The National Crime Agency has today released its annual report on organised crime. The report indicates that organised crime is now affecting more people than any other form of crime. The rise is being driven by the exploitation of new technologies, such as encrypted communications and dark web marketplaces. Gregory Webb, CEO at Bromium commented below. Gregory Webb, CEO at Bromium: “The threat of crime to businesses and people is growing and dark web platforms like Tor and the Invisible Internet Project offer criminals a way to evade law enforcement and commoditise cybercrime and other activities, like the sale of guns and drugs. This…
ISBuzz Team
This morning, a security firm announced the findings of its Internet of Things (IoT) report, which found that an increase in personal IoT devices, such as fitness trackers and virtual assistants, are being connected to corporate networks and putting companies at risk from cyber-attack. Daniel Moscovici, Co-founder at Cy-oT commented below. Daniel Moscovici, Co-founder at Cy-oT: “IoT devices are not protected by nature. We need them to improve our businesses and life, but they are a very easy attack surface, and by far the easiest way to get into an organisation, enabling hackers to scan your network, install malware, conduct reconnaissance, and exfiltrate data by bypassing other security mechanisms. The…
Reports suggest that the increasingly likely event of a cyber-attack isn’t much of a talking point at board level. It’s time for this to change says Greg Sim, CEO, Glasswall Solutions If recent cyber-attacks are anything to go by, cyber-criminals are capable of causing colossal damage to organisations of all sizes. With vital public services such as the NHS succumbing to attacks, it seems that nothing is off the table when it comes down to cyber-criminals deciding who to target. However, according to some reports, the C-suite isn’t sweating over the potential of an attack or the financial fallout if…
With a recent study showing the value of cyber security professionals and pointing out (once again) the lack of diversity in the cyber security industry, James Hadley, CEO & founder of UK start-up Immersive Labs commented below. James Hadley, CEO & Founder at Immersive Labs: “The report published by Exabeam, like many others recently, screams that the cyber industry as a whole is a zombie walking into crisis. If this were a school report, you’d find the dreaded “must do better” and “see me after class” written across the top. “Yet all is not lost. When such stark facts are presented and the questions…
While walking down the street the other day, I saw something that at first struck me as funny: a technician in an orange vest was messing around with a junction box on a pole that carried multiple devices, including street cameras, traffic lights, wireless communication equipment, and solar panels. He seemed to be accessing the traffic lights, but in reality, he could have been hacking the cameras, the local switches or any other equipment that was installed on that pole. This happened in broad daylight, yet nobody thought to ask the guy what he was doing. After all, he was…
Security researcher Kevin Mitnick has demonstrated in a YouTube how easy it is to spoof 2-factor authentication with social engineering techniques. Ryan Wilk, Vice President of Customer Success at NuData Security Inc. commented below. Ryan Wilk, Vice President of Customer Success at NuData Security Inc.: “Bad actors are constantly trying to engineer new ways of bypassing security measures; however, two-factor authentication still offers stronger security than the classic one-factor authentication. To avoid sophisticated attacks, two-factor authentication can be combined with other security layers such as passive biometrics and behavioral analytics, so that if one layer fails, another layer of security…
F5 released research revealing the Zeus banking Trojan is back with its latest spin-off, Panda. The malware is in full force with three currently active campaigns that extend its targets beyond banking to new industries like cryptocurrency and social media, as well as to organizations worldwide. Key findings from the report include: Panda is still primarily focused on financial services organizations, but the industries of its targets is growing with each new campaign Panda began targeting cryptocurrency sites in February 2018 Panda is currently targeting Facebook and Twitter in all three campaigns active in May There are different C&Cs for each campaign,…
It’s being reported that that between 2016 and 2017, there was a 182% increase in raw identity records discovered by intelligence threat company 4IQ. “Raw” identity records refer to social security numbers and other pieces of PII associated with children, which fraudsters can purchase to amass unchecked credit on dark web forums. Tim Helming, Director of Product Management at DomainTools commented below. Tim Helming, Director of Product Management at DomainTools: “This kind of activity on the dark web is an indication of how sophisticated and industrialized the burgeoning fraud industry facilitated by the dark web has become. While governments have had some success in the past…
Saturday 12th May will mark one year since the WannaCry attack on the NHS. There’s been plenty of critical assessment about how the health service could avoid another WannaCry attack. But, as the anniversary of the attack looms, we need to understand that improving cybersecurity for the NHS cannot be done instantly. Last year, the government pledged to boost investment in data and cyber security for the NHS by over £50m. However, the size and complexity of the organisation’s IT estate means this investment is not going to deliver positive outcomes for several years. During WannaCry many NHS Trusts had to shut…
Following the news that IBM have banned its workers from using USB Sticks and removable media, Jon Fielding, Managing Director at EMEA Apricorn commented below. Jon Fielding, Managing Director at EMEA Apricorn: “This would appear to be an extreme reaction from IBM and they themselves admit it is “restrictive”. They site 2 reasons for the decision; loss and misuse, and the valid concern that either could result in “financial and reputational” damage. The first concern is addressed by providing corporately approved, hardware encrypted devices to employees that have a valid business justification for their use. IBM, or any company for…
