IBM Security: Perspective on the Global “WannaCry2” Cyberattacks Hitting Critical Infrastructure

wannacry-2

Image source: Internet

What is WannaCry2? A rapidly spreading cyberattack that was first detected in March and has impacted businesses in nearly 100 countries. Currently, the source of the attack is unknown. The WannaCry2 attacks have crippled critical infrastructure, including hospitals, telecommunications and distribution/supply chain services.

The scale of this attack was possible because of a vulnerability in the Microsoft Windows Operating System. Although it began like any routine phishing scheme – in which a user clicks on a bad link and malware takes over – WannaCry2’s exploitation of the Windows vulnerability enabled it to spread with great speed from one workstation to a network of users. As a result, it was an attack of one-to-many versus standard phishing attacks, which typically infect one user at a time. While the attack appears disabled now, we expect hackers to reanimate it rapidly, and organizations need to prepare fast.

Continue reading

模擬電腦攻擊 對抗網絡匪黨

(文章於2017年1月4日在香港經濟日報刊登)

30885751432_e02ebedc56_h

辦公室平凡的一天,一片細碎的聲音。忽然,營業代表發現無法查看產品狀況,助理亦無從出單收錢,大家牢騷爆發,IT 部門如臨大敵,只有負責人保持冷靜。事實上他不單冷靜,還感到心寒。因為不到一分鐘前,他才收到一條不知名訊息,指公司電腦已被對方綁架,想恢復運作便要於限時前付贖金,否則對方會刪除或公開數據。

各位看倌會怎辦?

Continue reading

雲端應用 宜借鏡Pokémon GO

(原文於2016年7月28日在香港經濟日報刊登)

pokemon-go-comes-with-some-bugs-940x400

就算你不好「Pokemon Go」,身邊總會有人在玩。員工在休息時把玩手機其實無傷大雅,我們也很難杜絕「寵物小精靈」在辦公室的出現。但企業在考慮保安原則時,仍要兼顧安全與效率。企業在決定採用個別雲端應用時,原來可借鏡同類的「Pokemon Go」的一些成功元素。

Continue reading

‘Pokemon Go’ and Five Security Requirements for Using Cloud Apps

(Note: This article is a repost from Security Intelligence)

security-lessons-from-pokemon-go-938x535

If you haven’t played the new “Pokemon Go” game yourself, someone close to you definitely has. The game has gone viral since its release, and it has people out in droves wandering around neighborhoods looking for Pikachu.

Five Lessons From ‘Pokemon Go’

In the workplace, cloud apps such as “Pokemon Go” are wildly popular — and have been for a while. We all want to play, but CISOs must consider some general security requirements to be both efficient and safe.

Here are five requirements from “Pokemon Go” that can be applied to adopting cloud apps in your organization.

Continue reading

Blockchain: It Really is a Big Deal

blockchain_socialtile_1024x512_1a_markingblockchainready_final

(This article is a repost from A Smarter Planet Blog)

Over the past two decades, the Internet, cloud computing and related technologies have revolutionized many aspects of business and society. These advances have made individuals and organizations more productive, and they have enriched many people’s lives.

Yet the basic mechanics of how people and organizations forge agreements with one another and execute them have not been updated for the 21st century. In fact, with each passing generation we’ve added more middlemen, more processes, more bureaucratic checks and balances, and more layers of complexity to our formal interactions–especially financial transactions. We’re pushing old procedures through new pipes.

This apparatus–the red tape of modern society–extracts a “tax” of many billions of dollars per year on the global economy and businesses.

What can be done? One potential solution is an intriguing technology called blockchain, which is little understood outside a small fraternity of computer scientists.

Continue reading

企業3招 防範「暗黑網絡」魔爪

(原文於2015年12月28日在香港經濟日報刊登)

Network X-force 1024

網絡罪行日趨嚴重,社會各界尤須多加瞭解暗黑網絡 (Dark Web):循正常途徑接觸不到的地下網絡。其實,要進入暗黑網絡殊不困難,而這正為企業平添許多風險。

透過免費下載的洋蔥路由器 (Tor) 軟件,人人皆可連上暗黑網絡,過程不著痕跡,身份因而得以隱藏。此匿名通訊系統,對於新聞調查、情報收集及國家安全等事務至為重要;然而,犯罪份子亦多用其來掩飾身份,進行非法勾當。

Continue reading