Patch Tuesday Blog â Cyber Security Updates
Posted on: 20 May 2015
By: wolfeg
No Comments »
Filed under: Uncategorized
As many of you may be aware, the second Tuesday of the month is Microsoftâs âSecurity Patch Tuesdayâ *
This also seemed like a good opportunity to share security updates, briefings and articles at the same time as âPatch Tuesdayâ as part of my new monthly âCyber Securityâ blog. Though just like Microsoft, if there are urgent messages, these will be sent out as required, rather than waiting for a monthly blog.
Iâll use the blog to provide a mix of advice and guidance on how to use the virtual world in a safe and secure manner for both work and personal use, in areas of IT and data / information security.
I hope you will find them interesting and informative and I would welcome any feedback you may have.
* A monthly window for releasing security patches and updates to their products. Though they do sometimes release critical patches and updates outside of these times. If you have a personal machine running Microsoft products, then look out for the update icon on the second Tuesday of the month and be sure to update your software accordingly. If you are unsure as to the status of your security patching for Windows, then click this link to find out more.
This month:-
Cyber hacking â A brief history.
Extract from an interview with Chris Ensor, deputy director for the National Technical Authority for Information Assurance at GCHQ, Britainâs communications intelligence agency
The first recorded cyber hack was in 1986, but thereâs certainly been a fair few since then. Clifford Stoll, an astronomer at the Lawrence Berkeley National Laboratory in California, couldnât understand why there was a 75 cent difference between two sets of digital accounts. In trying to unravel this mystery, he eventually discovered that Dutch hackers were being paid by the KGB to steal from the labâs computers.
âThat was nearly 30 years ago, and very little has changed,â said Chris Ensor. He explained that while computing has vastly improved, the underlying principles of cyber-hacking are the same as they were back then.
In the first stage of a cyber-attack, the hacker hunts for a weakness in your IT. âTheyâre looking for holes,â be that in your software, hardware or connection.
âOnce they find a potential way in, theyâre thinking about delivery,â he continued. âI can connect to your computer and start using your computer without you knowing â by sending an email, PDF, word document or spread sheet, and inside that document thereâs a way of exploiting a particular vulnerability in your system.â Indeed, âyou may be pulling your hair out if you havenât got USB access at work, but the reason you havenât is because thatâs a way of getting into your system.â
In the exploitation phase, hackers seek to duplicate and exploit your ability to control and access information â so they lay the groundwork by deploying software that collects your passwords when you enter them. And if it gets to that stage, itâs very difficult to spot, because viruses can use your own passwords to turn spyware or anti-virus software off, preventing detection. As the private sector has found out to its cost, the aim is often to steal intellectual property.
Given these risks, itâs crucial that organisations and individuals install updates and âpatchesâ designed to plug vulnerabilities. There is a booming black market in selling data about softwareâs weaknesses, Ensor noted: a hacker can earn up to $250,000 for information about a single hole in a piece of Apple software, for example. The key vulnerabilities used to be in operating systems, but in these days of auto-updating software, cyber-hackers are more likely to seek entry through applications instead.
Simple tips can often help, Ensor noted. For example, donât use administrator accounts for day-to-day use, and instead set up a user account with limited powers â then, âif youâre compromised as a user, [a hacker is] limited on what [they] can do.â
The day on which a software vulnerability is first found by a hacker, when it remains unknown to the rest of the world, is called a âzero dayâ, Ensor explained. âIf you read about Stuxnet, for example â the thing that allegedly went out to stop Iranian [nuclear] enrichment â there were about four zero days, which is gold dust.â This time is so valuable because ânobody knows about them, there are no patches for them, so you can do a huge amount of things in a zero day.â Itâs crucial, therefore, to keep software constantly updated
Itâs vital to prevent information being stolen, Ensor argued, because these days âinformation is all-powerfulâ. Indeed, critical infrastructure is so IT-dependent and so interconnected â taking down the telecoms network could take down the electricity network, and visa versa â that our vulnerabilities are as broad as they are deep. The principles of cyber-hacking may not have changed much since the late 1980s, but the work of preventing them is becoming ever more important.
Graeme Wolfe
Information Security Officer
12/05/2015