Ransomware: Should you pay up?

Published:

Ransomware has become a staple of Organised Criminal Groups’ (OCGs) revenue streams. Being able to affect a broad spectrum of targets, ranging from large businesses through to individual end users allows for a range of different monetisation models, from ‘spray-and-pray’ to targeted ‘big game hunting’. The sheer number of criminals focusing on ransomware, and the low barriers to entry, ensure that very large numbers of targets can be infected. The cost of launching an attack has reached the level where only a tiny proportion of victims need to pay in order for the criminals to reap significant returns on investment. It has become a very efficient, if illegal and unethical, way to earn a living these days.

Continue reading

Manipulation, Disruption & Espionage: the 2019 Israeli Elections

Published:

On Tuesday 9 April 2019 Israel will be holding early legislative elections for members of the 21st Knesset, the unicameral national legislature which holds 120 seats. The elections are of significant importance at both national and regional levels and are highly likely to have attracted the attention of various cyber actors. Various operations are likely to be conducted, with manipulation, disruption and espionage that promise to be at the forefront of the electoral race.

Continue reading

Government mandated backdoors: facilitating or preventing crimes?

Published:

The history of encryption

The deployment of the Enigma Machine by Nazi forces in World War II, and the cracking of its cryptographic systems by allied codebreakers heralded an immense increase in international interest in encrypted systems. Since then there has been an exponential rise in the use of the internet for the communication and storage of data, resulting in growing investment in strong encryption techniques from major technology firms.  

Continue reading

Beyond compliance: How GDPR can give hackers the upper hand

Published:

Since the implementation of the EU’s General Data Protection Regulation (GDPR) in May, media reports of data breaches have skyrocketed. British Airways, Facebook, Ticketmaster, and Cathay Pacific are all organisations that have made headlines over the last months showing the breadth of sectors affected worldwide by data compromises.

Compliance-driven pieces have been a relatively common occurrence in the media since the application of GDPR. We however aim to look in this blog post at GDPR from a threat actors’ perspective. With GDPR bringing in major changes on the management and transfer of data, threat actors are likely to find innovative ways to exploit and benefit from these changes.

Continue reading
Save the date! Timing the hack for the biggest impact.

Save the date: Timing the hack for the biggest impact

Published:

There are now three certainties in life – there’s death, there’s taxes and there’s a foreign intelligence service on your system’ – Head of Cyber at MI5 (2013)

Over the last two decades, the scale and severity of cyber attacks has been very variable. It  is probably safe to suggest that the secret sabotage of a nuclear facility by the Stuxnet worm is in a slightly different league to the theft of payment card data held by a commercial brand like Chipotle. Nonetheless, there are several underlying attributes that provide a common framework to compare unconnected incidents. The Diamond Model of Intrusion Analysis indicates that for every incident, there is:

  • An Adversary
  • The Capabilities of the Adversary
  • A Victim
  • Infrastructure over which the attack occurs
Continue reading

Bank Reconnaissance, A Hacker’s Guide

Published:

For much of the time, cybersecurity researchers can find themselves limited to informed speculation and assessment about the sort of activity that cybercriminals perform, prior to launching a large cyber-theft operation. We believe that they will be performing reconnaissance on employees at the bank, particularly those in privileged positions linked to the payment and IT platforms, but some of the more precise details are limited. However, every now and again, information will be leaked which can provide some unique insight into the activities of cybercriminal groups and what they look for in a victim.

Continue reading

Politics aside, what we can learn from the DOJ’s indictment of 12 Russian officers

Published:

On the 16th July, the Department of Justice indicted 12 Russian nationals for their role in the cyber operations against the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). It was the latest in a series of private sector and government publications that provide proof tying Russian hackers to the breaches of Democrat Party institutions and the theft of confidential information.

Continue reading

Cybercrime in the Retail and Hospitality Industries

Published:

Some industries are more likely to attract particular kinds of threat actors than others. The retail and hospitality industries for instance are very attractive targets for cyber criminals as both collect and process large quantities of personal and financial data. This is similar to the banking industry but, whereas major bank breaches are now considered to require sophisticated operational procedures and have become the preserve of highly specialised groups, the retail and hospitality industries remain prime targets for criminals of all capabilities.

Continue reading
Digital sovereignty in the age of connectivity: RuNet 2020

Digital sovereignty in the age of connectivity: RuNet 2020

Published:

The Russian Federation is currently pursuing a radical transformation to internet connectivity within the country. RuNet 2020 is an ambitious project to establish a national government-controlled network which is intended to function in an insulated environment from the broader internet in the event of a crisis.

Continue reading
The role of propaganda and branding in the ransomware “industry”

The Art of ‘Ware’ – The role of propaganda and branding in the ransomware ‘industry’

Published:

As of the time of writing, the three bitcoin wallets associated with the WannaCry ransomware have received a combined total of about 53.8 BTC – just shy of USD 500,000 at current conversion rates . This is despite the “kill switch” and other implementation flaws that impeded its early propagation. It also flies in the face of the numerous articles circulating in the security community that cast doubt on whether it is even possible for WannaCry victims to consistently get their files back.

Continue reading