cybercrime Archives - IT Security Guru

Savers Lose Millions to Fraudsters

The Gurus — Mon, 19 Feb 2018 14:25:32 +0000

The Times has revealed that a surge in criminals targeting British pension riches means savers are being scammed out of half a million pounds every day.

Read Full Story

ORIGINAL SOURCE: The Times

The post Savers Lose Millions to Fraudsters appeared first on IT Security Guru.

Cybercrime Costs $11.7m

The Gurus — Wed, 27 Sep 2017 09:49:48 +0000

Malware infections topped the list as the most expensive infection, costing businesses approximately $2.4 Million a year!
Read Full Story
ORIGINAL SOURCE: Dark Reading

The post Cybercrime Costs $11.7m appeared first on IT Security Guru.

Mobile & single sign-on access pose biggest risk to future ID verification and fraud prevention

The Gurus — Fri, 08 Sep 2017 13:32:57 +0000

With mobile devices set to become the primary way to verify customer identity, Callcredit launches new suite of products to provide positive associations between identity and key digital attributes of email address and/or telephone number

Research launched today by Callcredit Information Group, reveals that whilst 73% of fraud professionals think mobile devices will be the key facilitator of identification in the future, over half (60%) feel that they will present the biggest single point of compromise for fraud in the future.
Currently, just 43% of UK organisations are using mobile phone checks as a form of identity verification but one in five (18%) are planning to implement it over the next three years. This is unsurprising given that 50% of respondents believe that name and address data will be obsolete as a verification measure in the future. The research indicates that companies are moving towards digital attributes such as email address and devices. When asked which piece of customer data provides the most fraud risk insights, email addresses came second with 44%.
John Cannon, Commercial Director, Callcredit Information Group, commented: “Over the past decade mobile phones have taken an increasingly important role in our society. One small part of this is how they have changed the fraud landscape. But there is an underlying tension when it comes to mobile for the fraud prevention industry – they are a key avenue in identity verification but they also represent significant risk. Fraud professionals must focus on using them to their advantage. By deploying tech-enabled identification solutions, mobile devices can actually help play a role in strengthening fraud prevention strategies, through enabling the quick and accurate verification of individuals.”
Acknowledging the importance of mobile and email ID verification as part of the fraud professionals toolkit, Callcredit today launches Trust Suite, comprising two unique solutions which give users confidence that an individual is associated with the telephone number and/or email address they provide.
These new products, MobileID and EmailID are immediately available to all customers through Callcredit’s comprehensive fraud and identity software platform, CallValidate. This latest innovation provides access to datasets unique to Callcredit with coverage across all phone providers and email domains. Results returned provide a clear view of the association found between the identity and the contact details. When combined with the wide range of solutions in CallValidate, in particular EmailRisk and MobileRisk, they help provide a holistic protection against fraud.
Cannon concluded: “With the rapid adoption of mobile phones by consumers to access an ever-increasing range of products and services, Callcredit continues to be at the forefront of digital identity innovation. We can now link the greatest range of digital identity attributes to physical identity, the latest being email addresses and mobile phone numbers. This opens up a wide range of new authentication use cases for our customers who can benefit from establishing trust between previously unlinked digital data items, such as a mobile phone and credit card or bank account number and email address. As mobile devices become the key to unlocking services, fraudsters will increasingly target them, so being able to increase security checks without impacting genuine customers is vital.”
Last year (2016), in recognition of the growing importance of mobile phones in the identity verification process, Callcredit acquired Recipero, the leading mobile device information company relied on by police forces, insurers and retailers to investigate fraud associated to mobile phones.
Callcredit is also hosting its annual Fraud Summit, The Cost of Digital Fraud, on Thursday 14^th September. The event will focus on:

How to balance fraud prevention with customer experience
Managing identity innovation in the digital economy
Protecting your business against cybercrime

To find out more and register for free visit the Fraud Summit’s dedicated site.

The post Mobile & single sign-on access pose biggest risk to future ID verification and fraud prevention appeared first on IT Security Guru.

One in every 359 emails are carrying a malicious payload says report

The Gurus — Thu, 10 Aug 2017 09:04:28 +0000

The number of emails carrying malware increased to a new high in July with one in every 359 emails carrying a malicious payload, according to Symantec’s July Intelligence Report. July also saw increases in the number of phishing attempts and spam, but the increasing use by cybercriminals of email to spread malware took center stage reaching a level not seen since December 2016. The rate of infected emails in July was one in 359, up from one in 451 in June and significantly higher than the one in 784 emails that was reported in January. However, even July’s rate is much lower than what was happening in late 2016 when the number of emails carrying malware ranged between one and 111 and one and 170.
View Full Story
ORIGINAL SOURCE: SC Magazine

The post One in every 359 emails are carrying a malicious payload says report appeared first on IT Security Guru.

Amber Rudd falls for hoax email prankster who also fooled Trump administration officials

The Gurus — Thu, 10 Aug 2017 09:02:48 +0000

The email hoaxer who previously duped Trump administration officials, as well as the governor of Bank of England, has tricked yet another high profile individual into engaging in an email exchange. UK home secretary Amber Rudd is reportedly the latest victim of the email prankster who goes by the pseudonym Sinon Reborn. The prankster reportedly posed as a senior Downing Street official to trick Rudd into responding to emails. Rudd reportedly disclosed that she was working on a series of upcoming announcements with her special adviser Mohammed Hussein, before realising that she was communicating with a hoaxer. The prankster reportedly used the free email service GMX to pose as newly appointed communications chief Robbie Gibb.
View Full Story
ORIGINAL SOURCE: IB Times

The post Amber Rudd falls for hoax email prankster who also fooled Trump administration officials appeared first on IT Security Guru.

‘Cyber alarm’ will help businesses meet tough new data rules

The Gurus — Thu, 10 Aug 2017 08:57:48 +0000

A new ‘cyber alarm’ system which sounds a warning when a website or IT network comes under attack allows businesses to detect security breaches as soon as they occur.
Foregenix is the first cyber security firm in the UK to offer Canary, which sits on a company’s website and ‘chirps’ loudly when there is an attempted ‘break in’. The company says that tough new data protection rules coming into force next year will make it all the more important for companies to have an alarm on their website, just as they do on their premises.
Currently hacks and other security breaches typically go undetected for six months. However under the General Data Protection Regulation (GDPR), as from May 2018, firms will be obliged to report data breaches within 72 hours or face fines of up to 20m Euros or 4% of global turnover – equivalent to £40,000 for a £1m turnover company.
Foregenix believes Canary, developed by South African Thinkst Applied Research, is the most advanced cyber alarm of its type in the world. It has integrated Canary with its own Serengeti solution to provide a double layer of threat detection.
Serengeti monitors end points, applications, active processes and alerts for potential threats using signatures based on behavioural analytics. The comprehensive reporting system enables threats to be detected quickly by Foregenix’s cyber security team, which currently operates in 20 countries.
Andrew Henwood, Foregenix’s CEO, said businesses need to act now or face potentially crippling fines: “With one year to go before the new GDPR regulations are introduced, it is all the more important that small firms – especially those who store customer details or take online payments – have an early warning system that will alert them to data breaches in minutes, rather than months.
“Our solution uses two leading technologies to ensure security breaches can be identified as soon as they occur. Just as you wouldn’t leave your premises unattended without putting the alarm on, it makes sense to do the same with your website.”
A recent survey of 60,000 SME e-commerce sites by Foregenix revealed that 78% were vulnerable to cyber criminals and 5% had already been breached. *

Notes
The General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, is a new regime concerning the use and protection of Personally Identifiable Information (PII) relating to EU citizens. No matter where in the world a business is located, it will be responsible for complying with the regulation, and will need to notify the relevant authorities of a PII-related data breach within 72 hours. Firms that breach the rules can face fines of up to 20m Euros.
www.foregenix.com
http://thinkst.com
* Recent survey link to research:
https://www.foregenix.com/blog/78-of-ecommerce-websites-at-risk

The post ‘Cyber alarm’ will help businesses meet tough new data rules appeared first on IT Security Guru.

Nobody said Threat Intelligence Would be Easy

The Gurus — Thu, 10 Aug 2017 08:50:01 +0000

A new report by the Information Security Forum (ISF) entitled Threat Intelligence: React and Prepare made headlines last month with its main finding that only 25% of companies surveyed felt that threat intelligence is delivering on its promise. While the findings in the report are all valid, pointing to threat intelligence and crying foul is an easy scapegoat. Nobody said threat intelligence was going to be easy…it is difficult for a number of reasons. But it also delivers tremendous value when it’s approached thoughtfully and strategically.

The following address some of the findings within the report.

90% said they would benefit from a single definition.

While most people have an understanding of threat intelligence (whether a deep-rooted knowledge or a high-level understanding), expecting a single definition is not realistic particularly given its complexity, varying degrees of industry expertise and skills. But perhaps the main reason we should not expect a single definition is because its ultimate objective differs widely – for less mature companies it’s providing situational awareness and for more mature shops it’s providing better situational understanding to validate their own internal intelligence. How you define it depends on what you need to address.

Only 8% said that they can find all the skills required for their threat intelligence capability.

The skills shortage impacts all aspects of cyber security and threat intelligence probably feels the impact most strongly. In fact, intelligence has been a government and/or military practice and even then, a very, very, selective discipline. The government saw a massive exodus as companies poached their intel teams (which was an indirect key takeaway from last week’s AFCEA Cyber Symposium. This led to mainstream companies hitting several early “cultural” hurdles while building intelligence programs because companies were trying to force a cultural uniformity in a symbiotic consensus approach…not typically what ex-military personnel are accustomed to. Ex-military and government folks building threat intelligence programs within the culture and walls of non-government entities didn’t lend itself to optimal policies and procedures.

In addition to the pure lack of skilled professionals is the fact that building a rock solid program around intelligence requires a 2-3 year roadmap with a quarterly re-evaluation. Threat intelligence isn’t turnkey as most companies want – it takes time. With both managers and analysts job jumping at alarming rates, staying on course is a monumental obstacle. The job-jumping speaks directly to the supply and demand of the skilled resources available. Employers are offering significant pay bumps, sign-on bonuses, even large equity stakes to hire the right employees – who are only poached by a larger organisation or their friend 10 months later.

Only 7% have achieved considerable integration of threat intelligence into their decision making and none have done so “fully.”

From a tactical standpoint, the industry is just beginning to wrap its arms around operationalising threat intelligence with some form of understanding and rhythm. Using intelligence to make strategic decisions that align with an organisation’s mission statement is likely 12-18 months away.

And finally, only 32% using a formal process to manage their threat intelligence capability.

No wonder most organisations are failing to find value – being able to detect, respond, anticipate and prevent threats to your organisation is essential! From a tactical standpoint, the security team never really managed the sensor grid tools performing the block/detect/deny functions. This has been more the realm of the network engineers. With threat intelligence platforms (TIPs) and various orchestration capabilities this type of automation is knocking on the door and companies that answer can help to relieve their overburdened, lean staff while strengthening security posture.

Back to the number we started with: 25% of companies surveyed feel that threat intelligence is delivering on its promise. So what’s needed for the remaining 75% to start to get the value from threat intelligence? The first step is aggregating all the data they have into one manageable location and translating it into a uniform format to achieve a single source of truth. Then you can start augmenting it with context so that you can prioritise and use it to better protect your organisation now and in the future.

The post Nobody said Threat Intelligence Would be Easy appeared first on IT Security Guru.

Hackers Connected to NotPetya Ransomware Surface Online, Empty Bitcoin Wallet

The Gurus — Wed, 05 Jul 2017 09:17:48 +0000

Whoever is in control of the NotPetya bitcoin wallet has moved around $10,000 of funds, and a mysterious group has offered to unlock all of the ransomed files.
Read Full Story
ORIGINAL SOURCE: Motherboard

The post Hackers Connected to NotPetya Ransomware Surface Online, Empty Bitcoin Wallet appeared first on IT Security Guru.

U.K. Student Charged for Running DDoS Service

The Gurus — Wed, 05 Jul 2017 09:14:06 +0000

Jack Chappell, an 18-year-old student from Stockport, UK, has been charged over his alleged role in the operation of a service used by cybercriminals to launch distributed denial-of-service (DDoS) attacks against several major organizations.

Read Full Story
ORIGINAL SOURCE: Security Week

The post U.K. Student Charged for Running DDoS Service appeared first on IT Security Guru.

Cyber crime now accounts for half of UK crimes, says research

The Gurus — Wed, 05 Jul 2017 09:11:54 +0000

Research by investment and tax group Smith and Williamson and the British Chambers of Commerce has found that cyber attacks now account for half of all UK crime.
Read Full Story
ORIGINAL SOURCE: East Midlands Business Link

The post Cyber crime now accounts for half of UK crimes, says research appeared first on IT Security Guru.