You surely don’t need us to tell you that business email compromise (BEC) attacks are on the rise. But are you aware of how dramatic the increase has been? The FBI released an alert on April 4 that included some sobering statistics about fraudulent wire transfer requests: Organizations lost more than $2.3 billion to these types of BEC attacks between October 2013 and February 2016. Law enforcement officials received complaints from more than 17,000 victims during that same time span. BEC attacks have been reported in every U.S. state and in at least 79 countries The FBI has seen a 270% rise…
Author: Information Security Buzz Editorial Staff
As companies introduce more advanced back-up measures, employees appear to be becoming increasingly casual about saving documents, confident they can call on IT to help them retrieve missing data. They rarely realise how vulnerable that backed-up data can remain when not stored correctly, according to information management company, Iron Mountain. With many companies now relying on sophisticated, hybrid back-up procedures that include tape, disc and the cloud, employees assume that the information they need will always be there, even if they’ve failed to save the file, overwritten or deleted it. In a recent series of in-depth interviews with senior IT professionals…
A new Android malware family is infecting smartphones through SMS phishing. To infect the potential victims, the malicious actors send them SMS texts containing links. 300 samples of the malware have been found in the wild so far. Security expert from Tripwire commented below. Craig Young, Security Researcher at Tripwire: “The answer to this and most other SMS based threats is as simple as not clicking links received from unsolicited SMS or e-mail messages. While there may be little one can do to protect against for example 0-day vulnerabilities within the Android media server, most SMS attacks do not leverage any…
A flaw has been discovered in the Google maps app Waze, which allowed hackers to track a reporter for days. Paul Farrington, senior solution architect, Veracode commented on this news below. Paul Farrington, Senior Solution Architect, Veracode “Typically, cyber-attackers target the theft of money, intellectual property or our personal identities, but this vulnerability leaves the door open a bit closer to home – potentially revealing our whereabouts at any given time. “As we use our smartphones for an ever-growing number of activities, so too does the risk that attackers will gain access to sensitive personal or financial information we hold…
Game of Thrones fans may have been infected by ransomware while watching the season six premier last weekend. Malvertisers served the dangerous malware through Magnitude exploit kit after they bought advertising space on the infamous Bittorrent website targeting users with pop-under ads, the Register reports. Here to comment on this news is Mark James, Security Specialist at ESET. Mark James, Security Specialist at ESET: Do you have any insight/details of this malvertising campaign? “It’s hard for the average user to comprehend how malvertising works. Most users associate being infected by going to a dodgy website and downloading a dodgy file, or…
In response to the Tumbler and Myspace breach news, security experts from InfoArmor, Lastline and Balabit commented below. Andrew Komarov, Chief Intelligence Officer, InfoArmor: We have access to the stolen information, and can confirm that Tumblr’s database is hashed, using its own algorithm, and all the passwords with salt. That’s why without it – it is impossible to decrypt it. To do so would be long-term brute forcing of an unknown hash type with no salt. Previously, some cybercriminals claimed to name it the “Dropbox” database, but it was not confirmed, and it created some confusion in the security community…
Ed Rowley, engineer, Proofpoint: “The Verizon report echoes similar findings to those just released in Proofpoint’s Human Factor report – everybody clicks, and attackers know this. This is one of the reasons why phishing is so successful and why in 2015 attackers overwhelmingly infected computers by tricking people into doing it themselves instead of using automated exploits. Phishing scams have been and remain popular with threat actors because they are scalable and very profitable, delivering profits both directly in the form of bank transfers and indirectly through the sale of user information, credentials, and compromised accounts. In addition, phishing scams…
Following the news that Swift, the global financial network, has warned its customers it is aware of “a number of recent cyber incidents” where attackers had sent fraudulent messages over its systems, Kane Hardy, VP EMEA at security company, Hexis Cyber Solutions commented below on whats steps financial services should take in the wake of these attacks. Kane Hardy, VP EMEA at security company, Hexis Cyber Solutions : “UK bankers fear cyber attacks more than a faltering economy or political interference, and with good reason. In 2016, no financial institution is safe from cyber warfare. Everyone from big banks to lenders, payment systems, clearing houses and security exchanges…
Organisations are acutely aware that the risks to their online services and data today are greater than ever – and growing fast. According to the 2015 Information Security Breaches Survey, 90% of large organisations, and 74% of small businesses suffered a security breach in 2015, an increase on both 2013 and 2014 figures.[1] This statistic, and the recent unprecedented scale of the Panama Papers data leak should once again bring data security to the top of the boardroom agenda. As more businesses move their technology estate to the cloud, they need to be confident their technology partners can really deliver…
Spotify has denied it has been hacked, after the credentials of hundreds of users of the streaming service, including emails, usernames and passwords, are understood to have been posted to Pastebin. Mark James commented on this news below. Mark James, Security Specialist at ESET: Can Spotify be 100% sure they haven’t been hacked? “It’s extremely hard to be 100% certain they have not been breached, unless they have actual evidence of the breach while it’s happening or clear logs indicating the breach, all they can do is study the “leaked” information and verify its authenticity. It should be relatively easy…
