Yorkshire Cyber Security Cluster Meeting Notes
Location: Round Foundry Media Centre, Leeds
Date: 15th January 2020
- The Yorkshire Cyber Security Cluster is a collaborative group of experts within the cyber security industry that are committed to reducing cyber crime in the Yorkshire region
- The cluster brings together SMEs, Governing bodies, Universities, Yorkshire Police and regional CISOs and those with a vested interest in cyber
- Collaboration, sharing of best practices and offer expert advice and guidance to one another and the local community
Visions of the Cluster:
- Make the best use of Yorkshire talent & skills
- Provide members with reputational and financial benefits
- Make Yorkshire more cyber resilient and reduce the impact of cybercrime within the region
- Share knowledge, best practices and learn from one another
The aims of the Cluster are two-fold:
- To support the members of the cluster by communicating National and International initiatives and trade opportunities, providing a networking platform to share ideas and best practice, encouraging collaboration and identifying partnership opportunities so that small cyber security specialist businesses in Yorkshire can find new ways to grow.
- To support the British Government’s commitment to Cyber Security (and UK Government’s Cyber Security Strategy) by building cyber security knowledge, skills and capabilities in the Region, to make businesses more resilient to cyber attacks and make the Yorkshire region one of the most secure places in the world to do business.
Travelex Held to Ransom:
- Ransomware hackers named REvil, held foreign exchange company to ransom on New Year’s Eve
- Took down its websites across 30 countries to try “contain the virus and protect data”
- The gang ordered them to pay £4.6million in return for customer details, such as DOB’s, credit card information and national insurance numbers
- Travelex customers have not been sent any email communication about the cyber attack, with many customers unaware of their personal data being leaked
Dixons Carphone Data Breach:
- An attacker installed malicious software on 5,390 tills in Currys PC World & Dixons Travel
- Undetected for over a nine month period
- Collected data of at least 14 million people – full names, postcodes, email addresses & credit card details
- Fined £500,000 for poor security arrangements & inadequate steps to protect data
Alex Archondakis – ’Spear Phishing and Cyber Best Practices’
- CVE Details – Massive database of known exploits, hackers can look into applications and services to find versions and research them.
- Exploit DB site used for exploits. You can still go on the site and download the prewritten code that was used in the WannaCry ransomware attack – showing that it is not difficult. Finding a software version, researching for an exploit and finding something that someone else has made and clicking it.
- Any account that doesn’t have a password lock out can be exploited as they can make unlimited attempts until they guess it correctly.
Types of Brute Force:
Dictionary Based Brute Force – using full words
True Brute Force – tries every combination of every letter & case
- Multi Factor Authentication – important that anything that has administrative permissions or money related permissions should have it enabled and should be treated just like a password. People often easily give away their MFA codes – but they should be treated the exact same as a password even though they change and should not be given to anyone.
- MFA adds a second layer of security so that even if someone does get into your account, they can’t get past the second layer.
- Spear Phishing – posting a photo online on holiday with the name of the hotel in the background or ‘tagging’ the hotel, hackers can then send a generic email to the hotel that the hotel will reply to, showing the hacker the language style they use and any email footers which can then easily be copied. The hacker will then send an email informing them about an item being left in their room and to click to view an image of the item, which could lead to them downloading malware
- 97% of people can’t differentiate an authentic email from a well crafted fake
Jason Newell – ’Are you Ready for a Ransomware Attack?’
- “It doesn’t matter how well trained you are, what technologies you have in place, how mindful you are or paranoid about the risks you are – it can always happen. It’s what you do afterwards that matters.”
- 321 approach to backups – 3 copies of your data
1. Application/email data in its natural habitat
2. Easily accessible device on site
3. Cloud backup copy
- Always look at the terms in regards to backing up your data in terms of cloud based applications – Office 365 do not back up your data, which some people are unaware of
- For a disaster recovery plan – you should always consider the amount of data you can afford to lose if a server had a failure and what are the appropriate timeframes
- Microsoft Shared Responsibility Model – shows that deleted files are only retained for 14 days usually – which could be problematic if you go on holiday and cannot recover a file. You need to ensure if this will work for your organisation and your data
- Best Practice – educate staff, remote working policy, antivirus software +, backup policy/ DR Plan/BCP, test your restore process and never pay the ransom!
Cath Knibbs – ’Human Behaviour in a Digital World’
Next YCSC Dates
- 19th February, 2pm – 4pm Sheffield Hallam University
- 18th March, 2pm – 4pm Huddersfield TBC
- 15th April, 2pm – 4pm Horizon Community College, Barnsley