now browsing by tag
#speeddating | #tinder | #pof | #blackpeoplemeet | Council for Entrepreneurial Development’s interim CEO says it’s ‘full speed ahead’ into a virtual world | romancescams | #scams
RESEARCH TRIANGLE PARK – Kelly Rowell, interim CEO at the Council for Entrepreneurial Development, says much of the organization’s entrepreneurial support programs “translated well to a virtual environment and we’re […] View full post on National Cyber Security
How open banking can drive innovation and growth in a post-COVID world | #employeefraud | #recruitment | #corporatesecurity | #businesssecurity | #
By Billel Ridelle, CEO at Sweep Times are pretty tough for businesses right now. For SMBs in particular, a global financial and health crisis of the sort we’re currently witnessing […] View full post on National Cyber Security
Simplicity should underpin enterprise security in a Covid-19 world: Magda Chelly surveys the global infosec landscape | #corporatesecurity | #businesssecurity | #
Responsible Cyber co-founder will focus on education, communication, and more at this year’s RSA Conference
Infosec recruitment flaws and adapting cybersecurity posture for a global pandemic are two notable topics being discussed at tomorrow’s virtual RSA Conference.
These themes will be the focus of three talks from Magda Chelly, head of cyber risk consulting for Marsh Asia.
She is a certified CISO, on the advisory board for the Executive Summit of Black Hat Asia 2020, runs a popular YouTube channel focused on cybersecurity, and has won a string of accolades for being a cybersecurity influencer. Chelly is also the co-founder of Singapore-based security-as-a-service company Responsible Cyber.
Speaking to The Daily Swig, Chelly gives the inside track on her RSA presentations and reflects on the global disparities in cybersecurity maturity and the career opportunities open to female infosec professionals.
How did you get into cybersecurity?
I started being interested in cybersecurity when I was doing my PhD in telecoms engineering.
I evolved into an IT/CRM [customer relations management] consultant and even worked in sales and business development roles.
Since then I have had advisory roles [in cybersecurity], which have mostly evolved from governance to more technical cybersecurity – for example, cloud security with AWS, Microsoft Azure, Office 365 – to a more global approach when it comes to being a CISO.
That means building the whole cybersecurity strategy and rolling it out across one to three years, especially with regulated businesses like insurance. It was exciting because I needed to ensure that the company was not only getting up to speed, but also that they didn’t get themselves into trouble.
Please tell us about your role at Marsh…
Marsh Asia provides cyber risk consulting. It focuses on risk quantification, as companies are still facing challenges evaluating and quantifying cyber risks to find out the related financial losses.
Unlike other risks, there is limited historical data about cybercrime, mainly because it is a relatively new risk area, but also due to its constantly changing form.
Cyber risk management has not yet been ‘reduced to practice’ on a wide scale.
This approach enables point estimates of the financial cost – the severity – of cyber events with good accuracy.
YOU MIGHT ALSO LIKE Virtual cybersecurity conferences: An expanding list
Having credible quantitative estimates for both severity and likelihood will allow risk managers to answer the fundamental question: “What is the likelihood that our organization will experience a cyber event causing a loss of greater than, say, $100 million in the next 12 months?”
Most often, it is the likelihood question that derails many attempts at quantifying cyber risk, due to the unpredictable nature of a human-initiated threat.
So we’re talking dollars here – how data loss might happen, how much my business might lose, and how much I can get in terms of investment.
What can RSA Conference attendees expect to hear about ‘Getting the Security and Flexibility Balance Right in a Covid-19 World’?
I’ll be addressing how to be aware of the evolving risks within an uncertain environment.
And I’ll be [urging attendees to make] simplicity [a pillar of their cybersecurity approach] because fundamentals can be applied. You can, for example, apply your NIST compliance checklist every time a risk changes. I will be talking about alternatives.
I will be presenting about use cases and some additional changes that are super interesting.
I believe that cybersecurity professionals tend to be over confident about their capabilities.
We’re talking about an environment with a lot of factors that might impact our security. We’re not talking about traditional corporate security and enterprise boundaries. We cannot take the same approach.
RELATED How to become a CISO – Your guide to climbing to the top of the enterprise security ladder
If you go into an employee’s ecosystem and you understand how they work, you realize that they will find a way to [surmount] technical challenges by using their personal emails, etc, so that of course raises additional risks. And working in a quarantine environment raises risks that were not considered.
And the fact that some [employees] will go back to the office, some will stay working remotely – how do you manage that securely?
Cybersecurity professionals also have a challenge communicating with employees, who [sometimes] do not even know that there is a [security] team.
We tend to make employees feel that we are not reachable. If you’re a CISO of a big company then, obviously, you’re very busy. You have a team and you cannot spare time to talk to everyone, but it’s extremely important to go beyond just sending a newsletter and make sure that employees see cybersecurity as part of the culture.
So don’t talk about only corporate requirements. Talk about how they need to consider cybersecurity in everyday activities – no matter if it’s a corporate requirement or not.
This year’s RSA Conference is taking place virtually
And what about your other talk: ‘Hacking the Cybersecurity Job Market: A Primer for Students and Grads’?
This is about helping the student understand the different [available] career paths.
We hear about a big skills gap globally. Sometimes [this is exacerbated by] the fact that HR will request everything and anything in the job description. From a hacker to a compliance manager, to a CISO, [all skills and experience] is put in one job description, which is of course impossible. [Or they ask for] someone junior, but already with experience, so it just doesn’t make sense.
So [I will talk about] finding the right balance, and how to address the challenges and start the discussions with HR teams.
How does Singapore, or Asia more widely, compare to Europe or North America in terms of its cybersecurity maturity?
I would say it’s very different. The Asian market is very fragmented. Every country has different maturity, different initiatives, and different – especially regulatory – requirements.
Singapore is one of the most mature in terms of regulations – we have the PDPA privacy law, the Cybersecurity Act, the MAS TRM guidelines.
In countries where maturity is much lower, companies just do not feel that they need to do anything [to strengthen cybersecurity].
The Asian market compared to Europe or the US is still much, much lower in terms of general maturity, which means, again, there is a greater opportunity to help those companies.
You founded the Singapore chapter of Women of Security, or WoSEC. How would you summarize the chapter’s aims?
I’m trying to help female professionals get the right support, to give them a safe environment with talks, workshops, social gatherings where we can talk about challenges, we can give some job opportunities, and recommend mentors.
How much progress are you seeing in terms of achieving parity of opportunity between female and male professionals?
I think there are a lot of unconscious biases, but it is changing.
I’ve seen a very positive change in the US and Europe. Asia is still trying its best but it’s not there yet. There’s a lot of work to do.
Companies like Marsh have diversity programs, and they are supporting WoSEC, so the problem is not there as such.
But general feedback from the top of other companies in the region [suggests that] the problem is that the HR process doesn’t [encourage] that inclusion or diversity very well. And then unconscious biases don’t help female professionals [once they do get roles].
It really depends on the country and the culture.
Finally, you noted that cybersecurity is often seen as exclusively the domain of IT teams. Experts also often feel that cybersecurity’s status as a cost center devalues its importance. Are attitudes improving in the boardroom?
Small and medium-sized enterprises are generally focused on increasing sales.
They still lack awareness around cyber risk and do not consider it as a business risk. So they try to get it outsourced. But they are ignorant of the risks that they are exposed to, because the IT or managed service provider [might not be] doing anything about security because it’s not in the contract. This is something I have seen in Singapore and abroad.
What mostly drives change is the regulatory requirement. We cannot just assume that a company will raise their understanding of cybersecurity just because then they are aware [of the problem] – unless the business owner is technologically savvy.
It needs a regulatory push. In Singapore, we have the Monetary Authority of Singapore technology guidelines, for example.
READ MORE Strategies for combating increased cyber threats tied to coronavirus
View full post on National Cyber Security
World Food Programme forecasts global hunger hotspots as a new decade dawns
Rome – Escalating hunger needs in sub-Saharan Africa dominate a World Food Programme (WFP) analysis of global hunger hotspots in the first half of 2020 with millions of people requiring life-saving food assistance in Zimbabwe, South Sudan, the Democratic Republic of Congo and the Central Sahel region in the coming months. The sheer scale and complexity of the challenges in Africa and other regions will stretch the resources and capacity of WFP and other agencies to the limit. Ramping up the humanitarian response will again require the generous support of donor governments to fund the assistance required to save lives and support development.
“WFP is fighting big and complex humanitarian battles on several fronts at the start of 2020,” said David Beasley, Executive Director of WFP. “In some countries, we are seeing conflict and instability combine with climate extremes to force people from their homes, farms and places of work. In others, climate shocks are occurring alongside economic collapse and leaving millions on the brink of destitution and hunger.”
The WFP 2020 Global Hotspots Report highlights grave challenges in sub-Saharan Africa over the next six months with Zimbabwe, South Sudan, the Democratic Republic of Congo and the Central Sahel region standing out when it comes to the needs of hungry children, women and men. The WFP report notes that amidst an imploding economy, the situation in Zimbabwe is increasingly precarious as the country enters the peak of its “lean season” when food is at its most scarce and the number of hungry people has reached its highest point in a decade. WFP is planning assistance for more than 4 million people in Zimbabwe as concerns grow that the impact of a regional drought could drag yet more countries down in the first months of the year.
“Last year, WFP was called upon to bring urgent large-scale relief to Yemen, Mozambique after Cyclone Idai, Burkina Faso and many other crises to avert famine,” said Margot Van Der Velden, WFP Director of Emergencies, “But the world is an unforgiving place and as we turn the page into 2020 WFP is confronting new, monumental humanitarian challenges that we need to address with real urgency.”
A rapidly evolving crisis in Haiti is of deep concern at the turn of the year as escalating unrest paralyzes the economy, driving food prices out of reach of many people (+40% between October 2018 and October 2019). According to a recent IPC survey on food insecurity, this has left 3.7 million people – or one-third of the population – in need of assistance
In Asia, Afghanistan faces insecurity combined with drought, leaving more than 11 million people – over a third of the country’s population – severely food insecure.
In the Middle East, WFP can look back on its success in Yemen where it scaled up by 50% from providing food assistance to 8 million people a month at the beginning of 2018 to 12 million by the end of the year. As it looks forward into 2020, WFP remains alert to growing food needs in Iraq and Lebanon, where civil unrest and macro-economic crisis are leading to an increase in food insecurity.
WFP estimates it will require more than US $10 billion to fully fund all its operations in more than 80 countries around the world in 2020.
“Every year at WFP we plan ahead for the next 12 months and ask for support from the generous governments, private sector institutions and members of the public who help us reach our humanitarian and development goals,” said Beasley. “As an agency that depends entirely on voluntary donations, we have a responsibility to show WFP can continue to be the most efficient and effective global organization delivering the kind of food assistance that saves lives and changes lives across the world.”
Photos of Hunger Hotspot countries available here
The United Nations World Food Programme is the world’s largest humanitarian organization, saving lives in emergencies, building prosperity and supporting a sustainable future for people recovering from conflict, natural disasters and the impact of climate change.
Follow us on Twitter @wfp_media
For more information please contact (email address: firstname.lastname@example.org):
Frances Kennedy, WFP/ Rome, Tel. +39 06 6513 3725, Mob. +39 346 7600 806
Anne Poulsen, WFP/Copenhagen Mob. +45 40 50 3993
Bettina Luescher WFP/ Geneva Berlin, Mob. +49 160. 9926 1730
Steve Taravella, WFP/Washington, Tel. +1 202 653 1149, Mob. +1 202 770 5993
View full post on National Cyber Security
You Season 2 Review: Star Cast: Penn Badgley, Victoria Pedretti, Jenna Ortega, James Scully, Carmela Zumbado, Ambyr Childers, Elizabeth Lail
Developed By: Greg Berlanti, Sera Gamble
Streaming On: Netflix
You Season 2 Review: What’s It About? & How’s The Screenplay?
After Candace comes back Joe’s life to seek revenge, he immediately leaves New York and goes to Los Angeles and roots for ‘A Fresh Start’. He changes his name. Now he is Will Bettleheim. Finds new love in Love Quinn and new family in her brother Forty Quinn and starts working at their bakery only.
Joe Goldberg aka Will Bettleheim has huge baggage of past on his mind now and he wants to change himself completely. To make the necessary changes in his life, he does everything possible but how easy or difficult it is to get out of the dark world once you are sucked in in? Or is it possible?
Watch out You Season 2 to know about that.
The first season of You was loved by the audience for its unique style of presenting the dark side of a man. His creepy yet charming personality looted the audience especially girls’ hearts even though they didn’t want it to be the case. A serial killer, a stalker who has wild senses and absolutely no control over them. When killing someone he doesn’t think he is doing a sin, he convinces himself to think that he is helping his loved one instead. Now that’s something really hard-hitting. How will a person realise that he is doing wrong if he has convinced himself for it with all the heart? Before killing someone he has killed his soul and that’s scary to the core.
In season 2, things get creepier. As Joe, now Will tries to lead a more peaceful and better life, he faces bigger challenges. While trying to make a better future and making peace with the past, there come several situations which will make you hit the pause button and close your eyes, because what are you even watching? Also, the show keeps you hooked and provides you an edge of the seat thrill which makes this 10-episode show worth a binge-watch. Although season 2 seems a little slower compared to the first one that doesn’t turn out to be a major issue.
But watch out the show for its mind fu**ing finale! Don’t miss the last two episodes of the show for anything as they hold most of the juice. It’s unpredictable and shocking to the core.
You Season 2 Review: How Are The Performances?
Penn Badgley lives the character of Joe aka Will. He gets into the skin of the character so much so that it’s impossible to think that Penn and Joe are not the same people. Performing a layered and complex character like this is no child’s play and Penn has done it so effortlessly.
Victoria Pedretti who was last seen in The Haunting of Hill House looks gorgeous and performs very well. She is a natural actor and makes her character of Love Quinn believable.
James Scully as Forty Quinn is effortless. He does his job beautifully and leaves an impression.
Jenna Ortega & Carmela Zumbado are good too. Ambyr Childers as Candace makes the screen look magical. Elizabeth Lail is there too for a small interval as Will keeps on hallucinating her. Basically, American shows have a typical way of keeping their dead characters alive. Someone has to suffer hallucination issues after a person dies and the latter must come in former’s thoughts. After 13 Reasons Why, I’ve seen the same thing in this one as well and have understood why Ekta Kapoor has a thing of bringing back dead people in her serials like anything.
Overall, You Season 2 is a must-watch if you loved the first season. if you haven’t seen the first one yet, make sure you start from there. Go, take a dive in the deep dark world of Joe but make sure you come out before it’s too late.
Android & IOS users, download our mobile app for faster than ever Bollywood & Box Office updates!
View full post on National Cyber Security
#deepweb | 4th Global Report on Adult Learning and Education: Leave No One Behind: Participation, Equity and Inclusion – World
UNESCO report shows fewer than 5% of people in many countries benefit from adult learning opportunities
Paris, 04 December—In almost one-third of countries, fewer than five per cent of adults aged 15 and above participate in education and learning programmes, according to UNESCO’s fourth Global Report on Adult Learning and Education (GRALE 4). Adults with disabilities, older adults, refugees and migrants, minority groups and other disadvantaged segments of society are particularly under-represented in adult education programmes and find themselves deprived of crucial access to lifelong learning opportunities.
Published by the UNESCO Institute for Lifelong Learning, the report monitors the extent to which UNESCO Member States put their international commitments regarding adult learning and education into practice and reflects data submitted by 159 countries. It calls for a major change in the approach to adult learning and education (ALE) backed by adequate investment to ensure that everyone has the opportunity to access and benefit from adult learning and education and that its full contribution to the 2030 Agenda for Sustainable Development is realized.
“We urge governments and the international community to join our efforts and take action to ensure that no one – no matter who they are, where they live or what challenges they face – is left behind where the universal right to education is concerned,” says UNESCO Director-General Audrey Azoulay, endorsing the report’s recommendations. “By ensuring that donor countries respect their aid obligations to developing countries, we can make adult learning and education a key lever in empowering and enabling adults, as learners, workers, parents, and active citizens.”
The publication stresses the need to increase national investment in ALE, reduce participation costs, raise awareness of benefits, and improve data collection and monitoring, particularly for disadvantaged groups.
Progress in participation in adult learning and education is insufficient
Despite low participation overall, many more than half of responding countries (57% of 152) reported an increase in the overall participation rate in adult learning and education between 2015 and 2018. Low-income countries reported the largest increase in ALE participation (73%), trailed by lower middle income and upper middle income countries (61% and 62%).
Most increases in adult learning and education participation were in sub-Saharan Africa (72% of respondents), followed by the Arab region (67%), Latin America and the Caribbean (60%) and Asia and the Pacific (49%). North America and Western Europe reported fewest increases (38%) though starting from higher levels.
The data shows persistent and deep inequalities in participation and that key target groups such as adults with disabilities, older adults, minority groups as well as adults living in conflict-affected countries are not being reached.
Women’s participation must improve further
While the global report shows that women’s participation in ALE has increased in 59 per cent of the reporting countries since 2015, in some parts of the world, girls and women still do not have sufficient access to education, notably to vocational training, leaving them with few skills and poor chances of finding employment and contributing to the societies they live in, which also represents an economic loss for their countries.
Quality is improving but not fast enough
Quality ALE can also provide invaluable support to sustainable development and GRALE 4 shows that three-quarters of countries reported progress in the quality of education since 2015. Qualitative progress is observed in curricula, assessment, teaching methods and employment conditions of adult educators. However, progress in citizenship education, which is essential in promoting and protecting freedom, equality, democracy, human rights, tolerance and solidarity, remained negligible. No more than 3% of countries reported qualitative progress in this area.
Increase in funding for adult learning and education needed
GRALE 4 shows that over the last ten years, spending on adult learning and education has not reached sufficient levels, not only in low-income countries but also in lower middle income and high-income countries. Nearly 20% of Member States reported spending less than 0.5 per cent of their education budgets on ALE and a further 14% reported spending less than 1 per cent. This information demonstrates that many countries have failed to implement the intended increase in ALE financing proposed in GRALE 3 and that ALE remains underfunded. Moreover, under-investment hits socially disadvantaged adults the hardest. Lack of funding also hampers the implementation of new policies and efficient governance practices.
View full post on National Cyber Security
#deepweb | In new world of data breaches and dark web deals, identity theft goes mainstream: JPSO | Crime/Police
Source: National Cyber Security – Produced By Gregory Evans Identity theft used to be a more complicated, hands-on racket that included mail theft, dumpster diving, scam telephone calls and emailed offers. But hackers, aided by improvements in computer technology and internet accessibility, have introduced an illicit efficiency to the crime, stealing the personal information of […] View full post on AmIHackerProof.com
#deepweb | 30 years after the Convention on the Rights of the Child was signed, the IACHR calls on States to renew their commitment to children – World
Washington, D.C. – On November 20, when the Convention on the Rights of the Child celebrates its 30th anniversary, the IACHR recalls that children still face enormous barriers to the enjoyment of their rights. In this regard, the Commission calls on the OAS member states to renew their commitment to children and adolescents through the implementation of effective national protection systems.
Thirty years ago, the international community came together to take a crucial step in the protection of children around the world, by negotiating and approving a broad regulatory framework that meant a paradigm shift in the matter. It is from the Convention that the States consolidated the recognition of children as holders of their own rights, universally guaranteed, and not as mere objects of protection. Today, the Convention on the Rights of the Child is the human rights treaty with the highest number of ratifications, as it has 196 States Parties, which underlines the universality of its scope.
Although the Commission recognizes the progress achieved during the three decades since the Convention came into force, it also expresses its concern about the deep gap between the rights established therein and the reality in which millions of children live in the region. According to UNICEF, in Latin America alone, 72 million children aged 0 to 14 still live in poverty, 1 in 5 have their physical growth affected by the lack of access to adequate nutrition and 12 million do not attend to school. In addition, almost 25,000 adolescents between 10 and 19 years old are victims of homicide each year in the region and half of those under 15 years of age are subjected to corporal punishment at home.
This scenario requires that the States renew and strengthen their commitment to protect children from any type of violation of their rights. In this regard, the Commission reiterates the need for States to implement national systems that effectively execute special and reinforced public protection policies aimed at guaranteeing the integral development of children, as well as allowing them to live a dignified life and free from all forms of violence.
“The protection of the rights of children requires a joint effort of all social actors, not only at this time of celebration of the 30th anniversary of the Convention, but permanently, with the States occupying a central place in guaranteeing these rights”, said Commissioner Esmeralda Arosemena de Troitiño, President of the IACHR and Rapporteur on the Rights of the Child. “This renewed commitment, which must continue through the years, needs to hear the voice of children who have the right and are increasingly interested in participating in the decisions that affect them”, she added.
The Commission notes that the United States of America is the only country that has not ratified the text of the Convention. In this regard, the IACHR takes this opportunity to urge the State to adopt measures to ratify the treaty for the benefit of more than 70 million children living in the United States.
A principal, autonomous body of the Organization of American States (OAS), the IACHR derives its mandate from the OAS Charter and the American Convention on Human Rights. The Inter-American Commission has a mandate to promote respect for and to defend human rights in the region and acts as a consultative body to the OAS in this area. The Commission is composed of seven independent members who are elected in an individual capacity by the OAS General Assembly and who do not represent their countries of origin or residence.
The post #deepweb | <p> 30 years after the Convention on the Rights of the Child was signed, the IACHR calls on States to renew their commitment to children – World <p> appeared first on National Cyber Security.
View full post on National Cyber Security
At 10am on a late November morning in Freiburg, Germany, a bank employee noticed something was wrong with a bank ATM.
It had been hacked with a piece of malware called “Cutlet Maker” that is designed to make ATMs eject all of the money inside them, according to a law enforcement official familiar with the case.
“Ho-ho-ho! Let’s make some cutlets today!” Cutlet Maker’s control panel reads, alongside cartoon images of a chef and a cheering piece of meat. In an apparent Russian play-on-words, a cutlet not only means a cut of meat, but a bundle of cash, too.
A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called “jackpotting” attacks on ATMs in Germany in 2017 that saw thieves make off with more than a million Euros. Jackpotting is a technique where cybercriminals use malware or a piece of hardware to trick an ATM into ejecting all of its cash, no stolen credit card required. Hackers typically install the malware onto an ATM by physically opening a panel on the machine to reveal a USB port.
In some cases, we have identified the specific bank and ATM manufacturer affected. Although a European non-profit said jackpotting attacks have decreased in the region in the first half of this year, multiple sources said the number of attacks in other parts of the world has gone up. Attacked regions include the U.S., Latin America, and Southeast Asia, and the issue impacts banks and ATM manufacturers across the financial industry.
“The U.S. is quite popular,” a source familiar with ATM attacks said. Motherboard and BR granted multiple sources, including law enforcement officials, anonymity to speak more candidly about sensitive hacking incidents.
A screenshot of the Cutlet Maker control panel. Image: Twitter account of @CryptoInsane
During the annual Black Hat cybersecurity conference in 2010, late researcher Barnaby Jack demonstrated live on stage his own strain of ATM malware. The audience broke into applause as the ATM displayed the word “JACKPOT” and ejected a steady stream of bank notes.
Now, similar attacks have been deployed in the wild.
In that Freiburg instance no cash was stolen, the law enforcement official said. But Christoph Hebbecker, a prosecuting attorney for the German state of North Rhine-Westphalia, said his office is investigating 10 incidents that took place between February and November 2017, including attacks in which thieves did make off with bundles of cash. In all, hackers stole 1.4 million Euro ($1.5 million), Hebbecker said.
Hebbecker added that because of the similar nature of the attacks, he believes they are all linked to the same criminal gang. In some cases, the prosecutors have video evidence, but they have no suspects so far, they added.
“The investigation is still ongoing,” Hebbecker said in an email in German.
Multiple sources said a number of the 2017 attacks in Germany impacted the bank Santander; two sources said they specifically involved the Wincor 2000xe model of ATM, made by the ATM manufacturer Diebold Nixdorf.
“In general, we do not comment on dedicated, single cases,” Bernd Redecker, director of corporate security and fraud management at Diebold Nixdorf, said in a phone call. “However, we are of course dealing with our customers on jackpotting, and we are aware of these cases.” Diebold Nixdorf has also sold these ATMs to the U.S. market.
An overview of the 2000xe model of ATM. Image: Wincor Nixdorf.
A Santander spokesperson said in an emailed statement, “Protecting our customers’ information and the integrity of our physical network is at the core of what we do. Our experts are involved at every stage of product development and operations to protect customers and the bank from fraud and cyber threats. This focus on protecting our data and operations prevents us from commenting on specific security issues.”
Officials in Berlin said they had faced at least 36 jackpotting cases since spring 2018, resulting in several thousand Euro being stolen. They declined to name the specific malware used.
In all, authorities have recorded 82 jackpotting attacks in Germany across different states in the past several years, according to police spokespeople. However, not all of those attacks resulted in successful cash-outs.
Do you know about other jackpotting attacks? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on email@example.com, or email firstname.lastname@example.org.
It’s important to remember ATM jackpotting is not limited to a single bank or ATM manufacturer, though. It is likely the other attacks impacted banks other than Santander; those are simply the attacks our investigation identified.
“You will see this across all vendors; this is not dedicated towards a specific machine, nor towards a specific brand, and definitely not a region,” Redecker said.
Part of the security issue for ATMs is that many of them are, in essence, aged Windows computers.
“These are very old, slow machines,” the source familiar with ATM attacks said.
ATM manufacturers have made security improvements to their devices, Redecker from Diebold Nixdorf stressed. But that doesn’t necessarily mean all ATMs across the industry will be up to the same standard.
And responsibility on securing access to the ATMs falls on the banks too.
“In order to execute a jackpotting attack, you have to have access to the internal components of the ATM. So, preventing that first physical attack on the ATM goes a long way toward preventing the jackpotting attack,” David N. Tente, executive director of USA, Canada & Americas at the ATM Industry Association (ATMIA), said in an email.
Redecker said he’s been seeing attacks across the globe since 2012, with Germany suffering its first jackpotting attacks in Berlin in 2014.
Around the time of the 2017 attacks, researchers at cybersecurity firm Kaspersky published research showing Cutlet Maker for sale on hacking forums since May of that year. It seemed anyone with a few thousand dollars could buy the malware, and have a go at jackpotting ATMs themselves.
“The bad guys are selling these developments [malware] to just anybody,” David Sancho, senior threat researcher at cybersecurity firm Trend Micro, and who works with Europol on jackpotting research, said. That has enabled smaller outfits or enterprising criminals to start targeting ATMs, he added.
“Potentially this can affect any country in the world,” Sancho said.
Motherboard spoke to one cybercriminal claiming to sell the Cutlet Maker malware.
“Yes I’m selling. It costs $1000,” they wrote in an email, adding that they can offer support on how to use the tool as well. The seller provided screenshots of an instruction manual in Russian and English, which steps potential users through how to empty an ATM. Sections of the manual include how to check how many banknotes are inside the ATM, and installing the malware itself.
The European Association for Secure Transactions (EAST), a non-profit that tracks financial fraud, said jackpotting attacks decreased 43 percent over the previous year, in a report published this month. But it’s worth stressing that EAST’s report only covers Europe.
“It happens in parts of the world where they don’t have to tell anybody about it,” the source familiar with ATM attacks added. “It’s increasing, but, again, the biggest problem we’ve got is that nobody wants to report this.”
That lowering of the barrier of entry to ATM malware has arguably driven to some of the spike in jackpotting attacks. In January 2018, the Secret Service began warning financial institutions of the first jackpotting attacks in the U.S., although those used another piece of ATM malware called Ploutus.D.
“Globally, our 2019 survey indicates that jackpotting attacks are increasing,” Tente from ATMIA wrote in an email.
As the source familiar with ATM attacks said, “There are attacks happening, but a lot of the time it’s not publicized.”
Subscribe to our new cybersecurity podcast, CYBER.
View full post on National Cyber Security