The latest edition of our newsletter is now online. Our SecurityWatch Newsletter gives you updates on what has been going on in BH Consulting, highlights some upcoming events, and focuses on some stories we think are of use to you. This month we have tips on how to secure your email, highlight CEO fraud to your staff, and link to two interesting reports on the current threat and risk landscape. The SecurityWatch Newsletter is online here.
News coverage can often be like waiting for a bus. You can go a long time when nothing really happens and then suddenly lots of them arrive together. This weekend was one of those occasions when BH Consulting was in various media outlets.
Firstly, my latest article for HelpNet Security Magazine was published. The article focuses on the skills shortage that we are currently witnessing in the cybersecurity industry. I argue that we need to stop looking at technical skills to bridge this gap but rather look at other disciplines which complement what we are looking to achieve in our field. You can read the article at the HelpNet Security Magazine website.
I was also interviewed by the Sunday Business Post and the Journal to discuss the security and privacy risks that may arise from the revelations that various Irish Government ministers use private email platforms to conduct some of their business. The Sunday Business Post article is here and The Journal article is available from here.
Finally, the recent coverage of the controvery surrounding Garda Sergeant Maurice McCabe also resulted in me being interviewed to discuss the technical aspects relating to the terms of reference for the Charleton Inquiry and accessing data from mobile phones. I was interviewed and appeared on the RTE This Week program and also for the Sunday Business Post.
There has been a lot of media coverage lately over various organisations falling victim to CEO fraud. Basically a scam whereby criminals using email fool a target within an organisation into redirecting funds into bank accounts under their control. We have worked with some companies who have fallen victim to this and we also wrote about the rise in this type of attack in an earlier blog post CEO Fraud Attacks Continue to Rise.
We came across the below video released by Barclay’s Bank to educate people on how this fraud works and we though it was worth sharing with you.
As outlined in our own advisory we recommend that companies take the following steps to avoid becoming a victim of this scam;
- Ensure staff use secure and unique passwords for accessing their email.
- Ensure staff regularly change their passwords for their email accounts
- Where possible implement two factor authentication to access email accounts, particularly when accessing web based email accounts
- Have agreed procedures on how requests for payments can be made and how those requests are authorised. Consider using alternative means of communication, such as a phone call to and trusted numbers, to confirm any requests received via email.
- Be suspicious of any emails requesting payments urgently or requiring secrecy.
- Implement technical controls to detect and block spam emails and spoofed emails.
- Ensure computers, smartphones, and tablets are updated with the latest software and have up to date and effective anti-virus software installed. Criminals will look to compromise devices with malicious software in order to steal the login credentials for accounts such as email accounts.
- Provide effective cybersecurity awareness training for staff
If your company falls victim to such as scam you should firstly report the issue to your financial institution and then report the issue to An Garda Siochana or appropriate Local Law Enforcement Agency.
Due to our continued expansion and growth, BH Consulting have been engaged by a blue-chip client to recruit a Risk Assessment Analyst. The Risk Assessment Analyst is a strategically important role within this clients organisation with responsibility for executing the risk management methodology in line with the NIST Security Framework, ISO27001 and PCI Standards. Ideally a successful candidate will possess strong knowledge and experience with industry standards, risk analysis, risk mitigation, business function process flows, project plan development together with excellent reporting, communication and presentation skills.
- The Risk Assessment Analyst will be part of the senior Risk Management program. This program is critical to the organisation’s risk management framework and provides the foundation for defining and evolving the Risk Management strategy and enhancing current security controls, business continuity capabilities and security practices.
- This position has global purview and will be responsible for driving the execution of Risk Assessments across several geographical regions and business units.
- Maintenance and coordination of the organisation’s threat taxonomy.
- Work with the many inputs for Risk Assessment defined in the organisation’s Risk Assessment method.
- Interface with internal functional towers to collect and correlate results of Risk Assessment inputs.
- Complete Risk Assessment documentation and engage with key stakeholders to develop Risk Mitigation plans.
- Schedule and conduct cross functional meetings as required ensuring Risk Assessment exercises have the necessary pre-requisites in accordance with the organisation’s standards.
- Perform all departmental administrative activities, including staff meeting attendance, status reporting, documentation and other activities, as assigned, in a timely manner.
- Program Management – execute and direct the day to day program operations, plan and deploy long term vision, direction, and sustainability
- Support the Policy Exception Program Manager as part of the Risk Movement lifecycle.
- Work with external auditors for industry certification to present Risk Assessment methodology, findings and risk lifecycle.
- Travel as required (not frequent)
- 3+ years in Risk Management related positions with high-level problem solving and technical project management experience.
- Experience of both governance and hands-on execution.
- MS/MBA/MA degree or equivalent experience desired
- CISSP/CISA/CISM/CRISC or similar certified
- Minimum 5 years of experience in Risk Assessment, Business Continuity Management and/or Disaster Recovery Management in large enterprises.
- Ability to lead risk assessment activities across multiple business units.
- Demonstrable background in Security controls assessment.
- Experience in conducting business impact analyses and Risk Assessments
- Excellent verbal and written communication skills are required.
If you feel this role is for you then send your CV to firstname.lastname@example.org
We are delighted that our team at BH Consulting continues to grow and earlier this month we welcomed Stephen Rouine to the company. Stephen joins us as a Cloud and Cyber Risk specialist and will be working with our clients in assisting them protect their core business assets.
Welcome on board Stephen and we look forward to working with you to
The CERT EU (the Computer Emergency Response Team for the EU institutions, agencies and bodies) released a very informative paper called “DMARC – Defeating Email Abuse” on how to configure DMARC (Domain-based Message Authentication, Reporting & Conformance) to reduce the level of email abuse.
Properly implemented, DMARC can reduce the amount of spoofed emails which according to the whitepaper can in turn be used to reduce;
- spear-phishing e-mails, where the attackers want to impersonate well-known, trusted identities in order to steal passwords or other financial/personal data or download malicious files and exploits;
- fraudsters who want to cover their tracks and remain anonymous;
- computer worms;
- brand name impersonation
Anyone responsible for managing email services should take the time to download and read this whitepaper.
Our Newsletter gives you updates on what has been going on in BH Consulting, highlights some upcoming events, and focuses on some stories we think are of use to you.
Finally we wish you all a very Merry Christmas and a safe and secure 2017.
Some companies set up a digital forensics lab in order to carry out internal checks for workplace misconduct, to support disciplinary proceedings, to carry out incident analysis and damage assessment, or else to provide digital forensics services for profit to others. Demand for digital forensics is growing: Transparency Market Research has forecast that the digital forensics market will be worth $4.97 billion by the end of 2021, showing CAGR of 12.5%
Setting up a new digital forensics lab often involves high cost for companies, however, and forecasting this cost is not always easy – especially for smaller companies. So, I would like to share a few tips about how to build your first digital forensics lab on a low budget.
- Research current trends, requirements, and what other companies in your sector are doing. The infosec community is very open and, often, a request for help will result in many replies. This should help you to identify the digital forensics services you are planning to provide, such as computer forensics, mobile forensics, e-discovery and so on.
- Do an overview of the proposed services you plan to provide. Evaluate your capability and availability of resources. Do a SWOT analysis to determine your strengths, weaknesses, opportunities and threats.
- Find more about digital forensics best practices standards and operating procedures from reliable sources like those listed here. This should help you to determine the requirements for your digital forensics lab and tools.
- Determine the following:
- What digital forensic services you have to provide
- What you need to have
- What you plan to have
- What you would like to have.
- Prepare a list of provisional expenses (see ‘what you need to have’, above) for your digital forensics lab. List all software and hardware required for your services.
- Evaluate software/hardware by cost, reputation, support, service and so on. Check for open source tools which you could use for your digital forensics needs. There are many well recognised digital forensics frameworks and tools available for free use, including:
- Prepare a shopping list based on your needs, findings and evaluation.
- Make sure that staff have necessary training, resources and qualifications. Prepare your incident response guidelines and investigation procedures documentation to incorporate your digital forensics capabilities.
- Test and review: regularly check your new lab by performing all steps of the digital forensics process. This stage is very important because you could determine some missing links in the process chain. It’s better to discover any issues with your processes during testing than in an actual case. Remember to update your policies and procedures to reflect the findings of your testing.
- Prepare a development plan for your digital forensics laboratory to enhance its capabilities over time. Write down goals and targets with projected dates. Having this focus will help you to improve the services you provide to the business (or to external clients) over time. It also provides you with the opportunity to review new developments in digital forensics investigation.
Good, reliable digital forensics tools are key requirements for your digital forensics lab. This table shows an example of basic software requirements for a digital forensics lab, from cost-free to around €750 (NB: BH Consulting is not promoting any of the tools mentioned here, nor do we earn any benefit or profit from them). You could significantly reduce your software expenses by using open source tools (thank you to all the community developers for their hard work!)
|Raptor||Imaging tool with a write blocker that prevents the operating system from mounting the targeted
|DD (stands for Data Duplicator)||Open source tool for copying and converting data. It enables to
quickly clone or create exact raw disk images.
|Hashcat||Open source password cracking tool||FREE|
|John The Ripper||Open source password cracking tool||FREE|
|Autopsy/Sleuth Kit||Open source digital forensics tool.||FREE|
|OSForensics||Great digital forensics tool which has
multiple capabilities: the ability to recover deleted files, collect system information, extract passwords, view active memory, search files and within
files and much more.
Information security specialist BH Consulting has been accepted onto the No More Ransom initiative, a collaboration between law enforcement and industry to fight one of the fastest-growing cybercrime threats of the past year.
No More Ransom was launched in July 2016 by the Dutch National Police, Europol, Intel Security and Kaspersky Lab. BH Consulting is one of 20 new partners from across the public and private sectors which has joined the fight against a high-profile risk to many businesses.
BH Consulting will work with other partners in the anti-ransomware initiative to increase awareness of the risks posed by ransomware, how to manage those risks, and how best to deal with ransomware should a company fall victim to it. BH Consulting’s technical experts will also cooperate with other organisations to identify ways to detect, prevent, and recover from ransomware.
“Ransomware is rampant – we’re seeing more and more companies and individuals falling victim to it,” said Brian Honan, founder and CEO of BH Consulting. “No More Ransom is a great example of why reporting cybercrime is important. Law enforcement have reacted to this problem and worked with private industry to gather information from agencies around the world so victims have a resource to look at in the event they get hit by ransomware.”
According to Intel Security, ransomware incidents grew by 169% in 2015. Figures from the FBI show that criminals extorted $209 million from victims in the first three months of 2016. Ransomware is usually installed through a social engineering attack and then infects a victim’s computer by blocking access to their files unless they pay to have them released.
Some strains of ransomware raise the stakes further by threatening to destroy files permanently for every hour the ransom isn’t paid, increasing the pressure on victims to give in. Some targets have been forced to pay thousands of euro to try and retrieve their data.
The No More Ransom website (www.nomoreransom.org) provides information in several languages about how ransomware works and how to protect against it. It also hosts free tools to help victims decrypt their blocked devices, which more than 5,000 people have already used successfully.
Although these free tools block some forms of ransomware such as TeslaCrypt, Chimera, CoinVault, Rakhni and Wildfire, many other variants are emerging all the time. “Awareness of the problem is one of the most effective ways to stopping a ransomware infection,” added Honan. “There are several techniques an organisation can use to avoid this from happening. For example, ransomware uses peer-to-peer network traffic to communicate to the criminals, so businesses should block that traffic at their firewall. Backing up data systematically can also help to recover from ransomware. We also advise that organisations need to test those backups regularly,” he said.
“We recommend that victims don’t pay the ransom. It doesn’t guarantee that they will get their data back in 100% of cases, and payment only encourages criminals. We have also seen that once victims pay to have their data decrypted, they’re often targeted repeatedly because criminals see them as a soft touch,” Honan said.
Last Monday night the crew from BH Consulting appeared on the Hacked documentary on RTE Television. Our team worked with the producers of the program to create an experiment to minim what criminals could do to people when they use open WiFi networks.
Using the data gathered during the experiment we identified a number of volunteers who we subsequently profiled based on their social media presence. Based on that information we crafted some emails to then social engineer them into revealing sensitive information such as their email passwords. These are the techniques we often use when running security assessments for our clients.
The program is available on RTE Player for viewing;
If you are interested in us testing the security of your users then contact us for more details.