Janet Broadband Policy Watch

Last updated: 
2 weeks 6 days ago
Blog Manager
Log in to request membershipHide blog description
This blog monitors and reports on broadband policy and marketplace developments in the UK, Europe and worldwide that are likely to be of interest to the Janet community. Posts here may also reference my Broadband Policy Watch blog and you can also find me on Twitter.

Group administrators:

Recent members:

Cyber security news roundup November 2016

Wednesday, November 30, 2016 - 13:53

Policy developments:

The government launched its new National Cyber Security Strategy for 2016–21 which will be underpinned by £1.9 billion of investment. The plan sets out how the UK will “use automated defences to safeguard citizens and businesses against growing cyber threats, support the UK’s growing cyber security industry, develop a world-class cyber workforce and deter cyber-attacks from criminals and hostile actors.” Also see commentary from PublicTechnology.

In a blog post Dr Ian Levy, Technical Director of the UK National Cyber Security Centre, set out a high level overview of the government’s Active Cyber Defence (ACD) programme. This is intended to tackle a significant proportion of the cyber attacks that hit the UK. Aspects include fixing underlying infrastructure protocols, addressing email and DNS security issues, supporting more secure public services and encouraging innovative alternatives for identity and authentication. Dr Levy spoke at Jisc’s 2016 Security Conference this month; also see this interview, together with this one with Charlie McMurdie, senior cybercrime adviser at PwC consulting, on how universities are a top target for cyber criminals.

More on Mirai and Internet of Things (IoT) botnets:

Ars Technica reported that Linux/IRCTelnet, a new IoT botnet based on the earlier Aidra botnet , managed to infect almost 3,500 devices in five days. BBC News and the Telegraph reported that a botnet based on Mirai had blocked internet access in Liberia, though BBC News also later reported that Liberia's telecoms authority had denied that the country's internet access had been disrupted.

Network World reported on analysis by Zscaler of the security of IoT devices such as CCTV cameras, home entertainment systems, printers, and IP phones. Issues discovered included remote management consoles that use basic HTTP based authentication, making communications susceptible to sniffing and man-in-the-middle attacks. Network World also reported that a new strain of Mirai had caused problems for around a million Deutsche Telekom customers; this new strain was designed to exploit a vulnerability in internet routers (also see commentary from ISP Review).

More on DDoS:

Akamai published its Third Quarter 2016 State Of The Internet / Security Report: The two largest DDoS attacks this quarter, both based on the Mirai botnet, were the biggest observed by Akamai to-date. Compared to Q3 2015, total DDoS attacks increased 71 percent in Q3 2016. There were 19 mega attacks mitigated in Q3 that peaked at more than 100 Gbps.

Verisign published its Q3 2016 DDoS trends report: UDP flood attacks continued to dominate in Q3 2016, making up 49% of the total attacks in the quarter. The most common UDP floods mitigated were DNS reflection attacks, followed by NTP reflection attacks. Average peak attack sizes in 2016 continued to trend larger than in previously recorded years. The average peak attack size in Q3 2016 was 12.78 Gbps, an 82 percent increase year over year. Fifty-nine percent of attacks used multiple attack types.

Researchers at the Carnegie Mellon University CyLab Security and Privacy Institute have created a tool that visualises network traffic to enable easier identification of key changes and patterns. The researchers have used this tool to inspect network traffic during DDoS attacks and map out the structure of malware distribution networks. In the case of a DDoS attack this could enable targeting of a critical node to defeat the attack. Last month Arbor Networks and Jigsaw announced a collaboration to enhance the Digital Attack Map which shows the global nature of DDoS threats.

Computing reported that the European Commission has been hit by a major DDoS attack but that no data breach occurred as a result.

New research & analysis:

Nominet published its update on .UK domains suspended for criminal activity over the 12 months to October 2016. The number of .UK domains suspended between 1 November 2015 and 31 October 2016 has more than doubled year on year to 8,049, which represents around 0.08% of the more than 10 million .UK domains currently registered. Also see this infographic.

Out-Law reported on remarks by the Information Commissioner’s Office (ICO) on the increase in the number of cyber incidents being reported to it. A total of 598 data security incidents were reported to the ICO in the second quarter of this financial year, 73 of which related to cyber incidents such as hacking, misconfiguration and denial of service attacks (more detail here).

The 2016 Cyber Resilient Organization study, conducted by the Ponemon Institute and sponsored by Resilient, an IBM Company, found that many companies are still not taking the proper steps to ensure they are prepared to handle cyber attacks: only 32% of the more than 2,400 IT and security professionals surveyed said that their organization had a high level of cyber resilience and 68% did not believe their organizations have the ability to remain resilient in the wake of a cyberattack. Insufficient planning and preparedness was the top barrier to cyber resilience. The study defined cyber resilience as “the alignment of prevention, detection, and response capabilities to manage, mitigate, and move on from cyber attacks.”

TheCSuite reported on research by training company QA into the status of cyber security across the UK, based on a survey of more than 300 cyber and C-Suite professionals across all industries. Thirty seven percent of organisations responding admitted that they had suffered a cyber-attack within the last 12 months, with 17% reporting that the attack prompted their organisations to change their policies and procedures to allow them to deal with the attack better next time. Fifty seven percent felt they did not have the right balance of skills to protect their organisations.

Network World reported that dealing with the amount of threat information generated from security systems is overwhelming for many companies, echoing the “security fatigue” reported by the US National Institute of Standards and Technology (NIST) last month. A study by the Ponemon Institute sponsored by Anomali found that companies have problems taking actions based on threat intelligence because there is too much of it or because it is too complex.

Managed cyber security services firm esentire’s 2016 Cyber Threat Study found that greatest risk facing mid-sized enterprise is not from sophisticated, targeted threats. The most common vectors affecting organizations in the small to mid-size space are rudimentary, unsophisticated attacks: “Organizations operating in this space commonly have their perimeter security bypassed by rudimentary, unsophisticated (but still highly effective and successful) attack vectors…Consistently, around a third of all incidents responded to by esentire Security Operations Centre analysts describe intervention and response to a preventable brute force situation that originated as a result of poor perimeter defences. Even when organizations have good technologies in place, poor configuration can result in a higher incidence of brute force attacks.” This issue is acknowledged in the UK’s new National Cyber Security Strategy for 2016–21; see page 22.

A study of 20 major cloud hosting services by the Georgia Institute of Technology, Indiana University Bloomington and the University of California Santa Barbara found that as many as 10 percent of the repositories hosted by them had been compromised, with several hundred of the “buckets” actively providing malware.

The European Commission published a results pack covering the most recent and prominent results from EU-funded cybersecurity-related projects, including the MUSES project to develop a device independent, user-centric corporate security system able to cope with seamless working on multiple devices and the RASEN project to develop a toolbox and downloadable methods designed to help corporations and organisations approach cyber security in a more holistic manner.

Network World reported how skilled hackers could potentially attack thousands or tens of thousands of users by compromising large public WiFi networks like those run by cities, based on findings from an example in Tel Aviv presented at this year’s DefCamp security conference.

New advice & guidance:

  • The US Department of Homeland Security published a fact sheet and a set of strategic principles for securing the Internet of Things (IoT), in the wake of recent high profile attacks.
  • The European Union Agency for Network and Information Security (ENISA) published an updated version of its National Cyber Security Strategy Good Practice Guide. The guide aims is to support EU Member States in their efforts to develop and update their own national cyber security strategies and proposes a national cyber security strategy lifecycle, with a special emphasis on the evaluation and maintaining phase.
  • ENISA also published findings from a study investigating the security requirements of hospitals in relation to the Internet of Things, recognising that they are increasingly a target for cyber attacks. 
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo