check

now browsing by tag

 
 

#comptia | #ransomware | Check Point report highlights latest cyber-threats worldwide

Source: National Cyber Security – Produced By Gregory Evans

Check Point Research has published its 2020 Cyber Security Report.

The report highlights the main tactics cyber-criminals are using to attack organisations worldwide across all industries and gives cybersecurity professionals and C-Level executives the information they need to protect their organisations from today’s fifth-generation cyber-attacks and threats.

The 2020 Security Report reveals the key attack vectors and techniques observed by Check Point researchers during the past year.

Highlights include:

Cryptominers still dominate malware landscape – Even though cryptomining declined during 2019, linked to cryptocurrencies’ fall in value and the closure of the Coinhive operation in March, 38% of companies globally were impacted by crypto-miners in 2019, up from 37% in 2018.

This is because the use of cryptominers remains a low-risk, high-reward activity for criminals

Botnet armies surge in size – 28% of organisations globally were hit by botnet activity, an increase of over 50% compared with 2018.

Emotet was the most common bot malware used, primarily because of its versatility in enabling malware and spam distribution services.

Other botnet actions such as sextortion email activity and DDoS attacks also rose sharply in 2019.  

Targeted ransomware hits hard – While the number of impacted organisations is relatively low, the severity of the attack is much higher – as seen in 2019’s damaging attacks against US city administrations.

Criminals are choosing their ransomware targets carefully, with the aim of extorting the maximum revenue possible.

Mobile attacks decline – 27% of organisations worldwide were impacted by cyber-attacks that involved mobile devices in 2019, down from 33% in 2018.

While the mobile threat landscape is maturing, organisations are also increasingly aware of the threat, and are deploying more protection on mobiles.

The year Magecart attacks became an epidemic – These attacks which inject malicious code into e-commerce websites to steal customers’ payment data hit hundreds of sites in 2019, from hotel chains to from commerce giants to SMBs, across all platforms.

Rise in cloud attacks – Currently more than 90% of enterprises use cloud services and yet 67% of security teams complain about the lack of visibility into their cloud infrastructure, security, and compliance.

The magnitude of cloud attacks and breaches has continued to grow in 2019.

Misconfiguration of cloud resources is still the number one cause for cloud attacks, but now we also witness an increasing number of attacks aimed directly at cloud service providers. 

“2019 presented a complex threat landscape where nation states, cybercrime organisations and private contractors accelerated the cyber arms race, elevating each other’s capabilities at an alarming pace, and this will continue into 2020,” says Check Point Software Technologies major intelligence officer Lotem Finkelsteen.

“Even if an organisation is equipped with the most comprehensive, state-of-the-art security products, the risk of being breached cannot be completely eliminated. Beyond detection and remediation, organisations need to adopt a proactive plan to stay ahead of cybercriminals and prevent attacks.

“Detecting and automatically blocking the attack at an early stage can prevent damage. Check Point’s 2020 Security Report shares what organisations need to look out for, and how they can win the war against cyber-attacks through key best practices.”

Check Point’s 2020 Security Report is based on data from Check Point’s ThreatCloud intelligence, the largest collaborative network for fighting cybercrime which delivers threat data and attack trends from a global network of threat sensors; from Check Point’s research investigations over the last 12 months; and on a brand new survey of IT professionals and C-level executives that assesses their preparedness for today’s threats.

The report examines the latest emerging threats against various industry sectors, and gives a comprehensive overview of the trends observed in the malware landscape, in emerging data breach vectors, and in nation-state cyber-attacks.

It also includes analysis from Check Point’s thought leaders, to help organisations understand and prepare themselves for today’s and tomorrow’s complex threat landscape.

Source link

The post #comptia | #ransomware | Check Point report highlights latest cyber-threats worldwide appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #infosec | About the “easy to hack” EU Exit: ID Document Check app

Source: National Cyber Security – Produced By Gregory Evans

About the "easy to hack" EU Exit: ID Document Check app

Today the Financial Times has published a news story about how the British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”

It certainly caught my attention. Just yesterday I used the EU Exit: ID Document Check app on my cleaning lady’s Android phone to help her apply for residency. And – to be honest – it was pretty easy to use, once I’d worked out how to change the language of her phone from Romanian to English.

Applicants scan their passport, take a selfie, and use their phone’s NFC feature to read the biometric chip embedded in their passport.

But, according to the FT, Norwegian cybersecurity researchers have discovered flaws in the Android version of the app (they didn’t test the iPhone version):

Promon, a Norwegian cybersecurity company, found major loopholes that allowed them to take control of the app and access any information that was entered into it, including the facial scans and images of passport pages.

They were also able to see information being typed into the app, such as usernames, passwords and other details, and were able to alter information being entered.

“The tools we used are typically very easily accessible and require very little technical skill to use. It means any type of bad actor could perform this attack, without sophisticated technical knowledge,” said Tom Lysemose Hansen, chief technology officer at Promon, who added that they had “experienced no resistance”.

Ok… so it sounds scary that information could be surreptitiously stolen as it is entered into the app… but how would a hacker do this?

Mr Lysemose Hansen said Promon’s researchers had focused on copying and stealing or manipulating data while it was being actively entered into, or processed by, the app. But he added that it was possible to add malicious code to the app while it was inactive that would then help steal personal information when it was subsequently being used.

Oh.

So what the researchers are saying is that if a hacker manages to compromise your smartphone or the app then it could do something malicious…

Err, isn’t that pretty much the case with all programs and computers? If a hacker already has control of the device or has already compromised the app then all bets are off…

Now, if the researchers had described a way in which an attacker might be able to remotely compromise the app or meddle with the phone then that would have been interesting. Or if it had been found that the app was sending sensitive data insecurely which could be intercepted then that would have certainly raised an eyebrow.

And yes, an app could always integrity check itself to see if it had been tampered with, but if someone is replacing your legitimate version of the app with a bogus compromised version there’s no reason why they couldn’t also tamper with the code which checks if it has been tampered with!

So, this doesn’t seem like a big deal to me.

The final word goes to the Financial Times again:

The app was tested for several months before being launched in March and there have been no reports of any security breaches. The app’s page on the Google Play Store states that it is “safe and secure” and that: “None of your personal identity information will be stored in the app or on the phone when you finish using it.”

Source link

The post #cybersecurity | #infosec | About the “easy to hack” EU Exit: ID Document Check app appeared first on National Cyber Security.

View full post on National Cyber Security

After burglary, customers using Applebee’s Entree Express in March and April should check credit for identity theft

Source: National Cyber Security – Produced By Gregory Evans

On June 20, 2017, at about 6:00 am, Applebee’s restaurant located on Hilltop Dr. had a storage area broken into. Two boxes of receipts were stolen during the burglary. The records taken were Entree Express receipts for the months of March and April 2017. The records stolen had patrons’ names,…

The post After burglary, customers using Applebee’s Entree Express in March and April should check credit for identity theft appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Woman targets elderly for check fraud, identity theft

Source: National Cyber Security – Produced By Gregory Evans

Woman targets elderly for check fraud, identity theft

Pierce County Sheriff’s Detectives are asking for the public’s help to identify a woman using a stolen identity belonging to an 86-year-old woman suffering from dementia. “In this particular case, somebody in the family recognized what was going on, which is a good thing, especially if you have parents that…

The post Woman targets elderly for check fraud, identity theft appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Stiff laws key in keeping cybercrime in check

Source: National Cyber Security – Produced By Gregory Evans

Stiff laws key in keeping cybercrime in check

Technology and a policy of having isolated networks have been relied on heavily to ensure cyber security. Little has been said about the role of the individual in this matter. The attitude of users is one of the most significant obstacles to achieving fully secure systems. Users prefer to purchase…

The post Stiff laws key in keeping cybercrime in check appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Check Point Delivers Advanced Cloud Security to Google Cloud Platform

Source: National Cyber Security – Produced By Gregory Evans

Check Point® Software Technologies Ltd. (CHKP) today introduced Check Point vSEC for Google Cloud Platform, delivering advanced security integrated with Google Cloud Platform. With this release, Check Point joins the Google Cloud Technology Partner Program and continues its industry leadership …

The post Check Point Delivers Advanced Cloud Security to Google Cloud Platform appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

US Cybercrime Shutdown: How To Check If Your System Has Been Hacked By Avalanche

chaos-computer-club-28th-congress

Source: National Cyber Security – Produced By Gregory Evans

US Cybercrime Shutdown: How To Check If Your System Has Been Hacked By Avalanche

The US government has provided a link to let people check if their computer programs have been hacked. The move has come following the shutdown of the cybercrime network, Avalanche
It has been four years since the German police have

The post US Cybercrime Shutdown: How To Check If Your System Has Been Hacked By Avalanche appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How to Stop Bullying – Walt Gardner’s Reality Check – Education Week

Bullying leaves indelible scars that are not always visible.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post How to Stop Bullying – Walt Gardner’s Reality Check – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

Schools hacked in international attack should check computers for child porn

1468715043530

Source: National Cyber Security – Produced By Gregory Evans

Schools hacked in international attack should check computers for child porn

A recent global hacking episode could have seen child pornography deposited on school computers. Thirty-six schools – five in the Waikato – were hacked in a global operation that saw passwords and other entry methods to 70,000 servers sold on the black market. Hamilton’s Deanwell school is one of those and is seeking advice from […]

The post Schools hacked in international attack should check computers for child porn appeared first on National Cyber Security.

View full post on National Cyber Security

Open Season on Teachers by Students – Walt Gardner’s Reality Check – Education Week

Harsh tactics are sometimes necessary to protect teachers from special education students.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post Open Season on Teachers by Students – Walt Gardner’s Reality Check – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online