DataSecurityExpert.co.uk - All Things Graeme Batsman

Service Offerings

Cyber security training
Product reviews
Blog or article writing
SME & UHNWI cyber security

View more details here or email me.

Chapter Author

"Chpt. 4: How to Defend"

Contact Graeme

Journalists, students or potential clients:
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

No AI Used Here

NHS ransomware: If 60+ hospital trusts can be taken down by mass market untargeted malware then what else has and can get through?

Details: Category: Cyber Security (Personal)

Let’s start off with this quote from government officials “And, we are not aware of any evidence that patient data has been compromised”. Derh! A malicious email (or new evidence, malicious comms over SMB) got through your defences, an exploit ran, malware was downloaded and the malware then went out over the internet to get a public key and then start encrypting. Focus on “malware then went out over the internet to get a public key”. If the malware reached out over the internet to get a public key it could have easily planted a RAT (remote access trojan) or uploaded files back to the CnC (command and control) server.

Back in October last year I published “Help we are under attack! Let’s create a hundred-page defence plan not actually roll out the big guns” on my website and with the major NHS ransomware incident in May 2017 I think I have proved myself right.

Pulling apart a Trickbot banking trojan email

Details: Category: Cyber Security (Personal)

Rarely do I get emails with malicious attachments in or emails with malicious links embedded and when I do I love to see what is going on.

This afternoon (Tuesday) I received the below. It is fairly standard and partly believable however this is slightly different. Normally when you hover over the link it reveals some random domain which is made up of numbers & letters or just one which is hijacked.

The link shown was: https://companieshousewebfilling.co.uk/CaseC***********.zip.

Not all forms of multi or two factor authentication are “bulletproof”

Details: Category: Cyber Security (Personal)

With most medium and large websites offering two factor authentication for free it is very much in fashion. Let’s travel back well over a decade to see why two factor was introduced. Everyone who has been working at least ten years will have seen the RSA key fob tokens and that was mainly what was available for securing Microsoft Exchange OWA or a VPN then. Disadvantages of the password a decade ago or today are that they are: guessable, written down on paper or saved in electronic clear text format, repeated throughout many websites, shareable, listed in password leak lists online, interceptable (maybe not a word), phishable (also likely not in the dictionary) and more.

After people figured out passwords were not sufficient for securing remote connectivity, RSA was widely used and got very big & rich. The problem with RSA tokens is that people can or do leave them in the laptop bag and possibly with a Post-it note next to them with a password on. RSA codes change every x seconds so it is a little hard to use a code from 5 seconds ago since when you come to use it, it has changed. If you found or stole a laptop with the RSA token then it is a different story since you have you have the laptop and token, and then you just need the username & password which could be in the bag. Yes, this does happen!