become more common. This figure comes from the National Cyber Security Centre (NCSC), the recently opened arm of intelligence agency GCHQ.

Part of a £1.9 billion five-year strategy by the UK government, the NCSC started work in October and is headed by Ciaran Martin, the former director-general cyber of GCHQ.

“We have had significant losses of personal data, significant intrusions by hostile state actors, significant reconnaissance against critical national infrastructure – and our job is to make sure we deal with it,” Martin told the BBC.

With attacks against political parties occurring across Europe, there is plenty of pressure on governments to react. Italy and the Czech Republic have both recently confirmed breaches of their foreign ministries, and there are concerns that political parties in France, Germany, the Netherlands and Bulgaria have also been targeted. This all comes after the continued and much-publicised accusation by US intelligence agencies that Russia interfered in the 2016 presidential election – a breach that was spotted by GCHQ.

“We want to make the UK the hardest target,” Martin said.

Ties to government and business

The government and the private sector will have a lot invested in the NCSC, as the UK’s digital sector is estimated to be worth over £118 billion a year. As such, the NCSC will have links to both its parent body, GCHQ, and to private businesses.

Martin announced that informal contact had been made with the GCHQ, with the two organisations set to share the intelligence agency’s skills and capabilities.

The NCSC is also expected to work informally with private businesses. Speaking at the centre’s opening, Chancellor Philip Hammond said that businesses will be invited to “second up to 100 employees to come and work in the NCSC – allowing us to draw on the best and brightest in industry – to test and challenge the government’s thinking”.

Hammond said that he hopes those people return to the private sector and draw on their experience, warning that government alone cannot protect businesses and the general public. “It has to be a team effort. It is only in this way that we can stay one step ahead of the scale and pace of the threat that we face.”

Cyber Incident Respose with Cyber Security Helpdesk

To protect against cyber attacks, all businesses should have an effective information security system management (ISMS) in place. ISO 27001 is the international standard that describes best practice for an ISMS. It covers people, processes and technology, recognising that information security is not about technology alone.

Categories
Cyber Attack Cyber Security Ransomware

Law Firms and Ransomware

Protecting Your Law Firm from Ransomware

Ransomware attacks occur when cyber criminals hold your data to ransom by encrypting it and demanding money for its decryption / release.

The best example of a Ransomware attack – which is one of the fastest-growing areas of cyber crime – is the WannaCry cyber-attack which devastated the NHS and many other institutions last year.

With Ransomware attacks, there are fewer barriers to entry for budding cyber criminals to try their hand at digital extortion – alarmingly ransomware “toolkits” are readily available on the Darkweb and other dark corners of the internet, making it easy for amateurs to get in on the act and launch their own attacks.

In addition, the increating popularity of “cyber economies” creates a potentially untraceable but lucrative, redeemable commodity.

The number of ransomware attacks on businesses is ever increasing – research by Kaspersky revealed that a business is attacked with ransomware every 40 seconds. Equally concerning is another statistic that 71% of companies targeted by ransomware attacks have been successfully infected.

This can only mean that many firms cyber defence firms and technologies are struggling to keep up with the ever changing threat landscape.

So far as law firms are concerned, the impact of such an attack can be more devastating than to other businesses due to the heavy reliance on data, confidentiality, and the perception of stability which is vital to uphold. The financial, reputational and structural pillars of a law firm are at risk.

A survey conducted by Datto and Timico last year, which included 250 law firms and 750 other UK businesses, revealed that:-

  • More than 25% of law firm victims of ransomware attacks ended up paying cyber criminals £5,000 or more to retrieve their data.
  • A third of ransomware victim law firms lost access to their data for more than a month, while 14% said it was “unrecoverable”.
  • 88% of law firms who were hit by this kind of attack experienced systems downtime of a week or more.
  • 53% estimated it cost their firm between £1,000 – £2,000 a day in lost revenue, due to systems being down. A third of law firms could not estimate the overall cost to their business, describing it as “unquantifiable”.
  • The effects of the attack were almost instant with 68% stating their data systems went from fully functional to essentially useless within seconds or minutes.

For regulated businesses, the stakes are higher. The access to a firm’s confidential client data by an unauthorised outsider poses a significant threat to client confidentiality and therefore SRA compliance and data protection compliance (a problem which will be magnified under the EU GDPR).

Can Ransomware Threats Be Mitigated?

Ransomware can be transmitted in 2 primary ways:

1. Traditionally, via fraudulent emails which relied on untrained, or unsuspecting staff clicking on a malicious link or attachment.

2. More recently, cyber-criminals found a way to breach a security vulnerability in sofware operating systems. The Wannacry outbreak is a perfect example of such an attack using Microsoft’s operating system as an entryway into an organisation’s systems.

Our advice is that in addition to security patching and update policies, staff training, security technologies and company policiessuch as regular (daily!) data backups and emergency protocols, i is vital that law firms have a sound Cyber or Data Incident Response Plan.

If your firm has been a victim of a Ransomware attack, then you will need immediate expert assistance.

CONTACT US TODAY:
[email protected]
0800-22-CYBER (0800 222 9237)

Categories
Cyber Security

Cyber Risk – Tech Savvy vs Streetwise: Mellenials At Risk

Everyone is at risk from online cyber threats; even tech savvy teens.

Generation Z-ers and Mellenials who live their lives online are now more than TWICE as likely to fall victim to internet conmen than over 55’s, a surprising new study from ‘Get Safe Online’ shows.

Worryingly more than one in ten of the youngsters polled (11%), who are aged 18 to 24, have fallen victim to ‘phishing’ scams – where fraudsters access personal details though online communication – compared to just one in 20 (5%) of over 55s.

Get Safe Online is the UK’s leading source of information on online safety.

Despite claiming to be very digitally aware, millennials and Gen Z cybercrime victims also lose far more money in the attacks, averaging £613.22 compared to £214.70 for the older generation.

In the survey most people (38%) believed that hackers were likely to be young. The same number believed they were targeted by a large international hacking organisation and almost a quarter (23%)) thought that advanced technical skills are needed to carry out a phishing attack.

This could be why over one in ten (11%) millennials don’t believe that the older generation has the skills to phish, and almost the same number (9%) believe it’s ‘only old people’ who fall for phishing scams.

Maybe being tech savvy needs to catch up to being streetwise!

Categories
Cyber Security Incident Response Internet of Things Motor Industry

Key principles of Vehicle Cyber Security for Connected and Automated Vehicles

As vehicles get smarter, cyber security in the automotive industry is becoming an increasing concern. Whether we’re turning cars into wifi connected hotspots or equipping them with millions of lines of code to create fully autonomous vehicles, cars are more vulnerable than ever to hacking and data theft.

The Department for Transport and Centre for the Protection of National Infrastructure have issued joint guidance setting out how the automotive sector can make sure cyber security is properly considered at every level, from designers and engineers, through to suppliers and senior level executives.

The key principles of vehicle cyber security for connected and automated vehicles – some of which apply to many other businesses and industries – include: that security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain; that the security of all software is managed throughout its lifetime; and that the storage and transmission of data is secure and can be controlled.

The eight principles are:

Principle 1 – organisational security is owned, governed and promoted at board level

Principle 2 – security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain

Principle 3 – organisations need product aftercare and incident response to ensure systems are secure over their lifetime

Principle 4 – all organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system

Principle 5 – systems are designed using a defence-in-depth approach

Principle 6 – the security of all software is managed throughout its lifetime

Principle 7 – the storage and transmission of data is secure and can be controlled

Principle 8 – the system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail

From an incident response perspective, principles 3.1 to 3.4 are particularly pertinent and relevant to Cyber Security Helpdesk’s work responding to Cyber and Data breaches.

Principle 3.1 – Organisations plan for how to maintain security over the lifetime of their systems, including any necessary after-sales support services.

Principle 3.2 – Incident response plans are in place. Organisations plan for how to respond to potential compromise of safety critical assets, non-safety critical assets, and system malfunctions, and how to return affected systems to a safe and secure state.

Principle 3.3 – There is an active programme in place to identify critical vulnerabilities and appropriate systems in place to mitigate them in a proportionate manner.

Principle 3.4 – Organisations ensure their systems are able to support data forensics and the recovery of forensically robust, uniquely identifiable data. This may be used to identify the cause of any cyber, or other, incident.

The full text can be found at this URL: https://www.gov.uk/government/publications/principles-of-cyber-security-for-connected-and-automated-vehicles/the-key-principles-of-vehicle-cyber-security-for-connected-and-automated-vehicles

Categories
Business Advice Cyber Insurance Cyber Security Cyber Security Training Cybercrime Information Security Legal Sector Professional Practices

Legal Profession: Firms turning to cyber insurance as scammer attacks continue to rise

The proportion of law firms targeted by scammers has risen sharply over the last year, especially among larger firms, as has the number of practices taking out cyber-insurance, according to new research from the Law Society.

The Law Society Survey of 601 sole practitioners and firms with between two and 25 partners was commissioned for its annual review of the previous indemnity insurance round.

26% of firms said they were targeted by scammers in the previous year. This figure increases as firms got larger, to 50% of firms with 5-10 partners (Up from 34% in 2016) and 64% of firms with 11-25 partners (Up from 44%  in 2016).

Most common forms of scam were spam emails/phishing. Others included: Malware/computer viruses, cyber attacks, telephone calls/vishing and invoice fraud.

The two main responses were taking internal activity (such as increased cyber security training and additional checks, balances and reminders) and updating existing security systems.

Firms contacted the police in 19% of all cases.

Approximately 42% of firms surveyed with 5-10 and 11-25 partners now have cyber insurance in place – and almost all of the others have at least considered it – although the figures fall for smaller firms.

We are interested in hearing from you about your Cyber insurance experience… Are you looking to take out Cyber Insurance for your business? Or if you already have cyber insurance, has your experience been a positive of negative one?

Categories
Cyber Security Cybercrime Internet of Things UK News

Internet Of Things – Household appliances vulnerable to hackers

An article in the Daily Telegraph today highlights the potential Cyber and Data risks that are inherent in certain “smart” household appliances.

Mike Barton, the Chief Constable of Durham Police, and the national lead on crime operations, has warned that consumers who purchase internet-enabled devices such as televisions, refrigerators “intelligent” childrens’ toys and even toasters(!) are leaving themselves susceptible to hackers who could use them to gain access to home wi-fi systems and ultimately sensitive banking and financial information such as bank accounts.

Mr Barton stated that criminals were “poised to take advantage of flaws in online security” and suggested that all appliances capable of connecting to the internet should carry a kitemark rating showing how secure they are.

Categories
Cyber Security Cyber Security in Scotland Cybercrime

Almost 60% of Scottish Councils Hit by Cyber Attacks

An investigation by The Scotsman revelaed that almost 60 per cent of Scottish councils and more than half of Scotland’s health boards have been targeted by cyber criminals since 2014, a Scotsman investigation has revealed. Nine universities and numerous government bodies have also been hit during the last three years, the investigation found.

Some local authorities reported being bombarded with thousands of spam emails and receiving ransom demands to decrypt data.

Freedom of Information requests showed 19 of Scotland’s 32 councils experienced either attempted or successful attacks since 2014.

Ransomware attacks were reported by 14 local authorities, sometimes on multiple occasions.

Four councils refused to reveal any information, with two fearing doing so would leave them vulnerable to future attacks.

Of the incidents logged by 19 councils, only nine authorities reported any of them to police, although no data was stolen or lost.

The investigation revealed Scottish local authorities were subject to more than 50 notable incidents in the past three financial years with Aberdeen City Council one of the hardest hit (2014 and 2017, it suffered 12 successful cyber attacks, including six ransomware incidents, having its webpage defaced and recording more than 15 million attempts, including intrusion threats, spam, web risks and viruses, in the last eight months of 2016).

Other Statistics:

  • Highland Council targeted 953 times (including two partially-successful ransomware attacks)
  • East Lothian Council received more than 415,000 unsuccessful spam emails
  • Perth and Kinross Council reported blocking an average of 1.2 million spam emails every month
  • Falkirk, Glasgow City, North Ayrshire and Dumfries and Galloway councils refused to disclose any details
  • Dundee City Council was on the receiving end of three ransomware attacks
  • North Lanarkshire Council had two malware incidents in 2015 and three ransomware in 2016
  • Edinburgh City Council reported nine incidents, including malware preventing access to systems, a sustained denial of service (ddos) attack, and malware being installed and copied
  • 11 of Scotland’s health boards were affected by the WannaCry attack in May which affected the NHS network across the UK
  • NHS Fife logged 693 attempted malware attacks
  • NHS Lanarkshire reported 51 attempted or successful attacks and NHS Greater Glasgow
  • NHS Clyde was subject to four cyber breaches in 2016, where files became inaccessible after being encrypted by ransomware. In all cases, data was recovered and the ransom was not paid
  • NHS Tayside reported up to 7,000 attempts every month including ransomware
  • Dumfries and Galloway, Shetland and the Borders health boards said they had no attempted cyber attacks. No board reported losing data.

In the overwhelming majority of cases the breach affected limited areas of the public body’s network, with swift action taken to contain and repair systems and no patient data lost or compromised. The fact that a wide range of measures are taken to ensure basic security standards are met means that losses and fallout are mitigated.

A spokesman for local authority umbrella body Cosla said: “We fully recognise how important our cyber security is and we are doing everything we can to safeguard councils against such attacks.

Detective Inspector Eamonn Keane from Police Scotland’s cyber crime unit, added: “Cyber crime has witnessed significant growth. The cyber threat to Scotland is indicative of that local, national and international threat applicable to all regions in the UK. We always encourage anyone who thinks they’ve been a victim of cybercrime to come forward and report it to police.”

We at Cyber Security Helpdesk would always agree with this best practice advice. We would also suggest that following a Cyber Attack the appropriate personnel and partners are enlisted to (a) fight the attack, (b) repair systems, (c) ensure that business continues as normal.

Categories
Business Advice Cyber Security Cyber Security Training Information Security Tips & Tricks

Quick Passwords Advice

It can be difficult to think of something consisting of at least eight (or more) characters, with upper and lower case letters, numbers and symbols (the best password structure), that you’ll remember. Password fatigue can be a real problem and can lead to the situation where you’ll settle for something that’s easy to remember, but easy to guess too.

Do not fall into this trap!

The recent cyber-attack on Parliament will have seen a number staff wish that they’d put a little more effort into their password selection. Through a procedure no more complex than testing for frequently used passwords, hackers were able to access up to 90 staff email accounts, leading to officials disabling remote access to emails by MPs, peers and their staff.

Such means of accessing data is both amongst the most straightforward and the most commonplace. Staff emails are deemed the weak point of many businesses’ cyber defences. Indeed (alarmingly!) of 781 UK businesses who reported a data breach over the last 12 months, 72% of the identified breaches were targeted against employees’ emails.

Please see the diagram from the Department of Culture Media & Sport, Cyber Security Breaches Survey, Main Report, April 2017

If a third party was able to access your systems, the impact could be devastating and longstanding, damaging profits and confidence in your Business.

Weak passwords are also inexcusable in the eyes of the Information Commissioners Office (responsible for data protection) and regulators take a dim view of these too.

 

So the moral of the story is that if you or your colleagues have a weak password, change them immediately.

Whilst we can assist with general cyber enquiries and responding to cyber attacks and and data hacks, we unfortunately cannot advise you on which passwords to use 🙂

We can, however, advise you not to do THIS