Argus - Fotolia

Neustar launches international security council

Sharing information in the face of threats such as WannaCry is crucial for organisations to improve their cyber security capability, according to Neustar, which is making it easier to do

Information services firm Neustar has launched an international security council to enable customer organisations to discuss the latest trends in cyber security with leading experts around the world.

The Neustar International Security Council (Nisc) is headed by Neustar senior vice-president and fellow Rodney Joffe, who highlighted the benefit of information-sharing in the face of threats such as the WannaCry ransomware.

“Members of the council will gain exclusive cyber security insights from security specialist across key industries and companies, law enforcement, government agencies and industry thought leaders,” he told the Nisc inaugural session in London via videolink.

The council is to hold face-to-face meetings that will include an annual summit, quarterly thought leadership seminars and regional roundtables.

“We will discuss defence insights, best practices and strategies at the forefront of cyber security, and share ideas on defending against cyber threats with our peers in a collegial environment based on trust and respect,” said Joffe.

“Membership of the council is a great way to increase industry awareness, meet colleagues from across the global security arena, build your professional network, and gain a true insider view of the international landscape.”

One of the Nisc’s founding members, Chris Matthews, head of operations at Experian Data Quality, said: “For a vendor to bring together a premier group of cyber security experts is an immeasurable benefit both at an Experian corporate level, but also at a personal level.”

The launch of the council was announced at a Neustar Europe, Middle East and Africa cyber security summit that was briefed by Neustar about the latest developments in distributed denial of service (DDoS) attacks; by PwC’s senior cyber crime adviser Charlie McMurdie on cyber criminal operations; and by Neon Century managing director and former GCHQ member Cameron Colquhoun about stock market manipulation by cyber criminals and the psychological reasons many organisations are still failing to address the issue of cyber security.

Read more about threat intelligence

  • Threat intelligence tools are a growing market, and enterprises need to be able to see through the hype to get the best product for them.
  • Learn how threat intelligence services benefit enterprise security and how to subscribe to the right threat intelligence service.
  • Threat intelligence is quickly becoming an essential ingredient for protecting corporate systems and data.

Joffe urged information security professionals to tap into as many sources of cyber security information as possible, including informal trust groups known as “super secret squirrel” groups that tend to form around particular cyber security issues, such as the recent WannaCry ransomware attacks.

“The benefit of these groups is that they can get together very quickly to share information outside of formal channels to help members respond quickly to stop attacks,” he said, adding that organisations should encourage security staff to take part in these backchannel activities.

In the wake of the first WannaCry attacks, Joffe said one of these informal working groups was set up by about 180 law enforcement officers, intelligence agents and security researchers.

This group is following several lines of investigation, he said, including looking for similar command-and-control domain registrations, noting that, to date, there is still no indication of the initial infection vector.

“All sorts of pundits in the media are saying the initial vector was a phishing email, but there is no evidence for that at the moment,” said Joffe. “Indications are that it probably wasn’t a phishing email. It may have been dropped by another piece of malware or it may have been a port 445 attack.”

Joffe, a former director of the official Conficker Working Group, warned that about 700,000 internet-connected computers are still infected with the Conficker worm that was designed to disable antivirus and stop Windows automatic updates.

“This means that at least 700,000 computers are guaranteed to be vulnerable to WannaCry or any other malware that exploits the same vulnerability in Microsoft’s file-sharing protocol server message block [SMB],” he said.

This underlines the importance of patching as soon as it is possible to do so, said Joffe. “If all those machines had been patched against Conficker, they would now be less likely to be vulnerable to malware exploiting the SMB flaw.”

Read more on Hackers and cybercrime prevention