Tag Archives: Hacking

360 Vision Technology and Visual Management Systems guard against cyber attacks

As more and more security systems and devices become IP networked, it’s important for security installers and end users alike to consider how their systems will be protected against the possibility of cyber attacks. Providing a solution to the concerns around cyber security and hacking, CCTV specialist 360 Vision Technology has partnered with software control provider Visual Management Systems to provide security operators with an effective solution designed to guard against IP surveillance system cyber attacks.

Without the right level of network security measures in place, system users can be left vulnerable, resulting in exposure to the type of hacking and malware attacks that have recently hit the news headlines.

A serious security breach of an IP network can lead to system inoperability and network downtime and, at worst, direct access to corporate networks for the cyber criminals.

To provide IP surveillance system installers and operators with peace of mind, when used together both 360 Vision Technology cameras and Visual Management Systems’ TITAN SECURE Physical Security Information Management system can exceed 802.1x authentication protocols and encryption to provide “the ultimate protection” for surveillance networks via the latest patent pending technology.

360VisionTechnologySSL8022C5A19E

Designed to Centre for the Protection of National Infrastructure standards, this advanced protocol and encryption technology is said to offer a “far higher level” of hacking protection.

Advanced cyber attack protection

Ultimately, security and IT managers have much to gain by implementing the security advantages of a 802.1x authenticated network. Conversely, they also have a lot to lose should they ignore the security risks involved.

“As part of our ongoing development of products and deep integration techniques, we looked closely at the vulnerabilities of current camera systems and found that expert hackers could easily take control of standard network cameras, and even those models with HTTPS certification,” explained John Downie, sales director at Visual Management Systems. “Employing 802.1x authentication at both the camera and control end using 360 Vision Technology cameras and TITAN SECURE in combination is the most effective way in which to fully secure an IP camera network.”

Mark Rees, business development director at 360 Vision Technology, added: “Designed to protect organisations against hacking and ransomware attacks, the latest 360 Vision Technology IP surveillance cameras include advanced 802.1x encryption protection. Designed and built in the UK, our high-performance camera technology offers customers proven reliability, advanced imaging performance and effective cyber security for use within any high or general level camera surveillance application.”

Advertisements

Leave a comment

Filed under Risk UK News

Inner Range to unveil Integriti Encrypted High Security integrated access control and security system at IFSEC International 2017

We live in an era where criminal activity has become more sophisticated and information about system hacking more readily available. With organisations being more vulnerable to attack, access control and security system manufacturer Inner Range is addressing the challenge for the security industry by adding another system to its already strong portfolio: Integriti Encrypted High Security.

Launching at IFSEC International 2017, Inner Range’s Integriti Encrypted High Security is an integrated access control and security system offering the pioneering integrated security and building management functionality of its flagship brand Integriti, but with the added advantage of being end-to-end fully encrypted to 128 bit with Mac authentication. Data encryption ensures secure LAN communications at all times, while continuous monitoring detects any fault or attempted module substation.

Chantel Smith, business development manager at Inner Range Europe, commented: “Integriti Encrypted High Security delivers end-to-end full encryption, which is essential for buildings and facilities that are of critical importance to national infrastructure and for Data Centres and research labs where there’s a heightened security risk.”

Smith continued: “Equally, we’re experiencing an increase in demand for systems from organisations big and small that don’t necessarily need end-to-end encryption to meet regulatory requirements, but understand the importance of adding an extra layer of protection for their buildings.”

InnerRangeIntegritiHighSecurity The Integriti Encrypted High Security system comprises a suite of products which together offer all the elements necessary to build a fully-integrated high security system that provides complete end-to-end data encryption. The Integriti range of products includes controllers, input expansion modules, end of line modules, keypads, card readers, power supplies and equipment enclosures.

The system’s modular design delivers scope for expansion while also boasting hybrid architecture which supports both high security and standard commercial grade (resistor network) areas at the same facility at the same time. The end result is a single, holistic and affordable security solution for the entire organisation.

Expansion of the Integriti system is achieved by installing additional encrypted modules to the high security controller’s RS-485 LAN or adding additional controllers to the system. The entire platform, including multiple controllers, can be managed from the Integriti Enterprise software.

*Visit Inner Range Europe on Stand E1400 at IFSEC International 2017

Leave a comment

Filed under Risk UK News

Social engineering “a top cause of cyber incidents” finds Cyber Resilience Report

Research commissioned by Crises Control from the Business Continuity Institute for its annual Cyber Resilience Report 2016 confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways to defeat corporate perimeter security.

66% of respondents to the survey reported that their companies had been affected by at least one cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology.

The term ‘social engineering’ describes this attack vector, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The BCI research shows clearly that phishing (ie obtaining sensitive data through false representation) and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months.

A further 37% were hit by spear phishing (ie phishing through identity fraud).

BCICyber

The research has also confirmed that, to effectively counter this threat, companies now need behavioural threat detection provided by a cyber security network monitoring solution. These plug-in devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system.

They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.

Traditional anti-virus monitoring software is no longer enough. The BCI research shows that 72% of companies have this software in place, but only 26% of real cyber security incidents were actually discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.

Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of businesses having network monitoring software in place and 42% of cyber incidents being brought to attention through the work of the IT Department to whom such systems report.

The scale of the cyber threat can feel overwhelming at times, but educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience.

The message is simple… Act now before it’s too late.

Leave a comment

Filed under Risk UK News

ECA/SELECT Survey finds buildings at heightened risk from cyber attack

The use of cyber attacks is becoming more prevalent as an effective tool to disrupt both business and politics. As a result of this, within industry it’s vital that steps are taken to protect buildings and infrastructure against potential threats.

To find out the current state of play, the Electrical Contractors’ Association (ECA) and Scottish Trade Association SELECT surveyed a range of clients in November and December last year on their approach to cyber security.

The feedback received from the ‘Connected Technology Survey for Clients’ emanated from a range of respondents, including consultants, engineers, end clients, local authorities and facilities managers.

ecacybersurvey

The results show that almost four-in-ten clients (39%) don’t take any steps to protect smart installations in buildings from cyber threats. A further 49% cited the risk of hacking as a barrier to installing connected technology.

Steve Martin, head of specialist groups at the ECA, commented: “Given that ‘connected technology’ covers any technology, such as lighting or HVAC installations, this enables devices to communicate with each other over the Internet and undertake tasks. The risks from hacking are substantial.”

Currently, only 20% of the UK’s commercial buildings are considered to be ‘smart’. However, over the next four years, the global ‘Internet of Things’ market is expected to be worth over £1 trillion annually. “If we’re to keep pace with developments,” concluded Martin, “the issue of cyber security needs to be addressed as a matter of urgency.”

Leave a comment

Filed under Risk UK News, Uncategorized

Bosch launches VMS 7.0 for “higher quality and more secure” video streaming

Bosch Security Systems has just released its Video Management System 7.0 software (Bosch VMS 7.0), which will empower security operators to effectively manage high resolution video streams in their day-to-day work.

At the rate video cameras are evolving, keeping track of an ever-growing amount of high resolution video data is becoming even more challenging. In places like metro stations and airports where many cameras are needed, the burden on a workstation is very high. If a workstation’s overloaded, the client application will often lag. This is a great obstacle for security operators who need to view many cameras at once in order to maintain a complete and uninterrupted overview of a given location.

With the new Bosch VMS 7.0, however, the user is able to keep multiple Ultra High Definition ameras open without having to worry about slowing down the application. Bosch VMS 7.0 uses technology dubbed ‘Streamlining’. This technology automatically shows the optimal video resolution on the screen.

boschvms7-0

If an operator needs to view many cameras simultaneously, the Bosch VMS 7.0 automatically uses a lower-resolution stream. When enhanced pictures are required to zoom in or view on a full screen, for instance, a higher resolution stream is automatically chosen. This feature uses the multi-stream capabilities available on Bosch IP video cameras and runs on existing workstations.

Another new feature of Bosch VMS 7.0 is the encrypted communication between Bosch cameras and the VMS. A security manager can choose to encrypt all control communications and videos through a secure HTTPS connection, reducing the risk of the system being hacked.

Bosch VMS 7.0 also offers customers an IT Security Guide which explains how to set up a secure system. The document describes how to configure Bosch VMS for Windows operating systems and how to secure video cameras against unauthorised access.

Leave a comment

Filed under Risk UK News, Uncategorized

Criminals target UK’s youth as cases of identity fraud increase

Cifas, the UK’s leading fraud prevention service, has released new figures showing a 52% rise in young identity fraud victims in the UK. In 2015, just under 24,000 (23,959) people aged 30 and under were victims of identity fraud. This is up from 15,766 in 2014, and more than double the 11,000 victims in this age bracket in 2010.

The figures have been published on the same day as a new short film, entitled ‘Data to Go’, is launched online to raise awareness of this type of fraud. Shot in a London coffee shop in March this year, the film uses hidden cameras to capture baffled reactions from people caught in a stunt where their personal data, all found on public websites, is revealed to them live on a coffee cup.

Identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often, victims don’t even realise that they’ve been targeted until a bill arrives for something they didn’t buy or they experience problems with their credit rating.

IdentityTheftNew

To carry out this kind of fraud successfully, fraudsters usually have access to their victim’s personal information such as name, date of birth, address, their bank details and information on who they hold accounts with. Fraudsters gain such detail in a variety of ways, including through hacking and data loss, as well as using social media to put the pieces of someone’s identity together. 86% of all identity frauds in 2015 were perpetrated online.

People of all ages can be at risk of identity fraud, but with growing numbers of young people falling victim, Cifas is calling for better education around fraud and financial crime.

Fraudsters are opportunists

Simon Dukes, CEO of Cifas, said: “Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, so the fraudsters have instead focused on stealing and using genuine people’s details. Society, Government and industry all have a role to play in preventing fraud. However, our concern is that the lack of awareness about identity fraud is making it even easier for fraudsters to obtain the information they need.”

Dukes continued: “The likes of Facebook, Twitter, LinkedIn and other online platforms are much more than just social media sites – they’re now a hunting ground for identity thieves. We’re urging people to check their privacy settings today and think twice about what information they share. Social media is fantastic, and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.”

IdentityTheftSign

Commander Chris Greany, the City of London Police’s national co-ordinator for economic crime, added: “We’ve known for some time that identity fraud has become the engine that drives much of today’s criminality, and so it’s vitally important that people keep their personal information safe and secure. In the fight against fraud, education is key and it’s great that Cifas and its members are taking identity fraud seriously and working together to raise awareness of how the issue is now increasingly affecting young people through the launch of this film.”

As part of the campaign, Cifas commissioned a survey with Britain Thinks to find out more about 18-24 year olds’ attitudes towards personal data and identity fraud. The survey found that young people are alarmingly unaware that they’re at risk:

  • Only 34% of 18-24 year olds say they learned about online security when they were at school
  • 50% of the 18-24 year olds surveyed believe they would never fall for an online scam (compared to the national average of 37%)
  • Only 57% of 18-24 year olds report thinking about how secure their personal details are online (compared to 73% for the population as a whole)

They’re also less likely to install anti-virus software on their mobile phone than the national average (27% compared to 37%).

Organisations such as the City of London Police, Action Fraud, Get Safe Online, Her Majesty’s Government’s Cyber Streetwise campaign, Financial Fraud Action UK and Cifas members including Coventry Building Society, BT and Secure Trust Bank are all supporting the campaign and sharing the new film across their social media networks.

Cifas is also appealing to youth organisations, schools and universities to share the film so it reaches as many young people as possible.

Leave a comment

Filed under Risk UK News, Uncategorized

“Wireless security skills need to prepare for the IoT age” urges SANS Institute

The proliferation of new wireless communication technologies within consumer electronics and smart devices is overtaking the skills harboured within the information security industry. That’s the considered opinion of Larry Pesce, a leading expert in the field and a SANS Institute instructor.

“There’s a great deal of disparity between the security of the different wireless standards, and particularly so when you compare the 802 family that were predominately built for business use and emerging technologies that came from the consumer landscape such as Bluetooth, Zigbee and Z-Wave,” explained Pesce, who co-authored the books entitled ‘Linksys WRT54G Ultimate Hacking’ and ‘Using Wireshark and Ethereal’.

“For example, Bluetooth has some solid maths around encryption, but many of the security decisions are left in the hands of the users which means things can go horribly wrong. Zigbee has a poor design for how it handles passphrase and replay packets which are highly vulnerable, while security in some of the proprietary formats like Z-Wave offers almost non-existent security.”

blank template 450x450 RGB

Pesce, who also develops real-world challenges for the Mid-Atlantic Collegiate Cyber Defence Challenge, is complementary about newer wireless protocols such as 802.15.4 and Zigbee which uses baseline profiles to help deliver enhanced security, but comments: “The technology is probably ahead of the skill sets out in the field. The problem is also somewhat underestimated.”

Pesce also highlights the privacy issues that wireless-enabled devices are starting to hit against. “If we look forward, a large number of devices in the workplace and the home will be wirelessly enabled and communicating autonomously between each other and back to manufacturers. Unless more consideration is given towards securing both the devices and the communication links, there are likely to be breaches that will burrow into this Internet of Things infrastructure and start to gather private information or act as a staging post for more damaging attacks.”

Wireless Ethical Hacking, Penetration Testing and Defences

Pesce will be teaching the SANS course SEC617: Wireless Ethical Hacking, Penetration Testing and Defences at SANS London in July. The hands-on course takes an in-depth look at the security challenges of many different wireless technologies, exposing students to wireless security threats through the eyes of an attacker.

Using readily available and custom-developed tools, students navigate through the techniques attackers use to exploit Wi-Fi networks, including attacks against WEP, WPA/WPA2, PEAP, TTLS and other systems.

The course also examines the commonly overlooked threats associated with Bluetooth, ZigBee, DECT and proprietary wireless systems.

“We’re at a crossroads from a standards perspective,” concluded Pesce. “The vendors are still mostly obsessed with ‘bigger and faster’, but there’s also increased pressure from a privacy perspective and many are having a hard time figuring it out. For information security professionals, the skills needed to secure these new types of wireless connections are in high demand.”

*More information on SANS London Summer 2016 is available at: http://www.sans.org/london-in-the-summer-2016

Leave a comment

Filed under Risk UK News, Uncategorized