人性攻心的 APT 威脅

(文章亦同時被 Unwire Pro引用)

電腦黑客入侵引發金融震蕩或核輻射洩漏的災難級事故,以往只是科幻小說題材,但現在有成為事實的風險。

《紐約時報》取得美國國土安全部與聯邦調查局的報告顯示,多國核電廠保安系統自今年五月起,遭到黑客持續攻擊,報告將事件列入「進階持續性威脅」(Advanced Persistent Threat,簡稱 APT),屬黃色警報級別。

上一代的黑客攻擊往往是執行中毒檔案後,伺服器被奪權,或硬碟遭到清洗;現在的APT 卻來自技術精良、精心策劃的攻擊團隊,攻擊手法更低調緩慢,潛伏期較長,步驟也更迂迴。即使銀行內部系統或核電廠工業控制系統,刻意與互聯網分隔,以往被認為黑客不能觸及,但在社交媒體日漸普及的今天,APT 已有可能滲透到這些關鍵系統。

power-plant

Continue reading

企業遭黑客入侵 3方面善後

(文章於2017年11月29日在香港經濟日報刊登)

how-to-increase-transparency-and-rebuild-trust-after-a-data-breach-630x330

最近某知名共享型租車服務商傳出,去年十月曾發生嚴重資訊保安問題:有黑客盜取該公司環球五千萬名顧客、七百萬名司機的個人資料,該公司當時暗中向黑客支付十萬美元贖金,並將事件保密。

其新任行政總裁得悉事件後,主動在網誌向公眾披露,事件是由兩名黑客入侵第三方雲系統引致,而該公司兩名主要保安主管已因隱瞞此事離職。行政總裁又公佈一系列補救措施,其坦誠負責的態度值得欣賞。

若企業的 IT 系統遭到入侵,該如何重建客戶的信任?

Continue reading

IBM Security: Perspective on the Recent “Petya” Cyberattacks

454532-630x330

What is the Petya Ransomware campaign? A calculated ransomware campaign with a heavy footprint in Ukraine was detected on June 27, 2017. The source of the attack is currently unknown. To date, the attack has affected global organizations in the banking, pharmaceutical and transportation industries.

Most reports, and the ransom demand itself, refer to the activity as Petya, a well- known malware that has existed for quite some time, but at least one security company believes it is not a true Petya variant. IBM can confirm the ransomware tool is spreading via the National Security Agency (NSA) exploit ETERNALBLUE, similar to the WannaCry events last month.

Continue reading

Billions of Threats, Milliseconds to Respond: Automating Resiliency

Image of businesswoman in anger breaking metal chain

Time is not on our side. To succeed against threats, organizations need automation and cognitive technologies combined with strategy, process and testing. Effective resiliency requires investment, leadership and a culture where people imprint an always-on attitude onto their professional DNA.

For decades, business continuity was viewed as a way to prevent disasters when hardware and software failed. This process focused primarily on preparing for human error, poor change management and natural disasters like hurricanes, floods and fires. But now, more than any other time in history, cyberattacks are flooding the front lines in the resiliency battle. Cyberattacks aren’t just another threat — they’re the mother of all threats.

Continue reading

IBM Security: Perspective on the Global “WannaCry2” Cyberattacks Hitting Critical Infrastructure

wannacry-2

Image source: Internet

What is WannaCry2? A rapidly spreading cyberattack that was first detected in March and has impacted businesses in nearly 100 countries. Currently, the source of the attack is unknown. The WannaCry2 attacks have crippled critical infrastructure, including hospitals, telecommunications and distribution/supply chain services.

The scale of this attack was possible because of a vulnerability in the Microsoft Windows Operating System. Although it began like any routine phishing scheme – in which a user clicks on a bad link and malware takes over – WannaCry2’s exploitation of the Windows vulnerability enabled it to spread with great speed from one workstation to a network of users. As a result, it was an attack of one-to-many versus standard phishing attacks, which typically infect one user at a time. While the attack appears disabled now, we expect hackers to reanimate it rapidly, and organizations need to prepare fast.

Continue reading

模擬電腦攻擊 對抗網絡匪黨

(文章於2017年1月4日在香港經濟日報刊登)

30885751432_e02ebedc56_h

辦公室平凡的一天,一片細碎的聲音。忽然,營業代表發現無法查看產品狀況,助理亦無從出單收錢,大家牢騷爆發,IT 部門如臨大敵,只有負責人保持冷靜。事實上他不單冷靜,還感到心寒。因為不到一分鐘前,他才收到一條不知名訊息,指公司電腦已被對方綁架,想恢復運作便要於限時前付贖金,否則對方會刪除或公開數據。

各位看倌會怎辦?

Continue reading

雲端應用 宜借鏡Pokémon GO

(原文於2016年7月28日在香港經濟日報刊登)

pokemon-go-comes-with-some-bugs-940x400

就算你不好「Pokemon Go」,身邊總會有人在玩。員工在休息時把玩手機其實無傷大雅,我們也很難杜絕「寵物小精靈」在辦公室的出現。但企業在考慮保安原則時,仍要兼顧安全與效率。企業在決定採用個別雲端應用時,原來可借鏡同類的「Pokemon Go」的一些成功元素。

Continue reading

‘Pokemon Go’ and Five Security Requirements for Using Cloud Apps

(Note: This article is a repost from Security Intelligence)

security-lessons-from-pokemon-go-938x535

If you haven’t played the new “Pokemon Go” game yourself, someone close to you definitely has. The game has gone viral since its release, and it has people out in droves wandering around neighborhoods looking for Pikachu.

Five Lessons From ‘Pokemon Go’

In the workplace, cloud apps such as “Pokemon Go” are wildly popular — and have been for a while. We all want to play, but CISOs must consider some general security requirements to be both efficient and safe.

Here are five requirements from “Pokemon Go” that can be applied to adopting cloud apps in your organization.

Continue reading

Blockchain: It Really is a Big Deal

blockchain_socialtile_1024x512_1a_markingblockchainready_final

(This article is a repost from A Smarter Planet Blog)

Over the past two decades, the Internet, cloud computing and related technologies have revolutionized many aspects of business and society. These advances have made individuals and organizations more productive, and they have enriched many people’s lives.

Yet the basic mechanics of how people and organizations forge agreements with one another and execute them have not been updated for the 21st century. In fact, with each passing generation we’ve added more middlemen, more processes, more bureaucratic checks and balances, and more layers of complexity to our formal interactions–especially financial transactions. We’re pushing old procedures through new pipes.

This apparatus–the red tape of modern society–extracts a “tax” of many billions of dollars per year on the global economy and businesses.

What can be done? One potential solution is an intriguing technology called blockchain, which is little understood outside a small fraternity of computer scientists.

Continue reading

企業3招 防範「暗黑網絡」魔爪

(原文於2015年12月28日在香港經濟日報刊登)

Network X-force 1024

網絡罪行日趨嚴重,社會各界尤須多加瞭解暗黑網絡 (Dark Web):循正常途徑接觸不到的地下網絡。其實,要進入暗黑網絡殊不困難,而這正為企業平添許多風險。

透過免費下載的洋蔥路由器 (Tor) 軟件,人人皆可連上暗黑網絡,過程不著痕跡,身份因而得以隱藏。此匿名通訊系統,對於新聞調查、情報收集及國家安全等事務至為重要;然而,犯罪份子亦多用其來掩飾身份,進行非法勾當。

Continue reading