Tag Archives: USA

Cyber Attacks Traced to China

The security company Symantec have revealed that at least 29 firms in the chemicals industry have been targeted by a series of cyber-attacks which have been traced back to China. Symantec has also revealed that they have evidence that another 19 companies, including defence specialists have been affected.

It is believed that the attacks took place from late July and lasted until mid- September.  Symantec’s report revealed that at least 12 companies in the US, five in the UK and two in Denmark have been affected by the attacks. The names of the companies that are thought to have been affected have not been disclosed, but the report did reveal that companies ranked within Fortune 100 firms had been targeted. It was also recognised that several of the firms targeted are involved in developing materials for military vehicles.

Symantec believe that the campaign was focused on obtaining intellectual property such as formulas and design processes.

The US company Dow Chemicals has confirmed that they have been a target as staff received “unusual emails.” A spokesman for the company added “Dow engaged internal and external response teams, including law enforcement, to address the situation. As a result, we have no reason to believe our operations were compromised.”

Symantec have confirmed that workers at the organisations were sent emails asking them to open attachments. In some cases, the hackers attempted to deceive workers by claiming that the attachment contained important security updates or that it was an invitation from business partners.

Those who opened the attachment ended up installing a Trojan horse (a piece of code) which enabled hackers to obtain details of the targets’ computer networks. Once the Trojan was installed, the attackers used the information to locate and copy files to another part of the targets’ system. Once the desired files had been copied, the attackers could then commence with extracting the data with the company being none the wiser.

The Trojan used has been identified as PoisonIvy, which was developed by a Chinese speaker. Symantec have traced the attacks back to a “20-something male located in the Hebei region of China” who funnelled the process through a US computer server.

When Symantec contacted the potential hacker and prompted him to leave them contact details, he replied with details for someone who would “perform hacking for hire”. The only problem is that the company couldn’t determine whether this was the same person who had been involved in the attacks.

With the number of cyber-attacks increasing, Symantec’s chief technology officer, Greg Day stated “This is unfortunately becoming a new normal behaviour. We had at least a decade of cybercrime which generally targeted anybody. Then we had the emergence of very skilled techniques involving a lot of time and effort to target global organisations. What we have now is almost the commercialisation of those techniques, using elements such as advanced persistent threats to pursue espionage and intellectual property theft, whether that is for their own gain or resale.”

With the number of cyber-attacks set to increase, employees of companies need to remain vigilant and remain cautious when such as in this case, receive suspicious emails. Attachments should only be opened if the user knows that it has come from a trusteed source as opening attachments from untrustworthy sources can result in sensitive data being compromised.

Dangers of Social Media & Driving

In the past few years, social media has become a daily, or even hourly, part of millions of people’s lives.  Since the advent of the mobile phone, drivers are facing more and more potential distractions whilst driving.  A UK survey has reported that 27% of people have admitted to illegally using Facebook whilst driving.  This distraction puts the driver and innocent people at risk to serious consequences and endangerment, when the driver should be concentrating on the road.

Adrian Walsh, Director of RoadSafe says: “It’s a frightening thought that people are checking their smartphones whilst driving. Many studies from across the world prove that drivers using phones are slower to respond than those who are just over the drink-drive limit. It is dangerous to use a phone – even hands free when driving.”

These are shocking figures considering that drivers are four times more likely to crash using their mobile phone behind the wheel.  The problem is even more prevalent amongst university and college students, a US survey found that some students are so addicted that they at least 44% check their Facebook before brushing their teeth in the morning.  Although there is a lot of emphasis placed on personal social media activities, social media for business use is also part of the problem.

One fifth of those surveyed confessed to be unable to go fifteen minutes without checking their smartphones for a range of reasons including emails, Facebook posts and Tweets.  The increased efficiency of a smartphone is also an increased distraction.  Clients, colleagues and suppliers now expect answers and issues to be handled almost immediately.

Gareth Kloet, Head of Car Insurance at Confused.com says: “Our research shows that although people are aware of the consequences involved, they struggle to tear themselves away from their mobile phones and social media. Using these devices, while driving, is incredibly dangerous.”

In support of how dangerous social media is whilst driving, a dramatic fall in traffic accidents this week has been directly linked to the three-day disruption in BlackBerry services. Traffic accidents fell 20 per cent from average rates on the days BlackBerry users were unable to use its messaging service. In Abu Dhabi, the number of accidents this week fell 40 per cent and there were no fatal accidents, when usually on average, there is a fatal accident every two days.

“Absolutely nothing has happened in the past week in terms of killings on the road and we’re really glad about that,” Brig Gen Al Harethi, director of the Abu Dhabi Police traffic department said. “People are slowly starting to realise the dangers of using their phone while driving. The roads became much safer when BlackBerry stopped working.”

So how are we to receive the innovation from US car manufacturer General Motors (GM), ‘a new social media interactive program for the car’?  An upgrading of the OnStar service will allow drivers to verbally dictate messages to update their Facebook status via the OnStar Facebook application.  The service allows subscribers to listen to their most recent news feeds with just a push of a button and removing the needs to fiddle with a mobile device.  It could just be like listening to some kind of interactive Facebook Radio.

Sources:  http://www.mirror.co.uk/news/top-stories/2011/10/17/facebook-addicts-risking-their-lives-logging-on-while-driving-115875-23494944/



More Widespread Public WiFi Access

Widespread free Wifi access is becoming more crucial than ever.

Such demand is coming from businessmen and women wanting to close deals on the move, tourists wishing to make purchases as well as download maps and the general public looking to quickly check their bank balance or Facebook account. Furthermore this has been confounded by the increasing number of mobile devices which people carry including laptops, smart phones and tablet PCs.

However it is generally a bit of a hard ache to gain internet access in city centres without a  variety of complications. A list of networks will always pop up on your device but you are then required to purchase a cappuccino or some form of gimmicky loyalty card, which you inevitably loose between visits.

A recent study by the Office of National Statistics demonstrated that 4.9 million people connected through hotspots including those residing in airports, hotels, cafes and restaurants over the past year. This is a huge increase from the 0.7 million in 2007.

Many free Wifi schemes have been approached but then pulled with recent government cuts. This included the London Islington “wireless mile” and Swindon council’s promise to deliver free Wifi from the top of every lamp post by April 2010.

Despite such failure however free Wifi networks have been setup successfully. Cities such as Raleigh, Seattle and Denver in the US as well as Taipei and Bologna have all rolled out successful implementations.

York is however one city which has recently catapulted into the lead with a Wifi pilot project underway in St Helen’s Square and on Coney Street. This will place York at the forefront of a handful of cities within the UK.

Council leader James Alexander stated: “The digital York scheme is part of a step change in the ambition we have for the city and we hope that the initial trial will be successful and provide a real boost to local businesses, visitor and shoppers.”

Amazon Role Out G-Cloud

Amazon has launched a government only cloud for federal Cloud Services.

The project ensures that the government stays compliant with regulations such as the International Traffic in Arms Regulations (ITAR) which states that only US citizens may access data regarding weapons, as well as other items which have been banned from export on the US munitions list.

An Amazon spokesman said “because Amazon Web Services’ GovCloud is physically and logically accessible by US persons only, government agencies can now manage more heavily regulated data in AWS while remaining compliant with strict federal requirements.”

Amazon have tactically worked alongside the US federal government in order to help achieve their target of shutting down approximately 40% of the 2,000 plus data centres they have, saving approximately $3 billion.

Other big players are however in the mix to gain responsibility of government data including Google, IBM and Microsoft. Overall $20 billion in revenue has been identified that can be utilised to move a quarter of the federal IT infrastructure to the Cloud, saving $5 billion annually.

Amazon’s new offering complies with all the other portions of its public cloud but additionally allows compliance with other regulations governing federal data such as the Federal Information Security Management Act and Portability Act. In addition the new invocation supports many existing security certifications including FISMA, SAS-70, ISO 27001, FIPS 140-2 compliant end points, and PCI DSS Level 1.

Tighter Data Breach Laws Required in Oz

Stricter laws regarding data breach notifications have been highlighted as one key aspect which needs to be tackled under a multinational joint plan outlined by the US, UK, Canada, New Zealand and Australia.

Australia in particular, is a government which has been accused of not keeping up with developments. Nigel Waters, the former Assistant UK Data Protection Registrar commented, “The government has dragged its feet. I don’t think there’s any excuse for not acting on this.”

Timothy Pilgrim the Australian privacy commissioner, when asked about bringing a new policy said “it’s a useful tool that is going to give people the ability to have a greater understanding of what’s happening to their information, particularly if something goes wrong with it.”

Where no laws exist forcing organisations to admit when they have had a data loss there is no way of keeping track of just how many incidents have occurred. In the past twelve months there have been 56 major incidents reported in Australia (a 27% increase compared to the year before).

In the US for instance organisations have to notify the trade commission within 60 days if personal information is compromised. In addition the company which has lost data must specify exactly what data has been lost. Failure to admit a data loss results in the organisation being liable for US $11,000 per person which peaks at approximately $5million.  In the UK the Information Commissioner’s Office has the ability to impose penalties of up to £500,000.

It is essential that data losses are documented properly throughout the world in order to maintain a grasp on data management and security and it is likely that the Australian government will take appropriate steps soon.



















Rise of the Data Crime Bot

Automated cyber attacks are becoming increasingly prominent according to a new report conducted by Imperva.

The Web Application Attack Report (WAAR) studied attacks on 30 different enterprise and government web applications highlighting that assaults on websites and databases are now as frequent as 25,000 per hour.

The sheer volume of these attacks is worrying. However perhaps more concerning is the fact that most of them are conducted by automated bots. This makes the threat unique. Car jacking for instance cannot be automated and neither can purse theft. For this reason cyber crime has the potential to have greater financial impact than all other forms of crime put together.

“The level of automation in cyber attacks continues to shock us. The sheer volume of attacks that can be carried out in such a short period of time is almost unimaginable to most businesses,” stated Amichai Shulman, Imperva’s CTO and lead researcher.

Aside from automation cyber criminals are becoming increasingly evasive “Our data demonstrates that it is increasingly difficult to trace attacks to specific entities or organisations.”

What is known is that the majority of attacks originate from bots developed in the US (29%) and China (10%). Such bots are simply left to make consistent attempts to hack and retrieve critical data.

Imperva advise CEOs across all industries to always consider their businesses a target and especially “If you hold sensitive information with value for governments, employees or competition.”







Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal