News round up: * Cybercrime exploding * Social engineering on the rise * Two thirds of UK citizens don’t have computer security
Cybercrime updates: Twelve cybercrimes happen every second
It’s not often that you hear the Russian authorities speaking about cybercrime
. But Aleksey Moshkov, from the Russian Bureau of Special Technical Measures, recently broke silence with a remarkable announcement. He told an audience at a security forum in Moscow: Every second 12 people in the world become victims of cyber criminals and this figure is growing every year...”. He went on to say that during 2013 the Russian authorities detected an 8.6% rise in cyber attacks and that the Bureau thwarted attacks that would of, if successful, defrauded Russian citizens out of about $28 million. One of the trendsMoshkov identified was an increasing move by cyber criminals in using viruses that target mobile apps. It’s described as ‘disturbing’ but given the scale of cybercrime and the increasing ubiquity of smart phones it’s hardly surprising.Interestingly, it was also pointed out that about 19 percent – almost one in five - of cyber attacks target financial assets. It used to be that much hacking was mischievous or political, with ‘script kiddies’ simplyflexing their newly acquired hacking muscles, or hacktivists wishing to make a point.
Alarming rise in social engineering to target bank accounts
A partnership between police in the City of London, the financial heart of the UK economy, and UK banks has apparently halted the cyber theft of £174 million in the past nine months. British Bankers Association
nbsp;estimated that by closing suspect accounts it had prevented criminals from stealing £173.9m from customers between April and December, based on the average amount of money lost in a typical case of financial cyber crime.The City of London Police said there were three main types of cyber criminals targeting bank customers. The most commonplace was when a bank account was hacked through online shopping
. The second involved a person’s or company’s money being diverted into a criminal’s bank account.However, perhaps the most worrying new trend is account takeover through social engineering
with cyber criminals piecing together personal information about a person from their social networks and using this to hack into their account.After years of trying to keep quiet about the cyber attacks British banks have now admitted that they are targeted every day by traditional cyber criminals, denial of service attackers, activists and cyber espionage.
UK cyber fraud hits one billion – two thirds of people have no virus protection
Staying with the UK, a report issued late last month by the government estimated that cyber criminals stole more than £1billion from individuals in Britain last year. Some of the commonest scams include fake retail websites, which masquerade as legitimate sites such as Amazon.com. Phishing scams have also been on the rise. Alarmingly, the government's figures reveal that only 57 per cent of people check that a website is secure before making a purchase online, and that two thirds of people fail to install security software on new equipment. So, given that, and with 11 million new devices, phones, tablets and computers received in homes over Christmas, it looks like UK citizens can expect an even greater cyber blitz aimed at their devices.
Target cyber hack – far and wide – cunning and sophisticated malware
The hack that hit US retailer Target
just before Christmas was far more wide-ranging than previously thought. A US government classified memo has acknowledged it was part of a much broader security breach of a number of US companies.The investigators have confirmed fears that Target was not the only victim of the attack, but have refrained from identifying the other companies. However, it’s believed to have hit, at least three other well-known national retailers have suffered an attack from the same virus.The Neiman Marcus Group has already said that it suffered a theft of clients’ personal data during the holiday though it’s now known whether it was related to Target. It has been revealed that the virus used by the international hackers to breach Target’s firewall and compromise the personal data of 70 million people was dubbed by hackers KARTOKHA (“potato” in Russian).
Steps of the cyber-attack on Target retailer
In fact, it was just the latest virus among many to target point-of-sale (POS) terminals. The malware was specifically designed to meticulously conceal its data manipulations, making the very detection of the virus in action a very hard task. The actual hacking process was split into two stages: First, Target point-of-sale devices were infected with the virus, which made copies of personal data encrypted on magnetic stripes on payment cards and stored them on Target’s own servers. Then the hackers broke into the company’s system network to collect the stolen data. One of the peculiarities of the virus was that it did not operate around the clock, limiting its activities to only prime business hours between 10 am and 5 pm, which also contributed to invisibility of the malware.
Staying safe online means staying alert
It goes without saying that most of the hacks mentioned above could have been prevented by following some simple guidelines. We’re not sure about the Target hack as it seems the malware was sophisticated to such a degree that it’s rarely seen.However, simple identity theft protection and anti-virus protection
would have certainly put paid to many of these attempts – and that’s a nailed down certainty.