Graham Cluley: 3 Cyber nightmares that’ll make you WannaCry…
Graham Cluley gave a great talk at SecureTour17 where he divulged the three major nightmares in the world of cybersecurity that should be keeping you up at night.
Cluley, who has been working in the computer industry since the early 1990’s and been employed by companies such as Sophos and McAfee, is now a major public speaker, blogger and podcaster.
‘Many technical people are amazing at what they do, but they are not the best communicators. At the same time, individuals in marketing are great communicators but they often don’t understand the topic.’
Lucky for us, Cluley excels at both.
So, what are these three major worries? Watch the video now!
Cluley’s talk back in May followed the major WannaCry cyber attack which had hit the fan shortly before ST17. The ransomware attack was on a scale we had never experienced before.
So, what made WannaCry different from traditional ransomware?
It was being distributed by worm like features, exploiting a Microsoft security vulnerability which Microsoft had patched up in March, and it spread very rapidly. Some security experts had discussed the potential for this exploitation; if you hadn’t applied the Microsoft patch, you would have a problem. Many companies were hit but equally no one likes to announce a security breach and make it public. The NSA had developed the exploit and named it Eternalblue, but neglected to mention a group of hackers had managed to get their hands on it.
The ShadowBrokers threatened to release more data. The NHS was squashed as a result of the WannaCry attack. The impact was so bad that Microsoft took the step to release a patch for Windows XP. Basically, it was a disaster.
2. Business Email Compromise
Cluley informed the crowds that gathered at the ST17 events that the second nightmare that should keep them up at night should be business email compromise; someone poses as a company executive and then targets someone internally to transfer money or expose personal information.
Some of the big names you might have heard of this happening to include:
RyanAir – Lost €4.6m
FACC aerospace – Lost €40m
Leoni AG– Lost €50m
‘And sometimes it's not money. As the likes of Seagate, Snapchat and others have discovered in the past, sometimes the fraudsters are after customer databases or HR records that they can exploit for financial ends.’
Cluley outlines the dangers of LinkedIn and how everyone can access information about employees, job titles, company size… the list goes on.
‘It is becoming an attractive platform for organised crime gangs. Recently, there have been several cases where hackers have used information gathered from LinkedIn to plan targeted attacks on companies.’
3. The insider Threat
Finally, who are you turning a blind eye to when it comes to cybersecurity?
The maintenance guy?
The man who’s come to fix the photocopier?
The security guard?
Cluley highlighted the importance of knowing who had unquestionable access to your companies’ secure data.
Walter Powell was famously fired from his company and proceeded to plant malware on the CEO’s PC, allowing him to hack the board presentation and plant some pretty racy pornography.
Barclays bank had a breach where a man walked in claiming to be the IT man and he plugged in a KVM device, allowing him to track keyboard, video and mouse movements and transmit the details to fellow criminals. They were then able to login remotely and transfer over a million pounds.
Always check that your employers know exactly who they are giving access to secure information.
For full details on any of the above, give Cluley a watch, video available now!