Latest News (RSS)

Facebook users face malware threat

Tue, 02 Feb 2010 00:00:00 GMT

The rise of social networking sites such as Facebook and Twitter has led to a surge in the number of malware attacks on unsuspecting users.

According to a recent study, malware attacks rose by 70% last year, while the number of users receiving spam via such sites also rose by 71%.

The relatively unrestricted nature of social networking sites is thought to be their Achilles heel when it comes to user security as malware can be spread more readily through messages that users believe are from friends or relatives.

According to internet security company Kaspersky Lab, attacks on social networking sites were 10 times more effective at spreading malware than email.

Graham Cluely, senior technology consultant for Sophos, said: "People are used to receiving spam and malware on e-mail, but are lulled into a greater sense of security on social networking sites, because they assume they are just getting messages from friends. They are more likely to open messages."

The study by IT security company Sophos illustrates the dangers that users face when they sign up to sites that require vast amounts of personal information.

Copyright � Press Association 2010

How to make friends and steal data

Sun, 15 Mar 2009 00:00:00 GMT

NCC Group plc is advising businesses to take extra care when considering physical security practices in the office.

While companies are busy considering the security implications of iPhones and other mobile technologies, hackers are still using tried and tested means to get hold of vulnerable data; namely walking right in and taking it.

Unless stringent measures are in place to monitor who comes in and out of a building, and for what purpose, it is all too easy for someone to have 'forgotten their pass' or breeze through a door talking on their mobile to avoid questioning.

NCC Group carry out social engineering tests as part of their overall penetration testing offering and Roger Rawlinson, Director of Assurance, says their success rate for getting in to company buildings is well over 95 per cent - a worrying figure.

"There are some simple ways you can avoid this kind of situation, but these methods do have to be adhered to. Firstly, never allow visitors to roam around unescorted, even if they have appointments and seem genuine.

"Verify their credentials - find the phone number of the company they work for (don't ask the visitor for it!), and confirm they are who they say they are, particularly if their reason for being in your office seems out of the ordinary

"Discourage tailgating - ID passes should be worn at all times, by all staff. Some of my clients run incentives for staff to challenge those not wearing ID badges; a stooge is sent round the office once per month, and anyone that challenges them receives a cash reward. A cheap, simple way to get staff thinking about strangers in the office.

"If you have swipe card access to security doors, consider having swipes both in and out of the doors to makes the social engineers' life that much harder. Also, consider securing doors to more sensitive areas in the office, such as server rooms, exec offices and IT areas.

"Finally, remote working does identifying rogues in the office more difficult, although a similar problem has always existed for large companies with many employees. There's no way everyone can know everybody. It comes back to good badge discipline; if they aren't wearing a badge, challenge them. If they aren't accompanied, challenge harder, ring security, and don't listen to their excuses and reasons for being there, even if they quote the CEO's name. We should know, we do it all the time!"

Ends.

Press contact: Gemma Seaton @ MC2 (0161 236 1352)

China 'has most hacked computers'

Mon, 15 Feb 2010 00:00:00 GMT

China had the highest number of hacked computers used for malicious purposes than any other country in the final three months of 2009, a study has shown.

Internet security company McAfee said about 1,095,000 computers in China were infected in the final quarter of last year, more than the US total of 1,057,000.

The anti-virus firm said the latest figures were on top of the approximately 10 million infected machines each country already had. The firm collects information about online threats that target more than 100 million computers in 120 countries worldwide.

Such "zombie" computers often attack websites or send spamming emails by being grouped into networks known as "botnets", showing the vulnerability of business networks to infiltration, the Silicon Valley-based company said.

Online intruders are a growing security risk for governments and companies, indicated by Google's January announcement that its networks had been hacked by machines based in China.

Experts said the attacks were not linked to botnets, and the Chinese government said hacking was illegal and denied any involvement in Google's claims.

Copyright � Press Association 2010

Wi-Fi connections 'must be secure'

Thu, 11 Mar 2010 00:00:00 GMT

People who subscribe to broadband bundles may be at risk of cyber-attack unless they ensure their connections are secure, according to an expert.

Tony Neate, managing director of IT initiative Get Safe Online, said ensuring web connections and wireless connections are both vital for security.

He urged people to ensure they have anti-virus software, spyware and operating systems updates to secure their computers.

And he said wireless connections needed to be encrypted in order to prevent hackers using the networks.

Me Neate said: ""I have seen a massive upturn of people who are securing their wireless network with encryption."

In a recent survey carried out by broadband provider TalkTalk, who's Information Security Manager, George MacGregor was recently the keynote speaker at our Manchester RANT forum, it was revealed that up to seven million homes and businesses across the UK may be at threat from Wi-Fi hijacking because the broadband connections have not been secured.

Doctors' online resource taken down

Tue, 16 Feb 2010 00:00:00 GMT

Doctors should not be punished for failing to complete their appraisals because an online resource was taken down due to fears of hacking, Primary Care Trusts (PCTs) have been told.

The Department of Health contacted the PCTs after the NHS Appraisal Toolkit was withdrawn for three weeks when a security check suggested the system was not 'sufficiently robust to withstand modern-day hacking'. It came at the busiest time of the year for appraisals and could delay the route to revalidation for those using pilots of the system.

Although the Government confirmed there was no security breach, it said: "Given the importance of preserving confidentiality of staff and patient information, it is not acceptable to take any risks."

A spokesman for the Department of Health said: "As part of a routine security check it has been discovered certain aspects of the electronic NHS Appraisal toolkit, established nine years ago, are not sufficiently robust to withstand modern-day hacking. Ministers immediately instructed the website be taken offline until the supplier, SCHIN, can address these potential vulnerabilities."

The move was endorsed by the British Medical Association (BMA) and the Royal College of General Practitioners (RCGP). However, RCGP chair Professor Steve Field conceded the move was going to be "hugely disruptive, with GPs already feeling vulnerable enough about revalidation".

Copyright � Press Association 2010

Argentines hack into islands' paper

Mon, 22 Feb 2010 00:00:00 GMT

Argentine hackers have plastered their country's flag on the Falkland Islands' newspaper website after the Argentine government expressed outrage at a British oil exploration in the South Atlantic.

The hacking into the English-language Penguin News came as a British rig from Scotland was set to search for oil. The activists posted the Argentine flag on the home page and a recording on the site of the song March of the Malvinas, Argentina's name for the Falklands - which has been disputed territory between Argentina and the UK.

They also wrote "the islands are Argentine" and claimed the hacking was a "tribute" to the country's soldiers who died during the Falklands War - Argentina lost a total of 649 servicemen - but the material has been removed from the site.

The Argentine government fears that it is being cut out of a share of any potential revenues. In 1982, the Argentine Junta ordered the occupation of the Falklands, which was British territory. Prime Minister Margaret Thatcher's Government sent a Task Force that successfully retook the islands.

Copyright � Press Association 2010

NCC Group Secure Test warn businesses about 'Thin Client' security with new whitepaper

Mon, 24 Aug 2009 00:00:00 GMT

Secure Test, the IT security division of leading independent advisor, NCC Group plc, has produced an exclusive whitepaper - "Thin clients: Slim security" - detailing the security risks associated with the use of thin client devices.

Commenting on the need for the white paper, Director of Secure Test, Paul Vlissidis, commented: "It doesn't matter how new or improved the technology is, the same issues with security come up time and again. �

"Thin client devices are in widespread use as an alternative to large estates of desktops that often provide the first foothold on the ladder to full compromise, but, as we detail in our white paper, there are clearly many vulnerabilities that can be exploited in thin clients, which now need to be factored in to security plans.

"If a security evaluation was carried out before any purchase or roll out of a product in a business environment, then these kinds of issues would have been noted and the product used differently. As it is, we are still being seduced by marketing promises and the security issues are creeping in through the side door.

"Security should be part and parcel of the adoption of any new technology, yet it is clearly still not top of the agenda. Any cost saving or business benefit is far outweighed by the possibility of your data being compromised."

The white paper. "Thin clients: Slim Security" is available upon request. Please contact whitepapers@nccgroup.com for a copy.

Online bankers 'reusing passwords'

Wed, 03 Feb 2010 00:00:00 GMT

Almost half of online banking customers use the same login details to access their finances as they do for other password-protected websites, a study has found.

According to online security firm Trusteer, 47% of internet users stick with the same username and password for a number of websites, including banking facilities, leaving themselves exposed to a potentially devastating raid on their personal accounts.

The same study found that 73% of online bank users had a unique username but a generic password that was "repurposed" across numerous websites.

Trusteer said by failing to set up unique credentials for each website, internet users are making themselves an easy target for online fraudsters.

Amit Klein, CTO of Trusteer and head of the company's research organisation, said: "Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service usernames and passwords.

"Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites."

Copyright � Press Association 2010

NHS website down over hacker threat

Wed, 10 Feb 2010 00:00:00 GMT

An NHS website used by doctors to complete appraisals has been taken offline over hacking fears.

The move to bring down the NHS Appraisal Toolkit site led the British Medical Association's (BMA's) General Practitioners Committee to warn that GPs face a 'real disruption' to their work.

Officials have withdrawn the site for three weeks after security checks exposed flaws that left it vulnerable to modern-day hacking, the Department of Health said. However, the Government added there was 'no evidence of any breach of security'. But it said the system must be updated to prevent any breaches taking place.

The move comes during doctors' busiest time of the year for organising appraisals - leading to fears that thousands of GPs will face disruption. The decision was made in agreement with the BMA and the Royal College of General Practitioners (RCGP).

A Department of Health spokesman said the website has been taken offline until the vulnerability issues can be remedied by supplier SCHIN. He added: "The Department is aware that some of the 27,000 active users of the service will have annual appraisals planned during the period that the system will be suspended and that this will be a matter of concern to them."

Copyright � Press Association 2010

US web security 'needs new devices'

Thu, 04 Mar 2010 00:00:00 GMT

Government and businesses in the United States need to drastically boost internet security through developing new devices, the homeland security secretary has said in a speech.

The devices to verify computer users and automate responses to cyber attacks are needed for a more reliable level of performance, Janet Napolitano told a conference.

Her speech follows concerns expressed about computer vulnerabilities in the US by director of national intelligence Dennis Blair and former Bush administration officials. Blair's predecessor Michael McConnell told a Senate panel the US would lose a 'cyber war'.

The Department of Homeland Security and several companies are co-operating on a national plan to deal with a computer network emergency, stressed Napolitano.

The plan will allow a national response to a major cyber incident in which all aspects of society would have an important role to play, an excerpt from the speech said.

Copyright � Press Association 2010

Continued solid organic and acquisitive growth drive profits up

Thu, 02 Jul 2009 00:00:00 GMT

NCC Group plc (LSE: NCC, “NCC Group” or “the Group”), the independent information security assurance group, has reported its final results for the year ended 31 May 2009.

Highlights

Financial

Group revenue up by 31% to £46.8m (2008: £35.7m)
Group adjusted operating profits* up by 19% to £12.7m (2008: £10.7m)
Group adjusted pre tax profits* up by 17% to £12.3m (2008: £10.5m)
Cash conversion ratio up to 140% of operating profits (2008: 122%)
Adjusted fully diluted earnings per share* up 17% to 26.1p (2008: 22.4p)
Total dividend up 32% of 9.25p (2008: 7.00p)
Net debt at year end £5.6m – expected to be net debt free by August 2010

Operational

Group Escrow maintained strong organic revenue growth of 13%
Assurance Testing now firmly established as UK’s largest independent information security business
Two acquisitions completed and integrated
- Next Generation Security Software (NGS), an Ethical Security Testing business in November 2008
- Escrow Europe Switzerland acquired the remaining 76% in May 2009, further strengthening Group’s position as the world’s largest software Escrow provider

Outlook for 2009/2010:

Group Escrow renewals forecast to be £14.9m (2009: £13.6m)
Group Escrow verification order book £2.0m (2008: £2.0m)
Assurance Testing order book, including Consultancy, £9.4m (2008: £7.1m)
Site Confidence monitoring renewals forecast to be £4.1m (2008: £3.8m)

* Operating profit is adjusted for amortisation of acquired intangibles of £1.2m. Pre tax profit is adjusted for this item and the unwinding of the discount on the acquisitions deferred consideration of £0.2m.

Rob Cotton, NCC Group Chief Executive commented:

“We have delivered our strongest performance to date against a backdrop of economic and worldwide financial downturn and uncertainty. We have continued to develop and grow in the face of this adversity and delivered solid and consistent organic growth, complemented by the acquisitions completed over the last few years.

“The fundamentals of our business remain strong and attractive; substantial recurring revenues, good cash generation and a focus on the faster growing IT services segments.

“We have started this year in a very strong position which has given us considerable confidence in our ability to deliver further sustainable growth.”

To view the Preliminary Results click here.

To view the Preliminary Results Presentation click here.

Enquiries:
NCC Group plc
Rob Cotton, Chief Executive - 0161 209 5200
Paul Edwards, Group Finance Director - 0161 209 5200

College Hill
Adrian Duffield - 020 7457 2020

IT professionals worry over malware

Thu, 18 Feb 2010 00:00:00 GMT

Social media and other web 2.0 applications are likely to spread malware, in what is being described as the most serious risk to information security this year, a report has claimed.

A survey of 830 small business IT professionals found 80% believed malware on the popular emergent media platform will be a problem in 2010. Nearly 25% of SMEs have suffered compromises due to social networking sites.

Most respondents were taking steps on the issue by identifying data security and confidentiality and data loss prevention as their top priorities for web security in 2010, said the study which covered the UK, US and Australia.

To ensure that their payment processing data is safe from threats both internal and external, experts advise organisations to properly train their employees on safe internet use and to monitor or even restrict their internet activities.

Social media often offers marketing and communication opportunities for small businesses.

Copyright � Press Association 2010

100 firms warned over data breaches

Tue, 23 Feb 2010 00:00:00 GMT

Nearly 100 companies have been warned about internet security breaches that could lead to identity theft, the US Federal Trade Commission (FTC) has said.

The FTC notified the public and private companies, including schools and local governments, that they were making personal information about clients or employees available via peer-to-peer file-sharing networks.

The commission said the data was accessible to "any users of those networks, who could use it to commit identity theft or fraud".

The companies involved have not been named but the FTC said its notices affected small and large businesses, with as little as eight members of staff or corporations with tens of thousands of employees.

FTC chairman Jon Leibowitz said:"Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk."

"For example, we found health-related information, financial records, and driver's license and social security numbers - the kind of information that could lead to identity theft."

The agency called upon companies to examine their security programmes and ensure there are no unauthorised P2P file-sharing programs.

Copyright � Press Association 2010

Staged cyber attack aids US defence

Wed, 17 Feb 2010 00:00:00 GMT

A simulated cyber attack on the US which rehearsed the cutting of power to tens of millions of homes was run in a mock-up of the White House Situation Room at a Washington hotel.

The event, called Cyber ShockWave, simulated the disabling of cell phone networks, the slowing of internet traffic to a crawl and the crippling of America's power grid, in the interest of improving US security.

Calling out the National Guard, nationalising power companies and retaliation were among response suggestions made by ex-top officials. They were debating response to the virtual shut-down of power in the eastern United States by a stealth cyber attack and two bombings.

The "cabinet members'" simulation was drawn up by ex-CIA director Michael Hayden, and members of the BPC's National Security Preparedness Group.

The president and advisers typically meet to address national emergencies at the situation room in the White House.

"The president, as commander-in-chief, has the authority to use the full powers at his disposal," said former deputy attorney general Jamie Gorelick.

Copyright � Press Association 2010

Recruiting hackers to defend the UK is lunacy

Wed, 01 Jul 2009 00:00:00 GMT

Rob Cotton, CEO of NCC Group, discussed with Computer Weekly Lord West's announcement that the new Cyber Security Operations Centre (CSOC) has recruited former hackers to defend national security, as part of the new government cyber security strategy aimed at combating online attacks.

"You have to wonder whether this is actually some kind of huge joke. Aside from West's ridiculous rationale (or lack thereof) behind thisinitiative - "If they [hackers] have been slightly naughty boys, very often they enjoy stopping other naughty boys," - we should be asking ourselves if we really want reformed criminals defending our national security. If you used to get your kicks from undermining national security, can you really be trusted to protect it?

Companies that offer ethical hacking services, such as ours, make sure their consultants are security vetted, This means clients don't have to worry that the information we have about their security provision will be sold on the black market. Why can't our government extend the same courtesy to us? Working for CSOC should require an allegiance to the country and the government beyond that which a steady paycheque inspires. Call me old fashioned but I like my criminals inside a jail cell, not defending the country.

I am sure that some hackers are skilled in breaking through government defences but this doesn't automatically equate to the same level of skill the other way round. It might sound boring but a national cyber security outfit should be made up of professionals who spend their days researching and dealing with real threats and can respond appropriately to any potential dangers, not a bunch of amateurs who would probably cause World War III by playing fast and loose with international protocol.

In aiming to transform GCHQ into a spy school for geeks who are more cunning than their Chinese counterparts, as outlined by Tom Watson, former Cabinet minister in charge of digital engagement, the government seems to be wilfully ignoring the wealth of resources available in the UK at the moment. We have some of the best IT security professionals in the world over here and to ignore this kind of talent is deplorable."

Cotton concluded: "It beggars belief that the best solution to a very real problem the government can come up with is to start a grassroots recruitment drive in the criminal community and highlights the amount of thought the people at the top are putting in to cyber defence strategies - apparently none."