Welcome to Cognosec's 2017 industry half-year review
Welcome to the Cognosec 2017 half-year review. We speak with consultant, industry speaker and Cognosec Non-Executive Director, Neira Jones who provides her industry thoughts on the year so far. You’ll also find our top cybersecurity news stories, infographics and interviews over the past six months.
Expert insights
Neira Jones - consultant, speaker & Non-Executive Director at Cognosec
As part of Cognosec’s half-year review of 2017, we speak to Neira Jones and question whether organizations have changed their approach to cybersecurity procedures following high profile ransomware attacks. Neira also provides her industry predictions for the next six months.
Click on the button below to view the interview in full.
In the news…
Top cybersecurity stories of the year so far
Cloudbleed
In February this year, Cloudflare revealed that it had discovered a bug in its platform. This resulted in an occasional leakage of potentially sensitive customer data. Cloudflare provides content delivery, performance and internet security services to millions of customer websites. The vulnerability occurred between 22 September 2016 and 18 February 2017 and was discovered by Project Zero and subsequently fixed by Cloudflare. The breach occasionally allowed the data to be indexed by search engines. According to the Huffington Post at time of reporting, nearly 4.3 million domain names may have been affected although experts believe it is unlikely that hackers used the data for malicious purposes.
Campaign hacked two days before French election
In early May, hackers targeted the then French presidential candidate Emmanuel Macron just two days before voters went to the polls. According to reports, hackers leaked 9GB of emails from En Marche! although a statement from the party said that not all data leaked was legitimate.
WannaCry
In May, WannaCry ransomware hit the headlines as it infected Windows operated computers across the globe. The ransomware affected thousands of companies and organizations including Spanish telecom provider Telefonica, Germany’s rail operator DB and the UK’s National Health Service, where patients were diverted and non-urgent activity was postponed.
WannaCry leverages a vulnerability within Windows operating systems and uses an exploit called EternalBlue to automatically target and propagate itself to vulnerable Microsoft Windows operating systems across the Internet. The attack occurs when a user clicks on a phishing email which contains a .zip file disguised as a fake invoice, job offer, security warning, or undelivered email. The ransomware then encrypts the user’s files using the AES cipher. This is then followed by a ransom demand in bitcoin.
Data of 200m US citizens exposed
In June, reports emerged of a data breach in the U.S where personal details of nearly 200 million US citizens were accidently exposed by an analytics firm contracted by the Republican National Committee. Reports stated that the exposed data included birthdates, home addresses, telephone numbers and political views of 62% of the US population. The information was available on a publicly accessible Amazon cloud server for an unknown period of time. Deep Root Analytics who hosted the database, stated that the data was not accessed by anyone other than the researcher who discovered the breach.
Petya / NotPetya cyber-attack
On 27 June 2017, the Petya / NotPetya cyber-attack struck organisations globally just a few weeks after WannaCry ransomware affected thousands of Windows-based computers. The first wave of the attack was initially reported in Ukraine with the country’s national bank, state power company and airport all affected. This was later followed by announcements confirming that Russian energy firm Rosneft, Danish shipping company Maersk and the British advertising agency WPP were also affected by the cyber-attack.
Infected computers demanded payments of $300 or £235 in Bitcoin to recover access to encrypted files. The ransomware was later said to have originated from corrupted updates on a piece of accountancy software. Dubbed NotPetya by experts because of its likeness to Petya ransomware, this type of attack is also said to be a ‘wiper’ because of its aim to destroy data.
Parliamentary passwords compromised following cyber-attack
Up to 90 email accounts were compromised following a cyber-attack on the UK Parliament on 23 June. According to reports, the hack prompted officials to disable remote access to the emails of MPs, peers and their staff. A spokesperson said the attack was a result of "weak passwords". These passwords were reported to be for sale online. An investigation is currently underway by the National Cyber Security Centre and National Crime Agency.
Infographic
Ransomware action plan
With the recent WannaCry and Petya/NotPetya cyber-attacks hitting the headlines over the past few months, we’ve partnered with Cylance to provide an informative infographic that explains what you should do if your organization is under attack.
We can help
Need advice on protecting your organization against ransomware? Cognosec has partnered with Cylance to deliver total endpoint security for your organization. Discover the benefits of deploying AI-driven Endpoint Detection and Response. Download the Datasheet and watch the case study video by clicking on the link below.
Expert Insights
Meet the team
Find out what’s been happening at Cognosec and the industry as a whole over the past six months. Our services team provides insight into how to improve your organizations cyber resilience and compliance.
Click on the links below to find out more...
Oliver Eckel |
Branimir Pacar |
Osaze Aigbe |
Cognosec expert presentations
Watch the videos
Over the last six months, Cognosec’s expert team have presented informative and educational seminars at numerous high-profile events. Click on the videos below to view a selection of our key speaker presentations.
Oliver Eckel, Cognosec CTO
Securing the Future presentation at IPExpo Manchester
Neira Jones, consultant, speaker & Non-Executive Director at Cognosec
GDPR – It’s the Little Things that Matter presentation at The Future of Cybersecurity Europe
Cognosec Partner Profiles Series
Read interviews with our partner organizations
Over the past few months Cognosec has carried out interviews with our partner organizations. Here, you can discover expert predictions for the future, reactions to news stories, why they decided to partner with Cognosec and more…
Read the interviews by clicking on the links below.