UK Gov launches Round Three of cyber security skills initiative

The Department of Digital, Culture, Media and Sport (DCMS) has launched a new campaign to attract a broader array of talent into the work of cyber security.

This is the third-round of funding for the Cyber Skills Immediate Impact Fund (CSIIF), with training providers able to access up-to £100,000 of government funding to work with employers and design training programmes which retrain a diverse range of individuals for a career in cyber security.

“This latest round of funding demonstrates our commitment to make sure the UK’s cyber security industry has a skilled and diverse workforce and, through our new Cyber Security Council, there are clear paths for those wishing to join the profession,” said Cyber Security Minister Nigel Adams.

“It’s fundamental that cyber security is seen as a nationally recognised and established profession with clear career pathways,” said Simon Edwards, IET Director of Governance and External Engagement.

“With cyber skills shortages already emerging at every level, we are committed to working with the Government and the National Cyber Security Centre on delivering the rapid, yet capable development of specialist cyber skills to meet the growing needs of the industry, manage risk and secure the next generation of talent.”

Alongside this funding, the Institution of Engineering and Technology (IET) has been selected to help design and deliver new UK Cyber Security Council to coordinate the existing professional landscape. The aim will be to create an accessible career path, which is appealing to those entering the workforce.

This is the challenge which the UK is facing; a shortage of skilled workers to address specialised tasks which are emerging in the digital economy. While cyber security might not be a new concept, though as it is one which has been ignored by industry for years, this under-preparedness has been passed onto the workforce.

Recent research from DCMS suggest 54% of businesses in the UK have a basic technical cyber security skills gap. The biggest areas seem to be forensic analysis, penetration testing, security architecture and using threat analysis insight.

Interestingly enough, while this is a promising initiative to retrain workers and provide a boost to the workforce, some of the building blocks are still missing; the UK education system and the national curriculum is still to focused on traditional and classical topics, and not on skills and vocations which will create the workforce of tomorrow which is needed today.

Take coding as an example. There are schools where ICT, where coding is an element, is a compulsory topic at GCSE, but these are not the majority. The workplace of the future is going to be increasingly digital, and if the UK Government envisions a continued shortage of competent digital employees, surely reforming the curriculum would be a good step-forward. Perhaps these subjects which drive potential employees towards data science, software engineering and cybersecurity, should be make compulsory by default.

This is a positive step-forward, though retraining schemes like this are reactive. A long-term, sustainable solution to the skills shortage would be to address the challenge at the root.

Guide to Superior Cyber Security

Best practices and tips for protecting your business! 

Cyber security is simple enough on paper– maintain the integrity of your systems while keeping the attackers at bay. Things get much more complicated once you get down to practice, however. Limited budgets, lack of skilled personnel and low awareness on various security topics can all serve as barriers to achieving protection against modern cyber attacks.

One of the most pressing issues relates to visibility and clarity. Where are we currently with our security? What are we missing? Although most IT and security professionals are aware of the technologies and best practices in their field, it’s easy to lose sight of what’s important when you’re dealing with constantly changing digital environments and rapidly evolving external threats.

That’s why we’re here. If you need some tips – or want to refresh your memory – about how to get the essentials of cyber security right, this guide is for you. We go through the basic building blocks of a solid cyber security protocol, from risk assessment and endpoint protection to threat detection. Check how you’re doing – and start improving today!

 

Kaspersky Labs unearths yet another state-linked malware

Cyber security specialists Kaspersky Labs has claimed to have discovered what it described as a highly-sophisticated cyberespionage campaign called Slingshot, which could have been active for six years.

Clues in the text suggest the code was developed by English-speaking programmers, with the most likely source being a government intelligence agency. The team at Kaspersky believes activity started in at least 2012, and was active at the time of analysis in February six years later. The weak point of the perimeter has been traced back to Mikrotik routers and WinBox managing software, though it should be noted the cases thus far are the only ones which have been identified. Vulnerabilities could be in other bits of kit as well.

“The malicious samples investigated by the researchers were marked as ‘version 6.x’, which suggests the threat has existed for a considerable length of time,” the team said in a blog post.

“The development time, skill and cost involved in creating Slingshot’s complex toolset is likely to have been extremely high. Taken together, these clues suggest that the group behind Slingshot is likely to be highly organized and professional and probably state-sponsored.”

Perhaps one of the most interesting aspects of this malware is its ability to go undetected. Slingshot uses its own encrypted file system in an unused part of a hard drive, while it can also even shut down its components when it detects signs that might indicate forensic research. There are several little tricks the actors can use to avoid detection, which makes the malware particularly dangerous and tough to spot.

The attack itself starts with compromised routers made by MikroTik when downloading DLL files in the normal course of business. The actors figured out a way to add a malicious DLL to an otherwise legitimate package of other DLLs, which acted as a downloader for various malicious files which were stored in the router. MikroTik has been informed and fixed the issue, but Kaspersky believes this is not the only brand which was used during the campaign.

Kaspersky

“Slingshot is very complex and the developers behind it have clearly spent a great deal of time and money on its creation,” said Kaspersky. “Its infection vector is remarkable – and, to the best of our knowledge, unique. We believe that most of the victims we observed appeared to have been initially infected through a Windows exploit or compromised Mikrotik routers.”

Two areas which Kaspersky believes to be particularly advanced are a kernel mode module called Cahnadr and GollumApp, a user mode module. Cahnadr runs in kernel mode giving attackers limitless control over the infected computer. It can also execute code without causing a blue screen (crashing the system) on the infected machine, which is highly unusual for malware. The second module, GollumApp, is even more sophisticated, containing nearly 1,500 user-code functions. Slingshot can collect screenshots, keyboard data, network data, passwords, other desktop activity, the clipboard, and a lot more.

The main purpose of this malware does seem to be counter-espionage, Kaspersky notes patterns consistent with other such examples, but because it operates in kernel there are no limitations to the information it can collect. Credit card numbers, password hashes and identification codes (such as social security numbers), are just a few examples, but it is essentially any dataset.

To date, Kaspersky has noted around 100 victims of Slingshot located in Kenya, Yemen, Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania. Interestingly enough, the vast majority of these instances are individuals not organizations or governments (though there are a few examples of the latter two).

Considering how advanced this malware is and it has been able to go undetected for six years, you have to wonder what else is hidden in the shadowy corners of the web. Hacking techniques and nefarious individuals have certainly advanced over this period, which is slightly concerning.

Kaspersky Map