Security implications of 5G

The chatter around the halls of Mobile World Congress in Barcelona last week indicates growing enthusiasm for the Fifth Generation (5G) mobile network. Every ten years or so sees a new generation mobile network. The first generation, 1G, used an analogue signal and was launched in 1981. 2G commenced in 1991 and utilised GSM with data speeds up to 64kbps. 2G introduced SMS and MMS. 3G was launched 10 years later in 2001 and introduced smartphones and 2 Mbps data speeds. 3G was the start of web-based applications and video files. Today we have 4G, launched in 2012 with up to 1 Gbps data speeds and mobile broadband everywhere.
Continue reading

CISO – a million dollar role

The Chief Information Security Officer (CISO) role is undergoing big change in many organisations. Driven by high-profile breaches, a greater appreciation of the true value of information assets, more vulnerabilities such as those on mobile and in the cloud, more sophisticated threats such as APTs, and a close link between digitisation and cyberspace and the success of the enterprise. There is concern in boardrooms about potential catastrophic reputation and revenue loss from cyber incidents. No board wants to be the next Target, Sony Entertainment or Anthem. With the viability of the entire organisation at stake, the CISO is now a critical member of the senior team.
Continue reading

The blame game

It is becoming more and more urgent to make progress in improving the accuracy of attribution – identifying who is behind a malware attack. Ever since Stuxnet proved that malware can be an effective weapon of war capable of destroying physical assets, the need to accurately attribute malware is apparent.
Continue reading

Maverick spooks

To date, astronomers have discovered more than 1800 exoplanets. Even though these planets are beyond our solar system and too far away to see, astronomers know they are there because of the decrease in visual brightness when the planet passes between its star and our viewpoint. This technique, known as transit photometry, provides reliable clues to the planets existence.

Like exoplanets, from our viewpoint we also can’t see much of what goes on inside state intelligence agencies. For obvious reasons. However, every now and again, we get clues, providing insight into mere dots of internal activity. Yet it is when we connect these dots that things become rather alarming – a picture emerges indicating maverick intelligence agencies, blurred lines and very murky waters.
Continue reading

Regin – who is behind it and what does it mean

Earlier today, Symantec published a white paper describing Regin – sophisticated malware that has been quietly infiltrating and monitoring systems pretty much undetected since 2008. The methods used by Regin to avoid detection are so sophisticated that researchers place it in the realm of Stuxnet and conclude that it is developed by a nation-state.
Continue reading

Monstrous fox and the phish that get away

Every year, a growing number of phishing attacks target individuals. Google detect between 16,000 and 25,000 phishing pages every week. For organisations, phishing is a key component in most sophisticated attacks – Advanced Persistent Threats (APTs), espionage and state sponsored cyber attacks. Phishing is also a component in many of the high-profile Point of Sale attacks on retail organisations. Spear phishing (specifically tailored) is most often the start point for these attacks, to gain initial access to a system from which an attacker can navigate horizontally and vertically.
Continue reading

RAM scraping for credit card data

On Thursday last week, Sears made an SEC filing disclosing an attack on Kmart customers’ credit card data. Kmart joins a growing number of high-profile brands attacked recently – Target, Supervalu, Neiman Marcus and Home Depot. RAM scraping is the technique used in all of these attacks. The fallout is generally calamitous – for example, Target’s profit decreased by 46% and they are to spend $100m upgrading their payment terminals (which still may not solve the RAM scraping problem). This year alone, these attacks have resulted in the data theft of well over 100 million credit cards.
Continue reading

Mass surveillance deceit and Big Brother creep

In East Germany between 1950 and 1989, the Stasi conducted mass surveillance of citizens with force and terror. Today, governments conduct mass surveillance with deceit. Mass surveillance programs have been implemented without the knowledge of citizens, and political leaders tend to follow a strategy of denial and deception when confronted with evidence of their existence.
Continue reading

Defence in depth centenary

It is 100 years since the start of the Great War. The war to end all wars triggered innovation in terms of the armoured tank, the Vickers machine gun, the gas mask, and sound ranging. It also refined the military strategy of defence in depth.
Continue reading

Lessons from Brazil’s biggest defeat – Boleto

Brazilians have more to be concerned about than this week’s 7-1 defeat when they came up against a masterful German football team. Off the field, the Boleto malware has scored big time in a $3.75 billion heist, without a red card in sight.
Continue reading