Tag: cybercrime

ISP Cool Ideas hit in DDoS attack

Internet service provider Cool Ideas yesterday suffered a distributed denial of service (DDoS) attack, which affected all customers on their network.

The attack lasted almost four hours. Customers experienced intermittent connectivity loss and degraded performance during this time.

In a statement issued last night, the company did not have an exact time to resolution. By this morning, however, the issue affecting the Cool Ideas network has been mitigated.

What is a DDoS attack?
Accoding to CloudFlare, a DDoS attack is defined in the following way:

“A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.”

 

Source: Mapletronics

In a time when billions of login credentials are floating around the internet, Google’s new Chrome extension aims to help.

Google’s new extension (currently only available for Chrome) will alert you if one of your username/password combinations is known to already be ‘out in the wild’, according to the company’s blog post.

The extension called Password Checkup, works in the background whenever enter your login details on a site. It compares the data against a large database with nearly four billion credentials that are known to be compromised over the years. If Password Checkup finds a match a red alert box appears and gives you a suggestion to change your password.

Google worked closely with cryptography experts at Stanford University to ensure that your credentials are not compromised while using Password Checkup. In its security blog, Google highlighted that Password Checkup scrambles all credentials with hashing and encryption as protection. Google also assures users that their login details are never seen by the company itself, either.

Don’t have Chrome? There are several other services available for free on the internet that can check to see if your credentials or other personal details have been compromised in a growing number of breaches. Check out Have I Been Pawned, Identity Leak Checker, or Firefox Monitor.

IT managers inundated with cyberattacks

A recent Sophos survey has found that IT managers are struggling to cope with the volume and magnitude of cyberattacks.

The following key findings relate to South Africa:

  • Cybercriminal tactics have evolved into using multiple attack methods and often multiple payloads to maximize profits
  • Software exploits were the initial cause of 17percent of incidents and used in 23 percent of cyberattacks, demonstrating how exploits are used at multiple stages of the attack chain
  • Phishing emails impacted 47 percent of those hit by a cyberattack
  • Ransomware impacted 38percent of attack victims
  • 39 percent of attack victims suffered a data breach
  • Only 16 percent consider supply chain a top security risk, exposing an additional weak spot
  • Nation state adversaries have proven how successful supply chain attacks are, which means common cybercriminals are likely to adopt the attack method
  • Supply chain attacks are a launch pad to emerging automated, active-adversary attacks
  • IT teams spend 27 percent of their time managing security, yet still struggle with a lack of expertise, budget and up to date technology
  • 74 percent said recruiting people with the cybersecurity skills they need is challenge
  • 65 percent said their organization’s cybersecurity budget is below what it needs to be
  • 73 percent believe that staying up to date with cybersecurity technology is a challenge

By Warwick Ashford for Computer Weekly

The cost of a data breach has risen 12% over the past five years to £3.2m on average globally, with a 10.56% increase in the UK in the past year alone to £2.99m on average, a study reveals.

In the UK, the average size of a data breach has increased 3.6% and the per capita cost per lost or stolen record is £119, which represents an increase of 9.69% from 2018 and has nearly doubled in the past ten years, according to the annual Cost of a data breach report conducted by the Ponemon Institute and sponsored by IBM Security.

The rising costs are representative of the multiyear financial impact of breaches, increased regulation and the complex process of resolving criminal attacks, the report said.

The report based on in-depth interviews with more than 500 companies around the world who suffered a breach over the past year, including 45 in the UK, and takes into account hundreds of cost factors including legal, regulatory and technical activities to loss of brand equity, customers, and employee productivity.

The study found that data breaches in the US are the most expensive, costing $8.19m (£6.6m), or more than double the average for worldwide companies in the study, and that the cost for data breaches in the US has increased by 130% over the past 14 years from $3.54m (£2.8m) in the 2006 study.

The financial consequences of a data breach, the report said, can be particularly acute for small and midsize businesses. Globally, companies with fewer than 500 employees suffered losses of more than £2m on average, which is a potentially crippling amount for small businesses, which typically earn £40.1m or less in annual revenue.

The report also examined the longtail financial impact of a data breach, finding that the effects of a data breach are felt for years. While an average of 67% of data breach costs were realised within the first year after a breach, 22% accrued in the second year and another 11% accumulated more than two years after a breach.

A co-ordinated global cyber attack could have an economic impact of up to $193bn, an insurance industry-backed report claims.

Most businesses are not applying common encryption tools effectively to contain the fallout and costs of data breaches, research shows.

Despite the danger posed by cyber attacks to mid-sized companies, boards are not prepared to manage the risk and firms are over-confident in their cyber capabilities, report finds.

The longtail costs were higher in the second and third years for organisations in highly regulated environments, such as healthcare, financial services, energy and pharmaceuticals.

“Cyber crime represents big money for cyber criminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services.

“With organisations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs,” she said.

The report found that malicious breaches are the most common and most expensive, with 51% of data breaches in the study in the UK and globally resulting from malicious cyber attacks (up from 42% globally in the past six years) and costing companies £805,000 ($1m) more on average than those originating from accidental causes.

However, the report said inadvertent breaches from human error and system glitches were still the cause for nearly half (49%) of the data breaches in the report, costing companies £2.8m ($3.5m) and £2.6m ($3.24m) respectively.

These breaches from human and machine error represent an opportunity for improvement, the report said, which can be addressed through security awareness training for staff, technology investments, and testing services to identify accidental breaches early on.

One particular area of concern is the misconfiguration of cloud servers, which contributed to the exposure of 990 million records in 2018, representing 43% of all lost records for the year, according to the IBM X-Force Threat Intelligence Index.

“Mega breaches” the report said, typically lead to “mega losses”. While less common, breaches of more than one million records cost companies a projected £33.8m ($42m) in losses, and those of 50 million records are projected to cost companies £312m ($388m).

For the 9th year in a row, the study found that healthcare organisations had the highest cost of a breach of nearly £5.2m ($6.5m) on average, which is more than 60% greater than other industries in the study.

The report notes that the past 14 have shown that the speed and efficiency with which a company responds to a breach has a significant impact on the overall cost.

This year’s report found that the average lifecycle of a breach was 279 days, with companies taking 206 days to first identify a breach after it occurs, and an additional 73 days to contain the breach.

Incident response
The study shows that companies with an incident response team that also extensively tested their incident response plan experienced £990,000 ($1.23m) less in data breach costs on average than those that had neither measure in place. While companies that were able to detect and contain a breach in less than 200 days spent £965,000 ($1.2m) less on the total cost of a breach.

This appears to be an area that needs some attention in the UK, where the mean time to identify the data breach increased from 163 to 171 days from 2018 and the mean time to contain the data breach increased from 64 to 72 days.

Globally, the study found that companies that had fully deployed security automation technologies experienced around half the cost of a breach (£2.1m on average) compared with those that did not have these technologies deployed (£4.15m on average).

Extensive use of encryption was also a top cost saving factor, reducing the total cost of a breach by £289,000, the study shows.

Breaches originating from a third party – such as a partner or supplier – cost companies £297,000 more than average, the report said, emphasising the need for companies to closely vet the security of the companies they do business with, align security standards, and actively monitor third-party access.

By Jack More for Mashable 

They wouldn’t have numbered it if it was the only one.

On 16 January, security research Troy Hunt uploaded a massive cache of leaked e-mails and passwords to his invaluable website have i been pwned.

The 87GB dataset, dubbed “Collection #1,” was admittedly years old, and had been passed around by hackers for some time now. Still, the sheer scale of it — containing over 772-million email addresses — turned heads. Hold onto your digital butts, because as Krebs on Security reports, you ain’t seen nothing yet.

According to Krebs, the Collection #1 data breach is, unsurprisingly, part of a much larger collection of stolen online credentials being sold online. And, taken as a whole, it dwarfs Collection #1’s size.

Just how big are we talking? According to the hacker allegedly selling access to the data who communicated with Krebs over Telegram, the entire data set of email addresses and passwords comes close to 1TB. Brian Krebs, the infosec journalist behind Krebs on Security, tweeted a screenshot purportedly depicting a page listing the data for sale.

In addition to the 87GB Collection #1, there’s a 526GB Collection #2, a 37GB Collection #3, a 178GB Collection #4, a 42GB Collection #5, and two other folders totaling an additional 126GB worth of credentials.

The seller told Krebs that, in total, they had close to 4TB of so-called password packages. Yeah, that’s a lot. According to the image above, the “Price for access lifetime” is only a cool $45 (R630).

So your email, along with one or more passwords to various throwaway online accounts you’ve used and discarded over the years, is likely being traded on the dark web. What does this mean for you?

Well, if you’re smart about your online security, probably not too much immediately. Assuming you use unique passwords for each account online — and you definitely should — any of your passwords contained in the dataset would only gain a hacker access to one specific online service. Like, say, your old Tumblr account. And, if you use two-factor authentication, you’re likely in the clear.

However, all this goes out the window if a hacker gets access to your main email account and can initiate password resets. And if the email account in question just so happens to share a password with your now-defunct Neopets account or whatever? You might legit be in trouble. Consider getting a password manager, and make sure your email has a unique password and 2FA.

And then go about your normal online business, comfortable in the knowledge that your personal data is being sold to hackers for the low, low price of $45 (R630).

To see whether your email address has been breached, visit have i been pwned.

By Shanice Naidoo for IOL

A Bloubergstrand man had his Absa business account swindled out of R3.1 million while he was in Miami for two months.
Feruccio Ferucci left Cape Town in October without suspecting that his banking information had been stolen.

Around the end of October, his Vodacom SIM card stopped working as well as his internet banking. Growing suspicious, he contacted his daughter in Cape Town to find out from Vodacom what had happened. They informed her that a SIM swap had been done.

“I did not authorise the SIM swap. My phone stopped working for about three weeks and then started working again.

“I haven’t heard anything from Vodacom telling me what happened because my phone just started working again three weeks later,” said Ferucci.

When he returned on December 2, he was shocked to find out from his staff about transactions which were not approved by them at his business in Paarl or by himself. These were fraudulent transactions which had gone off the business account during two of the weeks which his phone had not been working equating to R3.1m.

“These transactions were around R300 000 each and there were about ten transactions. I then contacted my attorney and he referred me another attorney who specialises in this type of crime. I then wrote a protest letter to Absa threatening to close my account with them and my money was refunded around December 23,” said Ferucci.

On speaking to the new attorney, he was told that this was often done to people who are overseas because perpetrators assume one would not check their phone regularly.

“The attorney told me that 90% of the cases he deals with involved people who went overseas. There is no doubt in my mind that what happened to me was promoted by employees of both Vodacom and Absa.

“They probably didn’t steal the money but they probably sell the information,” said Ferucci.

Both Absa and Vodacom have said they are investigating the matter.

IRS Forensic Investigations, which investigates financial, organised and cyber crimes director Chad Thomas said sim swaps are a major issue, with some victims reporting that they have become victims of crime while their phones have been off while they have been travelling long distances.

However, the breach of personal data, including credit card numbers is not just confined to individual hacks via trojans or malware but is also as a result of highly sophisticated cyber attacks on data stored by corporates.

“People need to take cognisance of the fact that a sufficiently determined and capable hacker can take over someone’s online footprint if the correct measures are not taken to protect their information. However, it is not just the individual that needs to take precautions, but also corporates that are storing client’s information and have a responsibility to safeguard that information,” said Thomas.

Source: IT News Africa

As South Africa’s business sector continues to expand across a myriad of digital platforms, cybercrime continues to threaten this burgeoning digital sphere. “There are many victims of cybercrime, with limited recourse available in terms of current South African law. The need for tighter and more effective legislation is pressing,” says Grant Christianson, e4’s Group Legal Advisor.

The end of October 2018 hopefully saw the legislative cycle for the Cybercrimes Bill nearing completion, as the Department of Justice and Constitutional Development tabled an updated version. Christianson says that the existing laws have become problematic in adequately combatting cybercrime and the new Bill is needed to effectively “fill-the-gaps” that exist in current legislation and the common law.

“According to the South African Banking Risk Information Centre (SABRIC), South Africa’s annual loss is estimated at R2,2 billion, making it a significant threat to an already volatile economy.”

While the Bill does no longer address cybersecurity, he says that it will provide a framework for combatting cybercrime. Initially drafted in 2015, it addresses criminal activity that is computer-based and is related to unlawful access to, interference with or distribution of data, electronic communications, information systems and networks. He says the Bill also creates new offences for hacking; phishing, cyber bullying, unlawful interception and distribution of data, ransomware, cyber forgery and extortion, as well as acts involving malware and identity theft. Anyone convicted is likely to be fined and/or imprisoned up to 15 years.

The Bill is also expected to align with international best practice: “There will be a requirement to co-operate with other countries to effectively deal with multi-jurisdictional cybercrime activity, as often the cyber offence is created in one jurisdiction and felt in another,” says Christianson.

As a country, with the third highest number of cybercrime victims worldwide, South Africa is a target. Christianson says that mobile technology will further impact users as the country’s growing reliance on the app economy and other mobile trends will drive cyber criminals to penetrate mobile networks: “As devices become more connected and smarter, users are more exposed and so the threat grows. Digitisation is a trend that has no end in sight and while it brings with it innovation and exciting changes, cybercrime continues to grow in parallel.”

While the timeframe for the Bill’s signature is uncertain, Christianson says that it is at least in its final stages and once signed into law, the law-enforcement industry can become more proactive in its pursuit of cybercriminals.

Source: Fin24

South African businesses of all sizes, including educational institutions, have been particularly hard hit by an onslaught of cyber-attacks, although this is not always public knowledge, according to Kerry Curtin, cyber risk expert at Aon South Africa.

Cyber risk was ranked as the #1 risk facing educational institutions and is likely to remain so for the foreseeable future, according to Aon’s 2018 global risk management survey.

Curtin says the potential theft or leakage of data, particularly confidential information in an educational setting, should be top of the list in risk planning.

“The need to strengthen institutional resiliency against potential damage, compromising hacks and downtime is crucial,” she adds.

This is because schools, like any other business, are increasingly dependent on technology. The knock-on effect of a cyber incident at an educational facility has the potential to be financially and reputationally catastrophic.

For example, in 2016 it was reported that the University of Limpopo’s website was taken down, leaking exam papers and the details of over 18 000 students, in addition to perpetrators publicly posting what was believed to be the login details for the University’s intranet.

The sheer number of cyber-attacks on educational institutions suggests that the sector is not as prepared as it should be in its efforts to safeguard networks, according to Curtin.

Aon provides the following tips for the education sector:

Safeguard institution-owned devices

All computers, laptops and smart devices owned by the educational institution should at the very least have a current anti-virus programme installed, in addition to adware and malware protection.

One of the biggest threats to any business is the people operating these devices and their naivety regarding cyber risks, so education is key.

BYOD policy

The practice of students and staff members bringing devices to school or university that interact with the institution’s network is very likely. The first line of defence is keeping guest devices separate from the network, allowing the institution to keep data secure on an administrative network, as well as monitor traffic more closely.

When it comes to sending sensitive information, it is crucial to implement a secure file exchange solution that can protect against cyber threats such as phishing scams.

Multi-factor authentication

While passwords alone do not provide adequate levels of security and hackers are able to circumvent physical biometrics such as fingerprint identification as a single layer of authentication, Multi-Factor Authentication (MFA) is fast becoming the next line of defence.

Social media policy

Not only does the policy need to stipulate what is deemed as acceptable behaviour from employees and students, but it also needs to explain what the benefits are of becoming an ambassador for the brand and the legal ramifications inherent to social media platforms.

Source: MyBroadband

If your bank card gets stolen and you cancel it, this does not automatically mean that all payments from it will be blocked.

This was the case when two FNB customers contacted MyBroadband about their frustrating experiences with the bank.

The customers both had their FNB bank cards stolen in different scenarios – and both contacted FNB to have their cards cancelled.

Despite cancelling the cards, both users noted small payments still going off their bank accounts via card transactions.

The charges were toll gate fees.

In one case, the customer reportedly asked FNB why the cancelled card could still make transactions. He said he was told by FNB that he would have to blacklist the card, on top of cancelling it, to stop the transactions.

In the other case, the customer stated that all he could do was get a refund for the toll gate fees.

This customer subsequently contacted the toll gates where his card was being used to ask them to block transactions on it.

He also managed to obtain an image of the vehicle using his stolen card – it was a white Toyota minibus taxi with a Gauteng registration.

FNB responds
MyBroadband contacted FNB for feedback on the matter, and the bank confirmed that the bank cards were cancelled as described above.

“Unfortunately, due to toll gate merchants operating in an offline environment, this prevents them from obtaining authorisation from the bank for transactions of this nature. As a result, additional transactions were posted,” said FNB.

“The customer will not incur any loss resulting from fraud in this scenario.”

FNB was asked what a bank customer should do to ensure their cancelled card is not used to make these types of transactions, but the bank did not provide feedback.

Offline transactions
According to PASA (Payments Association of South Africa) documents, lost and stolen card fraud at toll gates has been highlighted as a significant concern in recent years.

“Although toll card transactions are a card present transaction, fast throughput of vehicles is important and transactions are thus processed in an offline and delayed manner – cleared in batch,” states PASA.

“Importantly, unlike any other offline card present card transactions, toll gate transactions are not verified by the cardholder in any way.”

It added that while toll gate transactions are checked against the “Hot Card” file, this “only contains a limited number of all lost and stolen card details”.

Bug proves lethal to Google+

Source: Business Day

Google is shutting down the consumer version of its online social network after fixing a bug exposing private data in as many as 500 000 accounts.

The US internet giant said it will “sunset” the Google+ social network for consumers. It failed to gain meaningful traction after being launched in 2011 as a challenge to Facebook.

A Google spokesperson cited “significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations” along with “very low usage”.

In March, a security audit revealed a software bug that gave third-party apps access to Google+ private profile data that people meant to share only with friends. Google said it was unable to confirm which accounts were affected by the bug, but an analysis indicated it could have been as many as 500 000 Google+ accounts.

“We found no evidence that any developer was aware of this bug … and we found no evidence that any profile data was misused,” Google said in a blog post.

The data involved was limited to optional profile fields, including name, age, gender, occupation and e-mail address, Google said. Information that could be accessed did not include posts, messages or telephone numbers.

Google did not specify how long the software flaw existed, or why it waited to disclose it.

The Wall Street Journal reported that Google executives opted against notifying users earlier because of fears it would catch the attention of regulators.

Google will wind down Google+ during the coming 10 months to allow people time to download pictures, videos or other data they want from their accounts. It plans to add new workplace-orientated features to enhance the appeal of Google+ as a “secure corporate social network” to be used inside business operations.

“We have many enterprise customers who are finding great value in using Google+ within their companies,” the firm said.

“Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions.”

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top