Shane Chambers 1 Comment

KRACK – The Vulnerability That Affects Nearly Every Wi-Fi Device on the Planet

On Monday, it was announced publicly that Wi-Fi security, specifically the WPA2 standard, was essentially broken. The culprit is a bug named KRACK (Key Reinstallation Attack) which takes advantage of fundamental flaws in how WPA2 operates, and has exposed many shortcomings in how the industry responds to such attacks as well. WPA2 (Wi-Fi Protected Access II) is hugely prevalent, as it is the current generation of authentication used on wireless networks. That means that almost every wireless device could be affected by KRACK, as most devices use WPA2. This includes everything from laptops and phones to routers and IoT (Internet of Things)/Smart devices.


KRACK is a Wi-Fi vulnerability with a scope almost impossible to measure, and no easy resolutions. We can only learn from it going forward.

Read more

Shane Chambers 1 Comment

Cybercrime as a Service – Online scamming courses, €10 hacking software, & much more

Everyone’s talking about cyber security these days, and there’s a seemingly endless list of protective measures to be taken to prevent cyber attacks. It can be a bit daunting, and at times hard to secure the right budget, so is all this hype about security really necessary? The short answer is – YES. The long answer is that in order to understand why cyber security has taken over the forefront of IT for businesses, you must first understand that cyber criminals are no longer just bedroom hackers; they’re a fully fledged industry.


Cybercrime costs the economy an estimated $450 billion globally

Cybercrime-as-a-Service is on the rise in a big way, with criminals constantly developing more advanced ways to steal businesses’ hard-earned cash over the internet. The industry continues to evolve and adapt and is now highly organised. All one has to do is log onto certain sites on the Dark Web and they’ll be greeted with professional hackers offering ransomware, malware, phishing, DDoS and much more as-a-service.

Read more

Shane Chambers 3 Comments

New Global Ransomware ‘Petya’ May Be Deadlier Than WannaCry

Back in May, the world saw a global ransomware attack on a then-unprecedented scale – WannaCry. This cyber attack affected more than 230,000 computers in more than 150 countries, and is estimated to have cost businesses up to $4 billion. To say that businesses were caught off-guard is an understatement, with the malware utilising vulnerabilities in the long-obsolete Windows Server Message Block (SMB) v1 and through computers with out-of-date Windows security patches. It gets onto a network most often through human error – employees clicking phishing emails – then spreads like wildfire to other machines that are connected to the internet.

This week, however, reports came in from Ukraine and across Europe that a new mass-ransomware attack was underway. Initially theorised to have been a variant of WannaCry, cyber security experts now believe it to be a variant of Petya, a strain first seen in 2016 which was then predicted to be “the next step in ransomware evolution”.


Oops, your important files are encrypted. There is currently no known way to recover files affected by Petya.

Read more

Shane Chambers No Comments

Honda Forced to Suspend Plant After Fresh WannaCry Outbreak

Japanese carmaker Honda released a statement last Tuesday that it had halted operations in its Sayama, Japan car plant due to a recurrence of the now-infamous WannaCry ransomware. The plant, which has an output of approximately 1000 vehicles per day, was shut down on Monday after Honda discovered the virus had affected networks across Japan, North America, Europe, China and other regions. This was despite attempts by the company to secure its networks against such attacks when the initial WannaCry outbreak occurred back in May.


Just one day’s downtime at Honda’s Sayama plant cost production of 1000 vehicles

Read more

Shane Chambers No Comments

Ransomware attacks may breach new EU GDPR data protection regulations.

With the introduction of the new EU general data protection regulation (GDPR) this time next year (25 May 2018 to be exact) – businesses all over the globe could find themselves in breach of the regulation and facing hefty fines should they fail to prevent a ransomware attack, phishing attack or similar. The message is finally getting out there – something needs to be done about ransomware and fast.

GDPR Data Breach From Ransomware

How Ransomware could cause a breach of GDPR?

As noted in this RTE article by @AengusCox – data protection and governance expert @DaraghOBrien, Managing Director of Castlebridge Associates, confirms GDPR is all about accountability. Not only do organisations have to comply with the regulation, they also have to demonstrate compliance through evidential proof (documentation, etc) of the controls, processes, technology, etc. that they have in place to protect the sensitive and personal data they hold on EU citizens (to include their staff, customers, vendors and third parties).

Daragh confirms that ransomware could indeed be seen as a breach of GDPR by the data protection commissioner, as ransomware typically can affect both the availability and access of personal data and can also affect the recovery of the personal data. Indeed, some viruses are known to upload personal data to hackers – a clear data breach and major breach of the GDPR.

As the GDPR comes more and more into focus through the year and into next year – security experts predict that hackers/scammers will begin to steal data with advanced ransomware and then blackmail the victims by threatening to report them to data protection commissioner.

What can be done?

In the RTE video interview, Daragh notes that security awareness training for staff is crucial now. Businesses urgently need to train their staff how to recognise and avoid clicking on links in phishing emails.

Many may not realise yet, but Article 39 1(b) of the GDPR regulation places a mandatory onus on organisations to undertake security awareness training for staff that deal with sensitive personal data. Read more