Few organisations prepared for cyber attacks, says report

By Cyber SecurityNo Comments

Only 23% of organisations are capable of responding effectively to critical security incidents, according to NTT Com Security’s latest threat report.

Only 23% of organisations are capable of responding effectively to critical security incidents, according to NTT Com Security's latest threat report.
Nearly 80% of organisations remain unprepared and without a formal plan to respond to cyber security incidents, a report has revealed.

There has been little improvement in preparedness in the past three years, according to the annual Global Threat Intelligence Report (GTIR) by NTT Com Security in The Global Threat Intelligence Report 2016.

Based on data from 24 security operations centres, seven R&D centres, 3.5 trillion logs and 6.2 billion attacks in 2015, the GTIR shows that on average, only 23% of organisations have the capability to respond effectively to critical security incidents.

The lack of improvement was further underlined by the finding that nearly 21% of vulnerabilities detected in client networks were more than three years old, while more than 12% were over 5 years old, and over 5% were more than 10 years old.

Results included vulnerabilities from as far back as 1999, making them over 16 years old.

“Prevention and planning for cyber security incidents seems to be stagnating,” said Garry Sidaway, vice-president of strategy and alliances at NTT Com Security.

“This is a real concern and could be due to a number of reasons, such as security fatigue caused by too many high profile security breaches, information overload and conflicting advice in combination with the sheer pace of technology change, lack of investment and increased regulation.

“Facing security challenges that didn’t exist last year, let alone a decade ago, and struggling with a shortfall in information security professionals, many organisations no longer have the necessary skills or resources to cope. Our mantra is prevention is better than cure and get the security basics right, including having a clear, well-communicated incident response plan.”

Although financial services was the leading sector for incident response in previous annual GTIR reports, the retail sector now takes the lead, with 22% of all response engagements, up from 12% the previous year. But retail – a popular target due to processing large volumes of personal information such as credit card details – also experienced the highest number of attacks, the report shows.

The report shows an increase in breach investigations to 28% in 2015 compared with 16% the previous year, with most incidents involving theft of data and intellectual property.

Internal threats jumped to 19% of overall investigations – from 2% in 2014 – with many of these the result of employees and contractors abusing information and computing assets.

Spear phishing attacks accounted for approximately 17% of incident response activities in 2015, up from 2% previously. Many of these attacks related to financial fraud targeting executives and finance personnel, with attackers using clever social engineering tactics, such as getting organisations to pay fake invoices.

Despite the rise in distributed denial of service (DDoS) hacking groups like DD4BC, the GTIR noted a drop in DDoS related activity compared with the previous two years. This is likely to be due to an investment in DDoS mitigation tools and services, the report said. However, the report also said extortion, based on payments by victims to avoid or stop DDoS attacks, had become more prevalent.

NTT Com Security made four recommendations for incident responses:

Prepare incident management processes and “run books”.
Many organisations have limited guidelines describing how to declare and classify incidents even though these are critical to ensure a response can be initiated. Depending on the type of attack, potential impact and other factors, response activities will be very different for each. Common practices for incident response also suggest organisations should develop “run books” to address how common incidents should be handled in their environment.

Evaluate your response effectiveness.
When incidents occur the last thing you want is to lack an understanding of standard incident response operating procedures. Evaluation of preparedness should include regular test scenarios. Consider post-mortem reviews to document and build upon response activities that worked well, as well as areas needing improvement.

Update escalation rosters.
As organisations grow and roles change, it is important to update documentation related to who is involved in incident response activities. Time is critical to incident response and not being able to quickly involve the correct people can hamper your effectiveness. Updating contact information for suppliers such as external incident response support and other providers is just as important.

Prepare technical documentation.
To make accurate decisions and identify impacted systems, organisations must have comprehensive and accurate details about their network.

90% of big UK businesses hacked by cyber attacks

By Cyber SecurityNo Comments

There has been an increase in the number of both large and small organisations experiencing breaches according to the 2015 Information security breaches survey.

There has been an increase in the number of both large and small organisations experiencing breaches according to the 2015 Information security breaches survey

90% of large organisations reported that they had suffered a security breach, up from 81% in 2014. Small organisations recorded a similar picture, with nearly three-quarters reporting a security breach; this is an increase on the 2014 and 2013 figures.

59% of respondents expect there will be more security incidents in the next year than last.
The majority of UK businesses surveyed, regardless of size, expect that breaches will continue to increase in the next year. The survey found 59% of respondents expected to see more security incidents. Businesses need to ensure their defences keep pace with the threat.

The median number of breaches suffered in 2015 by large and small organisations has not moved significantly from 2014. 14 for large organisations and 4 for small businesses is the median number of breaches suffered in the last year.

Cost of breaches continue to soar

The average cost of the worst single breach suffered by organisations surveyed has gone up sharply for all sizes of business. For companies employing over 500 people, the ‘starting point’ for breach costs – which includes elements such as business disruption, lost sales, recovery of assets, and fines & compensation – now commences at £1.46 million, up from £600,000 the previous year.

The higher-end of the average range also more than doubles and is recorded as now costing £3.14 million (from £1.15 in 2014).

Small businesses do not fare much better – their lower end for security breach costs increase to £75,200 (from £65,000 in 2014) and the higher end has more than doubled this year to £310,800.

Organisations continue to suffer from external attacks

Whilst all sizes of organisations continue to experience external attack, there appears to have been a slow change in the character of these attacks amongst those surveyed. Large and small organisations appear to be subject to greater targeting by outsiders, with malicious software impacting nearly three-quarters of large organisations and three-fifths of small organisations.

There was a marked increase in small organisations suffering from malicious software, up 36% over last years’ figures.

69% of large organisations and 38% of small businesses were attacked by an unauthorised outsider in the last year, up from 55% a year ago and slightly up from 33% a year ago for SMEs.

Better news for business is that ‘Denial of service’ type attacks have dropped across the board, continuing the trend since 2013 and giving further evidence that outsiders are using more sophisticated methods to affect organisations.

You can find the research at: 2015 Information security breaches survey .

Ransomware increasingly dangerous cyber security threat

By Cyber SecurityNo Comments

Ransomware attacks now account for around a quarter of cyber security threats targeting internet users in the UK- according to Eset.

Ransomware attacks now account for around a quarter of cyber security threats targeting internet users in the UK- according to Eset.Eset’s LiveGrid telemetry shows an increase in detections of the JS/Danger.ScriptAttachment malicious code, which tries to download and install various malware variants to the intended victims’ machines.

The majority of the code consists of crypto-ransomware, including some well known groupings, such as Teslacrypt.

The most recent wave of attacks has been focused on victims in the UK, where it accounted for roughly every fourth threat in the third week of April 2016, said the security firm.

“To reach as many potential victims as possible, attackers are spamming inboxes in various parts of the world,” said Ondrej Kubovič, security specialist at Eset. “Therefore, users should be very cautious about which messages they open.”

Meanwhile, the latest Verizon Data Breach Investigations Report (DBIR) also warns that ransomware attacks are steadily increasing.

Laurance Dine, managing principal of investigative response at Verizon Enterprise Solutions, said: “Ransomware is going crazy. It is everywhere. As an incident response team we are dealing with ransomware attacks all the time.”

Eset’s Kubovič recommends that companies should train their employees to report incidents to their internal security departments.

“Users should keep their operating systems and software up to date, as well as install a reliable security suite offering multiple layers of protection and regular updates,” he added.

“Last but not least, users need to back up all their important and valuable data, allowing for its recovery in case of ransomware infection,” he said.

While ransomware is becoming an increasing problem for businesses, a recent spate of attacks on hospitals in the past few months – mainly in the US, but also in Canada, Germany and New Zealand – has underlined the potentially life-threatening impact of ransomware, which works by encrypting data and demanding a ransom to be paid for its release.

The dangers of the IoT

A report by Institute for Critical Infrastructure Technology (ICIT) has also highlighted the fact that internet of things (IoT) devices offer a potential growth opportunity to any ransomware operation, given the devices are interconnected by design and many lack any form of security.

According to the report, while a lot of traditional malware will be too large to ever run on many IoT devices, ransomware (predominantly consisting of a few commands and an encryption algorithm) is much lighter.

Many medical devices, such as insulin pumps and other medication dispersion systems, are internet- or Bluetooth-enabled, the report pointed out, and warned that ransomware could used to open connections to infect the IoT device.

Part of the problem with the security of IoT communications is that the designers are more concerned by the ease of connectivity than the safety of their users.

New ransomware threat- with your address

By Cyber SecurityNo Comments

A new email ransomware that quotes people’s postal addresses is a costly new cyber security threat.

A new email ransomware that quotes people's postal addresses is a costly new cyber security threatAndrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4’s You and Yours that discussed the phishing scam.

Mr Brandt discovered that the emails linked to ransomware called Maktub. The malware encrypts victims’ files and demands a ransom be paid before they can be unlocked.

The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link – but that leads to malware, as Mr Brandt explained.

Maktub doesn’t just demand a ransom, it increases the fee – which is to be paid in bitcoins – as time elapses.

A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately £400. This rises to 1.9 bitcoins, or £550, after the third day.

The phishing emails tell recipients that they owe money to British businesses and charities when they do not.

One remarkable feature of the scam emails was the fact that they included not just the victim’s name, but also their postal address.

Many have noted that the addresses are generally highly accurate.

According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it’s still not clear how scammers were able to gather people’s addresses and link them to names and emails.

The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source.

Several people contacted the You and Yours team to say that they were concerned data might have been taken from their eBay accounts, as their postal addresses had been stored there in the same format as they appeared in the phishing emails.

The UK’s national fraud and cybercrime reporting centre has been flooded with queries from people targeted by the scam.

“We have been inundated with this,” said deputy head Steve Proffitt. “At Action Fraud on Monday we received an additional 600 calls and from then onwards we’ve received 500 calls to our contact centre a day,” he added.

Mr Proffitt advised people who had received the phishing emails to under no circumstances click on the link, but instead delete the message from their system and inform Action Fraud.

Referring specifically to Maktub and the approach taken by the phishers, Dr Murdoch said he believed the scam was “significant” in more ways than one.

“It also appears to be quite widespread – I’ve heard about it from multiple sources so it seems like they were fairly successful getting a lot of these sent out,” he told the BBC.

He added that it was hard to know how to advise people who were unfortunate enough to have their files encrypted by ransomware.

For some individuals without backups, paying the ransom might be the only way to retrieve their data.

“However, every person that does that makes the business more valuable for the criminal and the world worse for everyone,” he said.

From:  http://www.bbc.co.uk/news/technology-35996408#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Panana Mossack Fonseca may be victim of hacking

By Cyber SecurityNo Comments

Mossack Fonseca, the Panamanian law firm at the centre of a huge leak of confidential financial data claims that it was the victim of a hacking.

Mossack Fonseca, the Panamanian law firm at the centre of a huge leak of confidential financial data claims that it was the victim of a hackRamon Fonseca- a senior partner at the firm said the leak was not an “inside job” – the company had been hacked by servers based abroad. It had filed a complaint with the Panamanian attorney general’s office.

Several countries are investigating possible financial wrongdoing by the rich and powerful after the leak of more than 11 million documents.

Last week the company reportedly sent an email to its clients saying it had suffered “an unauthorised breach of our email server”.

The company has accused media organisations reporting the leak of having “unauthorised access to proprietary documents and information taken from our company” and of presenting this information out of context.

In a letter to the Guardian newspaper on Sunday, the company’s head of public relations threatened possible legal action over the use of “unlawfully obtained” information.

The revelations have already sparked political reaction in several countries where high-profile figures have been implicated.

On Tuesday Iceland’s Prime Minister Sigmundur Gunnlaugsson stepped down after the documents showed he owned an offshore company with his wife but had not declared it when he entered parliament.

He is accused of concealing millions of dollars’ worth of family assets. Mr Gunnlaugsson says he sold his shares to his wife, and denies any wrongdoing.

European football body Uefa confirmed today that Swiss police had searched its offices in relation to the Panama papers.

It said police had a warrant to look for contracts between Uefa and Cross Trading/Teleamazonas.

The Panama papers suggest current Fifa president Gianni Infantino signed off on a contract with two businessmen who have since been accused of bribery.

Mr Infantino signed off the contract in 2006 as a Uefa director. He says he is “dismayed” that his “integrity is being doubted” and denies any wrongdoing.

Also on Wednesday, Ukraine’s President Petro Poroshenko reacted to his name being linked to the papers.

He said he had created an offshore holding company for his confectionery business when he became president in 2014 but not to avoid taxes.

He said: “If we have anything to be investigated, I am happy to do that. This is absolutely transparent from the very beginning. No hidden account, no associated management, no nothing.”

Eleven million documents held by the Panama-based law firm Mossack Fonseca have been passed to German newspaper Sueddeutsche Zeitung, which then shared them with the International Consortium of Investigative Journalists. BBC Panorama and The Guardian are among 107 media organisations in 76 countries which have been analysing the documents.

ISIS suspect Salah Abdeslam cornered by pizza delivery

By Cyber SecurityNo Comments

It appears as though Salah Abdeslam was found by a combination of security forces’ metadata research and a support network that couldn’t cook.

It appears as though Salah Abdeslam was found by a combination of security forces' metadata research and a support network that couldn't cook.Salah went missing after he wimped out of “martyrdom,” ditching his suicide vest and calling friends to come pick him up and take him home. The car was stopped by the French, but their names weren’t available to the police yet.

Clearly, security forces are not sharing counterterrorism information fast enough to handle modern operations. A slow moving target like the Soviets, or even al Qaeda, allows for a more relaxed approach. ISIS’ operational tempo and behavior is too fast and haphazard.

The Molenbeek area where Salah had been hiding is riddled with radical support networks and sympathizers. He was able to rely on his friends and other support networks. Police targeted elements of these support networks, and eventually discovered a link to Salah himself.

Belgian and French police, who had worked intensively together since November 13, carried out a midday check on what they thought was a defunct terrorist safe house. The utility bills hadn’t been paid in months, officials said, leading police to assume the apartment in the Forest district of southern Brussels stood empty. The six person team didn’t expect to meet resistance and brought no police backup or special forces support.

When the police opened the door, they were shot at with a Kalashnikov and “a riot gun,” according to the Belgian authorities. Four officers were wounded, including a French policewoman. Heavily armed police pursued suspects across the rooftops. One gunman was killed. Two fled the scene, evading capture even though police had sealed off the area.

The “defunct” safe house had a glass with Salah’s fingerprint. Police developed a number of leads and ended up monitoring a house in the Molenbeek area.

Staking out the house, the police became convinced that a larger group of people was there after a woman who seemed to live there ordered several pizzas, according to two security officials.

Just like the raid on el Chapo Guzman was triggered by a large food order, it seems Salah’s capture was based on too many pizzas. Maybe fugitives might want to consider cooking at home, rather than ordering delivery.

It seems that significant parts of the manhunt were enabled by recovering and analyzing mobile phones used by the various suspects.

Aside from the fingerprint found, earlier raids on suspected terrorist hideouts brought other important leads, according to officials. Electronic devices confiscated in earlier raids helped authorities track Abdeslam down, said a Belgian source.

Once a suspect’s mobile number and sim card have been identified, investigators can then serve a court order on telecoms operators to track the number and card down to the nearest phone tower.

The location information generated by the mobile devices (phones and possibly tablets) enabled security forces to track not only individuals, but to map out their networks via e.g. co-location. Mobile phones, even when encrypted and even when using encrypted communications tools, still provide a rich source of intelligence information to security forces.

Modern connected society is a huge data source for the intelligence analyst. Social connections are mapped out via online social networks such as Facebook, but also via the mobility of personal tracking devices such as mobile phones. An underground operative, such as Salah, can avoid using mobiles and computers, but the various elements of his above ground support network are as reliant on modern tools as anyone else.

The problem for underground operatives is that they are reliant on support networks. Support networks for clandestine organizations are almost always based on social networks. Modern society makes support networks an open book for anyone with access to the data (social apps, telco records, etc) and the analytic tools to parse that data (eg Palintir, analysts notebook, etc).

From: https://medium.com/@thegrugq/man-hunting-the-sport-of-security-forces-373d167a3066#.h3otbr3gj

$100 million cyber theft from Bangladesh Central Bank

By Cyber SecurityNo Comments

The cyber theft of $100 million from the Bangladesh Central Bank – by way of the New York Federal Reserve – is the largest bank theft to date.

The cyber theft of $100 million from the Bangladesh Central Bank - by way of the New York Federal Reserve - is the largest bank theft to date

On February 5, the New York Fed was allegedly “penetrated” when “hackers” (of supposed Chinese origin) stole $100 million from accounts belonging to the Bangladesh central bank.

The money was then channeled to the Philippines where it was sold on the black market and funneled to “local casinos” (to quote AFP). After the casino laundering, it was sent back to the same black market FX broker who promptly moved it to “overseas accounts within days.”

The whole situation was quite embarrassing for the NY Fed, because what happened is that someone in the Philippines requested $100 million through SWIFT from Bangladesh’s FX reserves, and the Fed complied, without any alarm bells going off at the NY Fed’s middle or back office.

“Some 250 central banks, governments, and other institutions have foreign accounts at the New York Fed, which is near the centre of the global financial system,” Reuters notes. “The accounts hold mostly U.S. Treasuries and agency debt, and requests for funds arrive and are authenticated by a so-called SWIFT network that connects banks.”

As it turns out there is much more to the story, and as Bloomberg reports today now that this incredible story is finally making the mainstream, there is everything from casinos, to money laundering and ultimately a scheme to steal $1 billion from the Bangladeshi central bank.

And yes, it does appear that hackers managed to bypass the Fed’s firewall:

“Even as banks continue to harden their defenses against such sabotage, hackers too have upped their game to breach servers by utilizing both technical skills and rogue elements within the financial institutions,” said Sameer Patil, an associate fellow at Gateway House in Mumbai who specializes in terrorism and national security.

A Bangladesh central bank official who is part of a panel investigating the disappearance of the funds said that a separate transfer of $870 million had been blocked by the Fed, something the Fed refused to comment on. It does not, however, explain why $100 million was released.

Essentially the dispute is about whether the Fed went through the right procedure when it received transfer orders.

Naturally, the Fed’s story is that it did nothing wrong. Bloomberg writes that according to a Fed spokeswoman, instructions to make the payments from the central bank’s account followed protocol and were authenticated by the SWIFT codes system. There were no signs the Fed’s systems were hacked, she said.

The problem is that the counterparty on the other side of the SWIFT order was not who the Fed thought, and what should have set off red lights is that the recipients was not the government of the Philippines but three casinos.

Bangladesh is quite understandably – furious: a local official said the Fed should’ve checked the payment orders with the central bank to ensure they were authentic, even if they used the correct SWIFT codes. The official also said there are plans to take legal action against the Fed to retrieve missing funds.

Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organization was held up because the hackers misspelled the name of the NGO, Shalika Foundation.

Hackers misspelled “foundation” in the NGO’s name as “fandation”, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.

Luckily, the Fed stopped some of the $1 billion in total requested funds. The unusually high number of payment instructions and the transfer requests to private entities – as opposed to other banks – raised suspicions at the Fed, which also alerted the Bangladeshis, the officials said. The details of how the hacking came to light and was stopped before it did more damage have not been previously reported.

The transactions that were stopped totaled $850-$870 million, one of the officials said. At least $80 million made it through without a glitch.

The funds were used to buy casino chips or pay for losses at venues including Bloomberry Resorts Corp.’s Solaire Resort & Casino and Melco Crown Philippines Resort Corp.’s City of Dreams Manila, according to the paper. There was no suggestion in the report the banks or casinos named were complicit with any improper movement of funds.

In other words, the Fed was funding gamblers, only these were located in Philippine casinos, not in the financial district. Ironically, that’s precisely what the Fed does, only it normally operates with gamblers operating out of Manhattan’s financial district.

From: http://www.bloomberg.com/news/articles/2016-03-16/printer-error-set-off-bangladesh-race-to-halt-illicit-transfers

Some of the biggest tech companies are expanding users’ data encryption

By Cyber SecurityNo Comments

Some of the Silicon Valley’s leading technology companies – including Facebook, Google and Snapchat, are increasing privacy technology as Apple fights the US government over encryption, the Guardian has learned.

Some of the Silicon Valley’s leading technology companies – including Facebook, Google and Snapchat, are working on their own increased privacy technology as Apple fights the US government over encryptionWork on new encryption projects began before Apple entered a court battle with US authorities over the San Bernardino killer’s iPhone.

The projects could antagonize authorities just as much as Apple’s more secure iPhones, which are currently at the center of the San Bernardino shooting investigation. They also indicate the industry may be willing to back up their public support for Apple with concrete action.

Within weeks, Facebook’s messaging service WhatsApp plans to expand its secure messaging service so that voice calls are also encrypted, in addition to its existing privacy features. The service has some one billion monthly users. Facebook is also considering beefing up security of its own Messenger tool.

Snapchat, the popular ephemeral messaging service, is also working on a secure messaging system and Google is exploring extra uses for the technology behind a long-in-the-works encrypted email project.

Engineers at major technology firms, including Twitter, have explored encrypted messaging products before only to see them never be released because the products can be hard to use – or the companies prioritised more consumer friendly projects. But they now hope the increased emphasis on encryption means that technology executives view strong privacy tools as a business advantage – not just a marketing pitch.

Barack Obama has also made it clear he thinks some technology companies are going too far. “If government can’t get in, then everyone’s walking around with a Swiss bank account in their pocket, right?” he said 11 March at the SXSW technology conference in Austin, Texas.

WhatsApp has been rolling out strong encryption to portions of its users since 2014, making it increasingly difficult for authorities to tap the service’s messages. The issue is personal for founder Jan Koum, who was born in Soviet-era Ukraine. When Apple CEO Tim Cook announced in February that his company would fight the government in court, Koum posted on his Facebook account: “Our freedom and our liberty are at stake.”

WhatsApp already offers Android and iPhone users encrypted messaging. In the coming weeks, it plans to offer users encrypted voice calls and encrypted group messages, two people familiar with the matter said. That would make WhatsApp, which is free to download, very difficult for authorities to tap.

Facebook’s chief operating officer, Sheryl Sandberg, has talked publicly about how tech companies can help the west combat Isis online and Eric Schmidt, executive chairman of Google’s parent company, Alphabet, recently joined a Defense Department advisory group on how tech can aid in future battles.

Those matters may seem separate, but US national security officials view the increasing availability of encryption technology as a major aid to Islamic State’s online recruitment efforts. At some point, tech firms may have to choose whether they care more about being seen as helping the west to fight terrorism or standing as privacy advocates.

Some technology executives think one middle path would be to encourage the use of encryption for the content of messages while maintaining the ability to hand over metadata, which reveals who is speaking to whom, how often and when. That is why the specifics of the new products will be key to determining both their security and Washington’s reaction to them.

Ransomware targets Apple Mac computers

By Cyber SecurityNo Comments

Security researchers have found malware to encrypt Apple Mac computers and demand ransom to unlock them.

Security researchers have found malware to encrypt Apple Mac computers and demand ransom to unlock them
Mac computers tend to be regarded as relatively safe from attack, but the migration of so-called ransomware targeting the Microsoft Windows operating system to Apple’s Mac OS X is yet another indicator that things are changing.

Mac users need to be more vigilant and aware of the risks, while cyber security professionals need to equip themselves to identify and quickly respond to this new malware threat, especially in having a pragmatic approach in place for managing extortion-style threats, say security industry pundits.

“As Apple computers and devices become more popular with corporate IT departments, there’s a recognition by attackers that valuable data and resources are available by targeting Mac users,” said Vann Abernethy, chief technology officer at security firm NSFOCUS IB.

“These types of attacks will become increasingly common as the platform gains acceptance within the enterprise world, just as Microsoft Windows is targeted for similar reasons,” he said.

Ransomware is currently one of the most popular ways for cyber criminals to extort money from individuals and organisations in the form of the unregulated bitcoin cryptocurrency.

According to the UK National Crime Agency, ransomware is one of the top international cyber threats, along with distributed denial of service (DDoS) attacks and bullet-proof hosting services.

The newly discovered KeRanger ransomware targeting Mac was discovered hidden in a version of the Transmission BitTorrent client by researchers from security firm Palo Alto Networks.

Businesses are still getting caught by ransomware, despite the fact that there are fairly straightforward methods to avoid it.

Like its Windows counterparts, KeRanger encrypts files on infected computers with a strong encryption algorithm and contains a payment process enabling the victim to purchase decryption for 1 bitcoin- currently worth around £290.

A special feature of KeRanger is a three day delay after infection, which researchers believe was aimed at getting as many users to download the infected version of the Transmission client before its hidden payload was revealed.

By hiding the ransomware in the Transmission client for downloading and sharing BitTorrent files, attackers were attempting to bypass Mac OS security because the Transmission software is signed with a valid developer certificate, causing the Mac operating system to consider it safe and allow installation.

The discovery of Keranger is a sign that Mac users need to be educated on basic information security practices, just like Windows users have been over the past 10 to15 years.

Cyber crime is fastest growing economic crime

By Cyber SecurityNo Comments

Cyber crime is up 20% since 2014 and is the fastest growing economic crime, according to PricewaterhouseCoopers’s (PWC) latest biennial Global Economic Crime Survey.

Cyber crime is up 20% since 2014 and is the fastest growing economic crime, according to PWCThe UK has seen a double digit rise in economic crime against corporates in the past two years, with 55% of organisations affected – up 11% since 2014 and well above the US (38%) and China (28%).

The survey found that 60 % of economic crime in the UK was committed by external perpetrators, up from 56% in 2014. While there was a decline in economic crime perpetrated by employees (31%), there was an 11% increase in fraud committed by senior management to 18%.

“While the prevalence of traditional fraud – such as asset misappropriation – has fallen since 2014, there has been a huge rise in organisations reporting cyber crime, with technology driving almost every other area of economic crime,” said Andrew Gordon, PwC’s global and UK forensics leader.

“Businesses need to minimise the opportunities for economic crime through rigorous fraud risk assessment, supported by a culture based on shared corporate values, robust policies and compliance programmes,” he said.

Some 44% of UK organisations that experienced economic crime in the past two years were affected by cyber incidents, a jump of 20% from 2014 and 12% greater than the global response of 32%.

The rise of cyber crime, the report said, is in stark contrast with some of the traditional forms of economic crime, including asset misappropriation and procurement fraud, which have declined.

Just over half of UK organisations say they expect to be the victim of cyber crime in the next two years, suggesting it will become the UK’s largest economic crime.

Global corporate intelligence leader at PwC Mark Anderson said cyber attackers are now more ambitions than ever.

“Their aim goes beyond targeting financial information to include a company’s ‘crown jewels’ – customer data and intellectual property information, the loss of which can bring down an entire business,” he said.

“The threat of cybercrime is now a board level risk issue, but not enough UK companies treat it that way.”

UK respondents say the greatest concern about a cyber attack is the potential disruption to services, with 31% saying it would have a medium to high impact.

Surprisingly, almost half say that cyber crime would have no effect on their reputation, and almost 60% are not concerned about the potential for theft of intellectual property.

The strong shift towards more senior and experienced employees carrying out corporate fraud in the UK should be of particular concern, the report said, because senior management fraud is often more difficult to detect and prevent, and usually has a much greater effect on an organisation.

While those in middle management remained the most responsible for economic crime (36%), half the instances committed by staff in the UK involved employees over the age of 40, and the number carried out by staff over the age of 50 tripled from 6% to 18%.

The survey found that 45% of internal fraudsters had worked for more than five years in the organisation they defrauded and 21% had more than a decade of service.  In contrast, the number of junior staff carrying out economic crime has fallen since 2014 from 45% to 28%.

While the majority (86%) of UK organisations have formal business ethics and compliance programmes in place, far fewer (63%) back up these rules with regular training and communication.

Financial services companies are set to be the biggest spenders on compliance in the UK in the next two years, while compliance budgets for other industries are under pressure as they face demands to do more with less, according to the survey.

The survey also found that 20% of UK organisations say they have never performed a fraud risk assessment, while 44% do so annually. Some 5% of respondents say they have been asked to pay a bribe in the past 24 months, while 7% feel they lost a business opportunity to a competitor who was willing to pay it.

More than a fifth of frauds were detected through suspicious transaction monitoring, 14% through fraud risk management, 8% through data analytics, 8% through internal audit and 8% through accidental discovery.