Book review: “The Cyber Attack Survival Manual”

 From PCI to HIPAA and more, security awareness is part and parcel of computer security. But for far too many organizations, they simply go through the motions of security awareness, but the end users are not necessarily better for it. Such awareness programs meet the regulatory requirements for awareness, and companies are then able to check the audit box, but that is about it. 

Ransomware creators and social engineers are fond of firms who take an approach like that, as it makes their jobs much more straightforward. But an ounce of information security awareness cure can save an organization from Bitcoins of ransom later.

In The Cyber Attack Survival Manual, authors Nick Selby and Heather Vescent have written an awareness guide that is both informative and interesting. The book provides a high-level introduction to the core areas of information security.

The book makes excellent use of infographics, key terms, stories and more. As an awareness tool, this is a book that you can give to every user and have them read at their leisure. It is engaging and immensely readable, so there is no doubt they will read it rather than have it gather dust. 

I have this book on my list of The Best Information Security Books of 2020; this is an excellent read and should also be on your reading list. 


Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack • Graham Cluley

Members of one of England’s most exclusive golf clubs has warned its 4000 members that their personal details may have fallen into the hands of hackers following a ransomware attack.

The prestigious private Wentworth golf and country club, whose members include high profile celebrities, sports stars, and top business people, has sent out an email offering its “profuse apologies” after its members’ list was accessed by cybercriminals.

However, according to The Telegraph, the first club members knew of the problem, was when an unauthorised message appeared on the “Wentworth at Home” internet page claiming that “your personal files are encrypted!” and demanding a Bitcoin cryptocurrency payment for a decryption key.

Sign up to our newsletter
Security news, advice, and tips.

As is increasingly common, the attackers did not just encrypted data on the private golf and country club’s network – but also stolen some of it in an attempt to increase their chances of a payout.

It is thought that the data stolen from Wentworth’s network includes:

  • Names of members
  • Members’ dates of birth
  • Members’ home addresses
  • Members’ email addresses
  • Members’ phone numbers
  • The last four digits of members’ bank account numbers, used for direct debit payments

In its warning to affected club members, Neil Coulson, Wentworth’s general manager, attempted to reassure members that their accounts were not at risk:

“I fully appreciate this will be concerning for you but we have taken third-party specialist advice and have been assured there is not enough personal information in the file to enable improper access to your private account and therefore it is considered a low risk.”

However, the exfiltrated information could potentially be exploited in cybercriminal campaigns to scam unwary members of the exclusive club, or even put them in physical danger.

Affected members would be wise to be alert to phishing emails and unexpected communications claiming to come from the club which may attempt tp extract further details, as well as take steps to ensure their personal safety if they would not want their home address to be public knowledge.



How to protect your organisation from cyber attack

I’ve been talking to hackers to get into their mindset so I can work out how best we can help businesses protect their end users and sensitive data.

And the first thing that comes out is that, generally, a cyberattack is nothing personal; you’re not being specifically targeted.

Most phishing, ransomware or vulnerability scanning attacks out there are widespread sprays, hoping for a pay-out. It’s a numbers game; test the defences of enough organisations and you’ll find one that will let you in.

It’s like walking down your main shopping precinct and having a flyer thrust into your hand — you’re a target, but you’re not being specifically targeted.

Most people will bin the flyer without reading, but a few will read and act upon the info, bringing in enough return to make the whole flyer operation profitable.

So, if it’s rarely personal, why do hackers attack? What’s in it for them? By understanding the level of investment they’re willing to make and the danger they’re willing to risk, we have a better chance of disrupting their operating model or putting a stop to it altogether.

The five core ‘wants’ of cyber attackers

My research unearthed five main elements attackers are looking for. Once you understand them, you have the basis for a robust defence strategy. You can filter an attacker’s wants into the following: 

Your bandwidth

They want to use your networks and IT for targeted attacks against others or as part of their DDoS (distributed denial-of-service) attack infrastructure.

Your money

This can take many forms, from mining bitcoin through to extortion or manipulating your stock price. A whaling attack could trigger fraudulent money transfers, or they could steal funds through capturing credit card and banking details.

Your data

Attackers can monetise your data through extortion with or without ransomware, either threatening to delete or leak your data. They can also obtain funds by stealing your intellectual property.

Your storage

They might need somewhere to store something illegal and / or non-attributable on your systems. Think pirate software and illegal images.

Your identity

Although your identity may well only…