The National Crime Agency’s 2016 Cyber Crime Assessment Makes for Some Sobering Reading

The UK National Crime Agency have released their annual cyber crime assessment, and straight off the bat they’ve been clear about the implications with the title, “Need for a stronger law enforcement and business partnership to fight cyber crime”.

The report, available here, describes the standard impact of an attack, loss of revenue, valuable data or other company assets, and immediate loss of shareholder value.  It also describes the likely source of attacks, describing the serious organised crime groups, as well as smaller-scale, mostly domestic, criminals and hacktivists.  Despite acknowledging that the major risks are posed by the more advanced international crime groups, the report accepts that the majority of losses are due to cyber criminals with relatively low technical capability.  This admission is better news, suggesting that limited work on network systems could help to protect them from the majority of these low technically capable attacks.

The report goes on to say that the majority of businesses are affected by data breaches, whilst the banking and retail sectors are suffering due to cyber-fraud attacks on customers, rather than businesses.  The use of new technology to protect attacker’s identity and location, as well as improving criminal operating methods means that many corporate cyber security tools are insufficient to protect corporate networks.  This is a point we fully agree with in our description of the Cyber Security Gap.

So although none of the information is particularly surprising, the advice is that businesses in the UK need to do more to protect themselves and fully understand what systems need to be in place to protect their critical systems.  This means businesses need to be more open to changes to the standard Firewall/Anti-Virus status-quo, perhaps bringing in knowledgeable consultants to aid with setting up new network security systems.

Serco Invests in Perception for Global Network

It's a pleasure to finally be able to announce this formally, Serco have invested in Perception.  After trialing Perception and a number of other cyber security products, Serco have installed devices all across the globe on 4 continents.

Mark Henshaw, Head of Information Security for Serco Group, said: “I am extremely impressed with Perception as it very effectively fills the gap that has developed between traditional network security tools and the expanding threat landscape as we see increasingly sophisticated malware and blended advanced threats.

“Perception sold itself as it’s a powerful tool that identifies apparently benign events which could seriously impact Serco. It is proving to be simple to implement and has demonstrated value in a very short time by identifying malware, policy violation, suspicious data movement, device configuration issues, and pointers to areas where awareness training should be increased. Many of the issues identified were subtle in nature and were not picked up by our current network security systems,” said Henshaw.

“Serco supported Chemring Technology Solutions during Beta tests of Perception and we were particularly impressed by how different it is from traditional network security systems that rely on pattern matching. Perception collects and analyses information in a different way by looking for the unusual and linking apparently non-threatening network activity to identify hidden malware. It’s also very competitively priced, costing a similar amount to a mid-range firewall. Overall, Perception adds another highly effective layer to our cyber defence arsenal,” concluded Henshaw.

Serco have been a joy to work with; not only are they very particular about the products that protect their network assets, they've also been really helpful in offering advice and suggestions on how to improve Perception.

200 Or More Mobiles in Your Enterprise? You Have Mobile Malware

A report created by mobile threat defence firm Skycure suggests that 4% of all smartphones used in enterprise contain malware.  Possibly more concerning is that they found that any organisation with 200 or more mobile devices contained at least one device with malware.

The Mobile Threat Intelligence Report (available for free here) suggests that a balance must be met in securing a business’s mobile devices whilst also giving them the flexibility to use the devices without restrictions.  A mobile device connected to an enterprise network often has access to swathes of shared data, or even when disconnected from the network may contain confidential data on the device itself.  This proximity to sensitive data makes the findings that much more alarming.

Other conclusions found by the study suggested that traditional malware was not the source of most mobile vulnerabilities.  Network Threats, such as MITM attacks, or XSS were 5 times more likely to occur than malware on the devices analysed.  This suggests that traditional network monitoring systems should be prioritised above device-based anti-malware software.  The remainder of the issues on these devices resulted from configuration vulnerabilities which can be solved by having proper policy management or user education, however, as we often see, the biggest vulnerability in any system is often the user.

Skycure is the leader in mobile threat defense, detecting and preventing cyber attacks without compromising the user’s privacy or mobile experience.  The report in question is based on millions of monthly security tests from January through March 2016 and includes both unmanaged devices and those under security management in enterprise organizations.


Dridex switches from office docs to security notifications in new spam run

Dridex is back, after seemingly dropping out of favour once all major filtering systems tried to find a way to defeat the macro-downloaded payload.  Building in popularity throughout May and June, this new iteration uses scare-tactics to convince the user to open an attached .zip file.  Previously Dridex was deployed via macro by convincing a user to open an attached office document.  Now the attachments are ‘security notifications’ and the email uses scare tactics by trying to pretend to be a blocked attachment supposedly sent from the mail server. When paired with a certified application (CertUtil) the threat is more likely to pass through sandboxing solutions meaning infections are much more difficult to block. CertUtil can quite legitimately have macros packaged up with it.

Whilst this shouldn’t change much for network security professionals, as the advice remains to not open anything you’re not expecting and always stay suspicious of compressed files anywhere, this could increase the occurrence of Dridex infections.  As a result, try to stay vigilant of any suspicious network activity that could indicate Dridex presence on your network.

Although the download vector has changed in this new iteration, researchers at Trend Micro (who have already added protection to their MainlineDV filter), have suggested that once downloaded, the malware behaves the same as previously.  That is to say, keep your network monitoring running, and a keen eye out for an increase in Dridex again.


Over half of UK business decision makers are worried about cyber attacks

Recent research carried out by YouGov Plc and Noddle Protect (part of Callcredit) has suggested that over half of the decision makers in large businesses deem cyber-attacks as something that keeps them up at night.  Slightly less than half of the 281 respondents said that they were having sleepless nights about a data breach resulting from data theft or irresponsible action.

When discussing consequences of data breaches, the primary concerns for respondents was reputational damage.  This was seen as more concerning than loss of customers, regulatory fines or falling share prices.  This suggests that the long term effects of a data loss incident are more concerning than the short term impacts for decision makers in large businesses.

However most decision makers feel that they are prepared for a breach, 81% of participants say their business is ready to tackle this problem.  The biggest variation did come in exactly how these companies were prepared.  Post-crisis management processes are common, with over half having a business continuity plan, and only slightly fewer having a crisis management plan.  The statistics for catching and dealing with in progress incidents was comparatively low, only 39% have a security monitoring team; suggesting that the focus is on what to do after an attack, not to detect one in progress.


Perception Cyber Security is a Finalist at the Cyber Security Awards 2016

After being nominated earlier this year, it has been confirmed that Perception Cyber Security has been selected as a finalist for this year's Cyber Security Awards in the Start Up category.

The awards are taking place on the 23rd June at the luxury 5-star Chelsea Harbour Hotel in London.  Judge Karla Jobling said “To be nominated as a finalist is a great achievement as the competition this year is tough. As always, the judges are looking to reward high achievers within our industry and are looking for those who demonstrate passion and innovation, within cyber security.”

"It is a great achievement for all of us here at Perception, " said Dan Driver, Head of Perception Cyber Security, "Hopefully this will give the judges a chance to take a deeper look into the technology behind our solution and discover exactly why it is so effective at what it does.  We're looking forward to putting the judges in touch with some of our customers to show them how invaluable Perception is when placed in a real-world network."

The Start-Up category is designed to show off new business areas or businesses in the Cyber Security that have commenced trading since June 2014.  The winner will demonstrate the need for the product within the market place and the success they have experienced to date.  The Cyber Security Awards has 10 expert judges, who represent a broad spectrum of different backgrounds and organisations with the cyber industry.

All of us are thoroughly looking forward to the event, and hope this is the first of many Perception will be attending.


The biggest ever leap forward in Perception technology.

As you all know Perception is a system that derives a level of understanding of the behaviour of all traffic on a network, capturing packets of that traffic on its way, and then allowing an analyst to look into patterns of that behaviour to determine what behaviour is malicious, dangerous, or indicative of a network vulnerability.  What this boils down to is letting the system automatically generate the most useful data set and then allowing the analyst to use that mass of data to find what’s interesting.  Whilst this method has proven to be more effective than standard solutions for finding existing threats and weaknesses on a network, it still relied on capable analysts with a deep level of understanding of network topography and threat landscapes.

Now, as part of a massive version 2.0 upgrade, we are adding a huge layer of capability onto the system, ForensicAI.

ForensicAI is an advanced system of artificial intelligence that automates large analysis tasks.  ForensicAI constantly looks through the built up mass of behavioural data from Perception’s behavioural analysis, identifying patterns and common themes that indicate potential live threats and network vulnerabilities without any intervention by the user.  When anything of interest is found, rich data is made available to the user in the form of an alert that explains what has happened, and why it is worth looking into. 

ForensicAI works by constantly polling the knowledge base looking for multiple behaviours or series of behaviours over time.  Because of the in-depth information generated by Perception’s behavioural analysis system, ForensicAI can generate alerts on activity that has occurred over the course of days, weeks, or months with extremely low false-alarm rates and very high detection rates.  The system is also flexible, our customers can request the development of specific ForensicAI intelligence to look for areas of concern, or increase the tendency for ForensicAI to alert on certain behavioural patterns.  This flexibility also allows the development team to constantly tweak the system to detect newer threats as they happen, and new logic is immediately able to look back into the knowledge base to see if anything’s occurred since Perception has been installed.

ForensicAI represents the first cyber security system that we know of that can automatically alert on low and slow behaviours over these sorts of timescales.  Perimeter and endpoint solutions typically only have the ‘now’ available to them, and false alarm rates would be too high to generate alerts over some of the behaviours involved in more advanced attacks.  SIEM tools can be used to gather data, but over time it becomes nearly impossible to find the needle in such a large haystack.  ForensicAI can pick out malicious activity that involves something happening months ago, followed by other behaviours a few weeks later, and then something else happening in the last few minutes.  As soon as the last piece in that puzzle falls into place, an alert is generated, which gives us that incredibly high detection rate.

With ForensicAI, Perception now has the capability to generate alerts from the large data sets, rather than just useful data to be used for further analysis.  This allows our serviced customers to benefit from analysts spending more time investigating incidents rather than discovering patterns, and our self-monitored customers can benefit from immediate identification of in-progress malicious activity.

As with all our other software updates, Perception v2.0 including ForensicAI is a free software update to all existing customers.


Visit Us at Security & Counter Terror Expo 2016

Next week is the newly renamed Security & Counter Terror Expo at the Kensington Olympia, London.  If you're visiting the show, swing by and come see us on the Chemring Technology Solutions stand B30 to learn more about Perception, as well as some of Chemring Technology Solutions' broader range of security products.  If you'd like to organise a more formal meeting with us while you're there, contact us at and we'll arrange one of our sales personnel to get in contact.

We look forward to seeing you next week.

Perception Announcement

Chemring is proud to be announcing Perception™ today, the industry first in class Bio-inspired network security system.

Perception™’s bio-inspired technology mimics the autonomic fight or flight fear response mechanism, embedded in all mammals. By applying this response mechanism to cyber defence, we have been able to create a neural network architecture that is designed to win the battle against unknown and emerging threats.

Unlike typical rules based systems, Perception™ will identify malicious activity and new attacks as they emerge. The system will also monitor for and detect any slow, unauthorised data exfiltration, even when obfuscation techniques are used to evade traditional rules based detection techniques.

Stephen Grinham, Managing Director, Chemring Technology Solutions, said:

“Chemring has a long and rich heritage of internet and cyber defence capabilities and Perception™ is the result of over 20 years’ experience of developing counter threat solutions. Cyber-attacks are a significant and continually evolving threat and Perception™ is uniquely placed to quickly identify threats that other systems cannot.”