Online fraud is rising “exponentially,” with the largest number of attacks originating from Eastern Europe and Russia. That’s according to Adrian Leppard, head of City of London Police, who admitted that the police were struggling to keep up with increasingly sophisticated internet criminals.
Advisen reports that half of all fraud in Britain, which currently costs the country £70 billion a year, is conducted online. Many of the victims are wealthy retired people conned into fraudulent schemes, losing £25k on average. In addition, there is a lot of evidence that alQaeda are using the proceeds of online crime to fund their attacks.
As the police force faces more budget cuts, many of the 800 specialist internet crime officer jobs may be lost. Leppard said that he worried that as online crime and fraud increases, Britain’s capacity to tackle the problem will be even more diminished.
See the full story on Advisen Front Page News
The Pentagon has recently announced that it will dramatically increase its cyber-security staff to combat the rapid influx in cyber attacks against government agencies and critical infrastructure. Cyber Command, which started just 3 years ago, now has 900 military and civilian staff members. That number will increase fivefold, up to 4,900 staff members.
The BBC reports that three different types of forces will be created under the growth plan. These include the protection of the defense department’s internal systems, the protection of computer systems that involve electrical grids and other critical infrastructure, and offensive operations overseas.
The decision comes after Leon Panetta, US Defense Secretary, warned that a cyber attack on the United States could inflict as much damage as 9/11 did. He also explained that smaller scale cyber-attacks were now commonplace.
See the full story on BBC.co.uk
The French Euromillions website, operated by Francaise des Jeux (FDJ), recently fell victim to religious hackers after its homepage was replaced by a passage from the Koran condemning gambling. The verses call games of chance “works of the devil” that are intended to turn people away from God. The message appeared for the better part of a day and did not affect the Euromillions game directly, nor was any data lost or stolen. The FDJ said that no other websites were affected.
The attack is yet another example of hacking being used for ideological purposes rather than financial ones. Indeed, there is a definite trend towards attacks being undertaken on ideological, political and religious grounds and these will no doubt spell out the next wave in cybercrime, affecting businesses and governments alike.
Companies like the FDJ and any other business that operates a website should also be looking at their security practices and insurance policies. Although in this case the damage was relatively minimal, losing data and denial of service attacks can cost companies millions and many insurance policies do not make it clear whether ideologically motivated hack attacks fall under a policy’s terrorism exclusion or not. Ensuring clarity on this point, especially as these types of attacks become more common, is a must.
See the full story on BBC.co.uk
CFC carves out hack attacks from its terrorism exclusion, making it clear that ideologically motivated hack attacks are covered. Click here to learn more about our cyber policy.
Software provider SSP has suspended its service on aggregator websites after an attack on its integration with Google Compare. The attack affected users of Google’s new comparison website for car insurance. SSP’s software is used on a range of aggregator websites such as Google Compare, Comparethemarket.com, Gocompare.com, Confused.com and Moneysupermarket.com.
According to the The Financial Times, comprehensive personal data of some users was compromised during the attack, although neither SSP or Google has said how much data was lost. SSP has temporarily suspended its service on all the aggregator sites with which it works as a precaution but has said that the breach in question was limited to its interface with Google.
The UK motor insurance market earned £13.3bn in premiums last year alone and it is estimated that by 2014 over half of UK personal motor insurance policies will be purchased through price comparison websites.
See the full story on FT.com
Customers who shopped in various locations of the US bookstore giant, Barnes & Noble, may have had their credit card details stolen by hackers. 63 stores were affected, including some of the company’s busiest locations in New York, Chicago, Miami and San Diego. The hackers got the information by breaking into the keypads in front of registers where customers swipe their cards and enter their PINs.
Barnes & Noble learned of the attack in mid-September but are only now starting to notify affected customers. This is following advice it was given by the US government who wanted to give the FBI time to investigate who was behind the attacks. Part of this investigation effort involved turning off all 7,000 keypads in the company’s several hundred stores and sending them to an examination site. They found that only one terminal in each of the 63 stores had been hacked but have still not reinstalled the devices.
How exactly the network was penetrated is still to be determined. A company insider could have set up the attack or a malware might have been installed by an employee unwittingly clicking on a malicious link. Whatever the case, the breach will cost Barnes & Noble and incredible amount of time and a considerable amount of money. As Tom Kellermann, a vice president at Trend Micro, points out on Advisen, “Attacks on point-of-sale systems are growing exponentially.”
See the full story on Advisen Front Page News
We usually think of hack attacks for financial gains taking the form of copying credit card and other financial information from companies’ servers and selling it on the black market. But new tactics are coming about – tactics which cyber criminals are using with increasing frequency. Hackers are now beginning to steal data from companies and hold it until a hefty ransom is paid.
Take this recent case, for example. An Illinois medical practice, The Surgeons of Lake County, suffered a security breach when hackers burrowed into the company’s computer network where it stored its email correspondence and medical records. The hackers stole and encrypted the data and then asked for payment in return for access to the information. Although the practice is successful and situated in an affluent area, it’s a long way off being considered a high profile entity.
This attack is symbolic of a trend of increasingly diverse and numerous hack attacks. Bloomberg warns that companies that deal in any way with sensitive data on their computer systems need to ensure they have adequate cyber insurance, even small businesses that think they could never be attacked. But healthcare providers are at even greater risk due to the breadth and nature of the data they collect and store and the fact that easily accessing this data is crucial for day-to-day operations.
The Surgeons of Lake County refused to pay the ransom. It is not known whether they have found another way to access the data or if they had any backups.
See the full story on Bloomberg.com
What seems to be the usernames and passwords of 17 academics at one of Britain’s most prestigious universities have been posted online by NullCrew, a group linked with the large hacking network Anonymous. NullCrew said that it hacked the system in support of Julian Assange.
NullCrew claims that if the United Kingdom continues to fight against Assange for “speaking his voice” then itself and other hacking groups will systematically target UK institutions and government websites in protest. The attack on Cambridge seems to be symbolic of a larger hacktivist movement surrounding the handling of the WikiLeaks founder’s asylum case.
As a preventative measure, the university has taken affected parts of the system offline whilst IT staff investigate what happened. Email login details belonging to members of the university do not seem to have been exposed.
See the full story on Guardian.co.uk
According to a member of hacking group TeamGhostShell, recruiting firm ITWallStreet.com has recently had private data belonging to tens of thousands of its users published online. The company supplies Wall Street businesses with IT professionals to work in development, infrastructure and database and process management.
The data was allegedly stolen from its server and contains first and last names, usernames, email and mailing addresses, phone numbers and hashed passwords, many of which were quickly decrypted into their clear text form. Individuals affected ranged from entry-level support staff to top executives, including many vice-president-level jobs at nearly every major Wall Street firm.
It gets worse. ComputerWorld reports that in addition to this personally identifiable information, the data dump included salary and bonus expectations of the candidates as well as snippets of email exchanges which discussed the suitability of certain candidates for certain positions. Details of phone records including the phone number dialed, when it was dialed and how long the call lasted were also part of the exposed information.
ITWallStreet.com has said that they would not comment until the claims were verified, as it was too soon to tell if the data belonged to their applicants or not. It is thought that the attack took place as part of the Occupy Wall Street movement.
See the full story on ComputerWorld.com
As the usage of Macs is on the incline, so are the number of viruses out to infect them. A recent report conducted by Russian antivirus company Dr. Web has found that over half a million Macs are infected with the Flashback trojan, which poses as a Flash Player installer and disables Apple’s automatic updating mechanism for its system-wide malware application. This means that once your computer is infected, you’ll never be informed and you’ll be open to future attacks.
Whilst most of the infected computers are in North America, it’s fair to say that this type of bug will go worldwide and quickly. Mac users often don’t think they’re at risk, but as cyber attacks become more common daily, it’s very likely that hackers and virus creators have millions of Mac users in their sights.
See the full story on arstechnica.com