Friday, March 31, 2017

The Chinese Whispers (The ruined phone)

The best of the week in Cybersecurity

One of the most popular games when we were kids was the Chinese Whispers (the ruined phone), which consisted of a handcrafted phone made with a couple of yogurt containers and a thread. The function of each containers was to get a message from one person to another, and in both cases, the only thing that was received was a babbling of the original content. As expected, the safety of this procedure was not very high (nor was it sought), and this is what the companies have focused on in the last years: in seeking a secure communication from one “yogurt container" to another.

Telegram, following the steps of its alter ego, has added the possibility of making calls. This feature is not new in this kind of applications, but the innovation that it brings is the encryption of the "end-to-end" calls, as well as in the text messages. And it doesn’t stop there: we also will be able to select who we want to allow to call us and the quality of the calls (deciding between a higher call quality or using less data). At the moment it will only be available in Western Europe, for iOS devices and Android.

Wednesday, March 29, 2017

The most dangerous risks are where you didn’t believe they were

The report of the week

As they say, ‘all that glitters is not gold', and if you don’t believe it, then ask the Trojans about the time when they saw enter that imposing horse, which supposedly was a gift from the Greeks, and which turned out to be the end of the city and the destruction of most of Its citizens A wooden horse, something that seemed harmless, became one of the most powerful tools of war. If we move this example to the world of cybersecurity, not all the dangers are behind the international groups of cybercriminals or major phishing campaigns against relevant companies. You can be infected by many other routes and by means much more homemade or simple than you believed.

Carbon black has shown the results of its latest research report, Beyond the Hype, which has the opinion of 400 cybersecurity researchers. It is focused on highlighting the risk that come with non-malware attacks, which according to results, represent a greater risk to organizations despite what might be thought. 93% of respondents agree with this statement and almost two-thirds (64%) of them stated that they had observed an increase in these non-malware attacks since early 2016.

Monday, March 27, 2017

Cyber attacks against hospitals are not just a thing from the past

A year ago, today...

Technological advances affect every side of our life but undoubtedly one of the most important fields affected is the field of medicine. The emergence of new techniques and surgical tools are making possible the research and evolution of medical techniques, which suppose saving the lives of many people around the world, or at least making those lives last longer. The only problem is that those responsible for hospitals sometimes leave out the issues of cybersecurity, which may be more important than they can imagine.

The computer insecurity in the medical centers was, and still is, an increasingly serious issue and that calls for urgent revision. It was a year ago when there was a wave of ransomware attacks targeting various hospitals in the United States. Those affected were Kentucky Methodist Hospital and California Chinese Valley Medical Center among others. At the Methodist hospital they had to declare an internal emergency while technicians attempted to restore access to encrypted files and e-mail. The ransomware was Locky, one of the newest at the time, which spread all over the internal network and infected multiple systems. Cybercriminals demanded a ransom of 1600€ to unlock the encrypted files, but nowadays it is still not clear whether the hospital finally paid it or not.

Friday, March 24, 2017

Ensuring our privacy

The best of the week in Cybersecurity

It seems increasingly difficult to maintain our privacy and avoid the nosy 'glances' of people. Glances that in the nineteenth century translate into a 'like' in a social network or into meeting with a person you had not seen for years and that they know the whole journey of your life. Many people choose to be exposed, but others decide not to upload any content of their privacy to the networks and believe that their privacy is thus safeguarded. What we do not consider is that our computers or mobiles could be hacked and that all that content that we have kept save with so much care can see the light anytime.

About privacy, or rather the lack of it, has spoken again Wikileaks. In their last leak on the CIA's cyberspace campaign they stated that the iPhones and Macs had been spied on for several years. Wikileaks already said that they had not told everything, and so it has been. In the case of iPhones, they would have been infected for a year after their launch in 2007, implying that the CIA would have introduced malware directly into the terminal's production chain. Yours may be one of the chosen ones, although it does not mean that they have spied on you... or maybe they have?

Wednesday, March 22, 2017

Cybersecurity in private and work life

The report of the week

The use of mobile applications is expanding to all sides of our life, as we use them to look for the address of a restaurant, to communicate with our friends or to buy something. Companies also use Apps to facilitate workers their daily tasks with invoices, and this has derived in the use of the personal mobiles for use so much personal as professional, which can carry serious security risks for the companies.

A new study made by F5 Networks on consumer behavior regarding mobile applications has revealed that more than a quarter of British (26%) do not check application security measures before downloading them. The study was conducted to 2,000 users and revealed that, regardless of the growing fears about cybercriminal activity, people continue to neglect online security measures. Only one in five respondents (21%) checks the security measures of each new application they download, while the type of application did affect in the user’s decision on checking it or not.

Tuesday, March 21, 2017

The 'Ides of March'

A year ago, today...

Certain key moments in the calendar had their own names in the past. Among them stands out the one known as "ides of March" that designated the 15th day of the month dedicated to the god of war Mars, or what is the same, on March 15 for mortals.
These days were days of good news, however, the whims of history made one of these days the own Julius Caesar was killed, which made this date change the tables and came to have negative connotations. Even Shakespeare made famous the phrase "Beware of the Ides of March!".

Like every week, we go into our time capsule and we go back a year ago, to take perspective and see how we have evolved in the cybersecurity sector. It is clear that we evolve, but sometimes it gives the impression that we make the same old mistakes. For example, today, a year ago, the news were security in mobile telephony. Google published in a hurry a patch for a vulnerability that affected 275 million Android phones, specifically from version 2.2 to 4.0, 5.0 and 5.1. Although the vulnerability was new, it was located in the same library that was attacking "Stagefright", which for reasons unknown, Google did not completely protect. Then, the only solution was to install patches. Patches that did not always reach all Android devices, or did not arrive on time. It's that subtle but fundamental difference between having a Nexus (or a Pixel), or having any other android device in the hands of another manufacturer... not to mention the delays of the operators.

Friday, March 17, 2017

'Millenials' and Social Media

The best of the week in Cybersecurity

The generation born after 1980, called Millenials, makes up one-third of the world's total population, which also means a third of the world's workforce. It is a generation that uses social networks at every moment and practically their whole life is online. The spontaneity with which they manage themselves on the internet makes them not fear cyber attacks so they do not put every possible means at their disposal to protect themselves. This fact can affect the companies in which they work, as many of them use of social networks and personal email in their workplace and can get to infect their work equipments. 

Many of these 'Millenials' might lose control of their Twitter accounts, as it happened last Thursday to the European Parliament, US Unicef​​, or BBC North America. The Twitter accounts of these international organizations were attacked by what seemed like a large-scale cyber attack. Many of the hacked messages were in Turkish and displayed a swastika and the hashtags #Nazialmanya and #Nazihollanda. This attack can be related to the diplomatic conflict between Turkey, Germany and the Netherlands, after Dutch and German officials forbade Turkish ministers to campaign in some parts of their countries. Luckily the problem was solved in just a few hours.

Wednesday, March 15, 2017

Ongoing training a win-win for all

The report of the week

Ongoing training is a must in most professions if you do not want to fall behind and let new generations of professionals take your possition. The masters and postgraduates existing in the market take into account this fact and have been adapted to the needs of the active workers. The cybersecurity case is special, since it is a rapidly changing area, needs grow very fast and professionals of the subject are very scarce. That is why companies are 'pulling their socks up' and are starting to invest in training their workers, for the benefit of all.

Pearson Vue's new report gives new insight into this new reality and highlights that companies are investing more actively in cybersecurity training than in previous years. Of the 6,605 IT professionals surveyed, there was an increase of 48% in those receiving safety training in their workplace and 60% performed safety exams. In addition companies know that this recycling of knowledge has a positive impact in them, so 53% of the respondents received the training financed by their company compared to 26% who admitted they paid for their complementary training.

Monday, March 13, 2017

A small detail can change everything

A year ago, today...

"Email sent from a mobile device, excuse the brevity and possible errata" This brief text accompanies most corporate mails that are sent from mobile devices, and is because being in a rush sometimes can be tricky. And not just the rush, let's raise a hand who has not sent a completely disjointed with the spellchecker. A small detail can change everything and that is why we have to watch out every mistake we can make and of course, more when it has to do with safety. Clicking and opening a document from an infected email or having the automatic update of your mobile app could cause us some head brewing.

Last year when the Central Bank of Bangladesh was robbed of $ 100 million. The thieves could have stolen much more, Specifically a billion dollars, but they made a mistake typing the orders of the last transfer: they wrote "fandation" instead of "foundation". This alerted the bank, which stopped the transaction and was able to recover part of the money, thanks that the cybercriminals didn't pay much attention to the details.

Friday, March 10, 2017

The spotlight of all the cameras

The best of the week in Cybersecurity

Thanks to all the technological advances that we have today, we can do things that were unthinkable years ago. Sanitary technological innovation, for instance, already allows the realization of non-face to face operation, and being far from home becomes easier with all the possibilities of communication that we have available. But it is already known that everything has a ying and a yang side, and these advances can carry great dangers of security.

Trying to safe the privacy and security of our messages the White House, among others, began to use the 'safe version of Whatsapp'. It is an App called Confide that encrypts the messages and never shows more than 4 or 5 lines of text at a time, which makes it difficult to see the screenshots and the viewers intrude into our privacy.  Pero no siempre es todo lo que parece, y la solución para cualquier persona para chatear sus mensajes, también tiene "algunos errores".The responsible for publishing them to the entire world have been the ICOctive Quarkslab guys, Which in their last report have exposed that the implementation of the encryption could make possible the impersonation or the alteration of the content of the messages or files. Is communication secure the holy grail of our time? It seems that yes, and that is a long journey ahead to find it.

Wednesday, March 8, 2017

The fault is always of the competition

The report of the week

When someone has a business idea in mind, they usually search for support in an entrepreneurship program that helps them get their objectives. One of the first questions usually asked is:"Who is your competition?" More than one answer that they don't have any competitor and that's why the idea is going to be must. Big mistake. The existence of competition means that is has a market interested in what you sell, but getting to it is not always easy, sometimes you have to dodge literal attacks of the competition.

About these competitive attacks talks the latest research conducted by Kaspersky Lab and B2B International.  Many of the businesses that have been victims of DDoS attacks suspect that such attacks come directly from their competition. Almost three in five of the victims share this conspiracy theory, ahead of cybercriminals, who were suspected by 38% of the victims. But it is not all about dodge the issues, the most important thing to worry about is that 21% of companies suspect that the attacks come from disgruntled workers or former staff members.

Monday, March 6, 2017

Governments catch up on cybersecurity

A year ago today...

Governments from most of the countries around the world are concerned more and more everyday about cybersecurity. Some governments even create specific systems to improve in cybersecurity, and this helps the companies in the sense of being less 'alone in the face of danger'. Having almost daily attacks on ministries of defense in countries such as Singapore make the existence of a specific institution a priority for the security of state data.

Like every Monday, today we look back and analyze what happened a year ago, when we knew about the chatty ransomware. Trend Micro warned of the existence of a ransomware, called CERBER, it "spoke" to its victims through an audio file that read: Beware! "Your documents, photos, databases and other important files have been encrypted" All of them in English, of course, but it had the option, if the victims used Tor, to go to a page where they were told the same in many languages ​​so that everyone could understand the message. How important it is to know languages, and more when there is a lot of money at stake ...

Friday, March 3, 2017

The day by day in Cybersecurity

The best of the week about Cybersecurity

When we hear about cybersecurity we tend to think of big companies or public institutions, foreign to street people. Nothing could be further from the truth, nowadays these "dangers" are in daily objects that they use in our day to day: from our phone to the household appliances that we have at home. 

During the MWC 2017 have been exposed the latest developments in the sector and consequently, there has been a talk of possible security breaches that exist or may in the upcoming years. The company Avast took advantage of the congress to announce the results of a study in which they have discovered that 5.3 million smart devices are hackable in Spain. Within this list are everyday device such as webcam for monitoring systems for babies. Cyber Criminals can create a botnet to attack and remove servers and websites. Also,  when a device is infected, it can produce the  "domino effect"  and infect other devices with even bigger risks.

Wednesday, March 1, 2017

Cybersecurity and labor conciliation

The report of the week

France has started the year 2017 with a clear objective: to end the calls of the heads outside the working hours. To make this possible the goverment has approved the right to disconnect and 'ignore' emails that arrive on your days off or once you put your foot out of the office. With this new standard France wants to get less stress on the workers, leave their problems in the office and not take them home. This law, however, has contradictory tints with what has been a trend for years: BYOD (Bring Your Own Device) to have the mails and the corporate network always available on both your pc and your personal smartphone.

French laws may be one-day theme, but professional trends in digital transformation have come to stay. And on this subject, among others, talks the new study that Check Point has interviewed 1900 IT experts from large companies of more than 1000 employees in the United States. The results have been published in its annual 2017 Cyber Security Survey which reveals that only 35% of respondents have "total or high confidence" in their organization's overall security. In addition, the issues that most concern the experts are those related with the cloud and mobile devices.