In light of the news that Tesco Bank could be fined a record £30m for its 2016 cyberattack, please see comment below from David Emm, Principal Security Researcher at Kaspersky Lab. David Emm, Principal Security Researcher at Kaspersky Lab: “While the cyberattack on Tesco Bank occurred in 2016, this breach could result in the Financial Conduct Authority (FCA) imposing one of the largest fines ever given on the retailer. As cybercriminals continue to ramp up their efforts to attack retailers and financial institutions, this reinforces how important it is that these household brands have the right security measures in place. Customers that…
ISBuzz Team
The 2018 Travelers Risk Index has found cyber risks are the No. 2 concern across all business sizes and industries, and the percentage of businesses reporting they have been the victim of a cyber-attack has doubled. It also found that 52 percent of respondents believe that suffering a cyber-attack is inevitable. Tim Erlin, Vice President of Product Management and Strategy at Tripwire: “The conflict between high confidence and missing foundational controls demonstrates that most organizations simply aren’t sure what ‘best practices’ for cybersecurity really are. There are a number of reasonable starting points for best practices, including the CIS controls and NIST cybersecurity…
Digital innovation is driving the necessary transformation for businesses to survive in today’s challenging macro-economic and global business landscape. Digital business transformation is critical to driving profitability, growth, customer satisfaction and increased speed-to-market. As such, the adoption of digital technologies is accelerating at an unprecedented rate and a huge proportion of this is the investment in, and onboarding of, both SaaS-based and on-premise applications. In fact, recent OneLogin research found that 92% of UK enterprises, whose IT decision makers were surveyed, have a digital transformation strategy and over two-thirds anticipating they will deploy up to 100 new commercial SaaS and…
Cybercrooks use bogus apps to phish six online banks and a cryptocurrency exchange. Another set of fake finance apps has found its way into the official Google Play store. This time, the apps have impersonated six banks from New Zealand and Australia (CommBank, ANZ, ASB Bank), the United Kingdom (TSB Bank), Switzerland (PostFinance) and Poland (Santander Bank Polska SA), and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms, the malicious fakes phish for credit card details and/or login credentials to the services. The malicious fakes were uploaded to Google Play in June 2018 and were installed more than a thousand times…
In light of the figures from UK Finance this morning, revealing that £500m was stolen from customers of British banks in the first half of 2018, please find comment below from Brooks Wallace, VP of Global Sales for Trusted Knight. Brooks Wallace, VP Global Sales at Trusted Knight: “It’s not going to come as much of a surprise to many that losses to bank fraud are increasing. In the last few months alone we’ve seen thousands of people have their accounts plundered after data breaches at companies like British Airways and Ticketmaster – the cost to banks is huge. “For the…
Starting with Chrome 69, Google has implemented a Chrome/Sync change that would automatically sign a Chrome user into a google site that was accessed. Chris Olson, CEO at The Media Trust: “The change in Chrome’s behavior is part of Google’s efforts to stay compliant with GDPR and other consumer data privacy regulations, some of which, like the recently passed California Consumer Privacy Act, allow individual consumers to seek statutory damages of up to $750 and penalizes companies up to $7,500 per intentional violation. All companies should inform their customers about the latest GDPR actions they are taking. No business will…
Despite the volatility that is characterizing cryptocurrencies, mining is still a lucrative business for cyber criminals. Recent academic research has shown that only the embedded cryptocurrency miner CoinHive is generating $250,000 worth of Monero every month, most of it (80%) going to just 10 individuals. In a previous blog post, I explained the reasons why cryptojacking has replaced ransomware as the top threat: It provides immediate revenues Potentially any kind of device can mine cryptocurrency The attackers can leverage multiple infection mechanisms However Mining botnets and cryptojackers are not the only attack vectors that miscreants can leverage to monetize their victims’…
Microsoft has announced at the Ignite conference that they are trying to eliminate passwords by allow access to the Azure Active Directory applications without passwords through its’ Microsoft Authenticator app. This application will use a combination of the user’s smartphone, fingerprints, face identification or PIN to access the software and data. IT security experts commented below. Robert Capps, VP and Authentication Strategist at NuData Security: “Passwords have long exceeded their useful life as a stand-alone security control, and as a result, the industry as a whole is embracing new methods to authenticate users and protect their identity. Evolving technologies such…
From small businesses to global conglomerates, digital transformation is taking place across all sectors and sizes of organisations. It is one of the key decisions that business decision makers find themselves faced with. Studies have found that 96% of companies consider it important or critical to their development, whilst MIT Centre for Business discovered that digital transformation can have an enormously positive effect, with 26% of businesses investing in innovation being more profitable than their average industry competitors. But in a bid to embrace and elevate IT systems and services, security considerations are at risk of being downgraded. For example, despite a huge media and…
Legitimate remote administration tools (RAT) pose a serious threat to industrial networks: they are installed on 31.6% of industrial control system (ICS) computers, but often remain unnoticed until the organisation’s security team finds out that criminals have been using a RAT to install ransomware or cryptocurrency mining software, or to steal confidential information or even money. This was discovered by Kaspersky Lab security experts, who conducted dedicated research into the problem. RATs are legitimate software tools that allow third parties to access a computer remotely. They are often used legitimately by employees at industrial enterprises to save resources, but can…