Saturday, 20 May 2017

Lero study highlights need to build in forensics to identify cause of cyber attacks



- Study launched on back of recent global cyber attack

New research from Lero, the Irish Software Research Centre, finds that many organisations are failing to consider the threat of cyber attacks when they design and develop software systems. The news follows on from the recent unprecedented global WannaCry cyber-security attack that affected more than 200,000 systems in 150 countries, including the UK’s NHS.

“The recent global cyber attack has highlighted the growing demand for organisations across the public and private sectors to have the capacity to investigate such incidents,” said Dr George Grispos of Lero, the Irish Software Research Centre, which is supported by Science Foundation Ireland. “Our study suggests that current software development processes are inadequate in many organisations with regard to integrating forensics into the development process.”

He added, “The repercussions of these findings could mean that when cyber attacks and similar incidents occur, investigators could face challenges with not only eradicating the problem but also identifying and collecting information that can help catch the perpetrators or other malicious users.”

The Lero study found that while 64% of the surveyed organisations considered requirements for the detection of security incidents, less than a quarter (23%) have considered requirements regarding the collection of data for forensic investigations.

More than half of the surveyed individuals indicated that their organisation does not consider requirements for how data should be collected and secured before investigators can examine it after an attack.

“Many organisations do not consider how they will investigate and eradicate security incidents and attacks during the development lifecycles of their applications,” commented Dr Grispos. “Further complicating matters, the study also highlights that any data which could be required to identify who is responsible for the incident, may also be compromised before it is even used in an investigation.”

He said that in many cases organisations across the public and private sectors implement software applications and then decide how to protect them. “The recent global cyber attacks emphasise the need to not only build-in security protections but also forensics from the start of the development lifecycle.”

The report “Are You Ready? Towards the Engineering of Forensic-Ready Systems” is available at https://arxiv.org/abs/1705.03250

Friday, 19 May 2017

LIT & GTMA to host first ever joint UK-Ireland manufacturing technologies and engineering solutions road-show

Tool technologies trade association the GTMA, in association with Limerick Institute of Technology, will host Manufacturing Solutions Ireland 2017, the first ever manufacturing technologies and engineering solutions road-show outside of the UK, on Wednesday May 24, 2017.

The historic event to be held at LIT’s Moylish Park Campus is the largest roadshow the GTMA has embarked on in its 75 year history, as it brings together more than 80 manufacturing technology and engineering solution companies from both sides of the Irish Sea.

The event will be opened by the Minister of State for Employment and Small Business Pat Breen. Industry related talks and presentations will also take place on the day from guest speakers, including a talk on “Brexit Impact” by Deirdre McPartlin, Enterprise Ireland; Automation and Metrology Case Study by Chris O’Gorman, Skyler Medical and “Making Industry 4.0 Work for your company” by Industry Head, Siemens Ireland, Domhnall Carroll.

GTMA Chief Executive Officer Julia Moore said this joint UK-Ireland event is not only an opportunity to highlight engineering excellence but also a way to foster closer relations and profitable opportunities following Brexit.
“This is a landmark step forward for the GTMA following Brexit, and by bringing leading technology suppliers together, the GTMA and LIT are providing an ideal conduit for the transfer of technology from the specialist suppliers to the practical industrial landscape, where its take up and practical application can be used to gain a competitive business advantage,” said Ms Moore.

“It is also an opportunity for visitors to improve existing products and introduce new ones using the latest technologies and services,” she added.
LIT President, Professor Vincent Cunnane said, “This is a very significant conference coming at a time of huge change in manufacturing – both at technological and political levels. This region is central in the Irish manufacturing sector, and has been for much of the history of the state. The ability to adapt to change is vital, and LIT will play a leading role in ensuring that manufacturing in this region is at the cutting edge of contemporary thinking.”

Manufacturing Solutions Ireland 2017 is a focal point for manufacturing technologies and engineering solutions from over 80 of the most advanced providers of metrology, inspection, machine tools, work holding, cutting tools, robotics, automation and CAD/CAM/PLM manufacturing software and ancillary products and services.
Programme leader in Precision Engineering at LIT, Department of Mechanical and Automobile Engineering, Ciaran O’Loughlin, said, “This is a must attend event for every Irish manufacturing company, with unrivalled access to exhibiting businesses that can provide technical product information and support services that will improve efficiency and make productivity gains achievable.”

“Manufacturing Solutions Ireland 2017 will not only raise awareness of the relevance of engineering in the economy and aid the development of indigenous companies, it has the potential to open up relationships with UK suppliers and the supply chain,” he added.

Exhibition space for the event has been extended to accommodate the unprecedented number of companies applying to exhibit. Line up of exhibitors will include European and global leaders in manufacturing and solutions, alongside specialist companies throughout the supply chain and covering the full spread of engineering resources.

Manufacturing Solutions Ireland 2017 is also supported by PTMA Ireland and Enterprise Ireland.


Thursday, 18 May 2017

Fake BT bill carries ransomware-delivering trojan


ESET Ireland warns that the nasty Nemucod malware is back as the malicious payload of a fake BT bill.

At ESET Ireland we’ve been informing the public about Nemucod for a while. About a year ago it was one of the prevalent malware infections in Ireland with a 50,42% detection rate, while the global average was only 15,82%.

It all starts with an email, appearing to come from BT with the subject “New BT Online Bill”, equipped with all the correct logos and graphics. The content of the email says:

“Your bill amount is: 376.03 GBP. This doesn't include any amounts brought forward from any other bills.
We've put your latest BT bill for you to view. See your bill here.
The PDF version of your bill might not be available for download yet. It can take up to 48 hours.
We'll take your payment from your account as usual by Direct Debit.”

Curious about what the “bill” is about, people would click the link, which would immediately ask them to download a file called BT_bill.js, while the text of the message makes an excuse why a PDF file is not available. As most people have file extensions hidden by default, most would fail to realise the .js stands for JavaScript, which, if clicked, would immediately install a malware that ESET detects as JS/TrojanDownloader.Nemucod.CYJ trojan.

This malware doesn’t do much direct damage itself, but it starts downloading other, more serious malware, which includes everything from ad-clickers and ransomware to banking trojans.

ESET Ireland urges extreme caution with such emails and avoiding clicking any links or attachments they contain.

The full story with screenshots is available on ESET Ireland’s official blog.