Jan 25 2013

An Introduction to Hacking & Crimeware

Category: Cybercrimedisc7 @ 11:33 am

ITG Pocket Guide for An Introduction to Hacking & Crimeware is concise subject focused and easy to read. Whether used as a training aid, induction material or just as further reading they offer powerful and valuable insight.

Defend your business, protect your livelihood, safeguard your future.

Cybercrime is on the rise. Unchecked, it could destroy the entire global cyber infrastructure and wipe out many businesses. We need to defend ourselves against it, and we must fight back. Toolkits to create malware are now readily available to anyone wishing to defraud and do damage. For your business to survive and thrive, it is vital to stay informed about the threats and the risks, and arm yourself against them.

Know your enemy

An Introduction to Hacking & Crimeware is a comprehensive guide to the most recent and the more serious threats. Knowing about these threats will help you understand how to ensure that your computer systems are protected and that your business is safe, enabling you to focus on your core activities.

Fighting back

In this pocket guide, the author:
• defines exactly what crimeware is – both intentional and unintentional – and gives specific, up-to-date examples to help you identify the risks and protect your business
• explores the increasing use of COTS tools as hacking tools, exposing the enemy’s tactics gives practical suggestions as to how you can fight back
• provides a valuable list of up-to-date, authoritative sources of information, so you can stay abreast of new developments and safeguard your business.

An Introduction to Hacking & Crimeware: A Pocket Guide (ITG – Softcover, Adobe, ePub, Kindle)

An Introduction to Hacking & Crimeware: A Pocket Guide (eBay)

An Introduction to Hacking & Crimeware: A Pocket Guide (Amazon)

Tags: Commercial off-the-shelf, Computer crime, Crimeware, Cybercrime, eBay, Hacking & Crimeware, Hacking tool


Nov 30 2012

Cyberattack: dangers, consequences and prevention

Category: cyber security,ISO 27kDISC @ 1:26 pm

Attacks on IT systems can have devastating consequences across industries – among them, the banking and financial sector. In order to protect the best interests of their customers, and the vast tracts of personal data for which they are responsible, banks have already been paying attention to their data protection practices, writes Alan Calder of IT Governance

The heartbeat and Achilles’ heel of every organisation, information technology (IT) is crucial to the functioning of the business world. Given this situation, attacks on IT systems can have devastating consequences across industries – among them, the banking and financial sector. In order to protect the best interests of their customers, and the vast tracts of personal data for which they are responsible, banks have already been paying attention to their data protection practices.

The threat landscape is by its very nature ever-changing, however, and sees the continual emergence of new forms of highly sophisticated cyberattack. As a result, banks and financial institutions are wise to upgrade to a distinctly more comprehensive form of cyber security.

A continually evolving threat

Successful cyberattacks – attacks on a business’ IT infrastructure by a malicious third party – are known to have severe consequences, both operationally and on the business’ reputation. Indeed, the UK government classifies cyberattacks as a ‘Tier 1 threat’ in the National Security Strategy, alongside international terrorism, international military crises and major accidents or natural hazards. The distinction between well-funded, state-sponsored cyberattackers and their ‘private sector’ counterparts is becoming more blurred, meaning that commercial organisations and individuals can increasingly find themselves on the receiving end of extremely sophisticated attacks. Symptomatic of this trend is Google’s move in June 2012 to begin warning Google account holders if they are believed to have been targeted by a state-sponsored attack.

In the world of retail banking, where IT plays such a crucial role, a cyberattack can have serious consequences in terms of practical and reputational damage. The sheer volume of personal customer data held by banks intensifies the threat and consequences of a successful cyberattack. In terms of data compliance and IT security, staff are, and always will be, the weakest link, mainly through a lack of understanding of responsibilities and not comprehending the severity of an IT security breach. These misunderstandings are far from trivial, however.

In addition, the threat landscape is constantly evolving. Today, for example, we are seeing the emergence of cyber fraud and cyber threat into the criminal mainstream. This fact, and the fact modern attacks now combine technological and social elements, means traditional technology-only defences are now inadequate. Thus, forms of security that, two years ago, might have been capable of protecting retail banking institutions, are now insufficient in the face of high-level cyberattacks.

A robust and comprehensive approach

In order to tackle specialised cyberattacks such as cyber fraud and cyber theft, banks and financial institutions would therefore do well to adopt a more robust approach to their cyber security. Ultimately, effective cyber security depends on establishing a defence strategy that is not only all-embracing but also interconnected.

One such strategy is that provided by the ISO27001 security management standard. The most significant international best practice standard currently available to any organisation seeking an intelligently organised and structured framework for tackling cyber risks, ISO27001 is, in essence, a management system. When effectively deployed, ISO27001 improves an organisation’s information security and resilience to ongoing and constantly evolving threats.

Above all, ISO27001 compliance supports organisations in building their defences against cyberattacks. Among other elements, this standard requires organisations to develop and test security incident response plans, or SIRPs; select and implement appropriate controls that reduce risk to an acceptable level, from securing cyber perimeters to training staff and securing inward- and outward-bound communication channels such as e-mails and instant messaging; and carry out risk assessments. Importantly, ISO27001 compliance also requires organisations to put in place a mechanism for auditing and management review of the effectiveness of selected controls – and of the management system that supports them.

Additional steps

In addition to establishing an organisation-wide security management standard, retail banks, as with other organisations, can go a long way towards significantly improving their data protection by introducing a number of basic measures. These measures include the implementation of regular staff awareness training about the threats and ramifications of a cyberattack, enterprise-wide policies on the use of encrypted USB sticks and laptops, and regular website and network penetration testing.

Otherwise known as ‘pen testing’, regular website and network penetration testing, for example, is vital to ensure hackers and cyber attackers are not given easy vulnerabilities to exploit. All internet-facing networks and resources are subject to automated, malicious probing.

When a vulnerability is detected, the exploitation of that vulnerability is also usually automatic. In a world where attacks on networks and applications are growing at an exponential rate, effective pen testing is the only way to establish true security. Quite rightly, the penalties incurred by organisations failing to defend themselves against such attacks are becoming ever steeper. Effective pen testing exposes and documents such weaknesses and recommends steps to reduce the risk.

Preparation is key

If knowledge is power, ignorance is danger – a danger that can impact banks on a number of fronts. If banks and financial institutions fail to refresh their data protection practices on a regular basis, educate their staff about the dangers of cyberattacks or enlighten their employees on the importance of data protection, they are at risk of being caught out by ever-more-sophisticated cyberattacks. Failure to prepare by adopting stringent security management standards is, ultimately, preparation to be vulnerable. .

Tags: Computer crime, Computer security, cyberwarfare, iso 27001, National Security Strategy, USB flash drive


Oct 20 2010

Incidence Of Cybertheft Surpasses Incidence Of Physical Theft

Category: cyber securityDISC @ 1:17 pm
私は No Click!
Image by mie_journal via Flickr

Fraud-related losses rose 20 percent to $1.7 billion in the past year, Kroll study says

Incidence of theft of information and electronic data at global companies has overtaken physical theft for the first time, according to a study released yesterday.

According to the latest edition of the Kroll Annual Global Fraud Report, the amount lost by businesses to fraud rose from $1.4 million to $1.7 million per $1 billion of sales in the past 12 months — an increase of more than 20 percent.

The findings are the result of a study commissioned by Kroll and conducted by the Economist Intelligence Unit, which surveyed more than 800 senior executives worldwide.

To read more: Incidence Of Cybertheft Surpasses Incidence Of Physical Theft

Tags: Computer crime, crime, Economist Intelligence Unit, fraud, Identity Theft, Security, Theft, United States