Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
In their quarterly earnings call last week, the Marriot havereported a total net income of $2.2 billion for 2018, but during the call alsodisclosed that the huge data breach that occurred in late 2018, has so far costthem a whopping $28 million.
Of this $28 million, $25 million is understood to have been coveredby their insurance.
The data breach that hit the news in November 2018 originally reported that the personal details of 500 million customers had been compromised and was a result of malicious actors hacking the Starwood chains network for more than four years.
The ongoing investigation found that the real figure wasapproximately 383 million, but this still stands as one of the largest singledata breaches to date.
According to Marriot the investigation into the securityincident has now completed, they believe that impact to the company has beenlimited and that customer loyalty does not appear to have been affected. LuckyMarriot, others have not been so fortunate.
According to this post by SecurityWeek, some believe that attackwas the work of state sponsored actors working for the Chinese government, andthat the goal was less likely to be for financial gain, and more targeted at espionage.
In an effort to rid the world of the dreaded password dilemma, the World Wide Web Consortium (W3C) has this week approved the new Web Authentication API standard (called WebAuthn) which will allow users to login to websites without the need of a password.
WebAuthn will enable strong authentication for web applications,through the use of public-key crypto-based credentials, which will effectively removethe need for passwords.
This new API is already supported in common operating systemsand browsers such as Windows 10, Android, MS Edge, Firefox and Chrome.
In his speech earlier today, Jeremy Hunt, the UK ForeignSecretary, has warned that Western democratic elections are an easy target forforeign regimes, and that trust in the democratic process has been undermined.
Although he said that there was no current evidence of anyinterference in UK elections to date, he is calling for economic and diplomaticsanctions to be enforced in response to any such attacks.
Mr Hunt said:
"At a minimum, trust in the democratic process is seriously undermined.
But in a worst-case scenario, elections could become tainted exercises, robbing the governments they produce of legitimacy.
The greatest risk of all is that a hostile state might succeed in casting a permanent cloud of doubt over an entire democratic system."
Although not proven, China, Russia, Iran and North Korea areall thought to have been involved with state sponsored cyberattacks in recent times.Numerous attacks have been blamed on North Korean state hacking groups, includingthe WannaCry Ransomware attack, and the launch of the destructive ‘Olympic Destroyer’malware, that came close to bringing down the opening ceremony of the 2018 WinterOlympics held in South Korea.
Russian groups on the other hand have been blamed for a number of high-profile attacks against the Ukraine (the Nyetya destructive ransomware attack) and of course the 2016 US Presidential elections.
Mr Hunt believes that Nations involved in such attacksshould be ‘named and shamed’ and that they should pay a heavy price, thatincludes prosecution, for any interference.
What is clear is that Government’s that use online ballotservices to cast electoral votes, need to be doing more to protect thesesystems, and ensure that security is at the forefront during their developmentand operation.
Cyber Security is a complex place to live in, it is anever-evolving landscape of challenges, that changes on a daily basis, and isdifficult for the seasoned professional to keep up with.
Just keeping up with and understanding the acronyms andterms associated with Cyber can be daunting.
With this in mind, we have put together a Cyber Glossarythat provides an A to Z list of the common terms you might come across in yoursecurity travels. Each term comes with a brief and simple explanation to helpyou with your understanding.
We post periodic updates to the glossary so you can alwayscheck in later for new additions.
Happy reading!
Data and network breaches are becoming common place, makingregular appearances in our everyday news. These days no one is exempt from beinga target, as everyone has valuable data that can be used or sold by cybercriminals.
Ask yourself, do you think you are doing enough to protectyour systems, users and data? And if you were breached, would you know whataction to take?
If the answer is No to either of these why not attend the webinar‘You have been breached. Now what?’ andfind out how Cisco Umbrella and Cisco AMP for Endpoints, can help you not onlybuild strong defensive layers against cyber threats, but how they can be usedto quickly respond in the event of a breach.
Sign-up using the link below.
And that’s it for this week, please don’t forget to tune in forour next instalment.
Why not follow us on social media using the links providedon the right.
Edition #32 – 8th March 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
