Category Archives: Huawei

IT Security Expert Blog: What’s the greater risk to UK 5G, Huawei backdoors or DDoS?

Have we been focusing too much on the Huawei backdoor threat instead of the DDoS threat facing the incoming 5G network infrastructure? Lee Chen, CEO at A10 networks thinks so.

The size and sophistication of distributed denial-of-service (DDoS) attacks have risen at an ever-accelerating pace. As new 5G networks become operational, we expect the size of attacks will dwarf these records. This is primarily due to the increase in IoT devices that 5G will introduce, with the number set to reach 4.1 billion globally by 2024. Each device is a perfect nest for botnets carrying malware, offering a new DDoS weapon for hackers to take advantage of.



Service providers will need to evolve rapidly with these growing threats and adopt intelligent automation to detect and mitigate security anomalies in a matter of seconds. Sophisticated DDoS threat intelligence, combined with real-time threat detection and automated signature extraction, will allow the marketplace to defend against even the most massive multi-vector DDoS attacks, no matter where they originate.

The Huawei threat remains a political football, there is still uncertainty on whether the Chinese telecoms giant's network devices will be banned in the UK or not. I have updated my post - Is Huawei a Threat to UK National Security? with the latest developments.


IT Security Expert Blog

What’s the greater risk to UK 5G, Huawei backdoors or DDoS?

Have we been focusing too much on the Huawei backdoor threat instead of the DDoS threat facing the incoming 5G network infrastructure? Lee Chen, CEO at A10 networks thinks so.

The size and sophistication of distributed denial-of-service (DDoS) attacks have risen at an ever-accelerating pace. As new 5G networks become operational, we expect the size of attacks will dwarf these records. This is primarily due to the increase in IoT devices that 5G will introduce, with the number set to reach 4.1 billion globally by 2024. Each device is a perfect nest for botnets carrying malware, offering a new DDoS weapon for hackers to take advantage of.

Service providers will need to evolve rapidly with these growing threats and adopt intelligent automation to detect and mitigate security anomalies in a matter of seconds. Sophisticated DDoS threat intelligence, combined with real-time threat detection and automated signature extraction, will allow the marketplace to defend against even the most massive multi-vector DDoS attacks, no matter where they originate.


The Huawei threat remains a political football, there is still uncertainty on whether the Chinese telecoms giant's network devices will be banned in the UK or not. I have updated my post - Is Huawei a Threat to UK National Security? with the latest developments.

The Department of Homeland Security Say Foreign Based VPN’s Pose a Threat to National Security

The US and China tensions continue as the Department of Homeland Security (DHS) seek to tighten their national security against

The Department of Homeland Security Say Foreign Based VPN’s Pose a Threat to National Security on Latest Hacking News.

Addressing UK Security Concerns in Huawei Products May Take 5 Years, Exec Says

Huawei P10

Huawei’s been having a rough time recently. After the US, New Zealand and Australia prevented the telecom company from working on their 5G mobile networks for fear it would spy for the Chinese government, the European Commission expressed concern over potential backdoors that could threaten national security and lead to a ban. Then, Huawei’s CFO was arrested in Canada over alleged Iran sanctions violations.

Huawei may now face another blow: even though the company committed to invest some $2 billion to assuage UK government security concerns over issues with Huawei products, it may take the company years to get everything in place, writes The Guardian.

Ryan Ding, Huawei’s carrier business group president, said measures needed to ease the concerns, raised in a 2018 Huawei Cyber Security Evaluation Centre Oversight Board annual report mandated by the UK, constitute “a complicated and involved process and will take at least three to five years to see tangible results. We hope the UK government can understand this.”

 “Modern communications networks are complex systems that keep evolving in new and innovative ways,” Ding wrote in a letter to UK MP Norman Lamb, the chairman of the House of Commons Science and Technology Committee. “Enhancing our software engineering capabilities is like replacing components on a high-speed train in motion.”

The report by the oversight board stated that a technical and security evaluation of Huawei products on the UK market revealed a number of issues “leading to new risks in the UK telecommunications networks.”

MI6 chief Alex Younger has also voiced his concern about integrating Chinese companies into the country’s telecom infrastructure.

“We need to decide the extent to which we are going to be comfortable with Chinese ownership of these technologies and these platforms in an environment where some of our allies have taken a very definite position,” Younger said.

Huawei further denied accusations of misappropriating data collected in the UK by handing it over to foreign intelligence agencies.

“Were Huawei ever to engage in malicious behavior, it would not go unnoticed – and it would certainly destroy our business,” Ding said. “For us, it is a matter of security or nothing; there is no third option. We choose to ensure security.”

Is Huawei a Threat to UK National Security?

On 19th July 2018 the UK government, through the GCHQ backed Huawei Cyber Security Evaluation Centre, gave “limited assurance” that Huawei poses no threat to UK National Security. Since then the UK, EU, and NATO member government politicians and security services have all raised concerns about the nation-state cyber threat posed by the Chinese telecoms giant Huawei. 

There has been particular political unease around the Huawei provision of network infrastructure devices (i.e. switches and routers etc.) within the UK national infrastructure, devices which controls network traffic and capable of accessing the data that traverses them. Huawei has been operating in the UK market for 18 years, whether its their smart phones or a network devices, Huawei products are generally far cheaper than their competitors' equivalents. This has led to major telecoms providers such as BT, purchasing and implementing Huawei network devices within their telecommunications infrastructure and data centres, some of which are regarded as critical components within the UK national infrastructure. As such, Huawei has been subject to unfavourable security scrutiny, which has recently spilt out into political and media arenas. 


Huawei has always denied its products poses a threat, and there is no evidence of any malicious capability or activity publicly disclosure by any UK intelligence agencies or cyber security firms. But there is also the Chinese 2017 National Intelligence Law, which states that Chinese organisations are obliged to "support, cooperate with, and collaborate in, national intelligence work".

Three nations in the intelligence alliance ‘Five Eyes’, the United States, Australia, and New Zealand, have effectively prohibited the installation of Huawei equipment within their generation telecommunications equipment, namely 5G networks. The remaining two members of "Five Eyes", the United Kingdom and Canada, are expected to state their position within the coming months. The UK's National Cyber Security Centre has published warnings about the Chinese company's security standards. Elsewhere, nations including France, Germany and India have expressed their concerns about the use of Huawei equipment within their telecommunications 5G upgrades.


On 4th February, a leaked draft 'Huawei Cyber Security Evaluation Centre' 2019 report, said the issues and findings it had raised previously had not been fully addressed by Huawei, and was critical about the security of Huawei's technology.

Then on 6th February 2019,  a letter sent to MPs by Huawei was published. In it Huawei said it could take up to five years to address security issues raised by the Huawei Cyber Security Evaluation Centre, at a cost of $2bn (£1.5bn) of their own money. The president of Huawei's carrier business group also said the process of adapting its software and engineering processes to meet the UK's requirements was "like replacing components on a high-speed train in motion".

Huawei also made the following points in the letter to rebut the threat allegations,  "Huawei is a closely watched company.  Were Huawei ever to engage in malicious behaviour, it would not go unnoticed - and it would certainly destroy our business. For us, it is a matter of security or nothing; there is no third option. We choose to ensure security." The letter also addressed the Chinese 2017 National Intelligence Law, stating "no Chinese law obliges any company to install backdoors", a position they have backed up by an international law firm based in London. The letter went on to say that Huawei would refuse requests by the Chinese government to plant backdoors, eavesdropping or spyware on its telecommunications equipment.

The ball is now in the UK government's court, in the next couple of months we shall see if the UK Gov bans Huawei or continues to work with them to help assure the implied national security threat of their products. A ban could well result in Huawei pulling out of the UK market altogether, taking their billions of pounds of investment with them, and would likely negatively impact post Brexit trade deal negotiations between the UK and China, so we can expect the situation to become even more political in the short term.

Huawei Threat News Timeline
Who are Huawei?
  • Chinese multinational conglomerate which specialises in telecommunications equipment, consumer electronics and technology-based services and products.
  • HQ in Shenzhen, Guangdong
  • Founded in 1987 by Ren Zhengfei, a former engineer in the People's Liberation Army
  • Largest telecommunications-equipment manufacturer in the world
  • Overtook from Apple in 2018 as the second-largest manufacturer of smartphones in the world
  • 72nd on the Fortune Global 500 list
  • 180,000 employees
  • Chinese military remain an important customer for Huawei
  • Invests Billions into R&D around world
  • 3 Billions Customers Globally
  • Operating within the UK for 18 years
  • Made a five year commitment (2018 to 2023) to invest £3 billion in the UK.
  • Allegations its equipment may contain backdoors to allow unauthorised surveillance and/or data theft by the Chinese government and the People’s Liberation Army
The 5G Evolution
5G is expected emerge in the UK in late 2019 and early 2020, and will be much faster than 4G. The theoretical maximum speed for 4G is 1Gbps, while the theoretical maximum speed for 5G is 20Gbps, so 5G is potentially up to 20 times faster than 4G. Potentially faster than the UK average broadband speed, which stands at 18.57Gbps.

Mobile networks are changing with the arrival of 5G and the impact of this change will be felt across the industry. Adrian Taylor, regional VP of sales for A10 Networks, provides the follow insight about the impact of 5G on the market and how it will change the enterprise world.

5G and the Evolution of Mobile Networks
Fifth generation networks, just like the preceding 4G LTE and WiMAX networks, are expected to greatly increase available bandwidth, with improved end-to-end performance providing a better end-user experience. In the most basic of terms, 4G LTE was the long-term evolution of Radio Access Networks (RAN); 5G is the next iteration.

Wireless carriers have invested billions into their networks to support the ongoing demand for faster network speeds. They must look for ways to increase revenue while delivering more value to the end user. This continues to drive new devices into the hands of the consumer. The demand for increased efficiencies, bandwidth, and coverage has pushed carriers towards a decentralised deployment model.

Network Virtualisation Remains in The Early Stages
Service providers monitor and review technology for advancements that will help deliver faster and less expensive networks. Recently, they have looked into areas of Network Function Virtualisation (NFV) and automation to support their advancements. Mobile network operators are investing heavily in reducing delays and errors through repetitive processes as they build and add capacity to existing 4G networks.

Virtualisation and Software Defined Networks (SDN) improvements are driving a shift from hardware to software. SDN is promising, but it’s not an instant solution, as purpose-built hardware still remains the preferred choice. NFV and SDN have offered service providers an alternative to existing methods, including dedicated appliances sitting idle. However, it’s safe to say that the age of virtualisation remains in the early stages.


Hardware manufacturers and service providers are now betting on the acceptance and success of virtualised functions. Software development continues at breakneck speed to meet timelines and demands for more integrated solutions, which easily scale and reduce operational overheads at the same time.

The 5G Revenue Opportunity
5G’s impact is expected to extend beyond the typical mobile network carriers/operators such as Virgin Media, EE, O2, and Sky in the UK and overseas. It promises to enable increased connectivity and flexibility, that will drive additional functions throughout all supportive components of a mobile carrier’s network.

RAN access providers face the question of how to support the ever-increasing appetite for cutting the cord. How can we use our mobile devices in more ways than previously thought, as the end user goes about their daily tasks? This mobility, whether it’s tied to a carrier’s technology or even a simple Wi-Fi home network, reaches all corners of our day-to-day life.

This reach extends from the cloud to the data centre environments and continues to drive capacity needs, supported by both legacy appliances and the ever-increasing virtual environments. This continued appetite for consumption has opened up opportunities for all facets of technology and associated vendors.

5G Mobile Network Evolution
The continued expansion of 5G networks will have a revolutionary impact upon every mobile subscriber and business in the world.

The fundamental market forces of network evolution are not based on wired or wireless infrastructure. Companies are currently focused on upgrading existing mobile networks. Whereas at the exact same time, NFV, SDN and the global IoT industry are all preparing to utilise the next generation of mobile networks.

Software solutions are easier to move from concept to production and frequently offer a lower up-front investment cost. This all adds up to help drive increased functionality for all service providers, including the wired infrastructure.

5G and IoT will be demand-driven. As a result, the more the infrastructure expands to meet that demand, the more opportunities will be uncovered. It’s a positive feedback loop that will revolutionise how we think of the internet.

Get ready for a world that will be changed forever with the next generation mobile networks on the horizon.

      Cyber Security Week in Review (Feb. 1)

      Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here.

      Top headlines this week

      • Apple revoked a set of developer tools from Facebook. The two tech companies got into a tug-of-war this week over a Facebook program that came to light where they paid users to install a VPN on their mobile devices. Facebook would then track users’ habits via the VPN. Facebook has now ended that program.
      • Apple temporarily disabled its group FaceTime service as it fixes a vulnerability. If exploited, an attacker could potentially listen in on conversations via Apple devices’ microphones even if the user doesn’t answer a FaceTime call. Apple’s slow response to this bug has prompted New York’s attorney general to launch an investigation.
      • The U.S. filed several criminal charges against Chinese tech company Huawei. One indictment accused Huawei of attempting to steal trade secrets from mobile company T-Mobile, while another says the company worked to bypass American sanctions against Iran.

      From Talos

      • Attackers are utilizing a fake job posting from Cisco Korea to infect users. Based on our research, we believe this is the latest in a long string of attacks from the same threat actor.
      • There are multiple vulnerabilities in ACD Systems' Canvas Draw 5. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. Snort rules 39593 - 39596, 39599 - 39632, 47336, 47337 can help protect you from the exploitation of these vulnerabilities.
      • Python.org contains an exploitable denial-of-service vulnerability in its X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer to dereference, resulting in a denial of service. Snort rules 48854 and 48855 can protect you from the exploitation of this vulnerability. 
      • Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. Snort rules 47750 and 47751 can protect you from the exploitation of these vulnerabilities. 

      Malware roundup

      • The FormBook malware is back, this time targeting retail and hospitality companies. The information-stealer first appeared in 2016, and its use has recently risen through a new malware-hosting service.
      • The FBI and Air Force are working together to dismantle a North Korean botnet. Joanap is a remote access tool believed to be associated with the Lazarus Group APT. Snort rule 46885 can prevent Joanap from making an outbound connection.
      • A new cryptocurrency malware is targeting Macs. A variant of OSX.DarthMiner, the malware steals browser cookies and saved passwords in the Google Chrome web browser. 
      • American and Belgian authorities shut down an illegal online marketplace. xDedic, a website that concealed the location of its servers and was often used to sell personal information stolen in cyber attacks, is responsible for roughly $68 million of fraud.

      The rest of the news

      • Google removed several data collection apps from the iOS App Store. The apps collected data from users’ phones, browsers and routers with their consent. In exchange, Google sent gift cards to the users. However, they did not properly operate under Apple’s developer enterprise program.
      • The United Arab Emirates has gathered a group of hackers to track adversaries of their government. Many of the members are former U.S. National Security Agency hackers. 
      • A group of 2.2 billion login credentials is circulating among hacking groups. This trove of information is part of a smaller collection that was uncovered by a security researcher earlier this year.
      • A distributed denial-of-service attack recently broke the record for packets sent per second. Security firm Imperva says they recently stopped an attack against their client that crossed the 500 million packets per second mark. 
      • Airbus employees’ data was accessed as the result of a recent data breach. The airline says there was no impact to their commercial operations or intellectual property.
      • Chrome and Firefox fixed several security flaws in the latest versions of their browsers. Chrome 72 fixed 58 CVEs, including one that was rated “critical,” while Firefox patched seven CVEs, including three “critical” ones. 

      US DoJ charges Huawei sanctions violations and in technology espionage

      The US Justice Department charges the Chinese telecommunications giant Huawei in technology theft and violation of sanctions.

      The US Justice Department charges the Chinese telecommunications giant Huawei in two cases, including the one that led the arrest of a top executive in Canada on a US warrant.

      According to the US DoJ, the charges are the response to persistent action conducted by the Chinese company to exploit American organizations

      The US DoJ confirmed 13 charges against Huawei chief financial officer Meng Wanzhou and other three affiliates, they are accused of violating US sanctions on Iran.

      Wanzhou is the daughter of the Huawei founder Ren Zhengfei, she is currently out on bail in Canada, she is expected to fight extradition to the United States The arrest has triggered a diplomatic crisis between Canada, US, and China.

      Other 10 charges were filed against two Huawei affiliates that are accused of the theft of robot technology from T-Mobile.

      “Both sets of charges expose Huawei’s brazen and persistent actions to exploit American companies and financial institutions, and to threaten the free and fair global marketplace,” explained FBI Director Christopher Wray.

      “Acting US Attorney General Matthew Whitaker said the extradition request would be sent by a January 30 deadline. A hearing is set for February 6.” reported the AFP press.

      According to Whitaker, the indictment doesn’t refer to the involvement of the Chinese government in the case, but China must hold Chinese firms like Huawei accountable for complying with the law.

      “As I told Chinese officials in August, China must hold its citizens and Chinese companies accountable for complying with the law.” said
      Whitaker.

      Pierluigi Paganini

      (SecurityAffairs – China, cyber espionage)

      The post US DoJ charges Huawei sanctions violations and in technology espionage appeared first on Security Affairs.

      DoJ Charges Huawei Execs in Broad Indictment Spanning 10 Years of Criminal Activity

      The Department of Justice (DoJ) filed broad charges against Chinese telecom giant Huawei Technologies Co. Ltd. and its CFO Wanzhou Meng for allegedly stealing trade secrets from U.S. mobile firm T-Mobile and deceiving U.S. stakeholders about its business activity in Iran, among a number of other fraud and conspiracy activities over a 10-year...

      Read the whole entry... »

      Related Stories

      Cyber Security Roundup for December 2018

      The final Cyber Security Roundup of 2018 concludes reports of major data breaches, serious software vulnerabilities and evolving cyber threats, so pretty much like the previous 11 months of the year.

      5.3 millions users of "make your own avatar" app Boomoji had their accounts compromised, after the company reportedly didn't secure their internet connected databases properly. "Question and Answer" website Quora also announced the compromise of 100 million of its user accounts following a hack.


      A large data breach reported in Brazil is of interest, a massive 120 million Brazilian citizens personal records were compromised due to a poorly secured Amazon S3 bucket. This is not the first mass data breach caused by an insecure S3 bucket we've seen in 2018, the lesson to be learnt in the UK, is to never assume or take cloud security for granted, its essential practice to test and audit cloud services regularly.

      Amongst the amazing and intriguing space exploration successes reported by NASA in December, the space agency announced its employee's personal data may had been compromised. Lets hope poor security doesn't jeopardise the great and highly expensive work NASA are undertaking.  
      NASA InSight Lander arrives on Mars 

      It wouldn't be normal for Facebook not to be in the headlines for poor privacy, this time Facebook announced a Photo API bug which exposed 6.8 million user images

      Away from the political circus that is Brexit, the European Parliament put into a law a new Cybersecurity Act. Because of the Brexit making all the headlines, this new law may have gone under the radar, but it certainly worth keeping an eye on, even after UK leaves the EU. The EU Parliament has agreed to increase the budget for the ENISA (Network & InfoSec) agency, which will be rebranded as the "EU Agency for Cybersecurity". The Cybersecurity Act will establish an EU wide framework for cyber-security certifications for online services and customer devices to be used within the European Economic Area, and will include IoT devices and critical infrastructure technology. Knowing the EU's love of regulations, I suspect these new best practice framework and associated accreditations to be turned into regulations further down the line, which would impact any tech business operating in European Union.

      The UK Parliament enacted the "The Health and Social Care (National Data Guardian) Act", which also went under the radar due to all the Brexit political noise. The act requires the appointment of a data guardian within England and Wales. The data guardian will publish guidance on the processing of health and adult social care data for use by public bodies providing health or social care services, and produce an annual report.

      Chinese telecoms giant Huawei had plenty of negative media coverage throughout December, with UK government pressuring BT into not using Huawei kit within BT's new 5G network, due to a perceived threat to UK's future critical national infrastructure posed by the Chinese stated-backed tech giant.  The UK Defence Secretary Gavin Williamson said he had "very deep concerns" about Huawei being involved in new UK mobile network.
      Security company Insinia cause controversy after it took over the Twitter accounts by Eamon Holmes, Louis Theroux and several others celebs. Insinia said it had managed the account takeover by analysing the way Twitter handles messages posted by phone, to inject messages onto the targeted accounts by analysing the way the social network interacted with smartphones when messages are sent. However, Insinia were accused of being unethical and breaking the UK Computer Misuse Act in some quarters.

      Unsecured internet connected printers are being hacked again, this time they were used to sent print out messages of support for Swedish YouTube star PewDiePie. A hacker named TheHackerGiraffe was said to have targeted up 50,000 printers after using Shodan to search for open printer ports online, the scan was said to have found 800,000 vulnerable printers.

      An Financial Conduct Authority (FCA) report warned UK banks about their over-reliance on third-party security providers. The FCA said companies "generally lacked board members with strong familiarity or specific technical cyber-expertise. External expertise may be helpful but may also, if overly relied on, undermine the effectiveness of the ‘three lines of defence’ model in identifying and managing cyber-risks in a timely way. The report also warned about supply-chain security, especially the role that firms play in other organisations’ supply chains.

      NEWS

      AWARENESS, EDUCATION AND THREAT INTELLIGENCE
      REPORTS

      Cyber Security Roundup for October 2018

      Aside from Brexit, Cyber Threats and Cyber Attack accusations against Russia are very much on the centre stage of UK government's international political agenda at the moment. The government publically accused Russia's military 'GRU' intelligence service of being behind four high-profile cyber-attacks, and named 12 cyber groups it said were associated with the GRU. Foreign Secretary Jeremy Hunt said, "the GRU had waged a campaign of indiscriminate and reckless cyber strikes that served no legitimate national security interest".

      UK Police firmly believe the two men who carried out the Salisbury poisoning in March 2018 worked for the GRU.

      The UK National Cyber Security Centre said it had assessed "with high confidence" that the GRU was "almost certainly responsible" for the cyber-attacks, and also warned UK businesses to be on the alert for indicators of compromise by the Russian APT28 hacking group.  The NCSC said GRU hackers operated under a dozen different names, including Fancy Bear (APT28), had targetted:
      • The systems database of the Montreal-based World Anti-Doping Agency (Wada), using phishing to gain passwords. Athletes' data was later published 
      • The Democratic National Committee in 2016, when emails and chats were obtained and subsequently published online. The US authorities have already linked this to Russia.
      • Ukraine's Kyiv metro and Odessa airport, Russia's central bank, and two privately-owned Russian media outlets - Fontanka.ru and news agency Interfax - in October 2017. They used ransomware to encrypt the contents of a computer and demand payment 
      • An unnamed small UK-based TV station between July and August 2015, when multiple email accounts were accessed and content stolen

      Facebook was fined the maximum amount of £500,000 under pre-GDPR data protection laws by the UK Information Commissioner's Office (ICO) over the Cambridge Analytica Scandal. Facebook could face a new ICO fine after revealing hackers had accessed the contact details of 30 Million users due to a flaw with Facebook profiles. The ICO also revealed a 400% increase in reported Cyber Security Incidents and another report by a legal firm RPC said the average ICO fines had doubled, and to expect higher fines in the future. Heathrow Airport was fined £120,000 by the ICO in October after a staff member lost a USB stick last October containing "sensitive personal data", which was later found by a member of the public.

      Notable Significant ICO Security Related Fines

      Last month's British Airways website hack was worse than originally reported, as they disclosed a second attack which occurred on 5th September 2018, when the payment page had 22 lines of malicious Javascript code injected in an attack widely attributed to Magecart.  Another airline Cathay Pacific also disclosed it had suffered a major data breach that impacted 9.4 million customer's personal data and some credit card data.

      Morrisons has lost a challenge to a High Court ruling which made it liable for a data breach, after an employee, since jailed for 8 years, stole and posted thousands of its employees' details online in 2014.  Morrisons said it would now appeal to the Supreme Court., if that appeal fails, those affected will be able to claim compensation for "upset and distress". 

      Interesting article on Bloomberg on "How China Used a Tiny Chip to Infiltrate U.S. Companies". However, there was a counter-narrative to the Bloomberg article on Sky News. But didn't stop Ex-Security Minister Admiral Lord West calling the Chinese when he said Chinese IT Kit 'is putting all of us at risk' if used in 5G.  He raises a valid point, given the US Commerce Department said it would restrict the export of software and technology goods from American firms to Chinese chipmaker Fujian Jinhua BT, which uses Huawei to supply parts for its network, told Sky News that it would "apply the same stringent security measures and controls to 5G when we start to roll it out, in line with continued guidance from government". Recently there have been warnings issued by the MoD and NCSC stating a Chinese espionage group known as APT10 are attacking IT suppliers to target military and intelligence information.

      NCSC is seeking feedback on the latest drafts 'knowledge areas' on CyBOK, a Cyber Security body of knowledge which it is supporting along with academics and the general security industry.

      Google are finally pulling the plug on Google+, after user personal data was left exposed. Google and the other three major web browser providers in the world said, in what seems like coordinated announcements, businesses must accept TLS Version 1.0 and 1.1 will no longer support after Q1 2018.

      So its time to move over to the more secure TLS V1.2 or the more secure & efficient TLS V1.3.

      NEWS

      Cyber Security Roundup for August 2018

      The largest data breach disclosed this month was by T-Mobile, the telecoms giant said there had been "unauthorised access" to potentially 2 million of their 77 million customer accounts. According to the media, a hacker took advantage of a vulnerability in a T-Mobile API (application programming interface). It was a vulnerable API used by Air Canada mobile App which was also exploited, resulting in the compromise of 20,000 Air Canada customer accounts. Air Canada promptly forced a password change to all of its 77 million customer accounts as a result, however, the airline faced criticism from security experts for advising a weak password strength. Namely, a password length of 8, made up of just characters and digits. Both of these hacks underline the importance of regularly penetration testing Apps and their supporting infrastructure, including their APIs.

      Hackers stole up to 34,000 Butlin guest records, reportedly breaching the UK holiday camp firm through a phishing email. Dixons Carphone upped the estimated number of customer records breached in a hack last year from 1.2 million to 10 million, which includes 5.9 million payment cards. There was no explanation offered by Dixons to why it had taken so long to get a grip on the scale of the data breach, which was reported as occurring in July 2017.

      Huawei continues to face scrutiny over the security of their products after the UK National Cyber Security Centre (NCSC) issued a warning about using the Chinese tech manufacturing giant's devices in a security report. Huawei recently took over from Apple as the world's second largest provider of smartphones. A 16 year old Australian 'Apple fanboy' found himself in court after hacking into Apple's network.

      On the international scene, Microsoft announced it had thwarted Russian data-stealing attacks against US anti-Trump conservative groups, by taking down six domains which hosted mimicked websites, which were likely to be used in future phishing campaigns. The Bank of Spain's website was taken out by a DDoS attack, and a Chinese Hotel Group's 140Gb customer database was found for sale on the dark web. The PGA golf championship was hit by a ransomware, and the FBI arrested three key members of the notorious FIN7 hacking group, the group is said to be responsible for stealing millions of credit card and customer details from businesses across the world.

      On the personal front, the EC-Council confirmed my Computer Hacking Forensic Investigation (CHFI) certification had been renewed until 2021. I dropped into B-Sides Manchester this month, the highlight was a demonstration of a vulnerability found by Secarma researches, namely a PHP flaw which places CMS sites at risk of remote code execution

      There was plenty of critical security patches released by the usual suspects, such as Microsoft, Cisco, and Adobe, the latter firm released several out-of-band patches during August. A critical update was released for Apache Struts (popular web server) and a reminder that Fax machines and all-in-one devices network devices could be used as a way into corporate networks by hackers.

      Finally, there were a couple of interesting cybercrime articles posted on the BBC's news website this month,  Cyber-Attack! Would your firm handle it better than this? and Unpicking the Cyber-Crime Economy

      NEWS
      AWARENESS, EDUCATION AND THREAT INTELLIGENCE