Month: October 2016

Cybercrime isn’t slowing down anytime soon. This quarter, cybercriminals were increasingly more ingenious, using innovative technologies and new tools to spread their wares. This is confirmed by the 18 million new malware samples captured by PandaLabs in this quarter alone, an average of 200,000 each day.

The Evolution of Cybercrime

Measuring cybercrime is very complex. Cybersecurity professionals who combat these threats on a daily basis understand its mass and know that it is an industry that continues to grow and evolve. But is it really that dangerous? According to the National Crime Agency of the United Kingdom, cybercrime currently makes up more than 50% of the crimes committed in the UK.

In the past few months, increasing large DDoS attacks have spread and have uncovered a number of DDoS businesses that have led massive attacks that have earned them up to $618,000.

In Taiwan, Dozens of First Bank ATMs were completely emptied this quarter, proving that cybercriminals still have their eyes set on financial entities. On another front, one of the biggest bitcoin robberies in history took place this quarter and an equivalent of 60 million dollars in bitcoins was stolen.
Analyzing game sites, we have seen a number of them become massive datawarehouses for sensitive information and been exposed as relatively easy targets for cybercriminals. The main victim of this quarter is Yahoo, who suffered the biggest theft of its kind in history. 500 million Yahoo accounts were compromised.

Future Security Holes

In the coming years we will face new threats and attacks due to the growing Internet of Things and mobile devices.

There are more and more domestic appliances that are connected to our home networks. There is already a way to control the thermostat and raise the temperature to 99 degrees Fahrenheit, then request a ransom to return it to its initial state.

We have also seen frightening ways a person’s life can be threatened if their car is compromised. If a connected car is compromised, those who are in the vehicle may be in danger. Researchers have discovered that reverse engineering can be used to override car signals and tell the parking brake not to activate, disable the steering wheel, and make the wheel turn at any speed on command.

In August, Apple urgently published the iOS version 9.3.5 for its mobile device operating system. Apple is one of the latest businesses to start a rewards program, offering up to $200,000 to researchers who are able to find vulnerabilities in their products.

The full PandaLabs Q3 report is available from: http://partnernews.pandasecurity.com/uk/src/uploads/2016/10/Pandalabs-2016-Q3-en.pdf

(80)

Emirates International Forensic Conference & Exhibition will be the Middle East & North Africa’s largest event on Forensic Science and Forensic Medicine. Emirates Forensic will be held from 2nd to 4th April 2017 under the theme of “Digital Forensic Science” in Sheikh Maktoum Hall of the Dubai International Convention & Exhibition Centre.
Organized by INDEX Conferences & Exhibitions Org. Est along with its strategic partner Dubai Police, Emirates Forensic will provide high quality conference and serve as an industry platform for networking and exchange of information.
Emirates Forensic will evolve as convergence point wherein experts from the fields of Forensic Medicine, Anthropology, Odontology and Chemistry, Crime Scene Investigation, Forensic Nursing, Trace Evidence, from the Middle East and the world can meet, exchange their practical experiences and share knowledge on the most pressing issues surrounding the region.

(352)

According to Get Safe Online, the annual cost of fraud and cybercrime in the UK is £10.9bn – the equivalent of £210 per adult. The research shows examples of online fraud ranging from fraudulent phishing messages to extract the personal details of victims, to ransomware and the theft of data through hacking.

Commenting on this, Robert Capps, VP of business development at NuData Security said “We’re saddened, but not shocked, to see these findings. In this study, the fact that online fraud costs the UK £10.9bn a year is a sad state of affairs for consumers who can often bear the brunt of the costs (especially with regard to account takeover and new account fraud). It’s absolutely no wonder that consumers are pushing back on companies to improve security, holding them accountable for it, yet still wanting to have a good experience going through the gates.

Financial fraud offers a lucrative source of income for cybercriminals, totaling £755 million  in 2015 in the UK alone. Cybercriminals have grown in their sophistication, exploiting the human interest factor by posing as banks or suppliers and then duping consumers into revealing their personal details. These scams have also proved effective in targeting commercial organisations, as senior executives are tricked into revealing sensitive information which enables access to a company network.

The increasing volume of attacks globally can also be attributed to more fraudsters willing to commit the crime, more data available on the black market, and more financial institutions and merchants that are vulnerable to attacks. Plus, as more countries fully adopt EMV, we’ll see fraud continue its migratory path to all available online channels.

We have to remember; fraudsters know us better than we do in that they’ve pegged our vulnerabilities. It’s time we returned the favour. They are vulnerable because they must do very similar behaviours to be successful, and guess what? We can find them by their tell-tale signals.

In order to detect out of character and potentially fraudulent transactions before they can create a financial nightmare for consumers, we must adopt new authentication methods that they can’t deceive. Solutions based on consumer behaviour and interactional signals are leading the way to providing more safety for consumers, and less fraud in the marketplace.

To combat these types of attacks, consumers should always report emails to their banking provider. No legitimate organisation will ask for security or banking details so consumers need to be suspicious of any email that requests this information.

Meanwhile there are steps that consumers can take to help secure themselves:

• Shop with well-known companies online, or use safer payment systems such as PayPal, ApplePay, Android pay, to avoid providing your payment details directly to an unknown merchant.
• Use strong, unique passwords on each site you register with.
• Make sure to change your passwords regularly.
• Don’t use public computers or free, unencrypted Wi-Fi to conduct financial or retail transactions or interactions.
• Don’t fall victim to email and phone scams, where a consumer receives a call from “their bank” asking for personal, or financial account information. If it looks too good to be true, it most likely is. When I doubt, call the bank directly, based on the number printed on the back of your card, or on a recent statement.”

Additional Resource = https://www.cloudwards.net/online-privacy-guide/

(95)

Following the news that a map can show free Wi-Fi locations and passwords from airports around the world, here are a couple of comments from a number of highly respected security professionals:

Lee Munson, security researcher for Comparitech.com:

“So a map, available to download for offline use, shows the location of many airports’ Wi-Fi connections, along with the password required to use them while you are waiting for your plane to depart. Awesome, right?

“On the whole, it does sound pretty cool – a free internet connection at a time when you may otherwise be bored senseless, waiting around for a few hours in a departure lounge of overpriced refreshment stores – is not to be sneezed at. But is it secure?

“Largely, I would guess the connections highlighted on the map are sound, as long as they were researched properly, but the risk associated with using a tool like this is that people may become blasé about their security.

“If you are in the airport and cannot find the right wireless connection, you may be tempted to connect to another service and this is where cyber criminal come into play. Nothing is free and so that wireless hotspot you saw called “free Wi-Fi” may just be paying for itself by stealing your data.

“And, heaven forbid, you use it to engage in some internet banking, or to make a duty free payment – who knows who is recording those credit card numbers.

“Also, be aware of using free Wi-Fi to login to any sites or accounts that require a password – if you’ve accidentally connected to a malicious network, those accounts are now compromised.

“So, while this tool is useful, do not rely on it too much – if you need to connect to the internet while at the airport, check the network name and password with staff before proceeding.”

Alex Mathews, EMEA technical manager at Positive Technologies:

“Public WiFi networks, like those in airports, are very unsafe. First, everyone can intercept yor data in such open communication. Second, these wireless access points are easy to fake: you will see the WiFi network with the same name and password but it won’t be the official airport WiFi, it may come from a smartphone of a guy sitting next to you. You may be given some fake sites via this unsecure WiFi as well – so you will leak your password to fake Facebook page, for example.

“For this reason we’d recommend to avoid any critical operations via public Wi-Fi: banking, shopping, any password-protected services. You’d better turn WiFi off completely while you travel.”

(195)

The World Border Security Congress is the only multi-jurisdictional transnational platform where the border protection, management and security.World Border Security Congress will provide a platform for the world’s border protection forces and agencies to discuss and debate the current and future issues and challenges facing the border management, security and migration management sectors.
World Border Security Congress is a high level, 3 day event (21st – 23rd March 2017) providing you with the opportunity to reach the senior decision makers in the border protection and management industry.

For more information: http://www.world-border-congress.com

(162)

7-8 November, Managament Centre Europe, Brussels.

INsig2 LTEC’s mission is to create a cutting edge forum that addresses four core areas; digital evidence, forensic investigations, data analytics, and cybersecurity. These disciplines are at the forefront of organisational thinking. INsig2 LTEC’s guiding philosophy is to embrace solutions to empower corporations, law firms, and government institutions to limit the potential exposure to legal, financial, and reputational risks and to increase overall competence around these areas.

(80)

Lloyds Banking Group has announced its plans to become the first organisation in Europe to introduce new crime prevention technology to help protect its 30 million customers from telephone fraudsters. The state-of-the-art approach is known as “phoneprinting”, and creates an “audio fingerprint” of each call to highlight unusual activity and stop criminal callers.

Commenting on this news is Jules Campeau, Chief Revenue Officer at NuData Security, an award winning behavioural biometrics company:

“Lloyd’s customers should be able to rest a bit easier knowing that Lloyd’s is embracing new technology in their efforts to protect customers against the criminal use of stolen identities resulting from the many data breaches that we have seen these past years. Many bank customers fear that their accounts will be taken over from thieves who have gotten hold of their credentials and then use their real personally identifiable information (PII) to phone into a bank to change key account information and gain control of the account. The industry has certainly seen a rise in stolen PII data like names, addresses, friends and spouses, but also facial scans, fingerprints and biometric data. As of yet, Voiceprinting may be the least likely of the physical/active biometric data to be spoofable, especially when layering it with multiple other interaction data points such as location, number history, call type etc.

User verification methods that use cross channel data points are becoming the new standard in user verification to stop fraudsters who already have access to so much of our stolen PII data online. Having technologies like this in place seems like it would help passively verify users using multiple factors.

The one area we have to remember, however, is that anytime we base authentication upon data that can never be changed, we add risk to consumers who bear the burden of proof for a lifetime. If the biometric data should ever be compromised, physical biometrics are unchangeable. Taking biometrics beyond physical biometrics such as single-point fingerprint, retinal or facial scan and layering additional behavioural attributes and passive biometrics elevates the static data to a dynamic model much akin to the proverbial moving target.

That said, it’s encouraging that Lloyds is using this layered biometric and behavioural model as it has little to no impact on users. We’ve been seeing the shift for a long time as banks have been actively reducing friction based security controls at verification, opting now for systems that are able to passively collect and analyse live customer data in real-time without creating angst on the part of their customers. Our solution which uses behavioural data, rather than physical data like voice, performs powerful analysis in real-time. It can return an identity confidence score almost instantaneously and adds yet another layer of frictionless protection for our customers.”

(130)

Mark Johnson, of Warwick Business School, is an Associate Professor of Operations Management, and researches product recalls.

Dr Mark Johnson said: “This has been a case study in how not to do a recall.

“In research that I have conducted with Marko Bastl, of Marquette University, and Mike Bernon, of Cranfield School of Management, we found that firms that have a proactive recall strategy tend to see their share price not hit as badly by investors running scared from the potential costs of the recall.

“In Samsung’s case, the recall was very passive. It was only when the second batch of phones began to fail that they began to show that there were more serious issues at play. Shareholders rightly get twitchy when firms are seen not to care about customers.

“Recalls are a fact of modern business. As products and processes become more complex then the likelihood of them occurring increases. We can’t get everything right all the time. When a recall occurs, be proactive about it – show shareholders that you care about customers and ensure that you have business processes in place to allow you to identify affected products quickly and with minimum hazard to the customer.

“Samsung tried to rush the Note 7 to market to beat the iPhone 7. Phones are complex things and the launch of new products is fraught with difficulties and delays. Samsung potentially rushed a number of critical stages, probably testing, in order to get to market quickly.

“The recall also indicates that Samsung is not as agile as some of its competitors and process-rigidity can mean a loss of flexibility. The process of the recall also indicates that Samsung has very little traceability or integration through the end-to-end supply chain. It was asking customers to identify affected phones in the first round of recalls by examining the colour of the battery signal on the screen. In the 21st century many companies can trace where items are through linking information processes with distributors and vendors.”

(38)

Yahoo has filed a patent for a type of smart billboard that would collect people’s information and use it to deliver targeted ad content in real-time. Using a combination of sensors, including microphones and cameras located either on the billboard or on drones nearby, it would watch and listen to people near the billboard to get a sense of who they were and how they were reacting, which would help it to tailor what it showed them. The patent explains that the billboard might work with advertising exchanges, meaning that it wouldn’t just display its own ads, but might also put them devices including tablets, phones, smart watches and TVs.

Stephen Gates, chief research intelligence analyst at NSFOCUS:

“Although the story timing for Yahoo is not the best, the concept of using real-time targeted adverts on electronic billboards, signage, placards, posters, etc. will likely happen. It’s just a matter of time. Many who have watched Tom Cruise in the movie Minority Report, observed the directors demonstrate this very same concept. Remember, that movie was released 14 years ago. However, today there is no need to scan retinas. Having real-time access to mobile usage and tracking data may be all that is needed.

The risk to consumers is the lack of privacy, or even the invasion of privacy. Since there are limited or no laws that exist to protect consumers from this type of potential activity, advertisers will likely move forward and support this possibility. It’s done quite effectively on the Internet today. Targeted adds are pushed to users’ browsers constantly. Based upon where users have recently surfed the Internet using their mobile device, could result in some pretty interesting or even embarrassing electronic billboard advertisements.”

Michael Patterson, founder and CEO, Plixer:

“I think we can draw similarities to what Yahoo is doing to the information collected and used for advertising by on-line giants Facebook and Google. The biggest risks are that Yahoo could get hacked again and the information they’ve collected with this new service would be available on the black market. If the billboards are effective, it could mean that the victims consume more of products they might not otherwise have purchased. Users can block the domains the data is uploaded to however, sometimes this blocks the user from using the service as well. Pretty much this appears to be business as usual. The bigger problem is how the data is taken to ensure the user knows about everything being harvested as well as the additional meta data that is sometimes taken such as the list of applications the user has installed on the device.”

(53)

…with over 300 products and solutions, 15,000 pre-scheduled appointments, 197 events at the stands of exhibitors and conference rooms, 210 speakers from leading Russian and global experts, broadcasting in four parallel conference streams and around 6,000 unique information security professionals under one roof.

Watch the Round Up Video to learn why Infosecurity Russia 2016  has been so successful: https://youtu.be/ado3xONSUv4

InfoSecurity Russia is No 1 intellectual forum for public authorities, businesses, vendors and market customers addressing the hottest topics & challenges of information security industry.

Andrew Miroshkin, “Groteck Business Media”:
“InfoSecurity Russia is the main market event that includes the exhibition part, a number of conferences and discussions, a meeting point for all market players, and the most visited event in its field. Everything that happens here is directly related to the business in the information security sector. InfoSec 2016 shows that the market has adapted to the new conditions, companies have built at least middle-term plans, and we are moving to the upgraded mode, when many things are done differently. Now comes the period which is more commercially active, I would even say entrepreneurship wise: positive planning, building new expectations, creating new ideas. There are plenty of new opportunities for the global companies to enter the market, and for the local suppliers it is a unique time when our customers are willing to buy as many local products and solutions, as the industry can produce. “

Sponsors and Partners
Special events were organized in collaboration with partners and sponsors of the show – Huawei Technologies, Trustwave, Axoft, SAP, Group-IB, Security Vision, “Norilsk Nickel”, “VimpelCom” CA “InfoSec”, ISACA, Almaz Capital, Kaspersky Lab, Protection Association information.

Alexander Zubarev, Huawei
“Information security is a TOP priority for Huawei, it’s always in the focus of our attention and has a strategic importance for the company. We are deeply convinced that only an open interaction among all the players: Government institutions, suppliers and consumers of modern protected technologies and products. Only with combination of all their efforts it is possible to withstand today-s security threats. I thank the organizers and participants of InfoSecurity Russia 2016 for the invitation, great show and our fruitful cooperation. “

Technologies and Trends
This year the exhibition was attended by 98 leading companies in the field of information security. Among them: 1IDM, AirWatch, AUVESY, Axoft, Bitdefender, Blue Coat – Symantec, Custis, DDoS-GUARD, Defence Group, Extreme Networks, Fortinet, Gigamon, Group-IB, Huawei, ISBC, IT Guard, Palo Alto Networks, Netwell, Niagara Networks, ObserveIT, PeopleNet Security, Positive Technologies, ProtoSecurity, SailPoint Technologies, SAP, StaffCop ( “Atom Security”), TerraLink, Thales e-Security, Tottoli GSM, Trustwave, Vaultize Technologies, WALLIX, Web Control , XSoft, AB Soft Company “Asset” Aladdin RD, ALTEKS SOFT, Amicon, AMT Group, Gazinformservice, and others.

The exhibitors presented over 300 products in the field of information security and information technology. Each visitor was able to obtain detailed information about the mobile security products, cloud-based solutions, personal data protection, networking, cryptography, encryption, anti-virus, data storage and processing centers, certification centers, electronic perimeter protection, e-government services, virtualization, identity management, DLP-solutions, Internet of Things, NFC-technology, PCI DSS, SOC, VPN, automation systems, security applications, remote banking, protection against targeted attacks, identity and access control, and many others.

Business and Education Program
Business activities of the program were dedicated to the most relevant topics for the professionals and market customers. The expanded business program and variety of solutions and services at the show brought together leading executives and experts from Russia and overseas.

International experience of information security was shared by he following speakers: Zoran Zivkovic (Serbian Association of Cybersecurity), Rosemary M. Amato (ISACA), Stanislav Mikhailov (Trustwave).

See you at InfoSecurity Russia 2017!

For early-bird booking with most favorable conditions please contact: Anna Zabora, Project Coordinator at zabora@groteck.ru

(77)