SME Cyber Digest

Eternal Blues
FA free scanning tool built by a researcher from Imperva has identified that approximately 50,000 machines are still vulnerable to the EternalBlue exploit that facilitated the recent NotPetya and WannaCry ransomware attacks. The tool has been used to scan more than 8 million IPs and, as of 12th July, vulnerable machines were detected in 130 countries around the world.

EternalBlue is an exploit (allegedly created by the NSA) which was leaked by a group called ShadowBrokers and enables the spread of malware through a flaw in Windows’ Server Message Block (SMB) protocol.

The Eternal Blues scanner has been created to assist administrators who lack the resources and capability of a full security team, but this story highlights how many devices are potentially still vulnerable, even after a well-publicised global news event.

Access All Areas
A new study by password management company OneLogin has found that nearly half of businesses say former employees are still able to access corporate accounts long after they leave an organisation. According to their report “Curse of the Ex-Employees”, 20% of businesses have experienced data breaches by former staff and nearly half of those staff claim that more than 10% of all data breaches are the direct result of former workers.

The report is based on 500 interviews among IT employees who are at least partially responsible for security and make decisions about hardware, software, and cloud-based services. Half of the respondents say ex-employees’ accounts remain active for longer than a day after they leave the company and 20% take a month or more to deprovision employees after they leave.

Although this report is from a rather small sample, the findings identify widespread lapses in many company’s joiners/leavers processes and provide a clear demonstration of the dangers of not having robust deprovisioning procedures for staff leaving an organisation.

RoughTed Malvertising

Tops June Malware Chart

The latest Global Threat Impact Index revealed by Check Point has revealed that 28% of organisations were affected by the RoughTed malvertising campaign during June.

Described as a large-scale malvertising campaign, RoughTed affected organisations in 150 countries and is used to deliver links to malicious websites and other payloads such as adware, exploit kits and ransomware. Following RoughTed, in second place was a browser-hijacker called Fireball which takes over target browsers and drops additional malware or steals credentials. Third place was occupied by Slammer, a memory resistant worm that can be used in Denial of Service (DoS) attacks.

With regards to mobile malware, the top three threats were all targeting Android with Hummingbad the most common form, closely followed by Hiddad and Lotoor. Whilst recent headlines and security responses have been dominated by the WannaCry and Petya ransomware attacks, these findings provide a timely reminder that organisations need to employ a multi-layered security approach to protect against all tactics and methods used by cybercriminals.

Top 5 ‘Most Wanted’ Malware:

*arrows relate to the change in rank compared to May

UK Lagging Behind in GDPR Race
According to a recent survey by NTT Security, one in five business decision makers within the UK have admitted to not knowing which compliance regulations their company is subject to. The survey of 1,350 non-IT business decision makers across 11 countries (200 of which are from the UK), revealed that despite the widespread publicity and advice available on the forthcoming General Data Protection Regulations (GDPR) legislation, just 39% of the UK respondents think GDPR will apply to them.

Data management and storage will be key aspect of the new regulations with organisations expected to know where their data is located, who has access to it, if its content is sensitive and where every piece of data relating to each person is stored. Worryingly, the survey found that only 41% of the UK respondents believe that their organisation’s data is secure, while 55% assert that all of their company’s critical data is secure.

The survey demonstrates that UK decision makers are currently less informed than their counterparts in Europe, possibly because many organisations continue to mistakenly believe the laws will not apply to them because of the UK’s situation with Brexit. We encourage decision makers in all businesses to engage with and start planning for GDPR as, Brexit or not, the legislation applies to any organisation anywhere in the world who hold or collect data on European citizens. Non-compliance punishments are severe and could result in penalties of up to €20m or 4% of annual turnover, whichever is higher.


Unsure about how safe your Superyacht is, or how to implement a solution? Then why not take advantage of our free cyber surgery? We are offering a free consultancy call over Skype or the phone – ask our consultants anything, we are here to help.

Register for our free cyber surgery here