Tag Archive for: forced

Cybercrime matures as hackers are forced to work smarter

/in


hacker

An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.

Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide.

Pursuing new avenues

One key finding of the study is that the level of security on office software, web services, email platforms, etc., is getting better.

As Kaspersky explains, browser vulnerabilities have reduced in numbers, and websites are not as easy to compromise and use as infection vectors today.

This has resulted in making web infections too difficult to pursue for non-sophisticated threat groups.

The case is similar with vulnerabilities, which are fewer and more expensive to discover.

Instead, hacking groups are waiting for a PoC or patch to be released, and then use that information to create their own exploits.

Becoming more efficient

Hacking groups are now optimizing its member structure and providing distinct functional roles to each person.

In modern cybercrime operations, there’s no longer a need for malware authors and testers, because actors are sourcing their tools from central selling points on the dark web.

Moreover, with much of stolen money being transacted in cryptocurrency, actors only need money mules or someone to manage cash withdrawal operations when cashing out into fiat currency.

The same goes for account credentials, webshell access to various organizations, and even DDoS attacks. All of these are bought from providers instead of “employing” an expert in the team.

Typical cybercrime group structure - 2016 left 2021 right
Cybercrime group structure – 2016 on the left, 2021 on the right
Source: Kaspersky

Another way of optimization for cybercriminals today is to turn to cloud service providers instead of choosing the more costly and risky option of renting or setting up their own physical server infrastructure.

The downside of this is that cloud servers are regulated and service providers are responsive to reports, but threat actors can always hop to other platforms or create new accounts when they’re…

Source…

The Perfect Storm – How Mobile Reliance Has Forced Financial Services Beyond Device Management

/in


Tablets and smartphones have become a primary tool to manage work and life as digital transformation accelerated last year. This trend is especially evident in the finance sector, where both workers and customers have become dependent on mobile devices to do everything from shopping, playing bills and managing finances. Similarly, financial employees are using the very same devices to stay productive as they continue to work away from the office.

The increased usage of mobile devices in the financial sector means both organisations and customers are exposed to new risks. These devices now have as much access to corporate infrastructure as traditional endpoints and hold more sensitive financial information than ever. Therefore, it is no surprise that the financial sector was the most targeted industry in 2020 by cybercriminals. To ensure that they tap into the productivity that comes from mobility, financial organisations need to embrace modern security technologies and strategies to secure the mobile devices and apps their employees and customers use the most. 

The need for dedicated endpoint security solutions

In an attempt to secure their mobile devices, the financial industry increased their use of mobile device management (MDM) solutions by 50 percent during the pandemic. Despite these efforts, cyberattacks did not decrease during the same period. Phishing remained one of the most common forms of cyberattacks while malware exposure rose by over five times. These trends illustrate that financial services organisations need to think beyond MDM when it comes to securing their mobile devices and their corporate data. 

We’re more susceptible to phishing attacks

There’s a reason that we saw a 125 percent increase in the average quarterly mobile phishing exposure rate for financial organisations. With everyone working from home, or continuing to do so under a hybrid-work environment, security teams have lost the visibility they had inside their perimeter. It also doesn’t help that people are using personal mobile devices and using networks organisations don’t control. In addition, consumers are using mobile devices to access sensitive data…

Source…

Capcom reportedly forced employees to work in the office following ransomware attack

/in


Last November, Capcom suffered a cyber “ransomware” attack in which 16,415 individuals had their information accessed and compromised via the company’s internal servers. 

And in a new report from the Japanese Business Journal, an anonymous internal report alleges that the company forced employees to work from its physical office despite the government asking Osaka—where Capcom’s main headquarters is located—and Kyoto residents to try and work from home due to a rise in COVID-19 cases. 

The Business Journal was provided what looks to be an internal email from Capcom to its employees that said the company would be “abandoning the remote network” and deciding there is “no choice but to come to work.” This decision was made specifically because of the damages caused by the ransomware attack.

This, according to the Business Journal’s original source, led to a lot of employees worrying about their health and job security since part of Capcom’s messaging basically told the workers that anyone who disagreed or complained with the orders would face potential employment restrictions. One employee even said that, in some cases, workers seemed like they were being urged to retire. 

The Business Journal pointed out that this positioning isn’t uncommon for Capcom. Flexible work hours and other benefits reportedly heavily depend on an employee’s position within the company and the developer/publisher doesn’t allow a worker’s labor union. 

Capcom did respond to the Business Journal’s request for comment, saying that the company is “committed to the health and safety of employees” and has taken precautions to follow proper protocols to keep everyone safe. This includes staggering work hours and implementing a mask requirement, temperature check, and social distancing within the office. 

The company also responded to questions about potential unionization, noting that there’s work being done to “comply with relevant laws and regulations regarding the establishment and joining of labor unions by employees.” No further details were shared. 

The initial attack took place on Nov. 2 when an organization called Ragnar…

Source…

Joe Biden could be forced to ditch his high-tech exercise bike because of cyber-security risks 

/in


Last ride for Joe Biden’s beloved Peloton: New president could be forced to ditch his high-tech exercise bike because of cyber-security risks

  • President-elect Joe Biden could be forced to give up his Peloton exercise bike
  • The stationary bike has camera and microphone which could pose security risks
  • Biden previously said he uses the bike as part of his daily morning workout

By Sam Baker For Mailonline

Published: | Updated:

Joe Biden could be forced to change his workout routine when he moves into the White House because of potential security concerns over his Peloton bike.

The popular exercise bike connects to the internet and has an in-built microphone and camera that could pose a hack risk, according to Popular Mechanics. 

As a result, the Secret Service could force the 78-year-old President-elect to leave behind the bike when he takes up residency in the White House. 

Max Kilger, Ph.D., director of the Data Analytics Program and Associate Professor in Practice at the University of Texas at San Antonio, told the website: ‘Because you’re connected to the internet, even though there are firewalls and intrusion detection software… those things can be gotten around if you’re really good and skilled.’

Joe Biden (pictured) could be forced to change his workout routine when he moves into the White House because of potential security concerns over his Peloton bike

Joe Biden (pictured) could be forced to change his workout routine when he moves into the White House because of potential security concerns over his Peloton bike

Kilger moved on to say that if a hacker was able to gain access to the Peloton bike then they could potentially also breach any device connected to it.

He also said that if Biden was determined to keep hold of his exercise bike then the secret service may have to rip out the components that pose the potential security risks.

Although, he said, this then eliminates the attractiveness of the machine. 

Peloton exercise bikes are indoor stationary bicycles that cost upward of $1900 each and have smart tablets attached to them which allow owners to connect with other people.

The popular exercise bike (pictured) connects to the internet and has an in-built microphone and camera that could pose a hack risk

The popular exercise bike (pictured) connects to the internet and has an in-built microphone and camera that could pose a hack risk

On the company website, Peloton says: ‘No…

Source…