A survey of 100 strategic and IT decision makers in UK companies found that 85 per cent expected an escalation in cyber attacks; six per cent believed the number of attacks will remain constant, and four per cent expected it to decrease.

When asked what would make their board take the business risk of cyber attacks more seriously, 61 per cent cited an attack on their company or a competitor; however, 89 per cent said they were “very” or “fairly” confident that they were well-equipped to prevent targeted cyber attacks. Around a quarter said they were “very confident”.

Henry Harrison, technical director at BAE Systems Detica, which conducted the survey, said: “2011 has clearly led businesses to re-evaluate the level of cyber threat and impact, but it seems they are slower to recognise their true level of vulnerability.

“We’d urge businesses to remain cautious and to evaluate their defences, rather than waiting until they are attacked before acting. We’ve seen a growing number of businesses lock the door after the horse has bolted.

“We want to ensure that 2011 isn’t the beginning of a decade of our cyber adversaries staying ahead of us. Let’s hope businesses’ confidence in their defences is merited.”

Sited SC Magazine

CYBER ATTACK PREVENTION SOLUTIONS

 CLICK HERE

 CLICK HERE

The data included the names, addresses, dates of birth and details of the sexual activities of 15 vulnerable children or young people. According to the Information Commissioner’s Office (ICO), the loss occurred when a social worker took the paper records home to work on them out of hours; their home was burgled in April 2011 and a laptop bag, containing the records and an encrypted computer, was stolen.

The ICO’s investigation found that the council failed to take appropriate organisational measures against the accidental loss of personal data held on paper records, and although the council had an information security policy and some guidance for staff on handling sensitive papers, these failed to explain how the information should be kept secure.

The council previously signed an undertaking in 2010 after data on 9,000 people was stolen in a burglary of an employee’s home. The council avoided a monetary penalty as the loss was reported just before the ICO’s powers came into force.

Although the undertaking introduced a paper-handling policy, this was not in place at the time of the second loss.

Simon Entwisle, the ICO’s director of operations, said: “The potential for damage and distress in this case is obvious. It is therefore extremely disappointing the council had not put in place sufficient measures in time to avoid this second loss.

“While we are pleased that Barnet Council has now taken action to keep the personal data they use secure, it is vitally important that organisations have the correct guidance in place to keep sensitive paper records taken outside of the office safe. This includes storing papers containing sensitive information separately from laptops.”

Sited SCMagazine

DATA LOSS PREVENTION SOLUTIONS CLICK HERE

Click here for Varnois

Click here for Blackridge Technology 

Click here for Whitebox

According to Techweek Europe, the attacks were carried out by an Anonymous splinter group named‘ATeam’ who were protesting against the proposed extradition of Gary McKinnon and Richard O’Dwyer to the US. May’s website went down from around 9pm on Sunday for around 13 hours; the website of the Supreme Court was also pushed offline, with the ICO site still down at the time of writing. A spokesman for May told Techweek Europe that she “treats threats of disruption to her website very seriously”. The ICO has confirmed that it is looking into the matter with the provider of its web hosting. In a statement, it said: “Access to the ICO website has been disrupted over the past few days. We believe this is due to a distributed-denial-of-service attack. “The website itself has not been damaged, but people have been unable to access it. We provide a public-facing website which contains no sensitive information. “We regret this disruption to our service and we are working to try to bring the website back online as soon as possible.” André Stewart, president international at Corero Network Security, said: “The takedown of the ICO website by an apparent DDoS attack is, once again, evidence that government organisations need to be better prepared for the growing threat from cyber crime carried out by politically or ideologically motivated hacktivists. “Virtually every week we are seeing DDoS attacks being launched. Organisations of all types need to start planning accordingly in terms of putting the right technology and protocols in place to protect themselves and their constituents and customers against these forms of attack, before a more serious data breach occurs.”

Sited SC Magazine

Answer….Prolexic number one for DDos mitigation.

Click here to find out more..

Join here for a eSeminar

Britain’s Serious Organised Crime Agency (Soca) is believed to have been among their suspected targets.

Local reports suggest other victims included the Norwegian Lottery and Germany’s Bild newspaper.

“We have arrested the two we think were most important in these attacks, but we still want to talk to more people,” said Norwegian prosecutor Erik Moestue.

Norway’s National Criminal Investigation Service (NCIS) said the sites had been hit by a distributed denial of service (DDoS) attack, in which large amounts of data were sent to the owner’s servers in an attempt to overwhelm them.

It added that the 18- and 19-year-olds were charged at the end of last week following electronic attacks over a period lasting “several weeks”. The offence carries a maximum sentence of six years in jail.

“The case is still under investigation,” added Mr Moestue. “It is still too early to say anything about the motive for the actions.”

The NCIS would not confirm who had been attacked, but the Norsk Telegrambyra press agency said the country’s largest financial services group DNB and its Police Security Service had also been affected.

Soca told the BBC last week that it had taken its website offline following a cyber-attack.

It said the assault had not posed a security risk, but that it had acted to prevent other clients hosted by its internet service provider from being affected.

Sited BBC News

Answer….Prolexic number one for DDos mitigation.

Click here to find out more..

Twitter feeds associated with the Anonymous collective announced: “Virgin Media – Tango Down #OpTPB”.he messages suggest that the attack was organised to protest against efforts to block access to The Pirate Bay’s (TPB) file-sharing pages.

Virgin Media began preventing access to TPB last Wednesday following a High Court order.

Four other internet service providers – Sky, Everything Everywhere, TalkTalk and O2 – have also been ordered to prevent their users being able to visit TPB by this coming Friday. A sixth ISP, BT, has requested “a few more weeks” to consider its position.

‘Legal alternatives’

Tweets issued by accounts linked to Anonymous also claimed TalkTalk was targeted over the weekend, although the network could not confirm the details.

A statement by Virgin Media said that the distributed denial of service (DDoS) attack lasted one hour, beginning at 5pm BST.

It added that it was only blocking TPB because it had been forced to do so.

“As a responsible ISP, Virgin Media complies with court orders but we strongly believe that tackling the issue of copyright infringement needs compelling legal alternatives, giving consumers access to great content at the right price, to help change consumer behaviour,” it said.

Copyright defenders, including the British recorded music industry body BPI, have argued that illegal copies of films, books and music made available on file-sharing sites destroy creative industry jobs and discourage investment in new talent.

Sited BBC News

Answer….Prolexic number one for DDos mitigation.

Click here to find out more..

In a Pastebin statement, it said it downloaded extensive confidential customer information from Elantis, a Belgian credit provider owned by Dexia, last week. This included data such as internal login credentials, online loan applications and fully processed applications, and featured “applicants’ full names, their jobs, ID card numbers, contact information and details about their income. It is worth pointing out that this data was left unprotected and unencrypted on Elantis’s servers”, the group said.

It said it contacted Dexia “to offer them not to publicly release this data over the internet if they agreed to pay us the equivalent of roughly €150,000 (£121,000)”; the deadline was yesterday, and so far no payment has been made.

“While this could be called ‘blackmail’, we prefer to think of it as an ‘idiot tax’ for leaving confidential data unprotected on a web server,” it said.

The alleged ransom of €150,000 is almost immaterial compared with the commercial impact on the reputation of the bank by it having to admit to the security breach.

In a statement to pcworld.com, Moniek Delvou, spokeswoman for Belfius Bank (formerly known as Dexia), Elantis’s parent company, said the hackers contacted the bank via email last Friday and the compromised data could involve 3,700 potential and existing customers.

She said Elantis customers were informed of the data breach and the Elantis site was taken offline; the Belgian Federal High Tech Crime Unit and an American security firm are conducting an investigation, she added.

“We are not prepared to pay. We don’t like blackmail,” Delvou said.

We are increasingly seeing this happening to cooperates and the need for companies to have a proactive approach to being prepared for cyber attacks should be high on the agenda.

The solutions we feel people should be looking at are :

Click here for more on FireEye Malware Prevention

Click here for more about Prolexic to stop DDOS attacks



Click for more about Blackridge and how to cloak your networks

Although no claim of responsibility has been made, Soca said that the attack did not ‘pose a security risk to the organisation’. A statement issued to BBC News said: “We took action to limit the impact on other clients hosted by the [same] service provider.

“DDoS attacks are a temporary inconvenience to website visitors but do not pose a security risk. Soca’s website contains only publicly available information and does not provide access to operational material.”

While no responsibility was claimed, a tweet by Anonymous said: “Tango down: DDoS attack takes down site of UK Serious Organised Crime Agency (Soca)” with a link to the BBC News story.

Pro-US hacker The Jester said in a tweet that the attack was ‘prob retaliation to carder site takedowns last week’. Last week Soca and the FBI shut down 36 websites that were believed to be selling stolen credit card information, with 2.5 million items of compromised data recovered.

Soca was previously hit by a DDoS in June 2011 by the hacktivist group LulzSec, arrests were later made of Jake Davis and Ryan Cleary in connection with the attack.

Ultimate DDos prevention. Click logoto find out more information…

Cited SC Magazine

The Welsh health board has been issued with a penalty of £70,000 after a sensitive report was sent to the wrong person. According to the ICO’s undertaking, the error occurred when a letter containing a detailed psychological report of a mental-health patient had been sent to another former patient with a similar name.

A consultant emailed his letter to a secretary for formatting, but did not include sufficiently clear identifiers for the secretary to select the correct patient. The doctor had also used the spellings of both patients’ names in his email.

Further investigations revealed that neither the consultant nor the secretary had received any data protection training from the data controller, and that practices such as those that led to this incident were widely followed by clinical and secretarial staff within the organisation.

ABHB has signed an undertaking to address the concerns expressed by the ICO during its investigation. This includes ensuring all staff are made aware of, and trained on, the organisation’s policies on storage and use of personal data, that there is appropriate and regular monitoring of compliance with policies on data protection and IT security, and that new checking processes are introduced across all sites to confirm a patient’s identity before personal information is sent out.

Stephen Eckersley, the ICO’s head of enforcement, said: “The health service holds some of the most sensitive information available. The damage and distress caused by the loss of a patient’s medical record is obvious, therefore it is vital that organisations across this sector make sure their data protection practices are adequate.

“Aneurin Bevan Health Board failed to have suitable checks in place to keep the sensitive information they handled secure. This case could have been extremely distressing to the individual and their family and may have been prevented if the information had been checked prior to it being sent.

“We are pleased that the board has now committed to taking action to address the problems highlighted by our investigation; however, organisations across the health service must stand up and take notice of this decision if they want to avoid future enforcement action from the ICO.”

Anonymous Twitter messages warned of the attack on 4 April, and said: “Expect a DDoS (distributed denial-of-service) every Saturday on the UK Government sites.”

The Home Office site was inaccessible for several hours on Saturday night.

Officials say no sensitive information was lost, and it is now back to normal.

A distributed denial-of-service (DDoS) attack floods a webserver with so many requests that it can no longer respond to legitimate users.

The Home Office website became inaccessible around 21:00 BST on Saturday, and was patchy from 05:00 on Sunday.

It is not clear whether the protest was against email surveillance or extradition, but it could be both.

One message on Twitter said it was a protest against “draconian surveillance proposals”, but another claimed it was over extradition from the UK to the US.

One tweet claiming to be from Anonymous said: “You should not give UK citizens to foreign countries without evidence. If an offence happened in the UK, so should the trial.”

There were also claims on Twitter that the 10 Downing Street website had been targeted as part of the same protest.

Prolexic are the number ONE in DDos prevention. It seems to be an area of increasing risk as the attacks keep getting bigger and increasing more complex as they move towards targeting the application/SSL layer. Just before Christmas Prolexic stopped the largest Syn flood attack ever seen at over 69m requests per second. Prolexic are the only vendor in this space who offer a time to mitigate, rather than a time to react in their SLA. We understand outages means loss of money in these scenarios so the devil is in the detail when it comes to the ability to mitigate these attacks.

The attack was reported by a Twitter account called @AnonopUK. “#OpTrialAtHome as been initiated. We are inviting every #Anon to join us in our fight against #Extradition,” said the message that it had circulated among Anonymous members earlier this month in reaction to UK extradition decisions.

According to messages that followed the evening attack was a success. It used a distributed denial of service (DDoS) attack to disrupt the web site of the Home Office and during the evening it was showing a page unavailable message with some basic contact information.

As news of the downed web site spread, Anonymous reminded anyone that would listen about why it had been targeted. “#OpTrialAtHome is offered in protest of the potential extradition of Gary McKinnon, Christopher Harold Tappin & Richard O’Dwyer,” said the @Anon_central Twitter account.

Anonymous has already targeted another web site. That denial of service attack will take place on 14 April and will hit GCHQ, the government’s spy agency. This protest will be in support of online privacy.

Source: The Inquirer (http://s.tt/195a7)

This is not the first time that the hacktivists have targeted government web sites, and in the past the Serious Organised Crime Agency (SOCA) was attacked. Subsequently some Anonymous members were arrested.