Scotland Yard is warning of the stark reality that Londoners are losing on average £26 million a month due to cyber fraud and attacks on businesses and individuals. About 3,500 victims of cyber fraud are recorded in the capital each month, with phishing emails, ransomware and malware the most common scams. Detective Chief Superintendent Mick Gallagher, head of the Met’s Organised Crime Command, believes “a lack of understanding of the cyber threat” is to blame. Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “Targeting users with phishing or spearphishing attacks is a popular tactic among cyber…
ISBuzz Team
Today, Microsoft revealed that its Windows Defender stopped a large malware distribution campaign. It had tried to infect more than 400,000 users with a cryptominer. Detection was attributed to computers infected with the Dofoil malware —also known as Smoke Loader— a popular malware downloader. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director of Threat Intelligence at Lastline: “This is the latest wave of attacks as we witnessed attacks earlier this year. “Unfortunately, the characterisation of the attack is incomplete; in the minutes before Signatures were released, anyone infected would now be trying to clean up…
Researchers from Imperva have just discovered an extremely complex cryptojacking attack dubbed RedisWannaMine, which is powered by Redis and NSA exploits and aimed at both database servers and application servers. The attack is a new generation cryptojacking attack, which demonstrates worm-like behaviour combined with advanced exploits to increase the attackers’ infection rate and fatten their wallets. The attackers are targeting machines using the NSA’s EternalBlue SMB exploit, as well as the Redis cache server. The discovery of the attack shows how cryptojackers are upping their game to bypass security controls.
Security researchers are extremely worried by the Senate Bill 315, also known as the Computer Intrusion Bill, which threatens to criminalize security researchers. The bill would expand the state’s current computer law to create what it calls the “new” crime of unauthorized computer access. It would include penalties for accessing a system without permission even if no information was taken or damaged. This could be detrimental to Georgia’s cybersecurity industry as the bill, if passed, could result in security researchers being penalized for necessary tasks like uncovering system bugs. The bill was drawn up by Georgia state senator Bruce Thompson and was approved by…
Rapid technology advances have brought new challenges for the protection of personal data, and so every organisation needs a comprehensive approach to privacy management. They must also document how they collect, process and store personal data. But too many companies still fall down on the security fundamentals and new regulations such as the General Data Protection Regulation (GDPR), Payment Card Industry (PCI) Data Security Standard, Health Insurance Portability and Accountability Act (HIPAA) and ISO 27001 are making the cost of failure far greater than it’s ever been. Regulations and directives are unavoidable, and with non-compliance, fines and audits will undoubtedly…
Following news that Microsoft is putting AI and Machine Learning tools into the latest versions of Windows 10, Etienne Greeff, CTO and Co-founder at SecureData commented below. Etienne believes that in the rush to adopt the latest technology the myriad potential security problems with this technology will be overlooked by the consumer. Worse yet, they may not even be told of the. Etienne Greeff, CTO and Co-founder at SecureData: “Microsoft is shouting from the hilltops that its latest version of Windows 10 will democratise AI, allowing people to use AI and Machine Learning to finish workflows and do tasks on…
Sofacy shifts focus to include Far East defense and diplomacy, overlaps with advanced cyberespionage groups Kaspersky Lab researchers have observed that the Russian-speaking threat actor Sofacy, also known as APT28 or Fancy Bear is shifting its targeting to the Far East, with a strong interest in military, defence and diplomatic organisations – in addition to its traditional NATO-related targets. The researchers discovered that Sofacy sometimes overlaps with other threat actors when targeting victims, including with the Russian-speaking Turla and the Chinese-speaking Danti, Most intriguingly of all, they found Sofacy backdoors on a server previously compromised by the English-language threat actor behind the Lamberts. The server belongs to a military and…
Slingshot: the spy that came in from the router Kaspersky Lab researchers have uncovered a sophisticated threat used for cyber-espionage in the Middle East and Africa from at least 2012 until February 2018. The malware, which researchers have called ‘Slingshot’, attacks and infects victims through compromised routers and can run in kernel mode, giving it complete control over victim devices. According to researchers, many of the techniques used by this threat actor are unique and it is extremely effective at stealthy information gathering, hiding its traffic in marked data packets that it can intercept without trace from everyday communications. The…
Biometrics are fast becoming an integral part of online security. From the familiar fingerprint to cutting-edge retina scanning and facial recognition technology, it is increasingly the go-to mechanism for protecting and providing access to sensitive data including money and confidential account information. Until recently, biometric authentication had been discussed on a largely theoretical basis. Today, significant advances have now made it a truly viable and secure alternative to traditional forms of security, offering the opportunity to improve usability of services for its customers. Biometric authentication uses an individual’s biological data to verify their identity. Unlike the Personal Identification Numbers (PIN)…
In response to the findings of a new report from CyberEdge, which revealed that 55 percent of organizations were compromised by ransomware in 2017 and that four in five organization are experiencing an IT security skills shortage in 2018, Terry Ray, CTO at Imperva commented below. Ransomware – key findings: The report found that 55 percent of responding organizations were compromised by ransomware in 2017, down from 61 percent in 2016. When infected by ransomware, out of the companies who paid the ransomware, 49 percent recovered their data, 51 percent lost their data. When infected with ransomware, out of the companies…
