Tag: cybercrime

4m African web addresses have been stolen

Source: Business Insider SA

More than four million IP addresses have been misappropriated in what has been called Africa’s greatest internet heist. The extent of the theft, which first drew red flags back in 2016, has now been fully uncovered, revealing a trail of corruption, coverups, and a burgeoning black-market trade.

The results of an internal audit undertaken by the African Network Information Centre (AFRINIC) have finally been made public after almost two years of waiting. AFRINIC, which is responsible for the allocation and management of IP addresses on the continent, began its investigation after being contacted by the United States’ Federal Investigation Bureau (FBI) in 2019.

Four years before the FBI drew attention to the numerous anomalies – and the Supreme Court of Mauritius, where it is headqaurtered, served AFRINIC with an order to investigate – the information centre was tipped off by internet investigator Ron Guilmette.

Guilmette’s collaboration with local tech publication, MyBroadband, resulted in a report which implicated AFRINIC co-founder and engineer Ernest Byaruhanga as the mastermind behind the heist.

In total, 4.1 million IP addresses were stolen, 2.3 million from AFRINIC’s “free pool” and a further 1.7 million “legacy” IP addresses. They were worth around R1.3 billion, according to MyBroadband.

An IP, or Internet Protocol, address allows devices to communicate with each other, by assigning a unique number to each device.

The current generation IPv4 addresses are, however, in seriously short supply. This shortage has, in turn, made IP addresses valuable.

AFRINIC tracks and manages IP addresses through the WHOIS system, which, as the title describes, records who or what is using a specific address. As part of its latest report on the theft, AFRINIC admits that its WHOIS database was severely compromised by internal staff who “acted in collusion with other third parties”.

IPv4 addresses, which were already reserved and in use by major organisations, were effectively hijacked and sold. These reappropriated IP addresses were used to forward spam, breach data records, and compromise websites.

Dozens of South African-based companies and organisations were impacted.

The Free State Department of Education and Anglo American both lost IP addresses to the value of almost R20 million, while the now-defunct Infoplan, which previously managed the Department of Defence’s information systems, was the worst hit, losing addresses worth approximately R80 million.

Three whole IP blocks, equating to almost 200,000 individual addresses, belonging to Woolworths were misappropriated. MyBroadband estimates the value of these stolen addresses to exceed R58 million.

Similarly, three IP blocks belonging to Nedbank – historically associated with Cape of Good Hope Bank Limited, Syfrets, and NBS Bank – were also part of the heist.

Other major South African organisations which had their IP addresses misappropriated include Nampak, Sasol, the City of Cape Town’s Directorate of Information Services, Transnet, and Independent Media’s Argus Holdings.

Approximately 1.5 million IP addresses have been reversed or reclaimed as part of AFRINIC’s audit. Most other addresses are still pending, as the result of a review process determining rightful custodianship.

 

Source: ITWeb

In 2020, Kaspersky detected a global average of 360 000 new malicious files each day, an increase of 5.2%, or 18 000 more, compared to the year before.

According to the security giant, this was influenced largely by a significant growth in the number of Trojans and backdoors, with a 40.5% and 23% increase respectively.

These were the findings of the Kaspersky Security Bulletin: Statistics of the Year Report.

Adware declines
On the plus side, adware is on the decline globally, and this scourge experienced a 35% decrease when compared to the previous year. However, not all regions were so lucky, with some noting an increase. In SA, for example, by the end of October last year, the average adware notifications per user increased slightly to over 33 in comparison to 32 for the whole of 2019.

It was also expected that for the duration of 2020, more than 256 000 South Africans would have been hit with adware.

The vast majority of malware detected, nearly 90%, occurred via Windows PE files – a file format specific to Windows operating systems. Concurrently, the number of new malware related to Android operating systems dropped by 13.7%.

Capitalising on remote workers
Given that remote working and studying were the order of the day during the pandemic, most likely on computers and laptops, threat actors seem to have shifted their focus to these devices.

Kaspersky saw a 27% increase in the number of different scripts – sent via malicious e-mail campaigns or encountered on infected Web sites, which could, once again, reflect the fact that people spent more time on the Internet and cyber criminals hoped to capitalise on that.

Denis Staforkin, a security expert at Kaspersky, said the rise in the number of malicious objects detected during 2020 can be attributed to the pandemic, as users across the globe were forced to spend more time on their devices and online.

“It’s hard to know whether or not attackers were more active or our solutions detected more malicious files simply because of greater activity. It could be a combination of both. Either way, we have registered a noticeable increase in the number of new malicious files in 2020, and this will most likely continue in 2021 as employees continue to work from home and countries implement different restrictions. However, if users take basic security precautions, they can significantly lower their risk of encountering them,” he says.

Better than cure
In order to stay protected, Kaspersky recommends that users pay close attention to and don’t open any suspicious files or attachments received from unknown sources. Also, the company advises to double-check the URL format and company name spelling before you download anything, to not download and install applications from untrusted sources, or click on any links received from unknown sources and suspicious online advertisements.

“Create strong and unique passwords, including a mix of lower-case and upper-case letters, numbers and punctuation, and activate two-factor authentication. Also, always install updates. Some of them may contain critical security issues fixes.”

Finally, Kaspersky counsels to ignore messages asking to disable security systems for office software or antivirus software, and to always use a robust security solution appropriate to the system type and devices.

 

Source: MyBroadband, ESET

It’s time to file that tax return at SARS! Whilst many of us cannot wait for our refunds, this is also a time of the year where cybercriminals are waiting to attack. Sadly, with the tax season comes tax scams with cybercriminals seeking to steal your tax refund.

Carey van Vlaanderen, CEO at ESET South Africa explained: “Whilst we like to think we have become wiser to email spams and scams, cybercriminals are often in the perfect position to “fine tune” their attacks. If one attack doesn’t work, they simply adapt and improve, and then spam it out again.”

ESET offers the following tips to stay safe during the tax return season:

1. Are you worried you’re being phished? Look at the bait
Always look at who the email is from. It’s possible to fake any email address, but not all phishers are this clever – they may use a random email address that gives the game away. “Check the link that you’re supposed to click by hovering your mouse over it to display a pop-up message with the real link in it. Look closely. Does the address make sense? If any alarm bells start to ring, don’t click,” said van Vlaanderen.

2. Tax returns, invoices, wedding invitations – cybercriminals use them all
To a cybercriminal, nothing is sacred – wedding invitations, invoices and tax returns are all commonly used tactics. Always think hard before opening any attachment – even ones that seem to come from friends. It’s unlikely that SARS are asking you to refile your tax returns so please do not click.

3. Be extra careful around short URLs
If there isn’t a cap on the number of letters, why has someone shortened the link? You cannot take it for granted that URL shortening services are redirecting you to trustworthy websites.

4. Telephone numbers are not a guarantee an email is real
Do not trust professional looking emails where there is a phone contact number – this is often another cybercriminal trick. The number may work, but you will be connected to a scammer who will attempt to fool you into handing over further details.

5. Don’t auto-load images
Leave your email messages so your images aren’t automatically downloaded – otherwise you could be sending a signal to spammers. Images are often stored on the spammer’s servers and can be unique to your email. By turning on pictures in an email your computer downloads the images from the spammer’s servers, showing that you exist.

6. Is SARS really calling?
“It’s doubtful SARS will be calling you and they definitely are not going to offer any sort of gift card for filing early. If you get weird emails or phone calls, ignore them, or hang up. Always follow your gut.”

7. Encryption is the only way to go
If you file online look for encrypted websites. Make sure the website your visiting has HTTPS in front of the URL. Typically, it will have a green or grey lock showing it’s a secure connection. The last thing you want to do is share your extremely private information associated with taxes unless you’re on an encrypted website.

8. Did someone beat you to filing your tax return?
Identity theft is growing. In the USA alone, almost 60 million people have been affected – that is more than 1 in every 6 Americans. Cybercriminals will use any opportunity to monetise the effort they have taken to steal an identity, and at this time of year it’s probably tax identity theft for the purposes of tax refund fraud.

The cybercriminal’s target is not only the individual but also the tax professionals who prepare and file taxes for many clients potentially providing a single place for a cybercriminal to gain all the necessary data to file returns for many individuals.

It’s important that good data security practices and technology are in place for both individuals and tax professionals and are reviewed for effectiveness on a frequent basis.

“The next time a person or website requests personal data, ask some questions – do they really need it, how long will they store it, will it be protected, do I trust them to secure it?” said Van Vlaanderen. “The collection of personal data is, for some, a business that provides great rewards – as consumers we need to engage in the protection of our identity by being less willing to hand over our data to just about anyone who requests it.”

In a nutshell, to protect yourself, use up-to-date security software as offered by ESET, strong and unique passwords or passphrases, and encryption; and avoiding phishing scams by checking links and following your gut.

Reporting scams to the relevant authorities allows them to ascertain the scale of the issue and potentially track down the perpetrators and bring them to justice.

To find out more about ESET online security offerings, pleas click here. For more information on ESET, please visit their website, or follow them on Instagram and Facebook for updates and news.

According to a recent MyBroadband article,  Telkom has fallen victim to the group behind the Sodinokibi ransomware, also known as REvil.

The group has claimed responsibility for the attack and has threatened to leak the Telkom client database on its the Dark Web blog.

The REvil / Sodinokibi group is one of several ransomware operators that steals sensitive data from victims and leaks it on the dark web if their targets don’t give in to their extortion demands.

The group has recruited a team of affiliates who carry out attacks on corporate networks.

According to speculation, the group may have tried to extort $1-million out of Telkom.

The company denied that its systems had been infected with ransomware.

Staff working remotely were unable to connect to servers or the Telkom virtual private network.

 

By Davey Winder for Forbes

At the start of May, I reported on a critical security vulnerability that could impact every Samsung Galaxy smartphone sold from late 2014 onwards. That zero-click bug scored a perfect 10 on the vulnerability severity scale. The good news was that it had been patched in the Samsung May 2020 security update. Just as Android users were recovering from that security shocker, and some have yet to get that update on their devices, it should be noted, along comes one more.

This time it’s in the form of another critical vulnerability, but rather than applying to Samsung devices only, it’s an issue that exists in almost every version of Android. Only users of Android 10 need have no concern here, all other versions of Android, however, are potentially affected. Given that, in April, Android 10 only accounted for around 16% of users, and Google itself says there are at least 2 billion Android users out there, that’s north of 1 billion Android devices potentially at risk.

The risk being that, if exploited by an attacker, this vulnerability could lead to an elevation of privilege and give that hacker access to bank accounts, cameras, photos, messages and login credentials, according to the researchers who uncovered it. What’s more, it could do this by assuming “the identity of legitimate apps while also remaining completely hidden.”

What is StrandHogg 2.0?
Researchers at a Norwegian security company called Promon discovered CVE-2020-0096, which they called StrandHogg 2.0: the more cunning “evil twin” to the original Android StrandHogg vulnerability it also found last year. “While StrandHogg 2.0 also enables hackers to hijack nearly any app,” the researchers said, “it allows for broader attacks and is much more difficult to detect.”

Rather than exploit the same TaskAffinity control setting as the original StrandHogg vulnerability, StrandHogg 2.0 doesn’t leave behind any markers that can be traced. Instead, it uses a process of “reflection,” which allows it to impersonate a legitimate app by using an overlay into which the user actually enters credentials. But that’s not all; it also remains entirely hidden in the background while hijacking legitimate app permissions to gain access to SMS messages, photos, phone conversations, and even track GPS location details. Using the “correct per-app tailored assets,” the Promon researchers said, StrandHogg 2.0 can “dynamically attack nearly any app on a given device simultaneously at the touch of a button.”

Stealthier than your average StrandHogg
Detection would also appear to be more complicated than the previous StrandHogg vulnerability. “No external configuration is required to execute StrandHogg 2.0, it allows the hacker to further obfuscate the attack,” the researchers said, “as code obtained from Google Play will not initially appear suspicious to developers and security teams.”

However, Google told TechCrunch, which broke the StrandHogg 2.0 news, that it had not seen any evidence of the vulnerability being exploited to date. I reached out to Google and a spokesperson told me: “We appreciate the work of the researchers, and have released a fix for the issue they identified. Additionally, Google Play Protect detects and blocks malicious apps, including ones using this technique.” The latter being important as exploitation of the vulnerability requires the device to already be infected by a malicious app.

How can you mitigate this critical Android vulnerability?
It’s not all bad news for Android users, though. Those with devices running Android 10 are not impacted. There’s more good news for those of you who are, however, running Andorid 9 or earlier, as Google included a patch for CVE-2020-0096 in the May 2020 Android security update. It was described there as a critical vulnerability that could enable a local attacker to use a specially crafted file to execute arbitrary code within the context of a privileged process. The usual fractured ecosystem warnings from me have to be flagged up at this point: many users will not see that update rolling out to them immediately, and some may never see it at all if they have an older unsupported device.

Tod Beardsley, research director at Rapid7, said that “since the fix for this bug is part of the core Android operating system, Android users are once again at the mercy of their handset manufacturers and their service providers, who are often slow to act when it comes to distributing security patches. People who are worried about this bug in particular should keep a close eye on when the fix for CVE-2020-0096 hits their particular distribution.”

“Attackers looking to exploit StrandHogg 2.0 will likely already be aware of the original StrandHogg vulnerability, and the concern is that when used together, it becomes a powerful attack tool for malicious actors,” Tom Lysemose Hansen, Promon CTO and founder, said. He recommends Android users update to the latest firmware as soon as they can, and advises app developers to “ensure that all apps are distributed with the appropriate security measures in place in order to mitigate the risks of attacks in the wild.”

“Android device users need to be cautious of the apps they choose to install. Even as Google works to protect their users, malicious apps will still likely slide past their screening process on occasion,” Boris Cipot, a senior security engineer at Synopsys, said. “One way that users can stay alert and mindful is to do a bit of research on the app developers before downloading a given app. Check where the app comes from and if anything seems off, then think twice before proceeding with installation,” Cipot concluded.

Promon has issued a disclosure timeline, which shows it notified Google of the vulnerability on December 4, 2019, and an ecosystem partner patch was rolled out in April 2020 before the public fix within the latest Android security updates for users.

SA sees spike in network attacks

According to Kaspersky, a major spike in network attacks took place in South Africa last week. Affected devices increased from 20,000-30,000 to about 310,000 in the period spanning from 15 – 21 March.

This has coincided with an increase in remote working in the country, after President Cyril Ramaphosa announced first a National State of Disaster and then a 21-day lockdown.

“Remote working provides cybercriminals a prime opportunity to target devices, especially those that don’t necessarily have adequate IT security measures in place,” Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky, said in an interview with MyBroadband.

“Such a spike recorded, although temporary, leads us to believe that cybercriminals have keenly been focused on the region given the current circumstances.”

Protecting your networking during lockdown

Kaspersky provided a variety of tips employees should follow when working remotely during the impending lockdown:

  • Make use of a VPN to connect securely to the corporate network
  • Use multi-factor authentication wherever possible
  • Ensure all corporate devices – including mobiles, laptops and tablets are protected with adequate security software
  • Segregate your personal devices/life from corporate computers
  • Ensure the latest available updates are installed regularly
  • Only use corporate-approved teleconferencing software
  • Practice basic cybersecurity rules

 

Beware of these corona-related scams

The South African Banking Risk Information Centre (SABRIC) has warned bank clients that cybercriminals are exploiting the current “Coronamania” panic to spread Coronavirus scams.

Coronavirus scams exploit people’s concerns for their health and safety and pressure them into being tricked using social engineering. Social Engineering is manipulative and exploits human vulnerability because criminals know that the weakest link in the information security chain is the human being.

These new scams include spoofed emails offering products such as masks, or fake offerings of vaccines, leading to phishing websites. These emails come from seemingly realistic and reputable companies which manipulate people into clicking on links. Some of these websites prompt the user for personal information which ending up in the hands of cybercriminals.

Cybercriminals are also using SMS Phishing, more commonly known as SMishing, to trick victims into clicking on a link disguised as information on a Coronavirus breakout in their area to steal their credentials. Some of these texts claim to provide free masks or pretend to be companies that have experienced delays in deliveries due to the Coronavirus.

Once criminals have the correct level of confidential information about a victim’s bank account, they can impersonate the victim and transact using the correct credentials but without authority.

“Although some spoofed emails can be difficult to identify, we urge bank clients to think twice before clicking on any link, even if an email looks legitimate. Any suspicious emails should not be opened and are best deleted,” says SABRIC acting CEO, Susan Potgieter.

SABRIC urges bank clients to take note of the following tips to protect themselves:

Phishing and SMishing

  • Do not click on links or icons in unsolicited emails
  • Never reply to these emails. Delete them immediately
  • Do not believe the content of unsolicited emails blindly. If you are concerned about what is being alleged in the email, use your own contact details to contact the sender and confirm
  • Check that you are on the authentic/real site before entering any personal information
  • Do not click on links or icons in unsolicited SMSs
  • Do not reply to these SMSs. Delete them immediately
  • Do not believe the content of unsolicited SMSs blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm
  • Regard urgent security alerts, offers or deals as warning signs of a hacking attempt

Source: Fin24

An infamous Russian-speaking hacking group – referred to as Silence – is the likely culprit making thousands of attempts to hack major banks in sub-Saharan Africa, cybersecurity company Kaspersky Labs said on Monday.

The group is called Silence because of the silent monitoring done via their malware. They have already carried out a number of successful campaigns targeting banks and financial organisations around the globe.

According to Kaspersky, the typical scenario of an attack begins with a social engineering scheme, as attackers send a phishing e-mail that contains malware to a bank employee.

From there, the malware gets inside the banks’ security perimeter and lays low for a while, gathering information on the victim organisation by capturing screenshots and making video recordings of the day-to-day activity on the infected device.

“Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. The score sometimes reaches millions of dollars,” says Kaspersky.

“The attacks detected began in the first week of January 2020 and indicated that the threat actors are about to begin the final stage of their operation and cash out the funds. To date, the attacks are ongoing and persist in targeting large banks in several SSA countries.”

Kaspersky accordingly advises financial organisations to introduce basic security awareness training for all employees so that they can better distinguish phishing attempts. Banks should also monitor activity in enterprise information systems and prepare an incident response plan to be ready for potential incidents in the network environment.

In August 2019 Kaspersky reported a cyber attack in which South Africa was apparently among 17 countries targeted by North Korean hackers, related to the activity of the so-called Lazarus group. They also targeted banks and other financial institutions.

SA ranks high in global survey on cyberbullying

South Africa showed the highest prevalence of cyberbullying in a recent report by Ipsos Global, based on research in 28 countries. The report showed that more than 80% of South Africans said they were aware of cyberbullying and almost three-quarters of South Africans believe that the anti-bullying measures that are in place are insufficient. A Vodafone survey from 2018 ranked South Africa fourth for teen cyberbullying out of 13 countries, and Dean McCoubrey, founder of MySociaLife, a South African in-school Digital Life Skills Program teaching digital life skills program for schools, says that it’s likely even more prevalent, based on student feedback.

Vodafone survey

Cyberbullying is real, it’s here, and it’s harming South African children and teenagers daily, with its effects often being mistaken for ‘kids just being kids’ by parents who are yet to understand how rife and damaging cyberbullying can be. Anti-Bullying Week 2019, from 11-15 November, is a good time for schools to pay attention to the extent of cyberbullying, and for parents to get a handle on what they can do to avoid and deal with it.

“The challenge with cyberbullying is that parents can’t permanently monitor their child’s devices,” explains McCoubrey, whose programme teaches thousands of students, parents, teachers and psychologists to help children feel safer and behave smarter online.

“Parents and teachers need specifics – not just the broad term of ‘cyberbullying’ – as this is a broad and elusive form of ‘warfare’ on these devices – and parents will definitely find it difficult to track or understand what’s actually going on.

He shares the five faces of cyberbullying:

  • Children can use negative, harmful, false images or text, chat, apps or social media posts to embarrass or threaten someone.
  • The sharing of personal or private information that may cause the victim to feel embarrassed or humiliated. This can surprisingly hail from a friend (a practical joke) or a former friend, turned enemy. In that event, the controlling of a person’s account, posting photographs, starting rumours, or changing profile photos can also occur.
  • Faking profiles, known as ‘catfishing’, when bullies create new accounts and borrow profile photos and names and pretend to be a person to create a false relationship – sometimes sharing the personal and confidential declarations made in confidence.
  • Sexting or sextortion is the sharing of nude photographs either within group chats, or on social media sites, or websites (although less likely due to the possibility of tracking the source of the publisher). Sextortion is focused more on the threat and bribery associated with publishing photographs, rather than the act itself.
  • Video shaming is the sharing of videos of someone being embarrassed, threatened or hurt, and then publishing these to allow the content to go wider, or even viral, compounding the psychological harm.

Students and parents have a few options:

  • Record: Most importantly, kids need to be reminded to record the cyberbullying event by using the device to take a screenshot, and even send the screenshot to a safe place (email, storage) so you can take it off your device. This can be used to prove the problem exists as bullies are cunning and cover their tracks.
  • Don’t take the bait: As difficult as it may seem, reacting is what the bully wants, and kids need to avoid the situation, and remove themselves from groups or feeds which aren’t supporting their mental health. It may be hard but it’s necessary.
    Seek support: Parents and schools need to create safe spaces to discuss the issues and not ‘freak out’ – students often say that reactive parents and teachers who tackle the issue too abruptly can snowball or magnify the problem. Adults need to handle situations calmly with patience and maturity.
  • Engage: From a mental health perspective, students need support, but it’s essential to select a trusted expert. This may be a counsellor or senior figure in the school to assist with the situation. Alternatively you can seek out a social media lawyer or the police, dependent on the extent of the harm. Suggestions include SafetyNet for bullying, or the South African Depression and Anxiety Group for mental health concerns.

In conducting MySociaLife’s interactive social media and safety program, which includes a module about cyberbullying, McCoubrey has been surprised by students coming forward and admitting they had no idea of the extent of cyberbullying, the different sensitivities of human beings, and how different images, social media posts, chat forums and messages can hurt people, and impact them long-term. McCoubrey explained that of the ten modules they teach; cyberbullying is the #1 problem followed by mental health and self-esteem, then privacy and security and sexuality online.

But cyberbullying is an issue which starts early and continues throughout. It’s the nature of social media – we feel we have a voice to say good and bad things! “These are kids, and because they look savvy online, it doesn’t mean they have the maturity to handle the device.

“Four out of 10 kids don’t want to share their concerns. We need to find a way to engage, a safe platform to discuss these concerns, without withdrawing them from their community, unless of course that’s a necessity to keep them safe.

According to Commonsense Media, there are four parties involved in a cyberbullying situation: the cyberbully that’s using digital tools to deliberately upset or harass their target – the victim of cyberbullying. The bystanders are aware that something cruel is happening, but who stay on the side-lines out of indifference or fear of becoming targets themselves. The upstanders are the kids who actively try to stop the cyberbullying cycle, whether it’s by sticking up for the victim, standing up to the bully, or notifying the appropriate authorities about what’s happening.

“Parents and teachers can use Anti-Bullying Week to make children aware that it’s everyone’s responsibility to make the online and real life worlds a safe place,” says McCoubrey. “Anyone can be an upstander by reporting a bully, flagging a cruel comment, or even just choosing not to forward or share cyberbullying content. Doing so will stop a cyberbullying episode from escalating, and will reduce or even remove the bully’s power.

“It’s also important to have open paths of communication with everyone and to continue talking about how to prevent cyber bullying from happening. That is why every school should have a digital life skills program in place,” he says.

Retailers must prepare for cybercrime spikes

Retailers are increasingly coming under attack by cybercriminals, and there is little wonder why. They process payments on oftentimes unprotected Point of Sale (POS) systems, transfer large sums of money, and store and process sensitive customer information, such as banking and card information. They also process more online banking and card transactions. Cybercrime attacks on retail businesses tend to spike over the festive season, starting with Black Friday and Cyber Monday when transactions spike dramatically.

Protecting customers’ payment information at every stage of the payment process is vital. Point-to-Point encryption is becoming more critical as it facilitates secure communication channels between devices and company servers, and so protects payment data in transit. POS systems should be designed to encrypt sensitive data from credit cards the moment information is received and again when it is sent to the payment server, such as passwords, configurations and other critical confidential data. The Payment Card Industry’s Data Security Standard (PCI DSS) increases the governance around cardholder data to reduce credit card fraud. Many banks urge organisations to be PCI DSS compliant to have the right to make credit card payments. Review systems regularly to make sure these standards are followed.

“Most cyber-attacks on retail companies happen in the e-commerce space. However, in-store POS systems are not immune to the treats. With Black Friday around the corner and the festive season looming, it is a boom time for cybercriminals. Retailers must be aware and implement strategies to guard their businesses, both online and in-store,” says Charl Ueckermann, CEO at AVeS Cyber Security.

According to Ueckermann, AVeS Cyber Security has encountered numerous organisations that have limited to no protection on POS devices. This has a direct impact on cyber security for organisations because most times, the POS and corporate systems run on the same infrastructure and network. What this means is that when a POS system is compromised, a network breach can occur for the corporate network as well, leading to confidential client information breaches.

“Protecting POS systems, therefore, requires a multi-faceted and multi-layered approach. You want a highly-effective detection and protection tool to identify and remedy vulnerabilities proactively. The solution should have anti-virus capabilities specifically designed for POS systems. You also want to ensure that the POS software itself is up to date to the latest version, at all times. This is especially important for high transaction times, such as Black Friday and Cyber Monday.”

POS systems are vulnerable to attack when they are old or outdated because the software would not have been designed with today’s modern-day hackers in mind, making them vulnerable and susceptible to malicious code. Attacks on POS systems are becoming quite sophisticated, and cybercriminals are known to use both hardware and software to hijack payment card information and steal business data. Malware targeting POS systems is common and is one of the many ways to steal payment card details. Malware is used to obtain sensitive information, and in some cases, to even steal money directly from bank accounts.

“Your security technology should be able to detect malware, tampering, rooted/jailbroken POS devices, and more. The security stack should include a feature that proactively alerts retailers and POS providers when it is not safe to use the POS devices for making payments or performing other electronic transactions. If not, your system and your business will be vulnerable,” stresses Ueckermann.

Attackers also exploit mobile POS applications to steal personal and sensitive information that is used to make fraudulent purchases. This can result in big financial losses and damage to credit reputations for unsuspecting customers, and worse still, identity theft.

The backend of mobile applications can also be used by cybercriminals to compromise POS systems as well as the majority of business transactions that are processed on the server’s side. This gives them a way into internal business systems. Once the attacker gets inside the network or central system of POS vendors or retailers, they are able to access the compromised POS application as well as other POS applications used by the retailer in other locations. Attacking the entry point at the backend is a common attacking method, and Ueckermann says countless large-scale security breaches have been caused by this method.

He concludes: “The onus is on retailers to do the due diligence to protect their customers and data against cyber-attacks over the holiday shopping season and beyond. Strategies and measures should be in place to provide a safe and secure experience for customers online and in-store.

“Card and online payment processes should be secured and encrypted, controls should be in place to check and ensure the integrity of handheld POS devices, and mobile payment systems should be subjected to regular patches, updates, and equipment upgrades to protect against continually evolving threats.”

  • 1
  • 2
  • 5

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top