Tag: cybercrime

By Shanice Naidoo for IOL

A Bloubergstrand man had his Absa business account swindled out of R3.1 million while he was in Miami for two months.
Feruccio Ferucci left Cape Town in October without suspecting that his banking information had been stolen.

Around the end of October, his Vodacom SIM card stopped working as well as his internet banking. Growing suspicious, he contacted his daughter in Cape Town to find out from Vodacom what had happened. They informed her that a SIM swap had been done.

“I did not authorise the SIM swap. My phone stopped working for about three weeks and then started working again.

“I haven’t heard anything from Vodacom telling me what happened because my phone just started working again three weeks later,” said Ferucci.

When he returned on December 2, he was shocked to find out from his staff about transactions which were not approved by them at his business in Paarl or by himself. These were fraudulent transactions which had gone off the business account during two of the weeks which his phone had not been working equating to R3.1m.

“These transactions were around R300 000 each and there were about ten transactions. I then contacted my attorney and he referred me another attorney who specialises in this type of crime. I then wrote a protest letter to Absa threatening to close my account with them and my money was refunded around December 23,” said Ferucci.

On speaking to the new attorney, he was told that this was often done to people who are overseas because perpetrators assume one would not check their phone regularly.

“The attorney told me that 90% of the cases he deals with involved people who went overseas. There is no doubt in my mind that what happened to me was promoted by employees of both Vodacom and Absa.

“They probably didn’t steal the money but they probably sell the information,” said Ferucci.

Both Absa and Vodacom have said they are investigating the matter.

IRS Forensic Investigations, which investigates financial, organised and cyber crimes director Chad Thomas said sim swaps are a major issue, with some victims reporting that they have become victims of crime while their phones have been off while they have been travelling long distances.

However, the breach of personal data, including credit card numbers is not just confined to individual hacks via trojans or malware but is also as a result of highly sophisticated cyber attacks on data stored by corporates.

“People need to take cognisance of the fact that a sufficiently determined and capable hacker can take over someone’s online footprint if the correct measures are not taken to protect their information. However, it is not just the individual that needs to take precautions, but also corporates that are storing client’s information and have a responsibility to safeguard that information,” said Thomas.

Source: IT News Africa

As South Africa’s business sector continues to expand across a myriad of digital platforms, cybercrime continues to threaten this burgeoning digital sphere. “There are many victims of cybercrime, with limited recourse available in terms of current South African law. The need for tighter and more effective legislation is pressing,” says Grant Christianson, e4’s Group Legal Advisor.

The end of October 2018 hopefully saw the legislative cycle for the Cybercrimes Bill nearing completion, as the Department of Justice and Constitutional Development tabled an updated version. Christianson says that the existing laws have become problematic in adequately combatting cybercrime and the new Bill is needed to effectively “fill-the-gaps” that exist in current legislation and the common law.

“According to the South African Banking Risk Information Centre (SABRIC), South Africa’s annual loss is estimated at R2,2 billion, making it a significant threat to an already volatile economy.”

While the Bill does no longer address cybersecurity, he says that it will provide a framework for combatting cybercrime. Initially drafted in 2015, it addresses criminal activity that is computer-based and is related to unlawful access to, interference with or distribution of data, electronic communications, information systems and networks. He says the Bill also creates new offences for hacking; phishing, cyber bullying, unlawful interception and distribution of data, ransomware, cyber forgery and extortion, as well as acts involving malware and identity theft. Anyone convicted is likely to be fined and/or imprisoned up to 15 years.

The Bill is also expected to align with international best practice: “There will be a requirement to co-operate with other countries to effectively deal with multi-jurisdictional cybercrime activity, as often the cyber offence is created in one jurisdiction and felt in another,” says Christianson.

As a country, with the third highest number of cybercrime victims worldwide, South Africa is a target. Christianson says that mobile technology will further impact users as the country’s growing reliance on the app economy and other mobile trends will drive cyber criminals to penetrate mobile networks: “As devices become more connected and smarter, users are more exposed and so the threat grows. Digitisation is a trend that has no end in sight and while it brings with it innovation and exciting changes, cybercrime continues to grow in parallel.”

While the timeframe for the Bill’s signature is uncertain, Christianson says that it is at least in its final stages and once signed into law, the law-enforcement industry can become more proactive in its pursuit of cybercriminals.

Source: Fin24

South African businesses of all sizes, including educational institutions, have been particularly hard hit by an onslaught of cyber-attacks, although this is not always public knowledge, according to Kerry Curtin, cyber risk expert at Aon South Africa.

Cyber risk was ranked as the #1 risk facing educational institutions and is likely to remain so for the foreseeable future, according to Aon’s 2018 global risk management survey.

Curtin says the potential theft or leakage of data, particularly confidential information in an educational setting, should be top of the list in risk planning.

“The need to strengthen institutional resiliency against potential damage, compromising hacks and downtime is crucial,” she adds.

This is because schools, like any other business, are increasingly dependent on technology. The knock-on effect of a cyber incident at an educational facility has the potential to be financially and reputationally catastrophic.

For example, in 2016 it was reported that the University of Limpopo’s website was taken down, leaking exam papers and the details of over 18 000 students, in addition to perpetrators publicly posting what was believed to be the login details for the University’s intranet.

The sheer number of cyber-attacks on educational institutions suggests that the sector is not as prepared as it should be in its efforts to safeguard networks, according to Curtin.

Aon provides the following tips for the education sector:

Safeguard institution-owned devices

All computers, laptops and smart devices owned by the educational institution should at the very least have a current anti-virus programme installed, in addition to adware and malware protection.

One of the biggest threats to any business is the people operating these devices and their naivety regarding cyber risks, so education is key.

BYOD policy

The practice of students and staff members bringing devices to school or university that interact with the institution’s network is very likely. The first line of defence is keeping guest devices separate from the network, allowing the institution to keep data secure on an administrative network, as well as monitor traffic more closely.

When it comes to sending sensitive information, it is crucial to implement a secure file exchange solution that can protect against cyber threats such as phishing scams.

Multi-factor authentication

While passwords alone do not provide adequate levels of security and hackers are able to circumvent physical biometrics such as fingerprint identification as a single layer of authentication, Multi-Factor Authentication (MFA) is fast becoming the next line of defence.

Social media policy

Not only does the policy need to stipulate what is deemed as acceptable behaviour from employees and students, but it also needs to explain what the benefits are of becoming an ambassador for the brand and the legal ramifications inherent to social media platforms.

Source: MyBroadband

If your bank card gets stolen and you cancel it, this does not automatically mean that all payments from it will be blocked.

This was the case when two FNB customers contacted MyBroadband about their frustrating experiences with the bank.

The customers both had their FNB bank cards stolen in different scenarios – and both contacted FNB to have their cards cancelled.

Despite cancelling the cards, both users noted small payments still going off their bank accounts via card transactions.

The charges were toll gate fees.

In one case, the customer reportedly asked FNB why the cancelled card could still make transactions. He said he was told by FNB that he would have to blacklist the card, on top of cancelling it, to stop the transactions.

In the other case, the customer stated that all he could do was get a refund for the toll gate fees.

This customer subsequently contacted the toll gates where his card was being used to ask them to block transactions on it.

He also managed to obtain an image of the vehicle using his stolen card – it was a white Toyota minibus taxi with a Gauteng registration.

FNB responds
MyBroadband contacted FNB for feedback on the matter, and the bank confirmed that the bank cards were cancelled as described above.

“Unfortunately, due to toll gate merchants operating in an offline environment, this prevents them from obtaining authorisation from the bank for transactions of this nature. As a result, additional transactions were posted,” said FNB.

“The customer will not incur any loss resulting from fraud in this scenario.”

FNB was asked what a bank customer should do to ensure their cancelled card is not used to make these types of transactions, but the bank did not provide feedback.

Offline transactions
According to PASA (Payments Association of South Africa) documents, lost and stolen card fraud at toll gates has been highlighted as a significant concern in recent years.

“Although toll card transactions are a card present transaction, fast throughput of vehicles is important and transactions are thus processed in an offline and delayed manner – cleared in batch,” states PASA.

“Importantly, unlike any other offline card present card transactions, toll gate transactions are not verified by the cardholder in any way.”

It added that while toll gate transactions are checked against the “Hot Card” file, this “only contains a limited number of all lost and stolen card details”.

Bug proves lethal to Google+

Source: Business Day

Google is shutting down the consumer version of its online social network after fixing a bug exposing private data in as many as 500 000 accounts.

The US internet giant said it will “sunset” the Google+ social network for consumers. It failed to gain meaningful traction after being launched in 2011 as a challenge to Facebook.

A Google spokesperson cited “significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations” along with “very low usage”.

In March, a security audit revealed a software bug that gave third-party apps access to Google+ private profile data that people meant to share only with friends. Google said it was unable to confirm which accounts were affected by the bug, but an analysis indicated it could have been as many as 500 000 Google+ accounts.

“We found no evidence that any developer was aware of this bug … and we found no evidence that any profile data was misused,” Google said in a blog post.

The data involved was limited to optional profile fields, including name, age, gender, occupation and e-mail address, Google said. Information that could be accessed did not include posts, messages or telephone numbers.

Google did not specify how long the software flaw existed, or why it waited to disclose it.

The Wall Street Journal reported that Google executives opted against notifying users earlier because of fears it would catch the attention of regulators.

Google will wind down Google+ during the coming 10 months to allow people time to download pictures, videos or other data they want from their accounts. It plans to add new workplace-orientated features to enhance the appeal of Google+ as a “secure corporate social network” to be used inside business operations.

“We have many enterprise customers who are finding great value in using Google+ within their companies,” the firm said.

“Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions.”

By Jack Morse for Mashable 

A million hacked Facebook accounts isn’t cool. You know what’s even less cool? Fifty million hacked Facebook accounts.

A Friday morning press release from our connect-people-at-any-cost friends in Menlo Park detailed a potentially horrifying situation for the billions of people who use the social media service: Their accounts might have been hacked. Well, at least 50 million of them were “directly affected,” anyway.

The so-called “security update” is light on specifics, but what it does include is extremely troubling.

“We did see this attack being used at a fairly large scale.”

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts,” reads the statement. “[It’s] clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”

That’s right, almost 50 million accounts were vulnerable to this attack. As for how many were actually exploited?

“Fifty million accounts were directly affected,” explained Facebook VP of product management Guy Rosen on a Friday morning press call, “and we know the vulnerability was used against them.”

“We did see this attack being used at a fairly large scale,” added Rosen. “The attackers could use the account as if they are the account holder.”

The statement itself didn’t provide much additional insight.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” continues the statement. “We also don’t know who’s behind these attacks or where they’re based.”

Facebook says it’s fixed the vulnerability, and that 90 million people may suddenly find themselves logged out of their accounts or various Facebooks apps as a result.

The disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures.

So, yeah, this is big.

“Security is an arms race,” Facebook CEO Mark Zuckerberg dryly noted on the press call.

Facebook is working with law enforcement, and, at least for now, says you don’t need to change your password. But maybe go ahead and log out of your account, everywhere, just to be safe.

“[If] anyone wants to take the precautionary action of logging out of Facebook, they should visit the ‘Security and Login’ section in settings,” advises the warning. “It lists the places people are logged into Facebook with a one-click option to log out of them all.”

So yeah, click through that link and log out of your account on all webpages and apps at once. After that, maybe think long and hard about whether it’s even worth logging back in.

By Alison DeNisco Rayome for Tech Republic 

Microsoft Office documents packed with malicious macros are the most common malware loader of the past month, accounting for 45% of all delivery mechanisms analysed, according to a Thursday report from Cofense.

Office Macros were followed in popularity by CVE-2017-11882, malicious batch scripts, malicious PowerShell scripts, and WSC downloaders, the report found.

This demonstrates that threat actors tend to leverage tried-and-tested delivery mechanisms, the report noted. Macros may have a low barrier to entry, but they are not used only by immature or low-impact cybercriminals: Malware delivered via macros is among the worst in today’s threat landscape, including Geodo, Chanitor, AZORult, and GandCrab, according to the report.

Macros remain a popular email attachment method of delivering a malicious payload because they are typically enabled on a machine, or easily allowed with a single mouse click, the report noted—making it very easy to launch the first stage of an attack. When used this way, macros are embedded Visual Basic scripts that are often used to download or directly execute further payloads.

The Microsoft Office Macro feature could be enabled by default in your organisation’s IT environment, according to the report. When this is the case, a user may not receive any warning that something is wrong upon opening a malicious document. Even when an organisation has some kind of protection in place—such as a security warning at the top of the document—it can often be dismissed with just one click, or may be ignored by the user.

IT departments can protect their organisation from macros by disabling them enterprise-wide, the report said. However, many businesses rely on macros for their legitimate usage, in which case IT may want to consider enacting a blanket policy of blocking documents at the gateway, or, perhaps more realistically, combining different policies such as blocking or grey-listing documents coming from unknown senders. Security education is also key, the report said.

The big takeaways for tech leaders

  • Microsoft Office documents packed with malicious macros are the most common malware loader of the past month, accounting for 45% of all delivery mechanisms.
  • Malware delivered via macros is among the worst in today’s threat landscape, including Geodo, Chanitor, AZORult, and GandCrab.

By C.R. for The Economist 

It is not a message any frequent flyer looks forward to receiving. On 7 September, British Airways (BA) said it had emailed over 380 000 customers who had booked flights with the carrier between 21 August and 5 September admitting that their credit-card details had been stolen by hackers.

BA’s embattled chief executive, Alex Cruz, attributed the breach to a “malicious, fairly sophisticated attack” on its website. The airline thinks the hackers obtained names, street and e-mail addresses, and credit-card numbers, expiry dates and security codes—more than enough information to steal money from bank and credit-card accounts.

Mr Cruz has promised compensation for any customers financially affected by the hack.

The airline has not released the full details of what happened, and is still investigating the breach. But it has admitted that it was only data used in transactions in that 15-day period, not saved credit-card data on customer accounts, that was stolen.

Cyber-security experts say that hack sounds like it breached the system that managed customer payments, unlike previous attacks on other big companies where saved data was stolen.

Whatever the cause of the attack, aviation analysts think BA is likely to be hit hard by fines from regulators. Under the EU’s new General Data Protection Regulation, which came into force in May, BA could face a fine of up to 4% of its revenues if it is determined that it did not do enough to protect customer information.

That would be around £500m ($650m). If regulators decide that the penalty should be levied on the entire revenues of IAG, BA’s parent, that number could swell to as much as €1bn ($1.16bn). After adding the cost of compensating customers affected by the breach, it is no wonder that the group’s shares dropped in value by 2% on the morning the news became public.

But analysts are wary about saying that the hack will affect BA or IAG’s longer term performance.

BA has been hit by a serious of complaints about falling standards of service on its flight and by a computer crash that stranded 75,000 of its passengers last May. Mr Cruz has been crucified in the media for both public-relations meltdowns. Yet neither issue has really affected demand for BA flights.

So why do BA passengers keep coming back to the airline, in spite of it losing their credit-card data, checked-in baggage and taking away free nosh onboard? The answer is that they have little choice.

New airlines simply cannot take market share away from BA at Heathrow. As long as it uses each take-off and landing slot it is allocated 80% of the time, it can keep it for the next season. As a result, the share of slots at Heathrow owned by BA’s parent has risen from 36% in 1999 to 54%. It has also been gobbling up slots at Gatwick from defunct airlines such as Monarch, to make sure Norwegian, a disruptive long-haul low-cost competitor, cannot get their hands on them.

However much the airline’s computer systems go wrong or it cuts back its level of service onboard, new competitors cannot push it off the runway. Another IT disaster will not change that.

57-million Uber users hacked

Hackers stole the personal data of 57 million customers and drivers and the ride-hailing company allegedly paid them $100,000 to delete the information and “go away”.

The data was compromised in October 2016, and Uber has managed to conceal the breach for more than a year, according to Bloomberg.

Uber claims they were involved in negotiations with US regulators about separate privacy violations at the time of the breach.

But the company now admits they were legally required to report the hack to regulators and to drivers whose license numbers were taken.

However, Uber reportedly paid the hackers $100,000 to delete the data instead.

Joe Sullivan, Uber’s chief security officer, was fired this week for his role in keeping the hack quiet. One of Sullivan’s deputies was also fired for helping.

Ex-CEO and co-founder, Travis Kalanick, reportedly found out about the hack in November 2016, but at the time Uber had just settled a lawsuit with the New York attorney general over the company’s privacy practices.

Dara Khosrowshahi took over as Uber’s new CEO in September.

‘None of this should have happened, and I will not make excuses for it,’ Khosrowshahi said in a press statement on Tuesday. ‘We are changing the way we do business.’

‘At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals.

‘We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts,’ Khosrowshahi said.

The hackers stole names, email addresses, and phone numbers from 50 million Uber riders worldwide, said in the statement.

Personal information from 7 million drivers was also compromised. That figure includes about 600,000 US driver’s license numbers that were stolen.

Uber claims that no one’s Social Security numbers, credit card details, or trip location information was stolen.

The company said they don’t believe the information was ever used. Uber also declined to release the identities of the hackers.

‘While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection,’ Khosrowshahi said.

Dara Khosrowshahi took over as Uber’s new CEO in September. ‘None of this should have happened, and I will not make excuses for it,’ Khosrowshahi (pictured last month) said. ‘We are changing the way we do business’ +5
Dara Khosrowshahi took over as Uber’s new CEO in September. ‘None of this should have happened, and I will not make excuses for it,’ Khosrowshahi (pictured last month) said. ‘We are changing the way we do business’

Uber’s hack joins the ranks of other massive hacks such as Yahoo and Equifax. In September, Equifax reported that the hack compromised the sensitive information of 145.5 million people and the Yahoo hack affected three billion +5
Uber’s hack joins the ranks of other massive hacks such as Yahoo and Equifax. In September, Equifax reported that the hack compromised the sensitive information of 145.5 million people and the Yahoo hack affected three billion

According to Bloomberg, Sullivan, who joined Uber in 2015, was the guy who spearheaded the response to the hack last year.

Last month, an investigation was launched into the activities of Sullivan’s security team. During the investigation, the hack and cover-up were discovered.

Uber said two attackers gained access to private GitHub coding site used by Uber software engineers, according to Bloomberg.

From there, the hackers used login credentials they obtained from GitHub to access data stored on an Amazon Web Services account.

The hackers then found an archive of rider and driver information. Once the information was accessed, the attackers asked Uber for money.

Khosrowshahi said he’s bringing on board Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, for guidance on ‘how best to guide and structure our security teams and processes going forward’.

The company is currently in the process of ‘individually notifying the drivers whose driver’s license numbers were downloaded’. Uber will also provide these drivers with free credit monitoring and identity theft protection.

Uber’s hack joins the ranks of other massive hacks such as Yahoo and Equifax. In September, Equifax reported that the hack compromised the sensitive information of 145.5 million people.

And last month, Yahoo admitted that three billion Yahoo users were affected by the 2013 data theft that the company originally said had only affected 1 billion users.

By Valerie Edwards for Daily Mail

Cyber insurance for local businesses launched

Local insurance firm King Price has launched a new product that will cover local firms in the event of a cyberattack.

The product is known as cybersure and it includes cover for cyber liability and cybercrime, data breach expenses, damage to computer systems and data, associated loss of income, and more.

“Cyber attacks can be devastating from both a financial and reputational point of view, and it’s clear that cybercrime has become a major threat to South African businesses. Having cyber insurance is non-negotiable,” says King Price spokesperson Wynand van Vuuren.

At the moment the product is only available to businesses but King Price says it will be launching a personal cyber insurance product in 2018.

Cybersure customers will be covered for a variety of cyber attacks including ransomware. King Price says that in the event of a ransomware attack it will pay the ransomware if that is what is needed.

It seems like a rather solid product but we’d urge you to contact King Price or visit the website to get more information about cybersure to see if its right for you.

BY Brendyn Lotz for HTXT 

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top