SE Labs

Posts tagged 'cybersecurity'

Serial Hackers

How we run our Breach Response testing, and why

Breach response testing

In this blog post our CTO Stefan Dumitrascu explains some of the challenges behind our newly launched Breach Response testing, why things are now different (better) and the background on how we came to make some of our decisions.

One of our most exciting projects this year has been the Breach Response testing programme. In this article we explain what has changed since last year, and why.

Read more >

Hands up, who’s been hacked?

Get ahead in the game that never ends

Ever been hacked?

Have you ever been hacked? You, personally, or your business? If your answer is, “no” it would be interesting to know how you can be so sure.

I once spoke to a marketing manager at a global anti-malware company who claimed that his PC had never been infected by malware, despite him not using anti-virus. How would be know? Not all malware announces its presence as clearly as, say ransomware. “I just would,” he claimed.

Read more >

SE Labs Annual Report 2020

awards winners testing like hackers

Well, 2020 was an interesting year! Some of the largest and newest security companies were bought and sold…

The world descended into chaos thanks to a biological virus (while digital viruses continue to wreak havoc)…

And SE Labs launched a new website and started using machine learning in its testing.

We appreciate some of these things are more important than others…

However, in the face of adversity we must all carry on and we are proud to announce our second annual report, in which we review the unprecedented year of 2020, announce our annual awards winners and discuss testing like hackers.

Read more >

Next-gen testing for next-gen security products

Next-gen testing for next-gen products

Bad guys help SE Labs keep its testing up to date

Latest endpoint protection reports now online for enterprise, small business and home users.

For the first time in our endpoint protection tests we’ve seen a strong overall performance from both well-established anti-malware brands and newer entrants to the market.

Vendors such as FireEye and Crowdstrike are well-known and respected brands in the security world, but they are relatively new compared to Symantec, McAfee and even Microsoft. Microsoft has not promoted its anti-malware software until quite recently.

Read more >

SE Labs launches new security testing site

selabs-uk_v2-6297840

The new website reflects the changes in the security industry over the last few years. We’ve listened hard to your feedback and watched as the industry’s needs have changed.

Clients, both security vendors and their customers, need increasingly customised analysis of products and their effectiveness. Which is the best? And what does ‘best’ really mean?

Read more >

Strong protection in uncertain times

A hacker mentality is keeping (computer) virus testing on track.

Latest endpoint protection reports now online for enterprisesmall business and home users.

This is the first in our series of 2020 endpoint protection reports. And it is unique, for all the usual reasons but also a new one.

We would normally highlight the latest new threats that we’ve discovered on the internet and discuss how we test them against the security software you use in your business and at home in the most realistic ways possible. And we’ve done that. But these reports are different to any we’ve produced before, for another reason.

Read more >

Testing deeper, wider and better

Bad guys evolve; defenders evolve; testing (should) evolve

Latest endpoint protection reports now online for enterprise, small business and home users.

These reports represent the state-of-the-art in computer security endpoint testing. If you want to see how the very best security products handle a range of threats, from everyday (but nevertheless very harmful) malware to targeted attacks, this is a great place to start.

Read more >

Securing a business from scratch

Building and launching a start-up company is a challenge in itself. Securing it when it is new, young and vulnerable is something else. It’s very necessary but also hard if you don’t know what you’re doing. And can you afford a consultant in the early days?

If your new business is IT-based and focused on security then you’re in a stronger position than, say, an organic make-up business or an ethical coffee brand.

Read more >

SE Labs introducing cyber security to schools

It’s widely acknowledged that the cyber security workforce needs more talented young people to engage. Just as we, at SE Labs, want to help fix information technology security by testing products and services, we also want to encourage an interest among young people, hopefully igniting a passion for understanding and defending against hacking attacks.

We test next-gen security products AND encourage the gen-next!

Our attempts to enable youth from progressing from complete novice, through to getting their first job and then to reaching the top of industry, is an initiative to bring about the needed change and fill the gaps.

As part of our new corporate social responsibility programme we set up an event at Carshalton Boys Sports College to introduce the concept of cyber security and its career prospects to the students.

Around 15 participants ranged from year 10s to sixth formers (aged 16-18) attended the main presentation and all year groups approached us at the stand we set up.

We outlined various topics in the presentation including the different types of cybercrime and attacks; and institutions offering free and paid courses to certain age groups on cyber security, aimed at students.

We also addressed how to break into the cyber security sector; what positions are available in the industry; and how employees are in high demand in both public and private sectors, part- and full-time, in virtually every industry in countries around the world.

Then we went through a test run of a targeted attack to demonstrate what it looks like and what it means.

“Why do we use Kali Linux?”, “What should I do to get into cyber security?”, “What are the skills required?”, were a few curious questions asked by the students at the end of the presentation.

Those who came over to the stand wanted to know who we were, what we do and simply, “what is cyber security?”

They were interested in who are clients are (we gave limited answers due to NDAs), what do they need us and how did we manage to get this far. A lot of these were asked by the younger years who were inquisitive to learn more about this subject. Positive!

Feedback from the college:

On behalf of the Governors, Head Principle, students and parents of Carshalton Boys Sports College, I would like to thank you for your valued input, helping to make our Directions and Destinations Day a great success. 

Our staff work tirelessly to open our students’ minds to the possibilities available to them, but without the support of partners like you, that job would be impossible. Together we had the school filled with a sense of purpose all day and responses we have had from students and parents have shown us that the day has inspired our students. 

We have already started thinking about the future and would be grateful if you have any suggestions about how we might make things even better next year. 

Thank you once again for giving your time, energy and expertise last week.

Well, yes! A career in cyber security is a journey for sure, but a worthwhile one. And in the end, it’s more about people than machines, as a mind’s software can be more powerful than any hardware.

Pooja Jain, March 2018

Anatomy of a Phishing Attack

phishing_magnifying_glass_fi-3673555Who attacked a couple of Internet pressure groups earlier this year? Jon Thompson examines the evidence.

For those on those of us engaged in constructing carefully-crafted tests against client email filtering services, the public details of an unusually high-quality spear-phishing attack against a low value target make for interesting reading.

In this case, there were two targets: Free Press, and Fight for the Future. The attack, dubbed “Phish for the Future” in a brief analysis by the Electronic Frontier Foundation, is curious for several reasons.

Free Press is a pressure group campaigning for an open internet, fighting media consolidation by large corporations, and defending press freedom. Fight for the Future works to protect people’s basic online freedoms. Objectively, they’re working for a better online future, which makes the whole affair stand out like a pork buffet at a bar mitzvah.

The first thing that struck me was that the emails were apparently all sent during office hours. The time zones place the senders anywhere between Finland and India, but apparently resolve to office hours when normalised to a single zone.

Another interesting aspect is that even though the emails were sent on 23 active days, the attackers didn’t work weekends. This immediately marks them out as unusual. Anyone who’s run an email honeypot knows that commodity spam flows 24 hours a day.

The attackers first tried generic phishing expeditions, but quickly cranked up their targeting and psychological manipulation. This begs an interesting question: If you’re an experienced, professional, disciplined crew, why jeopardise the operation by beginning with less convincing samples that may alert the target to be on the lookout? Why didn’t they simply start with the good stuff, get the job done, and move on?

One possible explanation is that the attackers were trainees on a course, authorised to undertake a carefully controlled “live fire” exercise. Psychologically manipulative techniques such as pretending to be a target’s husband sending family photos, or a fan checking a URL to someone’s music, imply a level of confident duplicity normally associated with spying scandals.

The level of sophistication and persistence on display forms a shibboleth. It looks and smells somehow “wrong”. The published report reveals an attention to detail and target reconnaissance usually reserved for high value commercial targets. Either the attackers learn at a tremendous rate
through sheer interest alone, or they’re methodically being taught increasingly sophisticated techniques to a timetable. If it was part of a course, then maybe the times the emails were sent show a break for morning coffee, lunch and afternoon tea, or fall into patterns of tuition followed by practical exercises.

phishing2b-6448783The timing of the complete attack also stands out. It began on 7th July, ended on 8th August, and straddled the Net Neutrality Day of Action (12th July). With a lot happening at both targets during that time, and one assumes a lot of email flying about, perhaps the attackers believed they stood a better chance when the staff were busiest.

So, to recap, it looks like highly motivated yet disciplined attackers were operating with uncommonly sophisticated confidence against two small online freedom groups. Neither target has the business acumen of a large corporation, which rules out criminal gain, and yet an awful lot of effort was ranged against them.

The product of phishing is access, either to abuse directly or to be sold to others. Who would want secret access to organisations campaigning for online freedom? Both targets exist to change minds and therefore policy, which makes them political. They’re interesting not only to governments, but also to media companies seeking to control the internet.

I’m speculating wildly, of course. The whole thing could very easily have been perpetrated by an under-worked individual at a large company, using their office computer and keeping regular hours to avoid suspicion. The rest is down to ingenuity and personal motivation.

We’ll never know the truth, but the supporting infrastructure detailed in the EFF report certainly points to some considerable effort over a long period of time. If it was an individual, he’s out there, he’ll strike again, and he learns fast. In many ways, I’d prefer it to have been a security service training new recruits.

About

SE Labs Ltd is a private, independently-owned and run testing company that assesses security products and services. The main laboratory is located in Wimbledon, South London. It has excellent local and international travel connections. The lab is open for prearranged client visits.

Contact

SE Labs Ltd
Hill Place House
55A High Street
Wimbledon
SW19 5BA

020 3875 5000

info@selabs.uk

Press