now browsing by tag
Dating apps are growing and becoming more virtual amid the pandemic | #tinder | #pof | romancescams | #scams
Insider Intelligence publishes thousands of research reports, charts, and forecasts on the Media, Advertising, and Marketing industry. You can learn more about becoming a client here. The following is a […] View full post on National Cyber Security
#cyberfraud | #cybercriminals | WhatsApp is under attack and you should be aware of this growing risk
Along with WhatsApp, other firms being targeted in these scams include PayPal, Facebook, Microsoft and Netflix.
If you are concerned about these types of online attacks then the UK’s National Cyber Security Center has some good advice for consumers.
Here’s their top tips for avoiding phishing scams online.
• Many phishing scams originate overseas and often the spelling, grammar and punctuation are poor. Others will try and create official-looking emails by including logos and graphics. Is the design (and quality) what would you’d expect from a large organisation?
• Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans DETROIT – Michigan’s IT professionals already know about the crucial shortage of properly trained and educated Cybersecurity professionals. In fact, you can’t open a newspaper, or a browser, without seeing an article publicizing the critical shortfall of Cybersecurity workers. Worse, the gap shows no sign of […] View full post on AmIHackerProof.com
Though ransomware attacks aren’t a recent phenomenon, they do seem to be increasing in frequency and intensity. If society has grown used to these kinds of cyberattacks, that’s about to change—with the reports of 20+ Texas governmental entities recently being simultaneously hit in a coordinated attack, there may be a new and even scarier method of extorting entities for their data.
By definition, ransomware is a type of malware code that uses virtually unbreakable encryption to deny user access to a company’s systems. By the time of the actual attack, the perpetrator has already done reconnaissance to find weaknesses in the chosen system, which they then exploit that to find important data, manipulating the environment to where the affected entity cannot touch its own information. The victim then receives a message demanding some kind of payment—bitcoin being a preferred option—to unlock the files or systems. In short, ransomware operates exactly as a hostage situation seen in films and television shows: The hacker literally hoards the keys to the company’s kingdom, only relinquishing them when their demands are met.
The first known ransomware attack was in 1989 and was conducted using snail-mailed floppy disks. Technology has come a long way since then and today’s attacks are much easier to carry out; they’re more lucrative, as well. Typically, ransom requests generally average around $500 USD—a seemingly tiny sum for entities worth billions. No matter what the amount, these financial after-effects are obviously painful for the victims, and sometimes the companies attacked aren’t always the sole injured party. After the 2018 attack on the City of Atlanta, wherein the ransom was $50,000 USD in bitcoin, the additional remediations totaled more than $2.6 million taxpayer dollars. However, $50,000 is a drop in the bucket for these new attackers in Texas—after their government attack, they’ve demanded a collective $2.5 million, a serious upgrade in reward for their criminal risk.
So what else makes these recent attacks in Texas unique? For one thing, nearly two dozen entities were hit in one fell swoop, something that smacks of more sophisticated methods and patience on behalf of the attacker or attackers. The 2016 Verizon Data Breach Investigations Report said phishing is the No. 1 cause of data breaches, and spear-phishing could be how the Texas criminals gained access to inject their malware. Spear-phishing is the use of targeted emails that, when the recipient clicks on a link in that message, allows the cybercriminal to obtain sensitive information—i.e., credentials—or install that malware into the company’s systems. If this is indeed how the bad actor infected government entities in Texas one by one, it shows some patience to wait until they had an opening into a number of systems, then coordinating the lockup to happen all at once. Local governments are a prime target for these kinds of hacks, and the size of this one has prompted a huge, statewide response.
Though Texas is just the latest victim, what’s scarier is that these cybercriminals and their methods will only get better and more exotic. How long before bots start locking hundreds of systems at once? Already there are ransomware-as-a-service providers that enable even the most novice cybercriminals to hack in with tools such as CryptoWall, Locky and TeslaCrypt. For everyone with data to protect, the idea is terrifying, and society isn’t doing much to help themselves—there is definitely more that could be done.
In the analog world, companies and governments actually play a part in aiding the cybercriminals when they fail to report. Even if they don’t announce the attack publicly, sometimes it’s still obvious that it happened, such as when a local or county government suddenly cannot produce vital records or process things like permits and marriage licenses. Other private companies might be down for a short amount of time, failing over to backup systems, but still in danger of at least temporarily losing some data depending on their backup frequency. As the attacks continue to intensify and grow stronger, companies must take steps to protect themselves and not give the criminals any wiggle room.
So, what are these steps? What can be done to mitigate these attacks and lessen the risk of it happening?
- Make sure to run the latest patches on systems, as well as the latest versions of applications—even middleware and those on the back end.
- If there is no InfoSec team dedicated to overall, company-wide security, invest and put one together as soon as possible.
- Leverage industry-standard (ex: NIST, SANS) and compliance guidelines such as PCI, ISO, HIPAA, etc. to make sure at least most security bases are covered.
- Educate your employees on how to spot phishing and vishing attempts.
It’s that last point that is most critical. Unfortunately, humans will always be the biggest risk to an organization’s security, and therefore, employee education is key. In this spirit, prepare and execute a robust security awareness campaign and conduct regular training sessions. Then, after you’ve completed the training and education, do it again—keep at it until security isn’t a thought anymore because it’s part of everybody’s routine, daily processes. Ransomware attacks aren’t a new or recent development, but as they continue to develop in strength and the potential for bigger financial penalties continues to grow, it’s always better to be safe rather than sorry.
The post #cybersecurity | #hackerspace |<p> Ransomware Attacks Keep Growing – Security Boulevard <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#cyberfraud | #cybercriminals | Payroll Fraud: A Growing BEC Threat to Businesses and Employees Alike
Source: National Cyber Security – Produced By Gregory Evans The FBI reports that direct deposit change requests increased more than815% in 1.5 years $8.3 million. This number represents the total reported losses due to payroll diversion schemes that were reported to the FBI’s Internet Crime Complaint Center (IC3) between Jan. 1, 2018 and June 30, […] View full post on AmIHackerProof.com
Criminal cyber-attacks on UK businesses increased last year, according to the annual report of the National Cyber Security Centre.
Firms face a growing threat from ransomware, data breaches and weaknesses in the supply chain, according to the report, published on Tuesday. Emerging threats include theft from cloud storage, which the NCSC argues too many businesses put their faith in.
“Criminals are launching more online attacks on UK businesses than ever before,” a summary accompanying the report said.
The NCSC, in effect the shop window for the government surveillance agency GCHQ, was set up in late 2016 amid alarm over potential attacks on UK institutions, infrastructure and businesses.
The report, Cyber Threat to UK Business Industry 2017-2018, is published to coincide with the opening of a organised by the NCSC, which is expected to attracted 1,800 cybersecurity experts from law enforcement, government and the private sector.
Ciaran Martin, head of the NCSC, said: “The last year has seen no deceleration in the tempo and volume of cyber incidents, as attackers devise new ways to harm businesses and citizens around the globe.
“The NCSC’s aim is to make the UK an unattractive target to cyber criminals and certain nation states by increasing their risk and reducing their return on investment.”
The report was written in collaboration with the National Crime Agency. Donald Toon, director of economic and cybercrime at the NCA, said: “UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cybersecurity extremely seriously in the next year are risking serious financial and reputational consequences.”
Under-reporting of cybercrime by businesses means crucial evidence and intelligence about threats and offenders can be lost. Toon called for full and early reporting of cybercrime.
by the NCSC show 34 significant cyber-attacks took place between October 2016, when the agency was launched, and the end of 2017. A further 762 attacks were less serious. “2018 will bring more of these attacks,” the report said.
It does not break down the figures to distinguish which attacks were purely criminal and which were state-sponsored. The report said that the distinction can be blurred, making attribution difficult.
Among the surveys cited was one by , which recorded a 91% increase in ransom attempts between the first and third quarters of last year.
Vulnerabilities highlighted in the NCSC report included the spread of the , which includes the interconnection of household appliances and other devices. “The internet of things and its associated threats will continue to grow and the race between hackers’ and defenders’ capabilities will increase in pace and intensity,” the report said.
“Many internet-connected devices sold to consumers lack basic cybersecurity provisions. With so many devices unsecured, vulnerabilities will continue to be exploited.”
The NCSC has also issued a warning over cloud security: “As more organisations decide to move data to the cloud (including confidential or sensitive information), it will become a tempting target for a range of cyber criminals.
“They will take advantage of the fact that many businesses put too much faith in the cloud providers and don’t stipulate how and where their data is stored. This could lead to high profile breaches involving UK citizen information.”
The report warns that no matter how good a company’s cybersecurity, it is at risk if this is not matched by the management of service providers and software, which can offer a potential stepping stone into the networks of thousands of clients.
“It is clear that even if an organisation has excellent cybersecurity, there can be no guarantee that the same standards are applied by contractors and third-party suppliers in the supply chain,” the report said. “Attackers will target the most vulnerable part of a supply chain to reach their intended victim.”
The post UK #businesses face #growing #threat from #cyber-attacks appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Imagine the fallout if the NHL was hacked and its star players — think Sidney Crosby, Auston Matthews and Connor McDavid — had their home addresses, phone numbers and other personal information made accessible online.
It’s an all-too-familiar scenario for Canadian lacrosse player Kevin Crowley, who was among the victims of a data breach that affected Major League Lacrosse last summer, when a spreadsheet with the personal details of every player in the league and former players was mistakenly made available to an unintended audience.
“To be completely candid, we talked about it on our team and I don’t think anyone was all that surprised that something like that could have happened,” said the 29-year-old New Westminster, B.C., native, who was a No. 1 draft pick in the MLL and the National Lacrosse League.
“As lacrosse players we’re not making millions of dollars a year, but I can imagine if an NHL or NFL or NBA player got their account hacked, that’d be a much bigger deal in terms of what they could probably take out of their accounts.”
Cybersecurity has become a growing concern in sports leagues and players’ associations around the world in the wake of several data breaches and unrelenting waves of hacking attempts.
Just days before the MLL hack went public last August it was also revealed the Russian cyberespionage group Fancy Bears had obtained what it said was confidential medical data on soccer players who had drug exemptions for the 2010 World Cup. The group released a similar trove of documents about a year earlier that it said revealed drug test results of tennis star Serena Williams and others from the World Anti-Doping Agency. WADA confirmed at the time that it had been hacked.
On Wednesday, the U.K.-based cybersecurity company Darktrace announced it is now providing the NHL Players’ Association with an artificial intelligence-powered service to help protect player data such as personal contacts and contract details.
“For most sporting leagues, their information in many ways is their currency,” said Darktrace spokesman David Masson.
“It’s the data about their organization, how they work, how they train, how they pay, how much they receive, it’s all in there and for many of them there’s potential of theft, reputational damage, there’s potential for the network to be brought down.”
Stephen Frank, who has been the NHLPA’s director of technology and security since 2012, recalls there were no real hacking threats on the web back when he started on the job. In those days, each player in the league was set up with a dial-up internet account to stay in touch with the union.
Nowadays, there are huge concerns around social media-linked attacks and phishing attempts that involve being hacked after clicking on an innocent-looking link.
“These players are deep-pocketed, high net-worth individuals of some status, so whether it’s someone trying to exploit them through ransom or someone who wants to undermine the integrity of their online social media, phishing is generally still the most visited route of a bad actor,” Frank said, adding the threats linked to social media are multi-faceted.
“There is the whole side of getting their account breached and taken over, there are impersonation accounts that can be very detrimental to a player’s brand and/or employability, but you also have a situation where you have followers retweeting and inserting nefarious links that will confer malware.”
Given that today’s young players are digital natives who were typically active on social media before becoming stars, there’s an important need to educate about “proper online hygiene” and security trends, starting with a rookie orientation program, Frank said.
“Top to bottom, young players through old, I would say (all players) are very educated,” he said.
“We also stress the importance of their brand, perhaps not only as a rookie but throughout their career and life after hockey as well. We take it very seriously, the players are well-educated from the day they step into the league from the day they depart.”
The post A #whole new #ball game: #Sports world #adapts to #growing #cybersecurity #threats appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
As more of our cameras, speakers, thermostats and locks connect online, they’re increasingly open to meeting up with hackers.
Hackers have come up with new ways to break into your data — sending attacks through our appliances, locks, blinds and anything that connects to the internet. These are part of the so-called Internet of Things (IoT), and hacking attacks sent through these devices “became the preferred weapon of choice,” for starting denial of service attacks last year, says a new report from Arbor Networks, a security software company.
The post Is our #smart home #growing more #vulnerable to #hacks? appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Today, the National Science Foundation (NSF) announced $74.5 million in funding for foundational research and education that aims to address the growing cybersecurity challenge. This investment, through the NSF Secure and Trustworthy Cyberspace (SaTC) program, is critical to achieving a safe, secure, resilient and trustworthy cyberspace, including associated critical infrastructure such as the energy grid and transportation systems.
“The Secure and Trustworthy Cyberspace program is poised to strengthen our nation’s competitive edge through safer and more secure cyber systems, and to develop the knowledge base that will lead to a well-trained cyber workforce,” said Jim Kurose, NSF assistant director for Computer and Information Science and Engineering (CISE). “Safeguarding cyberspace requires a wealth of expertise from many disciplines, and we are especially excited about the interdisciplinary, highly collaborative nature of this portfolio across a wide range of research areas.”
The SaTC program aims to maximize the growing economic and societal benefits of computing and communication systems by ensuring their security and privacy. While this goal may seem simple at the surface, securing cyber systems and maintaining information privacy has proven quite challenging. The interplay of system vulnerabilities and human behaviors and motivations has resulted in countless instances of attacks, damage and unauthorized access, costing billions of dollars annually in recent years.
“The cutting-edge research in these proposals investigates not only technical solutions to cybersecurity but also the critically important element of people and their behavior,” said Fay Cook, assistant director for Social, Behavioral and Economic Sciences (SBE).
To address this challenge, NSF is issuing 214 awards to researchers to pursue a broad range of research areas, including access control and identity management, cryptography, intrusion detection, human interaction and usability, network topology and other areas. NSF’s SaTC investment spans activities that further foundational research, nurture a capable, next-generation cyber workforce, and accelerate the transition of research innovations to practice and useful products.
This year’s awards build upon a long history of innovations that have resulted from previous NSF funding of cybersecurity and privacy research, including encryption algorithms that form the basis for all electronic commerce; tools that detect software bugs; and methods that enable identification of the technological, economic and social vulnerabilities underlying spam email and other cybercrime.
Among the awards being announced are the following three large projects with budgets ranging from $1.4 million to $3 million each over five years:
- Viaduct: A Framework for Automatically Synthesizing Cryptographic Protocols, Andrew Myers, Cornell University
This project will explore how to bridge the gap between the security goals of software developers and the lower-level functionality for end users offered by hardware and cryptography protocols.
- Accountable Information Use: Privacy and Fairness in Decision-Making Systems, Anupam Datta, Carnegie Mellon University
This project is investigating how to ensure data privacy and fairness in automated systems that determine decisions and actions that affect people’s lives.
- Investigating the Susceptibility of the Internet Topology to Country-level Connectivity Disruption and Manipulation, Amogh Dhamdhere, University of California, San Diego
This project is developing methodologies to identify potential weaknesses in the topology of the internet infrastructure, and to quantify the potential impact if attackers were to compromise these critical elements.
Other awards focus on the cybersecurity workforce, including pilot programs for new instructional materials and professional development for teachers.
Reflecting the interdisciplinary nature of cybersecurity, the SaTC program is led by NSF’s CISE Directorate, in collaboration with the directorates for Education and Human Resources (EHR), Engineering (ENG), Mathematical and Physical Sciences (MPS), and Social, Behavioral and Economic Sciences (SBE).
The program also includes a partnership with the Semiconductor Research Consortium (SRC), focused on the security of hardware systems.
The awards announced today are part of a portfolio of approximately $160 million invested in cybersecurity research and education across the agency in Fiscal Year 2017.
The post NSF #investments aim to #address growing #cybersecurity challenge appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Reggianie Francois met her boyfriend online, using dating site Tinder. “I am from New York City so there is no guy who you meet at a bookstore and asks you out for coffee,” said the SUNY Plattsburgh student. “Things like that don’t really happen in real life.” Tinder, a phone application that came into popularity in late 2014, has a simple matching process — users either swipe right to match or swipe left to pass. Francois, 21, remembers swiping right because she was intrigued by Ben Elliot’s profile picture and a simple one-line quote in his bio. Read More….
The post The love connection: Online dating growing in popularity appeared first on Dating Scams 101.
View full post on Dating Scams 101