been

now browsing by tag

 
 

#nationalcybersecuritymonth | What’s been done to fight cybercrime in East Africa

Source: National Cyber Security – Produced By Gregory Evans

East Africa attracts millions of tourists every year. Over the past 10 years, its earnings from tourism have doubled. Compared to the rest of Africa, the region is experiencing healthy economic growth. This makes it a promising investment destination.

Factors like regional tourism, movement of workers and technology development have catalysed East African integration and cross-border banking.

Many cross-border banks originate from Kenya with branches across the region. One example is Kenya’s Equity Bank, which relies heavily on digital technology. The digital space has many positive attributes but the threat of cybercrime and insecurity is prevalent.

Uganda lost 42 million shillings to cybercrime in 2017. In 2018, Rwanda lost 6 billion francs. In Kenya, between April and June 2019 alone, the country experienced 26.6 million cyber threats.

Across the region, with the increase of digital banking, financial institutions have become targets. These institutions are attractive to cyber criminals because they hold the biggest cash reserves. Africa’s digital infrastructure is ill-equipped to manage the continent’s growing cyber-security risk.

Equity is a pioneer in online and mobile banking with technology that merges banking and telephony. However, it recently suffered a cyber-attack. Last month, Rwandan authorities arrested a cybercrime syndicate comprising eight Kenyans, three Rwandans and a Ugandan. The syndicate had attempted to hack into the Equity Bank system. The group has been involved in similar attacks in Kenya and Uganda.

Early in the year, Kenya’s director of criminal investigation issued warrants of arrest against 130 suspected hackers and fraudsters for alleged banking fraud.

These incidents show that financial losses to cyber insecurity are a growing threat to East Africa’s economy.

Cybercrime occurs through the use of computers, computer technology or the internet. It often results in identity theft, theft of money, sale of contraband, cyber stalking or disruption of operations.

Within East Africa, Kenya, Rwanda and Uganda are taking steps to manage the huge cybercrime risk. But the cyber attack on Equity Bank is proof that these countries need to do more to protect their financial institutions from massive losses going forward.

Regional instruments

The African Union’s Convention on Cyber Security and Personal Data Protection is East Africa’s overarching policy guideline on cybercrime. It was adopted by member states in 2014. The Convention is similar to the Council of Europe’s Cyber Crime Convention which established a cyber security on the European continent.

Rwanda signed the Convention earlier this year, but it’s the only East African country to have done so.

The Convention requires member states to share responsibility by instituting cyber security measures that consider the correlation between data protection and cybercrime. These measures will keep data safe from cyber criminals and preempt its misuse by third parties. It also encourages the establishment of national computer emergency response teams.

The Convention advocates closer cooperation between government and business.

The Convention also creates a provision for dual criminality. This means that cybercrime suspects can be tried either in the country where the crime was committed or in their home country. This provision is meant to ensure smooth cooperation and sidestep any conflict of laws.

There is also a provision on mutual legal assistance. This allows for member states to share intelligence and collaborate on investigations.

Even though Uganda and Kenya aren’t yet signatories, they have nevertheless been establishing legal and policy frameworks provided for under the convention. Rwanda is doing so too, and as a signatory is one step ahead.

Rwandan approach

In 2015, Rwanda came up with a national cyber security policy that established a National Computer Security and Response Centre. The centre detects, prevents and responds to cyber security threats. And in 2016, the Regulatory Board of Rwanda Utilities rolled out network security regulations to protect the privacy of subscribers. They also empower the government to regulate and monitor internet operators and service providers.

The country also has a National Cyber Contingency Plan to handle cyber crises.

Further, Rwanda’s telecom network security regulations require service providers to secure their services by protecting their infrastructure. Every service provider must be licensed and must guarantee the confidentiality and integrity of their services. They must also set up incident management teams. These teams work with the government to manage cyber security threats effectively.

Additionally, Rwanda passed an information and communication technology law in 2016. This contains provisions on computer misuse and cybercrime which criminalise unauthorised access to data.

The country has managed to build the foundations of a strong regulatory framework. It has also taken measures to raise awareness around cyber security. In fact, in the attack on Equity Bank, the authorities acted on a tip from members of the public.

Kenyan measures

In 2014, Kenya launched its National Cyber Security Strategy to raise cyber security awareness and equip Kenya’s workforce to address cyber security needs.

In line with this strategy, Kenya amended its information and communications law to criminalise unauthorised access to computer data.

Kenya has also set up a national computer incident response coordination centre to consolidate key cyber infrastructure and create pathways for regional and international partnership.

Generally, Kenya has a robust cyber security policy which includes a legal and regulatory framework. The result has been that impending cyber attacks are discovered before massive damage is done and ongoing attacks are rapidly arrested.

Uganda’s security

Uganda has legislation to protect cyber security. This includes the Computer Misuse Act which ensures the safety and security of electronic transactions and information systems, and the Regulation of Interception of Communications Act to monitor suspicious communications. It also has a national computer emergency response team.

This regulatory framework is similar to those in Kenya and Rwanda. But in addition, Uganda has a National Information and Technology Authority that provides technical support and cyber security training. It also regulates standards and utilisation of information technology in both the public and private sectors. These measures have boosted the countries’ cyber security strategy.

While Uganda has these measures in place, Kenya and Rwanda are two of the top three cyber secure countries in Africa.

Moving ahead

Kenya, Uganda, and Rwanda have taken solid steps to harmonise cybersecurity processes, data protection, and collaborative prosecution and investigation measures.

They have criminalised cybercrime and established frameworks to manage cyber attacks. International cooperation within the region has also enhanced cyber security.

Source link

The post #nationalcybersecuritymonth | What’s been done to fight cybercrime in East Africa appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Isolation protects you from threats that haven’t even been discovered

Source: National Cyber Security – Produced By Gregory Evans Another day, another validation that Internet isolation really is the best cybersecurity protection out there. Last week, Google released an urgent Chrome update to patch an actively exploited zero-day known as CVE-2019-13720, a memory corruption bug that uses a use-after-free vulnerability in audio that allows a […] View full post on AmIHackerProof.com

#cybersecurity | #infosec | How Facebook helps an abusive ex-partner find out your new identity, even after they’ve been blocked

Source: National Cyber Security – Produced By Gregory Evans Imagine the scenario. You’re a woman in an abusive relationship with a man. Things have turned violent. You leave the man, block his account on Facebook, and maybe even change your name legally as you want to start afresh. You update your Facebook profile to reflect […] View full post on AmIHackerProof.com

IRANIAN #HACKERS HAVE BEEN #INFILTRATING #CRITICAL #INFRASTRUCTURE #COMPANIES

THE INTERNATIONAL INTELLIGENCE agency always has a keen interest in Iran’s hacking activity. And new research published by the security firm FireEye on Thursday indicates the country’s efforts show no signs of slowing. In fact, a new network reconnaissance group— FireEye calls them Advanced Persistent Threat 34—has spent the last few years burrowing deep into critical infrastructure companies.

Given how aggressively Iran has pursued infrastructure hacking, previously targeting the financial sector and even a dam in upstate New York, the new findings serve as a warning, and highlight the evolving nature of the threat.

FireEye researchers tracked 34 of the group’s attacks on institutions in seven Middle Eastern countries between 2015 and mid-2017, but says APT 34 has been operational since at least 2014. The group appears to target financial, energy, telecommunications, and chemical companies, and FireEye says it has moderate confidence that its hackers are Iranians. They log into VPNs from Iranian IP addresses, adhere to normal Iranian business hours, their work has occasionally leaked Iranian addresses and phone numbers, and their efforts align with Iranian interests. Namely, targeting the country’s adversaries.

New APT in Town

There isn’t definitive evidence of a direct link between APT 34 and APT 33, an Iranian hacking group and malware distributor FireEye published findings on in September. But researchers have seen APT 34 operating concurrently inside many of the same target networks as other Iranian hackers.

“We have seen, and this is with a lot of the Iranian actors, a very disconcerting or aggressive posture towards critical infrastructure organizations,” says John Hultquist, director of intelligence analysis at FireEye. “APT 33 has targeted a lot of organizations in critical infrastructure in the Middle East and so has APT 34. They obviously represent opportunities for intelligence collection. But we always have to think about the alternative use of those intrusions or accesses as possible means for disruption and destruction, especially given the destructive incidents we’ve already seen with other Iranian actors.”

To establish what Hultquist describes as beachheads, APT 34 uses involved operations to move deeper and deeper into a network, or exploit a toehold within one organization to pivot into another. FireEye has observed the group compromising someone’s email account at a target company, rifling through their archive, and restarting threads as old as a year, to trick the recipient into clicking a malicious attachment. The hackers also use compromised email accounts to spearphish other companies, and leapfrog into their systems as well.

While the APT 34 Iranian hacking activity doesn’t appear to target the United States, any Iranian efforts in that space are noteworthy. The countries have a long history of cyber antagonism, which includes the deployment of Stuxnet, malware thought to be a product of the NSA and their Israeli counterparts, to cripple Iran’s uranium enrichment activities. Tensions between the countries have escalated recently as well, with President Donald Trump recently taking steps to decertify the nuclear agreement between the US and Iran.

‘A Multilayered Approach’
APT 34 uses malicious Excel macros and PowerShell-based exploits to move around networks. The group also has fairly extensive social media operations, deploying fake or compromised accounts to scope out high-profile targets, and using social engineering to get closer to particular organizations. FireEye researchers speculate that APT 34 may be a reconnaissance and persistence unit, focused on finding ways into new networks and broadening access within existing targets. Some evidence indicates that the group may work directly for the Iranian government, but it’s also possible that the hackers are effectively contractors, selling backdoors to the government as they find them.

“When you look at this, it’s a multilayered approach,” says Jeff Bardin, the chief intelligence officer of the threat-tracking firm Treadstone 71, which monitors Iranian hacking activity. “They get in and make a lot of modifications, download new malware, manipulate the memory, so it’s definitely pretty sophisticated. And the Powershell activity has been largely a hallmark of Iranian activity lately. They change their tactics constantly. The more we divulge things we know about them, the more they’ll shift and change.”

Though much remains unknown about APT 34, its capabilities and prowess make the group’s interest in critical infrastructure targets all the more noteworthy, whether it’s tasked with carrying out full operations itself, or charged with laying the groundwork for others to do so.

“This is yet another example of Iranian cyber capability, which only seems to grow every day,” FireEye’s Hultquist says. “It’s a challenge for people who are concerned with Iranian actors, and as geopolitics shifts, the number of people who should be concerned with Iranian actors will probably only increase.”

View full post on National Cyber Security Ventures

Email Has Been #Weaponized by #Hackers, Results Can Be #Deadly

Source: National Cyber Security – Produced By Gregory Evans

Nearly all of the top million most popular domains are inadequately protected from “weaponized” email impersonation by hackers, formerly known as spear phishing, according to a new study released today by San Francisco-based email authentication service provider ValiMail.
One out of every five emails today appears to come from a suspicious sender who’s not authorized to use the sending domain, according to ValiMail’s 2017 Email Fraud Landscape Report. The study also found that only 0.5 percent of the top million domains use adequate authentication strategies to protect against email impersonation, even though most systems support stronger defenses.

Better email authentication defenses could help the typical company save $8.1 million each year in costs related to cybercrime, ValiMail reported.

ValiMail’s findings come on the heels of a report released last week from Google and the University of California-Berkeley that identified phishing as the greatest threat to people’s online identities.

‘Vast Majority’ of Businesses are Vulnerable

DMARC (domain-based message authentication, reporting, and conformance) is an email security system designed to protect against malicious actors sending unauthorized emails that appear to come from legitimate domains. The DMARC system enables administrators to set policies that validate the “From:” content in email headers comes from legitimate senders at those domains.

“Email has been weaponized by hackers as the leading way to infiltrate networks, and the vast majority of businesses are leaving themselves vulnerable by either incorrectly configuring their authentication systems or forgoing protection entirely,” ValiMail co-founder and CEO Alexander García-Tobar said in a statement. “Businesses are asking their employees to complete an impossible task: identifying who is real and who is an impersonator, by closely examining every message in their inboxes. The only sustainable solution is for companies to take control of their email security at the technology level and stop placing the onus on employees to prevent phishing attacks.”

Of organizations that use DMARC to validate their emails, 77 percent have either misconfigured the system or set policies that are too permissive, the ValiMail study found. In fact, only 15 percent to 25 percent of companies in various industries have properly implemented and maintained DMARC protections, the study noted.

‘Alarming Lack of Understanding’

Close to 100,000 phishing email campaigns were reported every month in the early part of this year, according to the Anti-Phishing Working Group, an international coalition of businesses, government organizations, and law-enforcement agencies. Several hundred companies see phishing attacks every few weeks, with businesses in the payment, financial services, and Webmail sectors the most vulnerable, the group said.

The year-long study by Google and the University of California-Berkeley released last week found that phishing poses the top threat against people whose online identities were exposed by Internet data breaches. Google said it has taken several steps in response to boost its authentication systems to defend against phishing.

The new research released today “demonstrates the volume of email fraud threats faced by companies today and highlights the alarming lack of understanding of how to combat these threats,” the Global Cyber Alliance’s Shehzad Mirza said in ValiMail’s statement. “These findings highlight that a lack of email authentication is the most prevalent security vulnerability companies face.”

Late last month, the U.S. Department of Homeland Security issued a directive requiring all federal agencies to begin implementing stronger email security defenses, including DMARC, within 90 days. The move is aimed at preventing federal emails and Web sites from spoofing and impersonation by hackers.

DMARC usage by federal agencies has grown since 2016, although only 38 percent had established adequate record policies as of October, according to the Online Trust Alliance. The ValiMail study noted that DMARC protection is available to most domains.

“Over three-fourths (76 percent) of the world’s email inboxes support DMARC and will enforce domain owners’ authentication policies, if those policies exist,” the report noted.

ValiMail offers its own solution to help enterprises fight the fight to keep email safe. Pricing starts at $30K annually, with the total cost dependent on a number of variables including company size, volume of email, number of domains, and so forth.

The post Email Has Been #Weaponized by #Hackers, Results Can Be #Deadly appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked?

Source: National Cyber Security – Produced By Gregory Evans

A report by internet security experts, Symantec, says that a hacking group called Dragonfly 2.0 has gained access to 20 power company networks. The American power grid has been hacked, but for some reason, the culprits restrained themselves from taking down the power like they did in Ukraine recently. The targets…

The post Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

7 Signs Your WordPress Website Has Been Hacked

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans One of the reasons WordPress is so popular as a content management system is because of its airtight security . But the truth is, 136,640 attacks are happening per minute to WordPress websites across the globe. In fact, weak passwords, domain or hosting level breaches, insecure […] View full post on AmIHackerProof.com | Can You Be Hacked?

If there hadn’t been women we’d still be ….

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ If there hadn’t been women we’d still be squatting in a cave eating raw meat, because we made civilization in order to impress our girlfriends. Orson Welles The post If there hadn’t been women we’d still…

The post If there hadn’t been women we’d still be …. appeared first on Become007.com.

View full post on Become007.com

My wife and I have been together…..

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ My wife and I have been together since 1986. I graduated in ’86 and she graduated in ’88. We began dating when she was 17. Actually she turned 18 when we …

The post My wife and I have been together….. appeared first on Become007.com.

View full post on Become007.com

Your Company Has Been Hacked; Should You Call the Government?

Source: National Cyber Security – Produced By Gregory Evans

U.S. companies’ vulnerability to data security incidents through computer hacking has garnered unprecedented public awareness in the last 12 months. Given our increasing volume of user data generated in business and its significant value, hacking will remain a common feature in the data landscape. In one respect, the most sophisticated…

The post Your Company Has Been Hacked; Should You Call the Government? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures