A critical security bug was discovered in major banking apps used by HSBC, NatWest and Co-op which could let hackers steal usernames and passwords, new research has revealed. Researchers from the University of Birmingham said this week (6 December) that they had worked alongside the UK’s National Cyber Security Centre (NCSC) – a fork of intelligence agency GCHQ – to fix the vulnerabilities and ensure patches were pushed to users.
The empty stores on Black Friday confirmed that shopping online is the preferred method for consumer today. However, this means phishing and online counterfeiting attacks have increased too. According to research released today by DomainTools, three quarters of UK consumers have been scammed in the process of purchasing goods online, and over a fifth personally know someone who has purchased fake goods online.
It’s being reported that A cyberattack slowed county government to a crawl Wednesday in North Carolina’s most populous metro area as deputies processed jail inmates by hand, the tax office turned away electronic payments and building code inspectors switched to paper records.
Daren Oliver, cyber security expert and managing director of Fitzrovia IT, explores whether fraudulent emails are getting more difficult to identify and if email communication should be limited for those working
in security-sensitive sectors.
Once upon a time, sending and receiving emails was a new-fangled process used to substitute the written letter. Mostly reserved for academic circles, or verifying important information following a spoken conversation, few predicted email communication would flourish as it has over the last two decades. Email has changed the face of human interaction, overtaking the telephone as the number one method of personal and professional information exchange.
By the end of 2017, it is estimated there will be 4.9 billion email accounts worldwide with business emails accounting for 929 million mailboxes – a veritable hunting ground for cyber criminals.
With the advent of email and the introduction of its successors, such as text and instant messaging services, it has become easier than ever before to contact those who were previously considered ‘unreachable’. Conversations and canvassing over the telephone, which has traditionally been the mainstay for many business operations, has become less frequent and the average email inbox is now littered with loquacious literature.
Of course, firing off an email into cyberspace is no guarantee you will penetrate the person you intend on getting a response from. If anything, it’s the perfect excuse for him or her to ignore your carefully crafted correspondence. As inboxes become more flooded, individuals will naturally screen each email, picking and choosing upon sight who to reply to, based on recognition and associated content. But what has this meant for fraudulent activity?
The job of a cyber criminal has intensified over the past few years, requiring them to be increasingly sophisticated and clever in their approach. In the past, criminals have traditionally relied on ‘flood them fast’ email distribution by targeting numerous inboxes with spam notifications purporting to be from businesses such as banks. Awareness campaigns from the businesses themselves have helped to tackle the issue, meaning many quick-thinking consumers have started to grow more savvy, refusing to click on unsolicited links.
As a result, cyber criminals have turned to social engineering and the support of realistic looking spoof emails to dupe their targets. These mimic everything from ‘links’ to incredible deals on offer from well-known retailers to emails from trusted contacts, where the sender’s address has been so subtlety adjusted it appears to be legitimate. In fact, so accurate are these emails in their appearance it is calling into question whether correspondence from organisations dealing with sensitive data, such as governments, should be using email accounts at all, and whether a more secure method of communication should be adopted.
For example, the recent cyber attack on UK Parliament, which resulted in the breach of dozens of inboxes, could have been an incredibly valuable hack for the cyber criminals involved. Highly sensitive content can be sold on for a huge financial gain to those hungry for damaging and destructive data they can use to their advantage. Information in the wrong hands could cause worldwide catastrophe.
There is no outright answer to dealing with illegitimate emails and spoof spam. Cutting email out of the equation entirely is not realistic. Of course, fraudulent activity can be kept at a minimum and mitigated by adopting up-to-date software and implementing well-planned, comprehensive backup strategies.
However, it is human beings themselves that hold the key to unlocking the answers to the current cyber crime conundrum. Research by the Information Commissioner’s Office reported that 93% of incidents investigated at the end of 2015 were caused by human error. Clearly, as fraudsters become more adept at creating cunning ways to cut through the cyber psyche of their targets, spotting a spoof email will become nearly impossible. Nobody is immune.
Re-educating the workforce and raising awareness of the issues surrounding cyber crime are essential. Regular testing and ‘digital fire drills’ for staff should be as much a part of a company’s strategy as their sales and marketing plans. ‘Friendly phishing expeditions’ – where staff are sent ‘spoof’ emails at random to test their reactions are one way of ensuring there are no chinks in your employees’ armour. Only then, once cyber crime awareness officially becomes part of company policy, will we gain some control over addressing the current vulnerabilities.
Daren Oliver is managing director of Fitzrovia IT, a London-based consultancy that provides cutting-edge IT solutions from across the globe. For more information, visit www.fitzroviait.com.
News broke yesterday that “highly professional” hackers made off with around 4,700 Bitcoin from a leading mining service, a Bitcoin exchange has said.The value of Bitcoin is currently extremely volatile, but at the time of writing, the amount stolen was worth approximately $80m.
Brands and publishers call for increased transparency as ad fraud threatens the credibility of digital advertising, reveals new report
- Nine out of ten brands say the lack of transparency in their programmatic ad campaigns is because the ad buying platform is owned by their advertising agency;
· 80% of brands are worried that their current programmatic processes could lead to their adverts appearing on web pages related to extremist views such as terror activities;
- Brands and publishers call for independent trade bodies to be given more power to penalise those committing fraud.
News broke that the website used to sell merchandise for the University of Warwick’s rowing club, including a nude calendar, produced every year to raise money for charity, was hit with a DDoS attack this week after the team magazine was banned for sale in Russia.
News broke yesterday that a HomeKit vulnerability in the current version of iOS 11.2 has been found that allows unauthorized control of accessories including smart locks and garage door openers.The implications of the vulnerability are worrying, with the obvious concern being the ability for attackers to gain access to someone’s house without a physical key.