
At the start of this week, it came to light that The Federal Bureau of Investigation’s email servers were hacked to distribute spam emails impersonating FBI warnings. These emails purported that the recipients’ network was breached, and data was stolen. The hackers sent out tens of thousands of emails from an FBI email account warning about a possible cyberattack, according to the Spamhaus Project, which tracks spam and related cyber threats. The FBI said it, along with the Cybersecurity and Infrastructure Security Agency, is “aware of the incident this morning involving fake emails from an @ic.fbi.gov email account.”
Commenting on this, John Goodacre, director Digital Security by Design and Professor of Computer Architectures at Manchester University, said “Governments and private individuals all use or interact with many digital systems. Whether through misconfiguration or errors in the software, such systems are vulnerable to cyber-attack, ransom, and data loss. Although system manufacturers and those configuring a system are increasingly aware of security by default principles, there is a persistent 70% of reported software vulnerabilities that can lead to exploitation by cyber criminals. The UK government has an initiative with industry called Digital Security by Design that aims to block this significant class of vulnerability from being exploited through a fundamental change in the underpinnings of the underlying hardware.”
A piece of research that caught our eye this week was released by Synopsys. Amassing data from just under 4,000 security tests on over 2,500 systems and pieces of software, the research discovered that as many as 97% possessed some form of vulnerability. Out of this 97%, over a third (36%) were classed as high or critical risk. Other findings from Synopsys’ ‘2021 Software Vulnerability Snapshot’ report included:
Discussing the research findings, John said “The Mitre CVE list has been used for many years to report vulnerabilities of which 70% are related to memory safety issues. Many of which are in the top 25. The UK Government has an initiative called Digital Security by Design which is working across industry and academia to block this significant class of vulnerability from being exploited through a fundamental change in the underpinnings of the underlying hardware.”
You can follow updates @DSbDTech or via LinkedIn here #DSbDtech
Follow Innovate UK
Twitter @innovateuk
You can find out more about the Industrial Strategy Challenge Fund here