Photograph: Event speakers (L-R): DS Lee Anfield, Lancs Police; John Batty, Bridge Insurance; Wayne Fulton, Seriun.
Seriun hosted their first Live Hacking event at the Dunkenhalgh Hotel in Blackburn at the end of April. It was a very popular event with over 80 Lancashire businesses registering to take part.
Photograph: Delegates at Seriun’s Live Hacking / Cyber Security event
The aim of the event was to show how easy a hacker can infiltrate business systems and networks to steal sensitive data, when sufficient cyber security measures have not been put in place.
The event was held over breakfast and presented by Wayne Fulton, Head of Cyber Security at Seriun, and Richard Lee – Seriun’s co-founder and Technical Director. Two guest speakers: Detective Sergeant Lee Anfield – Cyber Crime Investigator for Lancashire Police; and John Batty – Technical Director at Bridge Insurance Brokers, top and tailed the event.
DS Lee Anfield has a very colourful background with over a decade as Detective Sergeant, seven years running a Divisional Intelligence Team and twelve years as Hostage and Crisis Negotiator. Lee opened the event by discussing the different types of cyber crime, how to report an attack and what the Police’ response would be. He also explored prevention and highlighted key measures to put in place to help block a cyber attack.
Photograph: DS Lee Anfield from Lancashire Police
Lee advised: “Have cyber security at the top of your list, because you don’t walk out of your house and leave the door unlocked.. cyber security is the same thing – don’t leave your networks unprotected, because it’s a question of ‘When’ not ‘If’ you get hacked”.
The event continued with the ‘ethical’ live hacking demonstrations. The stage was set with Wayne playing the role of ‘hacker’ and Richard playing his ‘victim’ alongside him, with a wireless router positioned in between.
The first demonstration was a Wireless LAN attack. Wayne compromised Richard’s wireless network and connected to his router – identifying the password in just a couple of minutes. Wayne then continued with scanning and enumeration, which scanned for devices on the network. He found a device he wanted to target, then created another ‘user’. He used an enumeration technique to identify vulnerable services being used by each device. This process naturally lead to a Brute Force attack, which automatically searches for a matching username and password. A match was found after a few more minutes, giving Wayne full remote access to Richard’s computer. Now using an SQL Injection, Wayne was able to intercept traffic to and from the web server allowing him to exfiltrate Richard’s sensitive financial data. The whole process took minutes, not hours.
Wayne said “The hacking tools I’ve bought for this event are so easy to get hold of and they make it really simple to hack a business and access their financial credentials in minutes – you don’t have to be a mastermind, and that’s the scary thing – anyone could be a hacker! That’s why it’s so important to put measures in place to bolster your cyber security.”
Wayne finished his session with an overview of a USB Rubber Ducky attack – highlighting the dangers of plugging an unknown USB into your computer. This cyber attack is where a custom USB device emulates a keyboard to attack a workstation. When plugged in, the device disables real time protection and initiates a Reverse Shell, allowing the attacker remote access to all areas.
Not to scaremonger, Wayne provided some basic solutions that could be implemented right away to help prevent the attacks he demonstrated. He emphasised the importance of using complex passwords and enabling multi-factor authentication on all devices as a matter of priority. He also encouraged delegates to train their teams in cyber security know-how, so they would understand the red flags to look out for, to avoid being the cause of a data breach.
John Batty who concluded the event, is an expert in his field with over 30 years commercial experience and is Board Director of the British Insurance Brokers Association. John educated the delegates about the types of cyber insurance that can help limit the effects of cyber crime. He informed the businesses in the room that they would be entitled to a discount on their cyber insurance if they have the Cyber Essentials accreditation.
Photograph: John Batty from Bridge Insurance Brokers
If you’d like to know more about the cyber security measures to help prevent a hacker from gaining access to your business systems and networks, then please give Wayne a call and he’ll be more than happy to explain. Equally, if you are interested in finding out more about any of Seriun’s cyber security solutions: Pen Testing, Cyber Essentials, Social Engineering training, etc.. please give the cyber security team a call on 01282 500770.
Further reading
– Advice on preventative measures:
How to strengthen your cyber security in times of uncertainty
– An exploration into the different types of phishing and what to look out for:
The dangers of phishing and cyber crime
– An in-depth review of phishing tactics across email, websites and landing pages, with detailed analysis of a phishing email highlighting the dangers:
Phishing – the red flags