Friday, July 29, 2016

When the weak attack

Weekly Summary

The French politician Goerges Bidault (ES / FR / EN) is credited with the quotation: "The weak have a weapon: the mistakes the strong ones make". It could be truth or happen just occasionally, but anyway the most clever thing in any fight is to let the opponent become overconfident... If you have a response strategy. But, who´s the weak one and who is the strong one in cybersecurity matters?  

On the hacking romantic vision, the attackers are the weak who face super powerful infrastructures. Maybe until two heavyweights such as Derek Burney and Fen Osler Hampson arrive to explain in The Globe and Mail why there are not only Wikileaks leaks, but Russian "hackers" too behind the attacks against the USA Democratic National Convention. And they turn the world on our heads.

Wednesday, July 27, 2016

Irish way Cybersecurity

"What was just a criminal wave just a few years ago has become a global pandemic, described by Ginni Rometty, CEO at IBM, as "the biggest menace to every business in the world". These words are from Pat Larking, CEO at Ward Solutions, in the Whitepaper commissioned by her company  about the degree of knowledge and awareness of Irish business (North and South) to face cybercrime.  

Ireland, of course. The same country which guests some of the biggest IT companies taxes and business centers for well known reasons. With this consideration in mind, it´s not strange that the study has caused a deep impact in some specialized pages because it drops sentences as almost half of this business will not reveal a security breach which could affect third parties, including customers and stakeholders. Something defined by Veracode as "holding your breach as a secret and other auto destructive decisions". This is striking because, nevertheless, one third of survey respondents recognize they hace suffered a security breach last year.

Friday, July 22, 2016

Frontiers are useless nowadays

For thousand years, one way to be relatively safe was to respect the frontiers: if something don't like me, I won't let it in, and it will not exist in my country, in my society or in my environment. With the digital era it seems clear those doctrines based on the perimetral defenses have blown out, and that's why is surprising that some people still use it nowadays. It seems the lesson weren't learnt yet: it is useless to tighten the frontier if the enemy is already living with me... although I don't want to see it.
Something similar happened with the president of Turkey, Recep Tayip Erdogan, who one day decides to limit the social networks, and another to lock Wikileaks on his country, after the Assange organization filtered 300.000 emails compromising his administration: if we don't see it, it doesn't exist, must think the Turkish leader. A few day before this "block" and when the network had announced the filtration of these documents, a tweet from Wikileaks announced they were under a sustained attack. This, when the country was just recovering from the attempted coup, which involved another "block" to sites like Youtube, Facebook an Twitter. The quotation marks of "block" has a sense: the population who want tell to the world what was happening, did it through VPN. Frontiers on the digital era?

Wednesday, July 20, 2016

Lack of resources to face threats

We need qualified personnel, we need awareness in high positions, and we need a bigger integration of the security solutions. Almost three-quarters of the cybersecurity experts blame to these three problems the main concerns of today of the corporate environments. The results came from a report made by questionnaires sent by the organization of the BlackHat conference

The first answers were gathered on 2015. The purpose of the survey was to evaluate the attitude and the plans of some qualified expert of this matter and with a high grade of skills, among the assistants to the BlackHat. One year after, the survey records shows an increase in the way of how they manage these questions. The most notable trends today could be divided on three categories related to future menaces, the decreasing labor and the unattended spend priorities.

Monday, July 18, 2016

José Luis Gilpérez: "I´m worried about the use of the Network as a propaganda tool"

José Luis Gilpérez. Defense, Security and Big Data Director at Telefónica.


It´s a pleasure to see a high executive who started at the bottom, in José Luis Gilpérez,s case since 1990, when he started working as networks technician in the company so called Telefónica of Spain. And he has not gone out from there until he reached, nowadays, the position of  Defense, Security and Big Data Director.

- I see in LinkedIn that you have cybersecurity responsibilities in Telefónica since 2002.

- Indeed, I've spent more than half live working in this world, specially in the last 15 year, dedicated to big projects with customers.  Because this is a world about which I feel strongly. I feel lucky because I can work on what I like.

Friday, July 15, 2016

Most read news of the week

Pierluigi Paganini, supporter of the well known blog "Security Affairs" is without doubt this week's most read news main character, not only  for its good work in favour of a better information about infosec, but for his blog's latest novelty: conducting in-depth interviews with renowned hackers that, as the interviews we do from CIGTR,  are having a great reception from the cybersecurity community.
Pierluigi Paganini
We talked about that in our interviews section last monday, highlighting the best quotes of the interviews realized by Paganini with Rahul Sasi, César Cerrudo, KArsten Nohl, Billy Rios and the hacker known as @slege. 

Wednesday, July 13, 2016

Fraud and threats, major cybercrimes according to Interior

Most computer crimes are committed in Spain Spanish nationals, aged between 26 and 40 years, says the "Study on Cybercrime in Spain 2015" recently presented by the Ministry of the Interior. Foremost among the data provided by the study 28.3% of computer crimes are carried out by minors.

Arrests for cybercrimes in 2015, by age and sex

For the preparation of this report has been taken as a reference statistical information based on crime known registered by the Forces and Security Forces (National Police, Civil Guard, Police Foral de Navarra and various Local Police Forces) contained in Criminality Statistical System (SEC), as well as those from the National Center for Critical Infrastructure Protection (CNPIC) except i Mossos d'Esquadra Ertzaintza.

Monday, July 11, 2016

Inquirer IT professional with virtuous surname

Pierluigi Paganini is one of the most recognized professionals in the blogosphere INFOSEC . His digital binnacle Security Affairs is one of the most widely read Internet and social networking presence is constant. It is difficult to move in this world and not find him. Sooner or later, the security expert with surname virtuoso violinist land among your readings, and once in them, reincidirás voluntarily or involuntarily.

We have not talked with Paganini (who knows, everything will come) but we note your name today, Monday interview, because not a month that has been released to interview faces and identities more or less relevant in the scene hacker goes international . Since late June, they have gone through your blog Rahul Sasi (@ fb1h2s), Cesar Cerrudo, Karsten Nohl, Billy Rios, and the hacker under the pseudonym @ s1ege. In addition, these interviews carry a commendable pace; for example Nohl and Rios came two days.

Friday, July 8, 2016

Most read news of the week

Spying through computer networks is becoming increasingly important and requires people and organizations to form in the digital defense. The simplest human error can open a security breach unpredictable for our security and privacy dimensions, as happened to dozens of actresses and models United States when their most intimate photos were aired in the famous attacks known as CelebGate, summer 2014.

This week we learned that one of the authors of the leaks of CelebGate, Edward Majerczyk, 28, has pleaded guilty to hacking Apple's cloud, iCloud and Gmail accounts of more than 300 people, including Hollywood celebrities . Majerczyk used phishing techniques to get the credentials of their victims, between November 2013 and August 2014. They sent messages that come from computer
simulated up your Internet service provider.

Wednesday, July 6, 2016

What is the impact of data theft in an organization?

Data theft in business networks increased by 29% since 2013, the most affected organizations stored health data. Half of these attacks have been caused by external groups with accomplices within the organization and in 25% of cases with human error. Are the main conclusions of the study "2016 Cost of Data Breach Study: Global Analysis" conducted by the Ponemon Institute on behalf of IBM.

Monday, July 4, 2016

Sanchez Almeida: "Spain has the most restrictive Cybercrime legislation in Europe"

Carlos Sánchez Almeida. Lawyer

So we are presented with Carlos Sanchez Almeida: "53 years old, Barcelona, 1962. Two children. Law degree in 1987. He paid studies working for 17 years in case an insurance company Bufet Almeida in January 1995. It has taken many cases of computer crimes, often against political and economic power: many of his opponents listed in recent months has defended the alleged dome of Anonymous and administrators of virtual communities Menéame and Vagos your latter case was the defense of the alleged hacker TV3, accused of revealing the millionaire salaries of executives of the public broadcaster".

Friday, July 1, 2016

Top Stories of the Week

CEO of Google
The robbery of a bank in Ukraine, hack the CEO of Google, a Trojan that attacks clients of banks in the UK, the government's recommendation of the same country to lower wages to CEOs in the event of cybersecurity incidents and interviews Cesar Cerrudo  and Pete Herzog hackers, are our top stories of the week.

A Ukrainian bank was the latest victim of the now famous attack on the nerve center of the global financial system, SWIFT. According to ISACA, hackers have stolen 10 million in the bank. The bank security has also been news this week in Britain, following a new campaign Retefe banking Trojan, which would have improved its code. The Trojan is distributed via spam messages with an attachment that carries malicious Javascript and installs a fake certificate on the computer of the victim.