Category Archives: cyber attacks

Blinking Red Light of Death for Cameras

Cameras you can find on street corners, offices, and public spaces can all be used by attackers in one way or another in order to steal sensitive information. Researchers from the Ben-Gurion University of the Negev were able to create a method to use infrared (which can look like a blinking red light) from certain cameras to exfiltrate data coming from a targeted network by simply encoding the data, then sending it through infrared signals. They created a malware called aIR-Jumper that could be used on a machine within the targeted network to control the cameras.

The researchers noted that:

“Many surveillance and security cameras are equipped with IR LEDs which enable night vision. We show that malware residing within the internal networks of the organization can control these IR LEDs, turning them on and off or controlling their IR intensity.

“We implement a malware prototype and show that binary data can be encoded over the IR signals and leaked to an attacker from a distance of tens of meters away. Notably, many surveillance and security cameras monitor public areas, and therefore attackers can easily establish a line of sight with them.”

This research essentially uncovered that surveillance cameras can be used as a covert channel in order to steal passwords, keys, and other sensitive data. This can be done by first gaining access to the network by means of a malware installed, such as through a phishing scam. This malicious program can then scan the network’s IP in search for cameras. They are easily identified by their protocol or MAC addresses.

Once this is done, the malware program can then connect to the cameras. Even if they are password protected, that would be easy to circumvent at this point.

“The malware in the network collects sensitive data that it wants to exfiltrate. When the data is collected, the malware transmits it by encoding it over the IR signals emitted from the camera’s night vision IR LEDs. Exfiltration may take place at predefined times or as the result of a trigger from the attacker side. An attacker located outside the secured facility (e.g., on the street) can receive the IR signals by carrying a standard video camera that is aimed at the transmitting surveillance camera,” the paper says. “The received video is then processed in order to decode the transmitted data.

“An attacker located outside the secured facility (e.g., on the street) generates invisible IR signals by using IR LEDs. The IR signals are modulated with the C&C messages to be delivered to the malware. The video stream recorded by the surveillance camera is received by the malware which processes and decodes the transmitted data,” the researchers said.

While the malware created is simply a proof-of-concept, all the necessary elements to achieve this are there.

Also Read,

Canon DSLR Camera, The “Unlikely Likely” Candidate For Ransomware Infection

A New Malware Called Silex Targets IoT Devices

WannaHydra – The Latest Malware Threat For Android Devices

The post Blinking Red Light of Death for Cameras appeared first on .

Common Social Engineering Attacks and How to Prevent Them

Organizations from all over the world are experiencing an increase in social engineering attacks, both in number and in sophistication. Hackers are devising more clever methods of fooling individuals or employees into giving up sensitive data that can be used to breach the company. As such, organizations need extra due diligence to counter these social engineering attacks.

When it comes to social engineering attacks, they usually involve some type of psychological manipulation designed to fool the target into giving up sensitive data. It is typically done through email or similar forms of communication to invoke a feeling of urgency or fear. This leads the victim to take an action that the attacker wants, such as clicking a link or divulging information without thinking about it. Since this is designed to attack human emotions, it is sometimes difficult to detect and prevent these.

The best defense against social engineering attacks is to keep employees educated and mindful.

Here are a few of the best ways to tackle social engineering attacks, coming from experts in the cybersecurity field.

Social Engineering Techniques

A common technique for social engineering attacks is an email designed specifically for the target person. It tends to look professional and legitimate, seemingly coming from an organization associated with the user, such as a vendor company or maybe even a bank. Hackers can usually copy the actual styles of emails from such companies.

The content would be designed to create a sense of urgency, such as saying that their account is compromised and they need to change their passwords immediately by clicking on the link provided. This is where the main difference comes in. In actual emails, the link would direct to the actual, secure website of the sender. In social engineering attacks, however, it would lead to a malicious website, which would then steal the victim’s username and password once they enter it.

This can sometimes be done through other forms of communication as well, such as over the telephone. The attacker will say official-sounding statements to get the victim to trust them.

Simply put, all social engineering attacks are based on establishing trust with the victim. This is done using information that the victim will think is official, but in reality, the attacker simply researched that information through the internet and social media accounts. By mentioning things like common names of friends, workmates, or colleagues, the victim is lulled into a false sense of security, which the attacker takes advantage of.

According to the technical director of Symantec Security Response, most attackers do not target technical vulnerabilities in software and systems in order to penetrate an organization. They have found that social engineering attacks give them a better chance to achieve their goals, as people are easier to target than complex algorithms that can easily detect an attack.

How Social Engineering Attacks Can Harm an Organization

Companies and organizations run on data that they use for their business. This can include sensitive information from their customers, finances, and operations. When social engineering attacks target an employee, they are trying to get to the data within the organization. Once they have that, they can do several things.

Sell the Data

The attackers can sell the data they are able to steal from the organization. This is evident with the LinkedIn data breach of 2016, wherein a Russian hacker by the name of “Peace” stole approximately 117 million accounts and sold it on the dark web.

Not only did this lead to the company losing face, they also lost money through lost revenue and lawsuits.

Ransomware

If a hacker gains access to a company’s system using social engineering attacks, they can install a ransomware, which is a malicious software designed to hold files, data, or even programs inaccessible until the attacker is paid a certain amount. Once this is paid, they will supposedly provide a key to open the locked files or data.

This can be inhibiting to a company or organization, as it can lead to either loss of money or resources due to the amount of time and effort needed to deal with the situation.

Defending Against Social Engineering Attacks

There are many ways that a hacker can deal damage to a company when they get access to their networks through social engineering attacks. Money, resources, time, and reputation are all on the line. This is why it is important to defend yourself against these attacks. But how?

The best defense against social engineering attacks is education. Educate your employees about these types of attacks and what to look for in order to identify a potential threat. They should also be taught to report any suspicious communication they receive if they have any doubt about its authenticity.

By creating proper protocols and security policies, companies can significantly decrease the chances of social engineering attacks from succeeding.

Also Read,

An Introduction to Social Engineering

Ways Social Engineering Steals Money From The Elderly

Mimecast report: Email Social Engineering on an 80% Rise

The post Common Social Engineering Attacks and How to Prevent Them appeared first on .

IoT-capable Printers Becoming Unofficial Gateways For Cyber Attacks

The printer started as a simple device for printing on paper, providing users with a physical copy of their documents. However, this past decade, a printer even at home became networked in order to be used by multiple users at the same time. At the turn of the 2010’s decade, the printer which used to be a corporate-equipment becomes just an appliance, including wireless printing. The humble printer gained more functionalities through the years, including connecting through apps, making it one of the first IoT (Internet-of-Things) device.

Unlike a typical IoTs that are designed to be connected to a “guest” network in homes and in the offices, printers operate inside the main network. This is for the device to accept print jobs from workstations, which opens an opportunity for cybercriminals. Printers connected to the company and home network while also available as an IoT device on the Internet is an open opportunity for cybercriminals to penetrate an internal network through the printer.

This very issue has been examined by two security researchers from NCC Group, Daniel Romero and Mario Rivas. Network printers are now a convenient way for outsiders to penetrate an otherwise private internal network of companies and homes. Printers are not designed as gateways, it just happened that its IoT cybersecurity functionality provides bridging the public Internet (where the threats and bad actors come from) and the internal network.

Aside from backdoor functionality opened by an IoT printer, the internal networks become vulnerable to distributed denial of service (DDoS) attacks from outsiders as well. The NCC group security team have subjected various printer devices from Ricoh, HP, Lexmark, Xerox and Kyocera, which they describe as: “were able to provide updates to close up the identified vulnerabilities and secure the affected devices against the exploits uncovered by the researchers.”

NCC group’s findings match closely with Microsoft’s study regarding the vast abuse of IoT devices, creating an artificial gateway for outsiders to penetrate a private internal network. “While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives. These simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments,” emphasized Microsoft’s cybersecurity team.

According to Romero and Rivas, there is an unpatched vulnerability on various printers they have tested, most especially with the implementation of IPP (Internet Printing Protocol) per device and model of the printer. IPP, when implemented wrongly, can execute arbitrary code, which will be very harmful to the internal network. Also, the very protocol that enables system administrators to monitor the network presence of the printer, SNMP may have bugs that can be used to crash the machine in the network through DoS vulnerability.

Certainly, there’s more to the story. And we’ll get to hear more of it when Mario and Daniel reveal the full extent of their research at several industry conferences, including DEF CON, Hack In The Box Security Conference and 44CON,” concluded the NCC Group.

Also Read,

A New Malware Called Silex Targets IoT Devices

Security & Privacy Concerns in IoT Devices

Factors to Consider When Securing IoT Devices

The post IoT-capable Printers Becoming Unofficial Gateways For Cyber Attacks appeared first on .

Vietnam: Cyber Attacks For 1st Half-2019 More Than Doubled

When it comes to cyber-attack and digital security issues, we often report incidents happening in the United States, Europe, and other first-world nations. We rarely feature articles which discuss cybersecurity situation of an emerging economy, but that time has come. Vietnam, a Southeast Asian nation of 94.6 million people reached a record-breaking number of cyber attacks in its history for the first half of 2019. The news was revealed by the Vietnam Computer Emergency Response Team (VNCERT), a whopping 104% increase in cyberattack cases compared to the same period last year.

6219 cyber attack incidents recorded by VNCERT is a huge number for any country, let alone for an emerging country. From that number, it is broken up to 240 confirmed malware cases, 3824 digital vandalism and 2155 phishing attacks. Vietnam is not a huge country, its land area is just 331,212 km2 but around 100,000 devices are suspected malware infection occurs in the country on a daily basis.

That number alone is a serious cause for concern, to a point that computer enthusiast in Vietnam organize themselves to host events for information dissemination covering information leakage due to external attackers. The government of Vietnam joins the event as well, this year’s edition is represented by the Deputy Minister of Information and Communications, Nguyen Thanh Hung. The event features cybersecurity roleplaying that teaches people how to handle corporate-level cyber attacks, both for the domestic and foreign space. This year’s edition focus more on prevention, through its central team of early detection of threats and actual cyber attacks.

The statistics disclosed by VNCERT is confirmed by Symantec Corporation itself. Through the use of their aggregate software stats from their Vietnamese customers, Symantec believes that around 94% or 9 out of every 10 Vietnamese companies have experienced some form of IT security issue while they operate their respective businesses. These attacks often remain a top-secret for a Vietnamese corporation, in order to prevent collapse of their brand if it happens to be publicly known.

VNCERT, represented by its Director, Nguyen Trong Duong underscored the importance of strong management implementation of IT security precautions and policies within Vietnamese organizations. Unfortunately, the director himself admitted that many Vietnamese companies lack enough strictness when it comes to security preparations and protocols. One of the biggest IT security issues that placed Vietnam on the map of global cybersecurity headline was the blackmail pulled off against Co-operative bank of Vietnam by a hacker named Sogo Nakamoto. He threatened public data leakage of the bank’s 275,000 customers unless the bank pays him US$100,000.

In order to limit the data leakage, it was necessary to set up a confidential process, enhance discipline at units, particularly effective ways to protect the units against cyber attacks and strengthening awareness of staff about information security,” explained Trong Duong.

Cybercriminals continue to improve their campaigns to create more opportunities for themselves to earn a profit at the expense of innocent Internet-connected users. This is why all companies, regardless of location today are expected to have a minimum credible cybersecurity defense.

Also Read,

The Australian Pre-Election Cyber Attacks and After!

Artificial Intelligence as the Next Host of Cyber Attacks, a Cybersecurity Research Firm Revealed

FDA’s Action vs Cybersecurity Risks and Cyber Attacks

The post Vietnam: Cyber Attacks For 1st Half-2019 More Than Doubled appeared first on .

Cyber Attacks From The Point Of View Of Financial Enterprise

As we have repeatedly mentioned here in Hackercombat.com, hackers today are no longer interested in digital vandalism against systems and websites. Showing how good you are in cracking and hacking may give you a boost of ego, but the buck stops there, you may still end up behind bars when caught. Might as well earn huge amount of money doing a cybercrime, right? Yes, that is the main motivation of cybercriminals today, earn money. From the script kiddie category up to the high-level hackers who cause online bank heist, it is very clear that black hat hacking evolved from mere “I know it can be done” to “I will earn profit with this” kind of campaign.

It really shows, just look at how many cybersecurity news we publish here at Hackercombat.com. Cybercriminals have developed a deep arsenal of tools in order to dupe people and organizations of their hard-earned money. From identity theft, social engineering, phishing, banking trojans, ransomware and the most covert of all campaigns, cryptocurrency mining malware. The list goes on, and being an organization whose primary purpose is to grow its money as much as possible, the financial sector is in the crosshairs of cybercriminal organizations.

Having money to grow, while also carefully spending money for a mundane cybersecurity defense posture is a risky endeavor that many financial institutions, both public and private are engaging every day. As we enter the age where state-sponsored hacking organizations are organizing themselves to get ready for the next cyberattack, institutions that store a lot of personally identifiable information and financially liquid are the prime targets. We have featured more than a dozen cyber attack articles since 2017, about banks, lending firms and even public sector agencies that have something to do with taxation becoming a victim of certain attacks such as DDoS, ransomware and banking trojans.

This is a useful way to think about cyber threats, because it is easy to map attacker motivations across to specific businesses, and subsequently understand to what extent they apply. Once you understand why various threat actors might target you, then you can more accurately measure your cyber risk and implement appropriate mitigations,” explained George Michael, F-Secure’s Senior Research Analyst when asked to describe cyber threats against private organizations.

Mitigations are software patches designed to plug the security bugs that were discovered in hardware. However, it is not always a happy ending when it comes to installation of mitigations. We can review the case of Meltdown & Spectre of 2018 and the MDS exploit of 2019, revealing to the public that mitigation patches lower the performance of hardware. It is like being between a rock and a hard place, choose security and you will pay with the lower performance of the system, more particularly the CPU’s execution of code. Choose speed, and your system is exposed to security exploits and various cyber attack risks. Such choice is something system administrators wish not to decide on, as both security and hardware performance are important for any organizations. As mentioned earlier, not all hackers are operating for themselves, they are funded by nation-states. Such organizations have deep packets for establishing an effective research and development campaigns to develop much worst system exploits we have yet to witness.

North Korea has been publicly implicated in financially motivated attacks in over 30 countries in the past three years, and their tactics are also being used by cyber criminals, particularly against banks. This is symbolic of a wider trend that we’ve seen in which there is an increasing overlap in the techniques used by state-sponsored groups and cyber criminals. If you don’t understand the threats to your business, you don’t stand a chance at defending yourself properly. Blindly throwing money at the problem doesn’t solve it either,” concluded Michael.

Also Read,

How to Protect Yourself from Online Cyber Attacks at Work

How A Website Security Scanner Helps Lessen Future Cyber Attacks

The 3 Sectors Most Prone to Cyber Attacks

The post Cyber Attacks From The Point Of View Of Financial Enterprise appeared first on .

Why Is Cloud Encryption Really Important?

When Salesforce.com launched in 1999, it became the gateway of the cloud computing platform to the public. Today, cloud computing, known as “the cloud,” is one of the most used technologies around the world. Applications like Netflix, Amazon web service, and even Facebook all use the cloud. But the cloud’s popularity has made it a hot target for cyberattacks, which is why it’s important for businesses to have cloud encryption in place.

What Is Cloud Encryption?

Cloud encryption is a cybersecurity tool that encrypts data as it is sent to the cloud for storage. There are different forms of cloud encryption offered by many cloud-platform service providers. By using cloud security encryption, sensitive data can remain safe in cloud storage even if the cloud platform is compromised by hackers.

What Is Cloud Encryption? – Kinds of Cloud Computing Encryption

Cloud security encryption comes in various forms, depending on the cloud provider. Because cloud encryption uses more processing power than just sending data through the cloud, not all service providers can offer a high level of cloud computing encryption. Here are various forms of cloud computing encryption:

Encrypted cloud connection is a kind of cloud encryption where the cloud computing connection is secured through encryption; it’s similar to how VPNs encrypt your data through the VPN tunnel.

Cloud computing encryption of sensitive data is a kind of cloud security encryption where the cloud service provider only encrypts data known to be sensitive. This limits the amount of data being encrypted before being stored in the cloud. This method costs less bandwidth and processing power.

End-to-end encryption is one of the highest levels of cloud security encryption. In end-to-end encryption, the data is encrypted offline before being sent into the cloud for storage. Because the encryption is done offline, only authorized people have the decryption key, and even if the cloud service provider is compromised, the data remains safe.

What Is Cloud Encryption? — Why Proper Key Management Is Important

Cloud encryption works the same way as offline encryption. There are keys used for encryption and decryption of the data. But the main difference is who is managing the encryption and decryption keys.

When cloud service providers offer cloud security encryption, most of the time, they manage the keys instead of the client. This poses a vulnerability when the provider is compromised and hackers gain access to their key storage.

When picking a cloud service provider, companies should take note of the cloud security encryption method and encryption key management before applying for their services. Companies should also take note of how much security they need for the files they plan to transfer to the cloud.

Keeping decryption keys offline is a good key management practice, as well as frequent key auditing and setting up two-factor verification.

Conclusion

Cloud computing technology has opened doors to high-volume storage. Companies, whether big or small, have utilized it for their day-to-day operations and data storage needs. But even the cloud is not fully hack-proof. Secure your data in the cloud now by using cloud encryption.

Also Read,

Top 5 Encryption Software to Securely Encrypt Your Files in the Cloud

The Advantages and Disadvantages of Cloud-Based-Proxy

Google Encrypted Cloud Backup for Android 9.0 Pie Publicly Released

The post Why Is Cloud Encryption Really Important? appeared first on .

Russian Military Hardware Vendor Accused Of U.S. Espionage

The United States has accused a Russian defense contractor company named Special Technology Center (STC) for developing specialized software to spy on Android users. For many years, the western nations such as the United States and many European Union nations have accused Russia of intervening with their internal domestic affairs through its spying campaigns and state-level espionage activities. Just like clockwork, every time Russia is blamed for cybercrime, Kremlin fully denies it, usually with a counter-claim that it is the United States and its allies that are trying to conduct espionage activities against countries critical of them.

Lookout, an Android security app vendor confirmed that STC is behind the spread of Android apps. Allegedly done with the use of built-in espionage spyware named Monokle, after the former tried to reverse-engineer the unnamed affected apps. Monokle is a spyware that communicates with STC software, with an IP address that is clearly identified with the latter. According to the report, Monokle-loaded apps didn’t come from Google Play Store, but rather through 3rd party sources that users sideload with their Android devices.

We are seeing yet another vendor, that is a defense contractor in this case, that is producing a highly sophisticated malware to spy on users of mobile devices. That really drives home the risk around mobile devices and how they are being attacked,” explained Christoph Hebeisen, Lookout’s senior manager of security intelligence.

Lookout categorize Monokle not just as a typical spyware but a full fledged surveillance malware. It utilizes new techniques to harvest data that were not previously seen in an Android based malware. Also known under the term “weaponized malware”, Monokle is designed to monitor web activity of the Android user – given that a special root certificate from the makers of Monokle is installed for the purpose of espionage.

STC is a genuine military-hardware supplier for the Russian government, their speciality products are military drones and accessories.Monokle is advanced and full featured mobile surveillance software. It could be used for any objective which would require surveillance through a mobile device. In similar attacks, such as Dark Caracal, we’ve observed the use of phishing attacks through messaging applications, SMS, or emails used to distribute this type of malware,” added Adam Bauer, senior staff security intelligence engineer. This is not the first time that STC has received a bad rap from the United States, three years ago in 2016, the U.S. government already tagged it as a company that is involved with “Malicious cyber-enabled activities”.

A surveillance app can also be used for good, like for the purpose of crime prevention which has the function to identify the person who stole the smartphone, including its current location. In addition to releasing the shutter by remote control, some cameras do not make even the shutter sound. There is no such great feature to find out who is the person you are with and where you are. Although it is a smartphone surveillance app that becomes a terrifyingly powerful item in the cheating survey, there are many occasions where illegality is questioned just by using it. Just like what the U.S. is accusing Russia of doing against its citizens.

Related Blogs:

Build Robust Methods to Defy Phishing Attacks

Cybercrime To Cost Organization More Over The Next Five Years

The post Russian Military Hardware Vendor Accused Of U.S. Espionage appeared first on .

Overview Of Australia’s TGA Medical Devices Cybersecurity Guidelines

Technology came a long way, to a point that medical equipment can now get hacked. Hackercombat.com has for years featured stories about hacked medical equipment, all things considered, it is still unknown why cybercriminals are bothering with such attacks. Given that patients medical tools are not profitable compared to say ransomware or banking trojan development. However, Australia’s Therapeutic Goods Administration (TGA) does not pull its punches as it releases new guidelines for securing medical devices and IVD (Vitro Diagnostic) med equipment.

The guidelines are divided into three documents, for the industryfor users and for consumers

For the industry pdf document covers the foundation of the use of equipment by the medical and healthcare industry itself. The 53-page document cannot be covered in just one article, hence we recommend our readers to read it separately in order to understand the wisdom behind why TGA is prioritizing it over the two other stakeholders. The guidance for industry document released fully recognized that the world, including Australia, has entered the age of SaMD (Software as a Medical Device) and embeds a form of artificial intelligence to aid the actual equipment. It is unfortunate that we arrived at the age when supposed life-saving devices are vulnerable to cyber attacks as well as no different from general-purpose computers like PCs and smartphones.

The need of hospitals and other healthcare institutions to be “connected” and the pressures of “digitization” are the reasons why devices that used to be independently operating (which is very much okay) are now basically IoTs (Internet-of-Things). What is the industry’s fascination with totally working offline machines turned Internet appliances? That is the reality that TGA is trying to emphasize, as medical equipment becomes IoTs themselves, what are the action plans to prevent medical devices from becoming the next target of hackers?

This guidance has been produced in order to support Australia’s medical device cyber security capability, embedding improved cyber security practices across the medical device sector. The purpose of this guidance is to help manufacturers and sponsors understand how the TGA interprets regulations, and thus indicate how to comply,” said TGA in its guidelines for the industry.

The second document is 31-pages long, reveal its purpose for security information supplied while using the medical equipment. Software running on top of the medical devices now becomes the interface of medical professionals like doctors and nurses, instead of directly interacting with the crude user interface provided solely by the hardware itself. Medical professionals are not IT professionals, they are not trained to be IT support for themselves in the event of cybersecurity attack against the medical devices they rely on every day to treat their patients.

Users of medical devices have a shared responsibility for providing a cyber secure environment for these devices to operate in. While supplying a compliant medical device is the responsibility of the manufacturer and sponsor, a compliant medical device will only be as secure as the most vulnerable aspect of the system it is expected to operate in,” explained the TGA document for users.

The 3rd document titled with “Consumer Information” deals with how regular folks handles the changes in hospital technologies. Most especially given that data taken from patients and their families are stored in hospital devices that used to be completely air-gapped but are now practically Internet appliances as well.  TGA defined consumer-interaction with hospital Internet-related devices as followed (directly quoted from https://www.tga.gov.au/medical-device-cyber-security-consumer-information#how)

  • apps on your smartphone that allow you to record information, such as blood glucose readings and carbohydrate intake, that will be used to determine treatments, such as insulin injections
  • implanted devices that can be remotely controlled, such as cardiac pacemakers
  • hearing aids that may be controlled by your smartphone
  • continuous positive airway pressure (CPAP) machines that treat sleep apnoea, and communicate therapy information to your doctor.

Related Blogs:

Oregon Department of Human Services Suffered a Data Breach

University of Washington Medicine Mistakenly Exposes Data

The post Overview Of Australia’s TGA Medical Devices Cybersecurity Guidelines appeared first on .

Cases of Cyber-Attacks in Kenya Rise to 11.2 Million

Security researchers have found that 11.2 million cyber-attacks hit organizations in Kenya in the first quarter of 2019, this is a 10.1 percent increase in the number of security incidents compared to the previous quarter. The Kenya Communications Authority (CA) reports that the Incident Response Center has detected an increase in malware, web application attacks, system configuration errors, and online abuse.

According to CA cyber intelligence, the cyber-attacks cost Kenya’s economy about 29.5 billion shillings. The CA cyber intelligence team has sent about 14,078 cyber-threat alerts to relevant organizations in the country, announcing an increase of 12,138 alerts last year.

The Central Bank of Kenya (CBK), Kenya’s banking supervisory authority, recently announced the introduction of new cyber security policies for the country’s financial services sector. According to Patrick Jorge, Governor (CBK), new cyber security guidelines for payment services will help reduce the threats to the financial sector.

“The regulatory and advisory initiatives are targeted towards safeguarding the Kenya’s financial sectors from cybercrime,” said Njoroge at the launch of Kenya Bankers Association (KBA) 2019 Card, Mobile, and Online Safety Awareness Campaign. “As a result, a single attack on any given commercial bank could have a devastating effect on the entire financial services system.”

Habil Olaka, the CEO of KBA said “While this is an inspiring development, financial fraud is among the challenges that threaten progress in the adoption of new technologies. As an industry, we firmly believe that it is through cross-sector collaborations that we can defeat fraud and ensure a sustainable environment for growth.”

Last year, the Central Bank of Kenya proposed new cybersecurity standards to combat bank fraud and to better understand the threats that payment service providers are facing. Under the new guidelines, banks and mobile service providers are required to submit cybersecurity reports to industry regulators. Companies are invited to inform the Central Bank of Kenya within 24 hours of suspicious activity and to provide CBK with quarterly information on incidents and their resolution.

Also, Read:

How to Protect Yourself from Online Cyber Attacks at Work

The 3 Sectors Most Prone to Cyber Attacks

The post Cases of Cyber-Attacks in Kenya Rise to 11.2 Million appeared first on .

Businesses Beware: Top 5 Cyber Security Risks

Hackers are working hard to find new ways to get your data. It’s not surprising that cyber security risk is top of mind for every risk owner, in every industry. As the frequency and complexity of malicious attacks persistently grows, every company should recognize that they are susceptible to an attack at any time—whether it comes as an external focused attack, or a social engineering attack. Let’s take a look at the top 5 risks that every risk owner should be preparing for.

  1. Your Own Users. It is commonly known, in the security industry, that people are the weakest link in the security chain. Despite whatever protections you put in place from a technology or process/policy point of view, human error can cause an incident or a breach. Strong security awareness training is imperative, as well as very effective documented policies and procedures. Users should also be “audited” to ensure they understand and acknowledge their role in policy adherence. One area that is often overlooked is the creation of a safe environment, where a user can connect with a security expert on any issue they believe could be a problem, at any time. Your security team should encourage users to reach out. This creates an environment where users are encouraged to be part of your company’s detection and response. To quote the Homeland Security announcements you frequently hear in airports, “If you see something, say something!” The biggest threat to a user is social engineering—the act of coercing a user to do something that would expose sensitive information or a sensitive system.
  2. Phishing. Phishing ranks number three in both the 2018 Verizon Data Breach Investigation Report Top 20 action varieties in incidents and Top 20 action varieties in breaches. These statistics can be somewhat misleading. For example, the first item on the Top 20 action varieties in breaches list is the use of stolen credentials; number four is privilege abuse. What better way to execute both of those attacks than with a phishing scam. Phishing coerces a user through email to either click on a link, disguised as a legitimate business URL, or open an attachment that is disguised as a legitimate business document. When the user executes or opens either, bad things happen. Malware is downloaded on the system, or connectivity to a Command and Control server on the Internet is established. All of this is done using standard network communication and protocols, so the eco-system is none the wiser—unless sophisticated behavioral or AI capabilities are in place. What is the best form of defense here? 1.) Do not run your user systems with administrative rights. This allows any malicious code to execute at root level privilege, and 2.) Train, train, and re-train your users to recognize a phishing email, or more importantly, recognize an email that could be a phishing scam. Then ask the right security resources for help. The best mechanism for training is to run safe targeted phishing campaigns to verify user awareness either internally or with a third-party partner like Connection.
  3. Ignoring Security Patches. One of the most important functions any IT or IT Security Organization can perform is to establish a consistent and complete vulnerability management program. This includes the following key functions:
  • Select and manage a vulnerability scanning system to proactively test for flaws in IT systems and applications.
  • Create and manage a patch management program to guard against vulnerabilities.
  • Create a process to ensure patching is completed.

Most malicious software is created to target missing patches, especially Microsoft patches. We know that WannaCry and Petya, two devastating attacks, targeted systems that were missing Microsoft MS17-010. Eliminating the “low-hanging-fruit” from the attack strategy, by patching known and current vulnerabilities or flaws, significantly reduces the attack-plane for the risk owner.

  1. Partners. Companies spend a lot of time and energy on Information Security Programs to address external and internal infrastructures, exposed Web services, applications and services, policies, controls, user awareness, and behavior. But they ignore a significant attack vector, which is through a partner channel—whether it be a data center support provider or a supply chain partner. We know that high-profile breaches have been executed through third partner channels, Target being the most prominent.The Target breach was a classic supply chain attack, where they were compromised through one of their HVAC vendors. Company policies and controls must extend to all third-party partners that have electronic or physical access to the environment. Ensure your Information Security Program includes all third partner partners or supply chain sources that connect or visit your enterprise. The NIST Cyber Security Framework has a great assessment strategy, where you can evaluate your susceptibility to this often-overlooked risk.
  2. Data Security. In this day and age, data is the new currency. Malicious actors are scouring the Internet and Internet-exposed corporations to look for data that will make them money. The table below from the 2018 Ponemon Institute 2018 Cost of a Data Breach Report shows the cost of a company for a single record data breach.

Cost for a Single Record Data Breach

The Bottom Line

You can see that healthcare continues to be the most lucrative target for data theft, with $408 per record lost. Finance is nearly half this cost. Of course, we know the reason why this is so. A healthcare record has a tremendous amount of personal information, enabling the sale of more sensitive data elements, and in many cases, can be used to build bullet-proof identities for identity theft. The cost of a breach in the US, regardless of industry, averages $7.9 million per event. The cost of a single lost record in the US is $258.

I Can’t Stress It Enough

Data security should be the #1 priority for businesses of all sizes. To build a data protection strategy, your business needs to:

  • Define and document data security requirements
  • Classify and document sensitive data
  • Analyze security of data at rest, in process, and in motion
  • Pay attention to sensitive data like PII, ePHI, EMR, financial accounts, proprietary assets, and more
  • Identify and document data security risks and gaps
  • Execute a remediation strategy

Because it’s a difficult issue, many corporations do not address data security. Unless your business designed classification and data controls from day one, you are already well behind the power curve. Users create and have access to huge amounts of data, and data can exist anywhere—on premises, user laptops, mobile devices, and in the cloud. Data is the common denominator for security. It is the key thing that malicious actors want access to. It’s essential to heed this warning: Do Not Ignore Data Security! You must absolutely create a data security protection program, and implement the proper policies and controls to protect your most important crown jewels.

Cyber criminals are endlessly creative in finding new ways to access sensitive data. It is critical for companies to approach security seriously, with a dynamic program that takes multiple access points into account. While it may seem to be an added expense, the cost of doing nothing could be exponentially higher. So whether it’s working with your internal IT team, utilizing external consultants, or a mix of both, take steps now to assess your current situation and protect your business against a cyber attack. Stay on top of quickly evolving cyber threats. Reach out to one of our security experts today to close your businesses cyber security exposure gap!

The post Businesses Beware: Top 5 Cyber Security Risks appeared first on Connected.