The most recent version of the TrickBot banking trojan now includes a screenlocker component, suggesting the malware’s operators might soon start holding victims for ransom if infected targets don’t appear to be e-banking users. The good news is that the screenlocker mechanism is not fully functional just yet, and appears to still be under development. Nonetheless, security researchers have spotted the new module dropped on victims’ computers, suggesting development is advanced enough to have reached field trials. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director of Threat Intelligence at Lastline: “If you’re going to the trouble of infecting a…
ISBuzz Team
By 2021, Regulatory Compliance Will Become the Prime Influencer for IoT Security Uptake STAMFORD, Conn., March 21, 2018 — Internet of Things (IoT)-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 per cent of organisations observed at least one IoT-based attack in the past three years. To protect against those threats Gartner, Inc. forecasts that worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 per cent increase from 2017 spending of $1.2 billion. “In IoT initiatives, organisations often don’t have control over the source and nature of the software and hardware…
Security researchers have discovered malware that could be assembling a botnet army composed of five million compromised Android devices. Researchers from cybersecurity firm Check Point said that the RottenSys malware was targeted at Android users through an app disguised as a WiFi service. It was originally used as malware to serve fraudulent ads on users’ displays. Sean Newman, Director at Corero Network security commented below. Sean Newman, Director at Corero Network Security: “Mobile malware is nothing new, so it was only matter of time before reports of mobile devices being compromised, en masse, and used for nefarious purposes on a…
In the face of incessant competition, countless organisations are turning to DevOps to improve efficiency and accelerate innovation. While this approach delivers proven benefits, DevOps is also creating new security risks and reviving old ones. That’s because these very organisations are failing to adequately train or develop staff to implement best practice in security, leaving them vulnerable to both internal and external threats. At a time when managing their security portfolio effectively is crucial, many are unwittingly introducing vulnerabilities in pursuit of rapid innovation. Drawing on the teachings of 2017, here are three DevOps security trends that should be on…
In research released recently, Proofpoint revealed 82 percent of boards are concerned with email fraud and more than half (59%) consider it a top security risk—no longer just an IT issue. Yet almost a third (30%) of respondents cited a lack of executive support as a key challenge to email fraud protection deployment. Eyal Benishti, CEO & Founder at IRONSCALES commented below. Eyal Benishti, CEO & Founder at IRONSCALES: “Perhaps the only thing surprising from this study is that people are being fired for falling for a bogus message delivered to their inbox. That’s akin to firing an engineer due to…
When I was young “identity theft” didn’t have a name, and was something that only happened in TV series re-runs of “Mission Impossible” or “The Man from U.N.C.L.E.” But it seems a lot has changed since these days, with the likes of Facebook and Google now potentially knowing more about us then our own family. Today we need to be extra careful with our own personal information and the digital footprints we make. In the wrong hands it can unlock the doors to the many things we do online today; banking, shopping, subscriptions, the list goes on. Thankfully most companies…
In response to the news that UK police forces have spent £1.3 million on cybercrime training over the past three years, Laurie Mercer, Solutions Engineer at HackerOne commented below. Laurie Mercer, Solutions Engineer at HackerOne: “Legend has it that the reason why criminal Willie Sutton robbed banks was “because that’s where the money is.” Today it is not just our money that is accessed online, but our very identities. Given that we live in an age of digitization, it follows that criminals will become digital criminals. We all need to adapt to this new world. This is going to involve security…
The Internet of Things is offers a wealth of opportunity for the telecoms industry. It presents mobile operators a chance to develop and enhance their consumer offerings and increase market growth. Research suggests the industry will grow from $900 billion in 2014 to $4.3 trillion by 2024[i]. We’ve already seen the likes of Vodafone delve into the consumer side of IoT with the launch of its new “V by Vodafone” bundle, whereby consumers are charged for the number of connected devices they add to their monthly plan. However, alongside this raft of growth and opportunity comes the heightened risk of…
In response to reports of a DDoS attack launched to interfere with Russian elections, IT security experts commented below. Sean Newman, Director of Product Management at Corero Network Security: “Reports of DDoS attacks on the Russian, or any other government, elections come as no surprise. There’s no better time to make your point, whether it’s political, moral or otherwise, whichever side of the political fence you sit. One thing you can say though is that it’s typically virtually impossible to determine the true source of the attack, as where the DDoS traffic emanates from is almost certainly not directly related to either the attacker,…
Late last week researchers at Symantec warned of a new variant of the Fakebank Android malware family that has an unusual twist. Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank. Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank. IT security experts commented below. Frederik Mennes, Senior Manager for Market and Security Strategy at VASCO: “Banks can protect themselves against “vishing” (voice phishing) attacks by…
