ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Donald Hoxhaj

Medical device makers wake up to cyber security threat

by 1 Comment

https://www.ft.com/content/00989b9c-7634-11e7-90c0-90a9d1bc9691

Medical device makers wake up to cyber security threat

This article talks about the following: Medical Industry is one of the most crucial and vulnerable industries to security threats and the results of which can be devastating on the lives of so many people. In the wake of this, many companies like Johnson & Johnson and Philips have started focusing efforts to learn about new hacking practices in the wake of security threats issued by hackers on medical equipment. The US Food and Drug Administration has also issued warning to such companies to step up their security measures. Medical Device makers are working with white hat hackers to know security flaws in their devices.

It will be interesting to see how things unfold in the future. Medical Industry, especially, Hospitals and Medical centres use legacy medical devices and systems for patient use. How will companies replace those existing devices without compromising on the treatment of the patient? At what cost will companies or industries that are using billion dollar machines have to replace with new ones? Will these companies have the best practices to prevent future threats or will they keep replacing devices? These are questions that require immediate attention

Middle market businesses fail ethical hacking test

by 1 Comment

http://smallbusiness.co.uk/businesses-fail-hacking-test-2538562/

Middle market businesses fail ethical hacking test

This article talks about the following: Upskilling the employees on Cyber Threats and Data Prevention has been a huge challenge for organizations. It is said that more than 40% organizations are subject to Cyber Threats. The hacking experiment conducted by RSM on middle market companies in revealed shocking results. The company sent out 200 spam emails to employees and within minutes, 16% of the employees in those organizations clicked on those emails, a figure that rose to 35% in a short time. Ignorance and carelessness to such outside emails has resulted in this and employees are becoming increasingly vulnerable to cyber-attacks by hackers. These companies have been encouraged to protect themselves against common Cyber-attacks such as Phishing, Whaling, Ransomware, etc.

It will be interesting to see how things unfold in the future. What measures has RSM implemented to ensure employees adhere to common Cyber threats? Will these due-diligence steps be rigorously followed by these employees? Do organizations have the necessary systems and processes in place to change their existing Cyber systems? The answer to these questions will only reveal the efficiency of implementation of Cyber Security Measures.

Cyber attacks a threat to Scottish businesses

by Leave a Comment

http://www.scotsman.com/business/management/cyber-attacks-a-threat-to-scottish-businesses-1-4566474

Cyber attacks a threat to Scottish businesses

This article talks about the following: Statistics says that over 200, 000 organizations were impacted because of WannaCry attacks in May and this impact has also been felt in many organizations such as Maersk that suffered damages worth £240 million. The reality seems to be that hackers and cyber criminals have been targeting the SMEs, instead of the larger organizations because of the ease of attacks. This is because of lack of understanding and sufficient resources at disposal for small businesses. The first step towards prevention is to modernize the existing systems and train people so that they are aware of the hidden attacks.
Because of the number of SME businesses in Scotland, the threat is real and the government is ensuring proper training and retaining of skill sets too.

It will be interesting to see how things unfold in the future. How will the government support training and development of 348, 045 small businesses in Scotland? How much time will be required to upskill the existing labour force and retrain them to new Cyber Security Skills. It would be a challenging situation considering the growing number of SMEs in Scotland.

Remarkable increase in uptake of cybersecurity courses: Pluralsight

by Leave a Comment

https://tech.economictimes.indiatimes.com/news/internet/remarkable-increase-in-uptake-of-cybersecurity-coursespluralsight/61024286

Remarkable increase in uptake of cybersecurity courses: Pluralsight

This article talks about the following: Cyber Security has become a necessity in today’s world where data is growing at an exponential rate and where the threat to critical data is increasing with new attack routes and malware being release without the knowledge of the user. Considering this, there has been a whopping increase in students undertaking Cyber Security courses. Pluralsight, one of the largest online education sites, has recently launched the Cyber Security course comprising of several topics including Cyber Offense Strategies, Penetration Testing, Ethical Hacking, etc. In fact, many fortune companies have also started taking up these courses.

It will be interesting to see how things unfold in the future. Cyber Security thought has been a growing sector for skill development, but its relative growth compared with careers in Consulting and IT has been poor. It would therefore be interesting to see how many of these students pursue their career in Cyber Security and Ethical Hacking? Will there be rise in demand of such skills, enabling more students to take up online courses?

SMEs more vulnerable than ever to cyber attacks, survey shows

by Leave a Comment

http://www.computerweekly.com/news/450428246/SMEs-more-vulnerable-than-ever-to-cyber-attacks-survey-shows

SMEs more vulnerable than ever to cyber attacks, survey shows

This article talks about the following: Cyber-attacks have become a growing threat in the United States and UK and this has factored primarily because of weak password protection. A study conducted on about 1000 SMEs from UK and US revealed that most attacks have happened on small businesses because of poor management. Because of poor management and lack of resources for cyber threat protection, these SMEs are targeted through phishing. There are a couple of reasons that have been identified. First, SMEs lack antivirus software. Second, they do not have encryption software’s. Third, they do not adopt the practice of using digital signatures. Lastly, they do not use Dmarc email authentication.

It will be interesting to see how things unfold in the future. SMEs do not have financial muscle to invest largely on such cyber security measures. Questions that need attention are, What viable options do they have to protect themselves from phishing and online scams? What will be the level of investment required to implement organization-wide cyber security systems?

Iran to blame for cyber-attack on MPs’ emails – British intelligence

by Leave a Comment

https://www.theguardian.com/world/2017/oct/14/iran-to-blame-for-cyber-attack-on-mps-emails-british-intelligence

Iran to blame for cyber-attack on MPs’ emails – British intelligence

This article talks about the following: In June 2017, the email accounts of many MPs were compromised and this blame has been put on Iran. With this recent development, the ties of United States and Iran has also taken a toll. The attacks have been named by the American Intelligence as a Brute Force attack done deliberately to tap communications of MPs with their constituents. Attackers carefully planned the cyber-attack on those email accounts that have weak passwords. These attacks have further spilled the relations of Iran with the United States with President Donald Trump abandoning the Iran Nuclear Deal

It will be interesting to see how things unfold in the future. How can government organizations be more protective and equipped with Cyber Threat measures? If the government plans to implement security measures for stronger firewalls, how will this impact the operations of MPs?

Over Two-Thirds of SMBs Lose Money In Cyber Attacks: BBB

by Leave a Comment

https://www.mediapost.com/publications/article/308831/over-two-thirds-of-smbs-lose-money-in-cyber-attack.html

Over Two-Thirds of SMBs Lose Money In Cyber Attacks: BBB

This article talks about the following: This is a survey conducted on more than 2000 businesses by BBB. The results from the discussion with respondents showed that about one thirds of small and marginal businesses are victims of cyber threats and though they take all preventive measures right from filtering emails and traffic over the internet, 8% of the respondents haven’t heard from dangerous virus such as Trojan. The most important reasons that hinder businesses from using cyber security protection are lack of resources, unskilled to tackle cyber-attacks, and some say that they lack information. These results are peculiarly interesting because they give customer sentiments towards such threats.

It will be interesting to see how things unfold in the future. What measures or resources can small businesses avail to tackle cyber threats? Will financial resources allow small businesses to invest in cyber security measures?

Adobe patches Flash bug used for planting spying tools

by Leave a Comment

http://www.bbc.com/news/technology-41652970

Adobe patches Flash bug used for planting spying tools

This article talks about the following: Adobe Flash, one of the widely used, for viewing content recently got compromised and hackers found way of bypassing it by placing malicious flash files within word documents, which were sent to customers email id’s. The malware identified as FinSpy automatically runs upon opening such documents and self-installs. The function of the malware is to spy on remote computers for sensitive information. However, this vulnerability in security was discovered by one person from Kaspersky Labs recently.

It will be interesting to see how things unfold in the future. What security configurations are available for users to prevent Flash Files from being run automatically? How soon can companies like Microsoft give users access to enabling of patches for their computers? Is there a way to eliminate spyware already installed on remote computer? These are questions that will pave the way for further research and development

Major Wi-Fi security flaw could allow hackers to listen in on any of your devices

by 2 Comments

https://www.cnbc.com/2017/10/16/wifi-security-flaw-found-that-lets-hackers-eavesdrop-on-your-devices.html

Major Wi-Fi security flaw could allow hackers to listen in on any of your devices

This article talks about the following: Wireless systems have been the talk of most security professionals in the world. The recent loophole in the WPA2 security protocol has put most wireless networks under deliberate threat as cyber criminals would have access to all the devices that are connected over the wireless mediums. Hackers have found ways to alter the wireless system’s connection process through KRACK (Key Reinstallation Attack).

It will be interesting to see how things unfold in the future. How can wireless users across the world update their firewalls and router configurations in the shortest time possible? What steps will companies like Google, Microsoft, and Apple take before its OS is compromised with these threats? What would be the cost involved on both the customers and company’s end to mitigate this risk?

Making the Lives of Cybercriminals and Spies Harder Online

by Leave a Comment

https://www.nytimes.com/2017/10/11/technology/personaltech/cybercriminals-spies.html

Making the Lives of Cybercriminals and Spies Harder Online

This article talks about the following: Nicole Perlroth, one of the cybersecurity reporter for The Times throws insights into how cyber theft can be minimised by taking the most critical communications offline so that there is no scope left for online fraud. With the help of a 2-factor authentication with the help of secure browsers, it is always safe to use message encryption apps such as Wickr, Telegram, etc. Though it’s common to see many people giving access about their whereabouts including location and timestamps to 3rd party APPs, its best to block such requests gaining access to your system’s personal information.

It will be interesting to see how things unfold in the future. How will Artificial Intelligence systems such as Bots and Messaging systems prevent cyber theft of critical communication? With companies moving from finger print sensors to facial recognition systems, how secure will it be and how hard will it be for criminals to clone such systems for personal use?