Nettitude Blog

Zero day impacts: How marine and offshore organisations should prepare for unknown vulnerabilities

Posted by Nettitude on Aug 15, 2019 1:51:53 PM

What is a zero day attack exploit?

Imagine setting sail with your bow doors still open. Or operating with an engine that leaked 50% of its fuel intake. Or if we let the bridge continue to operate with all the windows smashed.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

Is Third Party Expertise in Security Risk Management Necessary?

Posted by Nettitude on Aug 14, 2019 7:05:43 PM

According to one survey, 95% of organizations outsource part or all of their Security Operations Center[i], and that includes incident management. Is leveraging third party expertise the most effective way to obtain security incident management services?

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

Cyber Attacks Reported by US Coast Guard

Posted by Nettitude on Aug 8, 2019 10:36:06 AM

Cyber Attacks Reported by US Coast Guard: Are Maritime Cyber Security Risks Unknown or Ignored?

The US Coast Guard issued a marine safety alert on July 8th 2019 following an "interagency response" to a cyber incident affecting a vessel bound for the Port of New York and New Jersey. This followed a more general briefing issued in May 2019 which warned of cyber adversaries attempting to gain sensitive information via phishing and malware intrusion attempts.

The investigation by the US Coast Guard and other agencies found that although the vessel's essential controls systems had not been impacted, the onboard computer system had been 'significantly degraded' by a malware infection. This had led the vessel to report the incident, and had exposed critical systems to additional risk. The alert highlights that although separate computers were used by the crew, the same network was used for official business, and it is assessed as likely therefore that an infection had been able to spread within the environment.

What is particularly noteworthy about this latest report is that the risk was 'well-known among the crew', and despite this, the same shipboard network was used to manage operations on the ship – to update electronic charts, manage cargo data and communicate with shore-side facilities, pilots, agents, and the Coast Guard. Is this because the crew were ignoring the risk, or were unaware of how likely it was that the issues could be exploited? More widely, is there adequate information available to organisations to make intelligence-backed risk decisions? The publication of this briefing, and the previous one in May, are to be welcomed as they bring greater attention to the likelihood of vessels being targeted in this way. Ideally, future reports will also include key technical indicators such as the type of malware, how the infection happened and what the intent was.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

Tanker Cyber Attacks taking place in the Gulf

Posted by Nettitude on Aug 1, 2019 2:36:34 PM

Tensions between the U.S. and Iran have soared in the last weeks. Washington and Tehran came close to a direct military conflict last month when the U.S. accused Tehran of orchestrating two attacks on oil tankers in the Persian Gulf region, which Iran denied. Then, after an Iranian missile shot down a U.S. drone, the U.S. ordered reactive airstrikes that were called off at the last minute. Instead, it was widely reported that the U.S. Cyber Command in the Pentagon launched cyber-attacks against the Iranian group that have been planning and orchestrating the tanker attacks in the region.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

Globalising Cyber Security Regulation

Posted by Nettitude on Jul 26, 2019 12:18:15 PM

How do major regulatory frameworks for financial services differ across the world, and how is this changing?

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

Security testing: What should your business be doing?

Posted by Nettitude on May 30, 2019 4:39:54 PM

Security testing (including scanning, penetration testing, red teaming, and more), is often seen as a compliance bug bear. However, if your security team wants to provide a level of assurance to the business that if an attack was to take place, you are well placed to both defend and detect it, it is essential that you perform the right kind of testing for your business. In this post, we’ll take a look at the types of testing you should be deploying within your organization by explaining what each type of test does and what it can (and can’t) deliver for you.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

Nettitude’s Q1 2019 PERCEPTION Report: What are the latest threats facing the financial sector?

Posted by Nettitude on Apr 4, 2019 5:42:15 PM

We just released our latest edition of PERCEPTION, our cyber threat intelligence briefing for the financial services sector edited by Dr Graham Shaw. This contains informative, relevant and timely information about the cyber threat landscape for financial institutions, current threat actors and recent activities, and is designed to help you address the cyber risks faced by your organization.

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area

Developing a Cyber Security Strategy: How do you plan for the inevitable?

Posted by Nettitude on Apr 4, 2019 3:30:29 PM

 Cyber-attacks and the impact they have on organizations are becoming much better understood. However, in facing increasingly sophisticated, targeted and untargeted attacks, the complexity and scale of the threat means that avoiding a cyber-attack is becoming harder for organizations. If a cyber-attack is going to happen at some point, it’s essential that organizations plan for, and prepare to respond to, the inevitable. But this can be easier said than done. What steps do organizations need to take to develop a cyber security strategy that ensures they are prepared?

Read More

Topics: Cyber Security, Nettitude, Security Blog, Security Testing, Cyber Security Blog, Download Area

Ransomware: Where are we now?

Posted by Nettitude on Mar 25, 2019 9:07:07 PM

By Michael Fratello, Security Consultant at Nettitude

Read More

Topics: Cyber Security, Nettitude, News, Security Blog, Security Testing, Cyber Security Blog, Download Area, Research & Innovation

Android users still not ready to fully embrace security

Posted by Phil Buck on Jul 31, 2017 5:32:32 PM

Android malware variants are fairly common and tend to affect a large number of users at once. It was recently discovered that CepKutusu.com, an alternative Android app store in Turkey, has been serving a banking trojan to all users who download an app.[1] In addition, in June 2017, the CopyCat malware infected over 14 million devices mainly in South East Asia, with the threat actors behind the malware pocketing approximately $1.5 million in two months[2]. To compliment these reports, a recent study shows that the heaviest mobile user group (age 18-24) still lacks good security practices[3], creating a large target set for threat actors to potentially exploit.

Read More

Topics: Security Blog

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Our experts use an award winning Threat Intelligence led approach that incorporates real-time data, ensuring that your company is protected at every stage of its journey.

Receive an update when we post!

Recent Posts