Tag Archives: cybersecurity

Exclusive Group ‘Goes it alone’ to Build Global $10 billion Cybersecurity & Cloud Specialist

Group marks new ‘Independence Day’ by completing investment transaction with Permira, maintaining its undiluted business approach and aggressive growth trajectory read more

Posted in ICT | Tagged , , | Comments Off on Exclusive Group ‘Goes it alone’ to Build Global $10 billion Cybersecurity & Cloud Specialist

What’s Next for Cybersecurity in 2018?

Scott Manson, Cybersecurity Lead – Middle East and Africa, Cisco read more

Posted in ICT | Tagged , | Comments Off on What’s Next for Cybersecurity in 2018?

‘Tis the Season to do Predictions: The 2018 Cybersecurity landscape

By Alastair Paterson, CEO and Co-Founder, Digital Shadows read more

Posted in ICT | Tagged | Comments Off on ‘Tis the Season to do Predictions: The 2018 Cybersecurity landscape

ROPEMAKER: Email Security Weakness – Vulnerability or Application Misuse?

Blog by Matthew Gardiner, Senior Product Marketing Manager, Mimecast

Most people live under the assumption that email is immutable once delivered, like a physical letter.  A new email exploit, dubbed ROPEMAKER by Mimecast’s research team, turns that assumption on its head, undermining the security and non-repudiation of email; even for those that use SMIME or PGP for signing.  Using the ROPEMAKER exploit a malicious actor can change the displayed content in an email at will. For example, a malicious actor could swap a benign URL with a malicious one in an email already delivered to your inbox, turn simple text into a malicious URL, or edit any text in the body of an email whenever they want. All of this can be done without direct access to the inbox.

Described in more detail in a recently published security advisory, Mimecast has been able to add a defense against this exploit for our customers and also provide security recommendations that can be considered non-customers to safeguard their email from this email exploit.

So what is ROPEMAKER?

The origin of ROPEMAKER lies at the intersection of email and Web technologies, more specifically Cascading Style Sheets (CSS) used with HTML.  While the use of these Web technologies has made email more visually attractive and dynamic relative to its purely text-based predecessor, this has also introduced an exploitable attack vector for email

Clearly, giving attackers remote control over any aspect of ones’ applications or infrastructure is a bad thing.  As is described in more depth in the ROPEMAKER Security Advisory, this remote-control-ability could enable bad actors to direct unwitting users to malicious Web sites or cause other harmful consequences using a technique that could bypass common security controls and fool even the most security savvy users.  ROPEMAKER could be leveraged in ways that are limited only by the creativity of the threat actors, which experience tells us, is often unlimited.

To date, Mimecast has not seen ROPEMAKER exploited in the wild.  We have, however, shown it to work on most popular email clients and online email services.  Given that Mimecast currently serves more than 27K organizations and relays billions of emails monthly, if these types of exploits were being widely used it is very likely that Mimecast would see them.  However, this is no guarantee that cybercriminals aren’t currently taking advantage of ROPEMAKER in very targeted attacks.

For details on email clients that we tested that are and are not exploitable by ROPEMAKER and the specifics on a security setting recommended by Apple for Apple Mail, please see the ROPEMAKER Security Advisory.

Is ROPEMAKER a software vulnerability, a form of potential application abuse/exploit, or a fundamental design flaw resulting from the intersection of Web technologies and email?  Does it really matter which it is? For sure attackers don’t care why a system can be exploited, only that it can be. If you agree that the potential of an email being changeable post-delivery under the control of a malicious actor increases the probability of a successful email-borne attack, the issue simplifies itself.  Experience tells us that cybercriminals are always looking for the next email attack technique to use.  As an industry let’s work together to reduce the likelihood that the ROPEMAKER style of exploits gains any traction with cybercriminals!

Want to learn more? Download the full ROPEMAKER security advisory.

Posted in ICT | Tagged , , | Comments Off on ROPEMAKER: Email Security Weakness – Vulnerability or Application Misuse?

The 6th Regional Cybersecurity Summit

With cyber threats evolving and threatening to affect organizations day to day activities, the cost of implementing IT security solutions has significantly increased from “US$75.4 billion in 2015 and expected to reach US$101 billion in 2018 (Gartner) and US$170 billion by 2020 globally, while the Middle East Cybersecurity market is expected to reach around US$10 billion by 2019, double the US$5 billion it was worth in 2014”. read more

Posted in Events, ICT | Tagged , , | Comments Off on The 6th Regional Cybersecurity Summit

Enterprise Strategy Group reports The Pressing Need for Digital Risk Management

Dubai, UAE, August 3, 2017 – Digital Shadows, the industry leader in digital risk management, today unveiled a new report called: ‘The Pressing Need for Digital Risk Management’ from top analysts at the Enterprise Strategy Group (ESG) looking at the growing importance and rates of adoption of Digital Risk Management in business today. read more

Posted in ICT | Tagged , , , , , | Comments Off on Enterprise Strategy Group reports The Pressing Need for Digital Risk Management

Mimecast Report: Nearly a quarter of ‘unsafe’ emails getting through to user inboxes

Dubai, UAE, July 30, 2017– Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today announced the results of its third quarterly Email Security Risk Assessment (ESRA), a report of the results of tests which measure the effectiveness of incumbent email security systems. This quarter’s assessment noted a continued challenge of securing organizations from malicious attachments, dangerous files types, impersonation attacks, as well as spam – with nearly a quarter of “unsafe” email being delivered to users’ inboxes. Among the email security services assessed, the tests found that using Mimecast in conjunction with prominent cloud-based email service providers, including Google G Suite and Microsoft Office 365, would substantially improve results by blocking thousands more email-borne attacks. The report indicates the need for organizations to enhance their cyber resilience strategies for email with a multi-layered approach that includes a third-party security service provider. read more

Posted in ICT | Tagged , , | Comments Off on Mimecast Report: Nearly a quarter of ‘unsafe’ emails getting through to user inboxes

Cybersecurity in the Aftermath of the Ransomware Attack – What Lies Ahead?

Comment by Vijay Michalik, Industry Analyst, Digital Transformation, Frost & Sullivan read more

Posted in Business, ICT | Tagged , , | Comments Off on Cybersecurity in the Aftermath of the Ransomware Attack – What Lies Ahead?

Advances in Artificial Intelligence Will Help Machines Understand Human Thoughts using Brain Computer Interface

AI to present growth opportunities by leveraging thought-controlled interaction with machines, finds Frost & Sullivan’s TechVision team read more

Posted in Events | Tagged , , , | Comments Off on Advances in Artificial Intelligence Will Help Machines Understand Human Thoughts using Brain Computer Interface

Cybersecurity needs to be on every organization’s agenda for 2017

Posted in Business | Tagged , , | Comments Off on Cybersecurity needs to be on every organization’s agenda for 2017