Connect with us

Cyber Security

Labour reveals large-scale cyber-attack on digital platforms

Published

on

Party says it is confident no data was breached during failed attack

The Labour party has experienced a sophisticated and large-scale cyber-attack on its digital systems from an unknown source, it has said, adding that it is confident its security systems ensured there was no data breach.

Party officials have reported the attack, which took place on Monday, to the National Cyber Security Centre, the government agency that supports and advises organisations on such incidents.

Labour has not said which digital platforms were targeted, but it is understood some of them were election and campaigning tools, which would contain details about voters. The party has sent a message to campaigners to say what happened, and to explain why the systems were working slowly on Monday.

A party spokeswoman said: We have experienced a sophisticated and large-scale cyber-attack on Labour digital platforms. We took swift action and these attempts failed due to our robust security systems. The integrity of all our platforms was maintained and we are confident that no data breach occurred.

Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed. We have reported the matter to the National Cyber Security Centre.

Whitehall sources said the initial indications were that the attack was carried out by a non-state actor.

The party sent a message to campaigners to tell them what happened, and to explain why systems were working slowly on Monday.

In the message, the partys head of campaigns, Niall Sookoo, wrote: Yesterday afternoon our security systems identified that, in a very short period of time, there were large-scale and sophisticated attacks on Labour party platforms which had the intention of taking our systems entirely offline.

Every single one of these attempts failed due to our robust security systems and the integrity of all our platforms and data was maintained. I would I like to pay tribute to all the teams at Labour HQ who identified this risk and acted quickly to protect us.

The party was reportedly targeted by a distributed denial of service (DDoS) attack, which uses botnets, networks of compromised computers, to flood a server with requests and overwhelm it.

Such attacks can vary in sophistication, but are generally easily mitigated. Web records show Labour is a customer of Cloudflare, which provides DDoS protection services to a large proportion of the web. The company protects customers from DDoS attacks by providing extra capacity as needed, filtering traffic so that only legitimate requests are dealt with, and storing cached versions of websites on its own servers.

Even when DDoS attacks succeed, they rarely have implications beyond enforced downtime, as the target waits for the attack to end, or secures extra bandwidth to deal with the new traffic. At their simplest, DDoS attacks can be hard to distinguish from legitimate traffic spikes, as when cinema websites collapse on the release of a new film.

DDoS attacks are cheap to pull off. Multiple criminal actors offer DDoS as a service, selling time on their botnets. One report from 2017 found a 300-sec attack, with a total bandwidth of 125Gbps, could be purchased for 5; a longer attack, aimed at knocking a website offline for an hour, for 90. Others were even cheaper, offering three hours of downtime for $60.

Brian Higgins, a security specialist at Comparitech.com, said the attacks dont normally represent any threat to data or information and can be defended against and recovered from quite easily if the victim has robust cybersecurity policies in place. Its hardly surprising that the Labour party has been targeted given the current political landscape in the UK.

 

Read more: https://www.theguardian.com/politics/2019/nov/12/labour-reveals-large-scale-cyber-attack-on-digital-platforms

Cyber Security

Johnson will defy US and allow use of Huawei, says top security adviser

Published

on

By

Chinese firm poised to help build UKs 5G phone network despite warnings about spying

Boris Johnson is likely to approve the use of Huawei technology in the UKs new 5G network against the pleas of the US government, a former national security adviser has said.

Sir Mark Lyall Grant, who was Theresa Mays national security adviser, said that the security services had repeatedly concluded over several years that they were able to mitigate any potential threats posed by the Chinese technology.

The US has warned the British government it would be madness to use Huawei technology and senior Washington officials have said numerous times that the Trump administration would reassess intelligence sharing with the UK in light of such a move.

However, UK security figures dispute the claim and Britain has already used some Huawei technology in previous mobile networks. A final decision is expected later this month.

Lyall Grant told the Observer: This has been gone into now by three different administrations, and I think the outcome is quite likely to be the same that the intelligence agencies are expressing confidence that they can sufficiently mitigate any potential security threat to allow Huawei to continue to provide at least the non-core telecommunications equipment for 5G rollout. The government has developed an oversight mechanism which they are confident will work.

Combine that with the fact that Huawei has more advanced technology than the alternatives, I think it is relatively likely that Boris Johnson will come to the same conclusion.

Two of Britains biggest telecoms companies, BT and Vodafone, are understood to be drafting a letter to Johnson, setting out their support for Huaweis involvement in 5G.

Last night, a senior Huawei executive, Victor Zhang, said there was simply no justification for banning the company on cyber security grounds.

After looking at the facts, we hope the government agrees so that our customers can keep the UKs 5G roll-out on track and meet the prime ministers promise of gigabit connectivity for all, he said.

Giving Huawei the go-ahead to continue supplying equipment will mean telecoms companies have access to the best technology and the breadth of suppliers they need to build secure, resilient and reliable networks.

The dispute was a sign that Britain would be repeatedly asked to take a side in disputes between the US and China, Lyall Grant added. The interesting thing about Huawei is that it is the first, but by no means the only issue on which the risk is over the next decade, we are going to be pressured to choose, he said. And that is a choice that on some issues the UK government is not going to want to make.

Read more: https://www.theguardian.com/technology/2020/jan/18/boris-johnson-defy-us-allow-5g-huawei

Continue Reading

Cyber Security

Now It’s Really, Truly Time to Give Up Windows 7

Published

on

By

Two days ago, I finally gave up Windows 7. I don't dislike Windows 10, but there's just always been something special about Windows 7. It was svelte. It actually ran faster and took up less hard drive space than its predecessor, the much-maligned Windows Vista. It looked great. We Windows users could finally hold our heads a little higher around Mac users. And, well, I didn't know how well Windows 10 would work on that old Windows 7 laptop, or how much time it would take to make the transition.

But Microsoft forced my hand. Tuesday is the last day that Microsoft will support Windows 7. "If you continue to use Windows 7 after support has ended, your PC will still work, but it will become more vulnerable to security risks and viruses," the company says. In other words, if you don't want to leave your computer open to ransomware and other threats, you better upgrade.

I was far from alone in my procrastination. A poll of IT professionals last year by Spiceworks, a social and online network for the IT industry, found that 79 percent of respondents still had at least one Windows 7 machine in their organization. About 25 percent said they didn’t expect to finish upgrading by now. Updates are always painful for large organizations. Many companies, nonprofits, and government agencies probably will keep running Windows 7 despite the risks and despite having had years to plan for the transition.

Organizations tend to overestimate how quickly they'll migrate to newer operating systems. In a 2013 poll by Spiceworks, 26 percent of respondents projected that they wouldn't migrate away from Windows XP before Microsoft ended support for that operating system in 2014. But Spiceworks found that about 32 percent of respondents were still running at least one machine with Windows XP last summer.

Fortunately for me, my upgrade to Windows 10 was pretty easy. And Microsoft says it will fix particularly important security issues for users who shell out for "extended support"; the company has been known to release security fixes even after it has officially stopped supporting a product.

IT departments can take steps to protect systems that are no longer supported. But they need to be proactive. "If organizations put their heads in the sand, they're going to get bit," says Chris Tillett, senior security engineer at information security company Exabeam. "You could be reading that your local hospital is sending your data to some criminal enterprise."

Why Companies Don't Update

Windows 7 was released in 2009. It was followed by Windows 8 in 2012 and Windows 10—the current version—in 2015 (there was no Windows 9). That might sound like plenty of time for organizations to migrate, but it’s never that simple. Some organizations may not want to—or be able to—shell out for new hardware and software. Plus, Windows 8 was notoriously unpopular because it didn’t have the traditional "Start" button. Many IT departments didn't want to support the operating system for fear that their help desks would be flooded by questions from confused users, says Peter Tsai from Spiceworks. That means PCs purchased as recently as 2015 may still be running Windows 7.

The biggest reason organizations hold on to older operating systems, Tsai says, is the need to run older "legacy" software that might not run correctly on newer operating systems. Backwards compatibility has long been a big priority for Microsoft, but it's not possible to guarantee everything that ran on older versions of Windows will work on a new version. Marc Capellupo, another Exabeam security engineer, says security improvements in Windows 10 might prevent some older applications from working correctly if they try to access parts of the operating system that are now locked down. The only way to be sure that old software works with new systems is to test it, and that takes time and resources. Even if an application will work flawlessly on Windows 10, an organization might delay an upgrade until it's been thoroughly tested. At large companies, with hundreds of thousands of users, an update from one version of an operating system to another can take years, Tillett says.

Advertisement

It’s getting easier to migrate applications from one operating system to another, Tsai says, because newer software is often web-based or built with cross-platform tools like the Java programming environment. But many industries, such as utilities, manufacturing, or financial services, still use decades-old software that can't easily be replaced, says Jason Christopher, principal cyber risk adviser at the industrial technology security company Dragos.

When millions of dollars, or people's lives, are on the line, companies are reluctant to replace software that still works, even if that means having to run outdated operating systems. Some companies still have ancient IBM mainframes, and others might run MS-DOS in virtual machines.

In cases where organizations have to run old, unsupported software and operating systems, IT departments typically do their best to secure systems in ways that don't depend on getting security updates from Microsoft. One of the most common strategies, Christopher says, is to isolate outdated systems from the internet or from other parts of the network.

For many companies looking to keep their systems safe, one answer will be still more software. According to Spiceworks, 59 percent of IT pros expect to use artificial intelligence or machine learning to detect security threats.


Read more: https://www.wired.com/story/time-give-up-windows-7/

Continue Reading

Cyber Security

Microsoft Warns of Unpatched IE Browser Zero-Day That’s Under Active Attacks

Published

on

By

internet explorer zero day vulnerability

Internet Explorer is dead, but not the mess it left behind.

Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it.

The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote code execution issue that exists in the way the scripting engine handles objects in memory of Internet Explorer and triggers through JScript.dll library.

A remote attacker can execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” the advisory says.

“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft is aware of ‘limited targeted attacks’ in the wild and working on a fix, but until a patch is released, affected users have been provided with workarounds and mitigation to prevent their vulnerable systems from cyberattacks.

The affected web browsing software includes — Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 running on all versions of Windows 10, Windows 8.1, and the recently-discontinued Windows 7.

Workarounds: Defend Against Attacks Until A Patch Arrives

According to the advisory, preventing the loading of the JScript.dll library can manually block the exploitation of this vulnerability.

To restrict access to JScript.dll, run following commands on your Windows system with administrator privileges.

For 32-bit systems:

takeown / f% windir% system32 jscript.dll
cacls% windir% system32 jscript.dll / E / P everyone: N

For 64-bit systems:

takeown / f% windir% syswow64 jscript.dll
cacls% windir% syswow64 jscript.dll / E / P everyone: N
takeown / f% windir% system32 jscript.dll
cacls% windir% system32 jscript.dll / E / P everyone: N

When a patch update is available, users need to undo the workaround using the following commands:

For 32-bit systems:

cacls %windir%system32jscript.dll /E /R everyone

For 64-bit systems:

cacls %windir%system32jscript.dll /E /R everyone
cacls %windir%syswow64jscript.dll /E /R everyone

To be noted, some websites or features may break after disabling vulnerable JScript.dll library that relies on this component, so therefore, users should install updates as soon as they become available.

Source: http://feedproxy.google.com/~r/TheHackersNews/~3/v0UAaoV7kvM/internet-explorer-zero-day-attack.html

Continue Reading

Trending