In the first half of 2016 alone, there were more than one million incidents of financial fraud, an increase of 53 per cent on the same period last year; with identity fraud against individuals costing an estimated five billion pounds last year. Identity fraud occurs when an imposter pretends to be someone else. To prevent this, banks ask customers for passwords, but judging from the fraud figures, this isn’t working and things are getting worse. The reason is simple: data cannot differentiate. A password provided by the true customer is exactly the same when that same password is provided by an impostor. Banks need…
ISBuzz Team
Voicemail hacking is not just a problem for celebrities. According to the National Fraud Intelligence Bureau (NFIB) it affects an increasing number of businesses every year and the costs, much of which are borne by the business, are in the $billions globally. Clearly the so-called ‘controls’ built into PBX and voicemail systems are inadequate. As organised crime increasingly focuses on this lucrative revenue stream, Paul German, CEO, VoipSec calls on businesses to take another look at voicemail security. Phone hacking is a multi-billion dollar criminal activity, with the Communications Fraud Control Association (CFCA) estimating that fraud losses due to PBX hacking are…
Experts have suggested that the cyber attack on Tesco Bank could be an inside job. Cyber criminals managed to steal money from more than 20,000 accounts at nearly the same time in automated fashion. IT security experts from Lieberman Software and Institution of Engineering and Technology’s (IET) commented below. Jonathan Sander, VP of Product Strategy at Lieberman Software: “The shape and scale of the attack on Tesco’s customers does seem to suggest that there was an element of someone – or something – on the inside. The bad guys’ favorite weapon, malware, can look and act like an insider because it…
Using Project Heisenberg, the Rapid7 Labs team has been tracking Mirai botnet activity since Oct. 31, and we wanted to alert you to some notable differences in behaviour. Here are the key findings as of this evening: We’ve tracked over 360,000 unique IPv4 addresses associated with Mirai traffic since October 8, 2016 and have been monitoring another ramp up in activity that started around November 4, 2016 At mid-day on November 8, 2016 the traffic volume was as high as the entire day on November 6, 2016, with all indications pointing to a probable significant increase in botnet node accumulation by…
What sparked the need for solution specific to hunting for phishing activity, a once very manual/time intensive process? All too often, the first alert that organizations get about a phishing attempt or campaign is the phishing email itself. That’s definitely not the alerting system you want! PhishEye is designed to help the organization get ahead of phishing attempts, moving from a reactive posture to a preventive one. By identifying domains that are crafted to imitate legitimate domains as soon as they come into existence, PhishEye helps the security team create custom blacklists based specifically on the keywords that matter the…
Following the news that the Chinese government has approved a broad new cybersecurity law aimed at tightening and centralizing state control over information flows and technology equipment. IT security experts from Prevoty and Lieberman Software commented below. Kunal Anand, Co-Founder and CTO at Prevoty: “From a digital perspective, doing business in China is going to get a lot more complex. For multi-national companies, this will involve potentially handing over their IP, which could include business logic such as applications, and possibly putting in administrative windows, aka backdoors, into their technologies. Businesses are going to have to be comfortable with giving up…
“Whoever Wins the White House, This Year’s Big Loser is Email.” Thus, reads the headline in the New York Times on October 19, 2016. Indeed, in the current election cycle, month after month, the focus has been on hacked and released emails, on disappearing emails, on emails that reappear on various devices – not of the user’s choosing. It certainly seems that the people who sent those emails should have known better than to write what they actually wrote in the first place. Second, in a world of so many faster and more secure ways to communicate, it seems that…
Following the news about the next US President Election, IT security experts from Prevoty, InfoArmor, VASCO Data Security and STEALTHbits Technologies commented below. Julien Bellanger, Co-founder & CEO at Prevoty: “Improve cyber security compliance controls. Treat cyber security the same way financial controls and reporting are handled with Sarbanes-Oxley for example. Enterprises should not be allowed to check the box of cyber security compliance without their controls being rigorously tested by an independent audit body. Empower enterprises to better encrypt data. Stop trying to tap into every internet company database or user data data feed for national security reasons as it actually…
Following the news that Tesco Bank has been the latest target of a hacking attack, with the bank temporarily suspending all online transactions after thousands of customers were affected. It has been reported that one in three customers of the bank were affected, with several customers tweeting that hundreds of pounds were missing from their bank accounts. IT security experts from Digital Guardian, ACI Worldwide, AlienVault, Synopsys and Prevoty commented below. Thomas Fischer, Threat Researcher and Security Advocate at Digital Guardian: “The fact that 40,000 cards seem to be affected points less to card fraud executed via skimmers (or similar) and more to a large-scale data leak of the…
Following the news about an unprecedented cyber attack on Liberia that knocked the country’s entire internet offline, hackers reportedly targeted the nation’s infrastructure using the Mirai botnet – the same method that was used to shut down hundreds of the world’s most popular websites, includuing Twitter, Spotify & Reddit, at the end of last month. Art Swift, President at the prpl Foundation, a not-for-profit organisations that aims to make the Internet of Things more secure commented below. Art Swift, President at the prpl Foundation: “This new Mirai-based DDoS attack points out the critical need for IoT device manufacturers to eliminate built-in back doors and to stop the practice…