Latest posts from Cyber security updates Join us on LinkedIn PwC UK YouTube channel Subscribe to our RSS feed Join us on Facebook Follow PwC on Twitter

27 July 2015

Cyber security in engineering and construction

By William Rimington Follow @WRimington A growing number of high-profile, large-scale projects, ranging from HS2 to new nuclear power stations, highlight the growing complexity of the supply chain involved in major project delivery. It takes a huge number of upstream and downstream suppliers to deliver a project. Adding to the...

23 July 2015

A tale of Pirpi, Scanbox & CVE-2015-3113

By Tom Lancaster Follow @tlansec Executive Summary In the past year, PwC has notified the public about developments relating to the ScanBox reconnaissance framework on several occasions. There has recently been public reporting[1] which relates to possible deployment of malware via ScanBox for the first time. While the report references...

15 July 2015

Go on, get hacked

By Christian Toon Follow @christiantoon So when did infosec jump off the desktop and start being fun? I can tell you for me it's been the last six months. Don't get me wrong, I've loved working in infosec – these last eight or so years have been amazing. My only...

07 July 2015

Consumer identity - 7 things you need to know

By Richard Mardling Follow @rmardling Consumer identity is the management of a consumer's digital persona when they engage with a provider through whatever channel. The consumer (user of products and services) and provider (deliverer/maker of products and services) relationship is a delicate one which requires trust in order to ensure...

29 June 2015

I'm all about the tech, about the tech, no bubble

By Christian Toon Follow @christiantoon I'm all about the tech, about the tech, no bubble. As we edge closer into this digital world the speed in which technology is evolving to change our physical and intellectual world is fast, there's no denying this. In the last 12 months alone, we've...

24 June 2015

UnFIN4ished Business

By Michael Yip and Chris Doman Follow @michael_yip Follow @chrisdoman Overview With access to business critical information, senior executives and consultants are often said to be valuable targets for threat actors tasked with obtaining sensitive business secrets. FIN4 is a financially motivated threat actor which has consistently targeted this population....

05 June 2015

Neutrino Exploit Kit delivers zero-detection Zeus Variant

By Stephen Ramage Follow @SFRamage We recently spotted Neutrino being used to deliver a zero-detection Zeus variant and are sharing some brief indicators here. The Neutrino Exploit Kit check-in response contains base64 encoded data within HTML comment tags: Decoded, this translates to: 1401076386715766#rate 5#1433384183216305#loader http[:]//sells-store[.]com/forum/acez.exe# Retrieving that executable, which...

02 June 2015

Information security breaches survey: the results are in

By Andrew Miller and Andrew Colloby We have been commissioned by the Department for Business, Innovation and Skills (BIS) to survey companies across the UK on cyber security incidents and emerging trends. This survey aimed to provide greater awareness amongst UK business of the risks, insights on how companies are...

29 May 2015

Diamonds or chains

By Rob MacGregor You’re setting up a new team to deal with targeted cyber attacks and your boss has asked you whether you should be using the Diamond Model or the Cyber Kill Chain®. Thinking furiously for a moment, you pick one and feel relieved as they wander off, only...

27 May 2015

Hunting the network snark

By Rob MacGregor Using entropy to help in hunting anomalies on a network is an approach that has been around for at least the last ten years or so. The trouble is that, by itself, knowing that a certain network flow has an entropy of 7.5 doesn’t help you. It...