Setting up DMARC to Defeat Email Abuse

The CERT EU (the Computer Emergency Response Team for the EU institutions, agencies and bodies) released a very informative paper called “DMARC – Defeating Email Abuse”   on how to configure DMARC (Domain-based Message Authentication, Reporting & Conformance) to reduce the level of email abuse.

Properly implemented, DMARC can reduce the amount of spoofed emails which according to the whitepaper can in turn be used to reduce;

  • spear-phishing e-mails, where the attackers want to impersonate well-known, trusted identities in order to steal passwords or other financial/personal data or download malicious files and exploits;
  • fraudsters who want to cover their tracks and remain anonymous;
  • computer worms;
  • brand name impersonation

Anyone responsible for managing email services should take the time to download and read this whitepaper.

How to build your first digital forensics lab on a budget

Some companies set up a digital forensics lab in order to carry out internal checks for workplace misconduct, to support disciplinary proceedings, to carry out incident analysis and damage assessment, or else to provide digital forensics services for profit to others. Demand for digital forensics is growing: Transparency Market Research has forecast that the digital forensics market will be worth $4.97 billion by the end of 2021, showing CAGR of 12.5%

Setting up a new digital forensics lab often involves high cost for companies, however, and forecasting this cost is not always easy – especially for smaller companies. So, I would like to share a few tips about how to build your first digital forensics lab on a low budget.

  1. Research current trends, requirements, and what other companies in your sector are doing. The infosec community is very open and, often, a request for help will result in many replies. This should help you to identify the digital forensics services you are planning to provide, such as computer forensics, mobile forensics, e-discovery and so on.
  1. Do an overview of the proposed services you plan to provide. Evaluate your capability and availability of resources. Do a SWOT analysis to determine your strengths, weaknesses, opportunities and threats.
  1. Find more about digital forensics best practices standards and operating procedures from reliable sources like those listed here. This should help you to determine the requirements for your digital forensics lab and tools.
  1. Determine the following:
  • What digital forensic services you have to provide
  • What you need to have
  • What you plan to have
  • What you would like to have.
  1. Prepare a list of provisional expenses (see ‘what you need to have’, above) for your digital forensics lab. List all software and hardware required for your services.
  1. Evaluate software/hardware by cost, reputation, support, service and so on. Check for open source tools which you could use for your digital forensics needs. There are many well recognised digital forensics frameworks and tools available for free use, including:
  1. Prepare a shopping list based on your needs, findings and evaluation.
  1. Make sure that staff have necessary training, resources and qualifications. Prepare your incident response guidelines and investigation procedures documentation to incorporate your digital forensics capabilities.
  1. Test and review: regularly check your new lab by performing all steps of the digital forensics process. This stage is very important because you could determine some missing links in the process chain. It’s better to discover any issues with your processes during testing than in an actual case. Remember to update your policies and procedures to reflect the findings of your testing.
  1. Prepare a development plan for your digital forensics laboratory to enhance its capabilities over time. Write down goals and targets with projected dates. Having this focus will help you to improve the services you provide to the business (or to external clients) over time. It also provides you with the opportunity to review new developments in digital forensics investigation.

Good, reliable digital forensics tools are key requirements for your digital forensics lab. This table shows an example of basic software requirements for a digital forensics lab, from cost-free to around €750 (NB: BH Consulting is not promoting any of the tools mentioned here, nor do we earn any benefit or profit from them). You could significantly reduce your software expenses by using open source tools (thank you to all the community developers for their hard work!)

Software Details Price range
Raptor Imaging tool with a write blocker that prevents the operating system from mounting the targeted
hard drive.
DD (stands for Data Duplicator) Open source tool for copying and converting data. It enables to
quickly clone or create exact raw disk images.
Hashcat Open source password cracking tool FREE
John The Ripper Open source password cracking tool FREE
Autopsy/Sleuth Kit Open source digital forensics tool. FREE
OSForensics Great digital forensics tool which has
multiple capabilities: the ability to recover deleted files, collect system information, extract passwords, view active memory, search files and within
files and much more.
Professional edition:
(around €860)


BH Consulting Joins No More Ransom Initiative

Information security specialist BH Consulting has been accepted onto the No More Ransom initiative, a collaboration between law enforcement and industry to fight one of the fastest-growing cybercrime threats of the past year.

No More Ransom was launched in July 2016 by the Dutch National Police, Europol, Intel Security and Kaspersky Lab. BH Consulting is one of 20 new partners from across the public and private sectors which has joined the fight against a high-profile risk to many businesses.

BH Consulting will work with other partners in the anti-ransomware initiative to increase awareness of the risks posed by ransomware, how to manage those risks, and how best to deal with ransomware should a company fall victim to it. BH Consulting’s technical experts will also cooperate with other organisations to identify ways to detect, prevent, and recover from ransomware.

“Ransomware is rampant – we’re seeing more and more companies and individuals falling victim to it,” said Brian Honan, founder and CEO of BH Consulting. “No More Ransom is a great example of why reporting cybercrime is important. Law enforcement have reacted to this problem and worked with private industry to gather information from agencies around the world so victims have a resource to look at in the event they get hit by ransomware.”

According to Intel Security, ransomware incidents grew by 169% in 2015. Figures from the FBI show that criminals extorted $209 million from victims in the first three months of 2016. Ransomware is usually installed through a social engineering attack and then infects a victim’s computer by blocking access to their files unless they pay to have them released.

Some strains of ransomware raise the stakes further by threatening to destroy files permanently for every hour the ransom isn’t paid, increasing the pressure on victims to give in. Some targets have been forced to pay thousands of euro to try and retrieve their data.

The No More Ransom website ( provides information in several languages about how ransomware works and how to protect against it. It also hosts free tools to help victims decrypt their blocked devices, which more than 5,000 people have already used successfully.

Although these free tools block some forms of ransomware such as TeslaCrypt, Chimera, CoinVault, Rakhni and Wildfire, many other variants are emerging all the time. “Awareness of the problem is one of the most effective ways to stopping a ransomware infection,” added Honan. “There are several techniques an organisation can use to avoid this from happening. For example, ransomware uses peer-to-peer network traffic to communicate to the criminals, so businesses should block that traffic at their firewall. Backing up data systematically can also help to recover from ransomware. We also advise that organisations need to test those backups regularly,” he said.

“We recommend that victims don’t pay the ransom. It doesn’t guarantee that they will get their data back in 100% of cases, and payment only encourages criminals. We have also seen that once victims pay to have their data decrypted, they’re often targeted repeatedly because criminals see them as a soft touch,” Honan said.


BH Consulting – As Seen on TV

Last Monday night the crew from BH Consulting appeared on the Hacked documentary on RTE Television. Our team worked with the producers of the program to create an experiment to minim what criminals could do to people when they use open WiFi networks.

Using the data gathered during the experiment we identified a number of volunteers who we subsequently profiled based on their social media presence. Based on that information we crafted some emails to then social engineer them into revealing sensitive information such as their email passwords. These are the techniques we often use when running security assessments for our clients.

The program is available on RTE Player for viewing;


If you are interested in us testing the security of your users then contact us for more details.

BH Consulting to Feature in RTÉ TV Documentary about Cybercrime

Security company sets up real-world ‘hacking’ scenario to show how consumers unwittingly put their personal information at risk

Monday, 14 November 2016 — Information security specialist BH Consulting will feature in a documentary about cybercrime which is being broadcast tonight on RTÉ One. Written and presented by Keelin Shanley, the programme is called Hacked and it looks at security threats facing individuals, businesses and critical national infrastructure in today’s digital world.

As part of the programme, the team from BH Consulting and volunteers created a fake Wi-Fi network at a Dublin coffee shop, offering free connectivity to lure unsuspecting customers into giving away their email addresses. Using the data it was able to harvest from several individuals, the BH Consulting team was able to show how cyber criminals could then profile those targets by tracing their activities on social media and using this information to craft highly targeted phishing scams.

By including recognised cues in their emails, the attackers could trick victims into giving up even more sensitive information about themselves. “We wanted to demonstrate the value of people’s personal information to criminals,” commented Brian Honan, founder and CEO of BH Consulting.

Frontline Films produced the documentary in partnership with Science Foundation Ireland, and it is being broadcast to coincide with Science Week. Frontline Films producer Aoife Kavanagh said the aim of the show is to point out the security risks posed by our growing use of digital technology in everyday life. “We are becoming more and more connected, so it’s about how we can make ourselves safer. Brian Honan is well regarded in the cybersecurity world and he helped the programme makers to explain some of the more complex ideas, and give advice about a common-sense approach to being online,” she said.

Hacked airs Monday Night at 9.35pm on RTÉ One.

Public Consultation on the Proposed Approach to EU Cyber Security Directive

In July 2016, the European Union formally adopted a Directive on security of network and information systems (2016/1148).  The Directive is required to be transposed in Ireland by May 2018 and will require regulation of cyber security in the finance, energy, transport, health, water distribution and digital sectors in Ireland.

The Department of Communication has opened a public consultation which seeks views from individuals, businesses and civil society on how best to protect digital assets through the implementation of the NIS Directive.   The document sets out the general approach proposed for implementation of the Directive in Ireland.  Thirteen questions are posed around the development of capabilities by the Irish State, co-operation across borders and regulation of business providing ‘essential services’ and digital services such as cloud computing, online search engines and online/e-commerce marketplaces.  Those responding may also provide general comments.

The deadline for submission of responses is 17:00 on Friday 9th December 2016.

This is an opportunity for those of us in the industry in Ireland to help shape the implementation of this Directive in Ireland and to make the Irish Internet space a more secure place for all.

The public consultation document is available on the Department’s website.

Come Work with Us and Join the BH Consulting Team

pep-talkThanks to our recent growth and exciting plans for the future we are looking to expand our team once more. We have an opening for a Cloud and Cyber Risk Specialist. The role is an integral part of the team and will enable the right candidate to engage in some interesting and challenging projects with our clients both here in Ireland and abroad. We also offer an attractive work environment where the focus is on developing you and enabling you to reach your own personal and professional goals.

The job spec is as follows;

Cloud and Cyber Risk Specialist

The Cloud and Cyber Risk Specialist participates in the delivery of the Information Security Risk and Cybersecurity Advisory services to clients of BH Consulting. The role’s mandate includes working with our clients to develop and enhance their security capabilities.

Responsibilities include:

  • Assessing cyber security capabilities of clients and provide remediation advisory services to address any identified issues
  • Work closely with our clients to report and manage information security risk across both infrastructure and application environments to BH Consulting clients.
  • Assist clients in achieving alignment and/or certification to the ISO/IEC 27001:2013 Information Security Standard
  • Helps facilitate security monitoring, incident response, and vulnerability assessment programs.
  • Manages the implementation and delivery of Information Security Programs, including Enterprise Vulnerability Management, Incident Response, Threat Management and Monitoring, and Risk Researching vulnerabilities and writing technical and non-technical reports for senior management.
  • Assist BH Consulting clients to conduct security assessments and risk analysis when migrating to cloud based environments

The Person


  • University degree in Computer Science, engineering, IT security management, risk management, or comparable professional education/training in a field relevant to IT Security management.
  • Minimum 3-5 years in Information Technology particularly in IT Security.
  • Detail oriented with strong organisational and analytical skills.
  • Knowledge of multiple operating systems and applicable system administration skills (Windows, UNIX, Linux).
  • Good knowledge of ISO/IEC 27001 standard, security policies, cloud platforms, multi-tier web applications, relational databases, firewalls, VPNs, IDPS, SIEM, web content filtering, email spam filtering and enterprise Anti-Virus products.
  • Detailed knowledge of Information Security principles, protocols, practices and industry standards.
  • In-depth knowledge of cloud computing platforms and related information security risks
  • Strong in all areas of communication, able to interface with team members, peers, senior management and clients.
  • Team player, whilst also able to work independently
  • Good technology generalist, with a good understanding of all aspects of IT especially architecture.
  • Excellent project management and leadership skills.
  • Excellent written communication skills and presentation skills.
  • Be willing to travel to engage with BH Consulting’s international clients
  • Socially conscious and supportive of BH Consulting’s strong corporate social responsibility (CSR) strategy

Please send your resume to [email protected] by 18th November 2016, 17:00 (Irish Standard Time).

No recruitment agencies please.

Ransomware: Can we finally start learning from past mistakes?

ransomwareMy latest opinion piece for HelpNet Security Magazine is now available online.  In this article I highlight how ransomware, CEO Fraud, and DDoS attacks are old attacks that we as an industry should be better able to defence against.

The article is below with a link to the complete piece

“There is a phrase I am finding quite relevant lately. It is attributed to the philosopher George Santayana and it goes like this: “Those who cannot remember the past are condemned to repeat it.” The reason it comes to my mind a lot these days is the headlines we are seeing relating to the latest ransomware attacks against companies’,hospitals’ and government departments’ systems.”