News/Blog

Seven cyber threats to watch out for in 2019

  • January 07, 2019

About the Author

Josh Keeley

Manager - Cyber Specialist , Cyber Security 0207 759 7878
With six years’ experience as an IT engineer within the Royal Marines, Josh has a strong network of ex-services CTI analysts and CCTIM qualified managers. Bringing sound technical knowledge and in-depth market expertise, Josh works with consultancies, defence, MSSPs and TIPs; from rapidly-growing start-ups to established global enterprises.   Seniority: Junior - Senior Job Type: Permanent Geographical coverage: London Market: Cyber Security, Threat Intelligence, TIP’s and Professional Services
See Profile & Vacancies
 

With cyber security systems constantly shifting and cyber attackers shifting with them, threats come from new directions all the time – whether they’re variations on perennial cyber nuisances such as phishing, malware and ransomware, or plucked from a deep, dark corner of cyberspace. Here are a few of the major cyber threats we’re expecting to see in 2019.

Whaling

Phishermen are increasingly realising that there’s little point casting out a huge net in the hope of catching anything and everything. Or in other words, sending the same email to hundreds of employees of all levels, for limited reward. So instead, they’re increasingly trying their hand at whaling: high-value phishing attacks targeting CEOs, CSOs, CFOs and anyone else with a company credit card. After all, it’s easy enough to find out a CEO’s contact details from Google – and the rewards are so much greater. Watch out for harpoons.

The smash and grab

By targeting websites with high-value, high-volume transactions, hackers will only need to pull off a handful of e-heists in order to make huge gains. Exploiting a loophole in an organisation’s web infrastructure, hackers inject a sneaky bit of code that allows them to snatch data while transactions are in progress. These attacks are the epitome of opportunism: silent, swift, on-the-fly. They’re the cyber equivalent of performing a train robbery between stops. In September 2018, hackers used such an attack to steal the credit card details of 380,000 BA customers.

Organisations don’t just need to think about protecting their web infrastructure, but also testing the security of their live transactions through transaction stack security.

The perilous plug-in

There’s talk of a rise in USB-based attacks, with hackers infiltrating organisations’ endpoints using USB mechanisms that bypass blocking and security systems. One of the more famously disruptive examples of recent years came in the form of Stuxnet. A malicious computer worm which targets SCADA systems, Stuxnet is believed to have harmed Iran’s nuclear programme after someone found a random USB lying suspiciously around the carpark...and made the mistake of plugging it in.

Abuse of privileged access

With a lack of privileged access management (PAM) in many organisations, particularly SMEs, there’s almost an open invitation for cyber criminals to target an entire market. If administrative rights in a firm have been configured so that the user can access the whole network, and the firm doesn’t have the security in place to prevent code executing itself at that level, hackers will have free reign to cause some serious damage.

The weakest link

Many organisations are affiliated to dozens or even hundreds of third party suppliers. That’s a lot of bases to cover. So cyber attackers will increasingly probe organisations’ networks, hoping to gain access to their data via a supplier who’s connected to their corporate systems.

Organisations need to ensure not only that they’re protected, but that their partners and supply chain are protected too – along with any information that passes between them. Automated testing can reveal what data’s available to the public and identify holes in the infrastructure, so organisations can see where their suppliers need to improve.

Cloudy permissions

Too many organisations do not control who and what has access to the cloud service. It’s easy enough to set up a new user in a number of different cloud services, but it can become difficult to keep track of things when someone changes roles or leaves the company. Without the right restrictions or basic governance in place, users can often access sensitive data through their username and password. Organisations will need to keep a close eye on their users’ individual access and permissions to ensure the right user is accessing the right data with the right device.

The hidden door

Connection brings convenience. But it can also bring chaos. Hackers are increasingly getting into corporate networks by targeting unprotected “internet of things” devices such as air conditioning systems, CCTV and…fish tanks.

Nicola Eagan, CEO of cyber security firm Darktrace, recently revealed that hackers had stolen thousands of data entries from a casino’s high-roller database after gaining access to the network via the thermometer of a fish tank in the lobby. With this kind of access now a growing problem, there are calls for new laws outlining minimum security standards for internet of things devices. These days, you almost need eyes in the back of your head.

It’s all very well having the right security software in place. But as we move through 2019, the key for organisations will be to arm their users with effective cyber security training. As cyber criminals look for new angles, as cyber threats continue to come from every conceivable direction – and a few that aren’t so conceivable – an educated workforce will be far more equipped to meet the cyber security challenges of the future.

If you’re an employer looking for the right cyber security talent or you need advice on how to protect your business from cyber threats, we’d be happy to talk to you. If you’re a job seeker looking for your next great cyber security job, we’ve got access to the best opportunities on the market. Speak to one of our experts now.

 
 

Vacancies


 

Intelligence Analyst

Blackthorn Trace are working with a global consultancy that proactively report on social media content. Our client is looking for motivated, forward-thinking individuals, with a passion for social media and all that encompasses it, to join a growing team that protect their customers online from reputational damage.

As an intelligence analyst you will research and report on current social media trends, highlighting what is salient to proactively protect the customers you will work with. You will become the expert in your area, and the go to person when a crisis occurs. Using bespoke technology, you will proactively spot the potential for crisis, and report back your findings to the wider team.

Skills and Requirements:

  • Investigative mind set
  • Ability to work alone as well as within a team
  • Keen interest in current affairs
  • Passion for research
  • Flexible working

Benefits:

  • Health Care
  • Opportunity to make a difference to digital experience
  • Office incentives

If you are looking for a new challenge that will allow you to develop your investigative flair and analytical mindset get in touch with me today.

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

SOC Manager

Our client is the leading Microsoft Cloud Security specialist. They are looking for an experienced SOC Manager to come in and help grow their SOC on all fronts due to a rapid rate of growth! You will be working in an incredibly passionate environment in which you can put your own stamp on your own SOC.

Key Responsibilities:

  • Play both a strategic and tactical role in the commercial, operational and technical development of our SOC (Security Operations Centre).
  • Build upon existing team members, technology, policies and processes to develop a world-class security function.
  • Orchestrate and manage all aspects of security for our existing client base and our internal systems.
  • Manage and lead the SOC team on a daily basis to meet and exceed contractual obligations associated with our portfolio of Managed Security Services.
  • Liaise with other key functions at a senior level as required e.g. Infrastructure Services, Sales, Pre-Sales, Procurement.

Key Requirements:

  • Technical and Management experience at a Leadership level
  • Experience in building and managing a SOC
  • Strong understanding of Microsoft infrastructure/architecture
  • Experience of AlienVault (USM), F-Secure, Fortinet an advantage

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

Information Security Analyst

Are you looking for a position of importance? My client is looking for an Information Security Analyst to help provide resilience across their Cyber teams to ensure they maintain operational capability in the current security landscape. In This role you will be reporting to the ISMS Governance Manager and you will be responsible for working on new and emerging security standards in line with security policies and processes.

Roles and Responsibilities:

  • Support the ISMS Manager in maintaining ISO 27001 standards and procedures in order to ensure that a secure by design culture is maintained.
  • Provide reports and routine updates on the status of overall ISMS and work under the ISMS Governance Manager and the Director Security Strategy, Policy and Planning on ensuring that the ISMS is maintained and improved whilst implementing the 3-years ISO27001 re-certification plan.
  • Introduce the relevant processes and procedures to manage Information Security within the business to help further reduce the risk of systems and information being compromised.
  • Support the review of data security policies and help department managers with data remediation or deletion.
  • Communicate specific business unit needs to group projects.
  • Provide information security guidance and direction to projects and business initiatives as required. Ensure change initiatives incorporate information security requirements.

Skills and Requirements:

  • Demonstrable knowledge and previous work experience of ISMS (ISO 27001).
  • Demonstrable knowledge of European General Data Protection Regulation (GDPR).
  • Understanding of Enterprise Risk Management principles.
  • Working knowledge of NIST Framework for Improving Critical Infrastructure Cybersecurity.
  • Collaborative and comfortable working in a multi-stakeholder environment.


This is a unique opportunity to be apart of a global organisation and if this sounds like you apply now!

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

Cyber Threat Intelligence Consultant

We are looking for an experienced CTI Consultant to work for a Consultancy to be embedded on a government site for 2 years. You will build out a threat capability from the ground up therefore need direct experience building out CTI functions.

  • Liaise with stakeholders to ensure the function is in line with organisation objectives
  • Designing all aspects of the CTI capability, feeds, direction, reporting and dissemination
  • Build that bridge between the Consultancy and HMG organisation
  • Provide consultancy capability once intelligence function is established

Skills and Requirements:

  • Be the in-house SME on potential threats
  • Strong understanding of threat actors, TTP's and IOCs
  • Work with in-house security teams to build a threat landscape
  • The candidate will liaise with relevant government intelligence agencies
  • Proven experience using the dark/deep web for investigative purposes
  • High level security clearance will be required

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

Cyber Threat Intelligence Analyst

Would you be interested in joining a specialised Cyber Threat Intelligence Consultancy? This is your chance. Join one of the leading intelligence consultancies as a CTI analyst where you'll be part of this consultancy's market-leading function. This is an opportunity for an analyst who is looking to take the next step in their career with routes for progression with personal and professional development in the mind of their employer.

Role and Responsibilities:

  • Utilise a range of data collection techniques in order to analyse and create predictions upon intrusion activity or other threat-related incidents.
  • Develop a range of new technical and non-technical sources of information.
  • Conduct Open Source Intelligence (OSINT) research to determine key traits of an attack, attribution, and motivation, intent and capability of an actor.
  • Maintaining detailed threat profiles on a range of threats and adversaries.

Skills and Benefits:

  • Strong technical understanding of the InfoSec landscape
  • Exposure to assessing technical intelligence collection
  • Malware analysis including; dynamic, behavioural or network-based intelligence
  • Analytical 'out of the box' mind-set
  • Experience within; Python and Javascript
  • Strong understanding of TTPs with examples on specific adversaries

Qualifications/ examples preferred:

  • CRTIA
  • CTIA
  • GCTI
  • Degree in relevant field

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

eDiscovery Consultant

Location: Top Secret | Division: Defensive | Position type: Full Time | Reports to: MC

How would you like to chance to work for an innovative global consultancy? This opportunity is for an experienced eDiscovery Consultant to become a key part of the organisation. You would be part of a global network of security professionals working on projects for FTSE 100 and Fortune 500 clients, with a company ethos that centres around your progression and career.

Roles and Responsibilities:

  • Provide proactive and accurate end to end support on all eDiscovery projects
  • Effectively manage projects throughout the entire eDiscovery process as outlined in the EDRM
  • Support eDiscovery clients in the relativity review platform and responding to their requests in a timely and accurate manner
  • Liaise between clients and relativity platform provider to carry out client requests
  • Maintain excellent communication with clients to communicate the progress and any issues of all assignments
  • Provide high-quality client deliverables, which offer value and insight for the client
  • Prepare all data provided from clients for upload into the review platform, including processing data using the NUIX processing tool
  • Undertake forensic collections of data, which may include attending client site, complete the necessary paperwork to maintain the records of the investigation
  • Conduct basic forensic analysis tasks including data recovery

Skills and Experience:

  • Experience with eDiscovery and forensic tools such as EnCase, X-Ways, Nuix and Relativity
  • Knowledge of script languages such as Python and PowerShell
  • Experience with Digital Forensics is also preferable

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

SOC Manager

Our client is the leading Microsoft Cloud Security specialist. They are looking for an experienced SOC Manager to come in and help grow their SOC on all fronts due to a rapid rate of growth! You will be working in an incredibly passionate environment in which you can put your own stamp on your own SOC.

Roles and Responsibilities:

  • Play both a strategic and tactical role in the commercial, operational and technical development of our SOC (Security Operations Centre)
  • Build upon existing team members, technology, policies and processes to develop a world-class security function
  • Orchestrate and manage all aspects of security for our existing client base and our internal systems
  • Manage and lead the SOC team on a daily basis to meet and exceed contractual obligations associated with our portfolio of Managed Security Services
  • Liaise with other key functions at a senior level as required e.g. Infrastructure Services, Sales, Pre-Sales, Procurement

Skills and Requirements:

  • Technical and Management experience at a Leadership level
  • Experience in building and managing a SOC
  • Strong understanding of Microsoft infrastructure/architecture
  • Experience of AlienVault (USM), F-Secure, Fortinet an advantage

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.

Security Consultant

How would you like to chance to work for an innovative global consultancy? This opportunity is for experienced security architects to become a key part of the organisation. You would be part of a global network of security professionals working on projects for FTSE  100 and Fortune 500 clients, with a company ethos that centres around your progression and career.

Roles and Requirements:

As a Security Consultant within this consultancy, you will be working with both public and
private sector clients. Strong, broad knowledge is needed within information security to
successfully thrive in this role.

  • Creating and delivering end-to-end security and solutions
  • Working with other architects and developers to deliver leading solutions across; identity management, network and infrastructure protection, security monitoring etc., to defend against some of the most cutting-edge threats and capable threat actors
  • Track record of delivering security solutions for enterprise businesses with large-scale infrastructures

Specifics of projects:

Cyber resilience: As the consultancy's clients' businesses become ever more data-centric and connected, we help them to fully understand the range of threats their data is exposed to, evaluate the resulting risks to their business, assess their current controls and build pragmatic and actionable roadmaps for improvement

Protective Monitoring: The consultancy developed the UK national guidance on insider risk management and are now working with a wide variety of clients to help them identify and manage cyber and insider incidents using SIEM tools and behavioural analytics

Smart Energy, Transport and Cities: The consultancy is helping national governments, the energy industry, transport operators and regulators realise the benefits and manage the risks of building Smart infrastructure, protect core infrastructure and even the lives of those who depend on them.

Cloud security and AI: The consultancy are working with leading-edge vendors and clients to push back the boundaries of security technologies and help clients take full advantage of leading-edge product and services.

Skills and Requirements:

  • Academic prowess should be backed with relevant experience and technical knowledge
  • CISSP, CISM, IISP/CCP, TOGAF, SABSA are preferred qualifications

Benefits:

  • Transport allowance (£6000)
  • Private medical insurance
  • Bonus scheme
  • Market-leading salary

Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.

Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.

PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.