Research by HP has uncovered a lack of understanding among businesses of the risks associated with data breaches. More than 70% of US and UK executives surveyed by the Ponemon Institute said that their organisation does not understand fully the dangers of breaches, while less than half of top executives and board members are kept informed about the response process.
The 2014 Executive Breach Preparedness Research Report was designed to highlight the importance of senior executive involvement in the response to data breaches. While 79% of the nearly 500 senior executives polled agreed that executive-level involvement in the response process was necessary to a successful resolution, only 45% said that they were accountable for the process. The research also found that most executives are more concerned about threats from within their business than external attacks.
As we discussed last week, the financial cost of data breaches can be huge, not to mention the missed revenues due to reputational damage. This is why direction and leadership is needed from those at the top. Executives need to be aware of and actively involved in the data breach response process, and there needs to be a clear plan in place to prevent security incidents from escalating to a complete disaster for the company.
The Ponemon Institute noted that senior executives and board members may have been complacent about the effects of cyber-attacks and data breaches in the past, but are now gradually realising the damaging costs of such incidents. This is welcome news and we hope that senior executives will continue to take a more active role in their response to data breaches, educating themselves and their staff about the risks and start investing in the best security technology available.
This week has been Get Safe Online Week and to coincide with the event, the National Fraud Intelligence Bureau researched cyber-crime in the UK. The research found that over the last year, the ten biggest online scams cost victims over £670m – although the actual figure is thought to be significantly higher than that due to unreported crimes.
A separate poll found that while over half of Britons have been a victim of either online fraud, ID theft, hacking or online abuse, only a third of them reported the crime. One of the reasons for this is that many people did not know how to report the crime. It is hoped that this will be improved by the development of Action Fraud, the UK’s national fraud reporting centre, and the increasing resources that the Government is dedicating to cyber-crime.
The research also suggests that cyber-crime is increasingly being taken more seriously by the British public. Around 53% said they now see it as a serious “physical world” crime and 42% stated that they are now more vigilant when shopping online. Despite this change in attitude, many people are still failing to take basic security measures with 67% of tablet owners and 54% of mobile phone owners in the survey not having a password or PIN to secure their device.
It’s good to see that initiatives like Get Safe Online Week and Action Fraud are raising awareness of online crimes and what people can do to prevent it. However, this research is a stark reminder of the dangers that we all face online. Online fraud continues to increase as crime overall falls, with criminals constantly developing new ways of targeting victims online.
At Pentura we believe that education is the key in the fight against cyber-crime. Our LearnwithPentura e-learning portal provides users with advice on security and best practice, with eight online modules ranging from email to removable media. Complacency is not an option, and businesses and authorities must continue to raise awareness of the dangers of online crime and educate users in cyber security.
It’s been revealed that a data breach at US retail chain Kmart that compromised card details lasted over a month. The discount department store said that the malware was discovered last week but had been operating since early September. Based on its investigation so far, the company said that it believes credit and debit cards were exposed but that no personal information, PIN numbers, email addresses or social security numbers were accessed.
The incident is the latest in a string of cyber-attacks on American retailers. Last week, restaurant chain Dairy Queen revealed that hackers had stolen names, card numbers and expiration dates of around 600,000 cards across 395 of its restaurants. There have also been huge recent attacks on Home Depot, in which 56 million cards were affected, and on Target, when 40 million cards were compromised in the run-up to Christmas 213.
It’s not thought that the breached information is being used to create counterfeit cards or encumber customers with bills for items that they haven’t bought. Nevertheless, the attack is a reminder and a warning to retailers that the sheer size of their computer networks makes them an attractive target to hackers. By improving detection times, large chains will reduce the damage caused by such breaches and better protect both their customers and their reputation.
AT&T has become the latest multinational company to suffer a data breach after one of its own employees gained access to customer data. The US mobile telecoms giant has started informing around 1,600 customers in Vermont that their personal data was breached in August.
Although this is a smaller incident in comparison to recent cyber-attacks on JPMorgan Chase and iCloud, it is a reminder to IT managers about the dangers of insider data breaches. Whether intentional or not, internal breaches can be equally as damaging as external attacks and IT departments ignore this at their peril. Ensuring that your internal policies and controls are watertight and that employees are educated in data security is just as important as protecting your network from outside cyber-attacks.
Researchers have revealed a potentially serious flaw in WordPress software, that allows hackers to search for abandoned or inactive WordPress sites before mounting phishing attacks aimed at enticing users to install infected updates. Hackers can then quickly hijack the website and direct visitors to deliver malicious content.
WordPress is by far the most popular content management system. Having initially found success as a blogging platform, it is now hugely popular for business websites, operating as either a framework or a hosting service. However, the open-source nature of the system, as well as its popularity among web novices, does make it vulnerable when flaws are found. The report encountered several compromised WordPress websites.
WordPress offers a potentially easy entry point for hackers to introduce malware onto networks. Failing to maintain and update WordPress websites and plugins businesses are leaving themselves susceptible to attack. Businesses should be informing staff to only install updates and plugins from trusted sources and increasing awareness of this tactic. By properly educating staff and regularly updating WordPress businesses will be able to close off any potential weaknesses and reduce their susceptibility to attack.
By now, you may have heard about CVE-2014-6271, also known as the “bash bug“, or even “Shell Shock”, that may affect your organisation. It’s rated the maximum CVSS score of 10 for impact and ease of exploitability. The affected software, Bash (the Bourne Again SHell), is present on most Linux, BSD, and Unix-like systems, including Mac OS X. New packages were released today, but further investigation made it clear that the patched version may still be exploitable, and at the very least can be crashed due to a null pointer exception. The incomplete fix is being tracked as CVE-2014-7169.
How do you protect yourself?
The most straightforward answer is to deploy the patches that have been released as soon as possible. Even though CVE-2014-6271 is not a complete fix, the patched packages are more complicated to exploit. We expect to see new packages arrive to address CVE-2014-7169 in the near future. If you have systems that cannot be patched (for example systems that are End-of-Life), it’s critical that they are protected behind a firewall. And test whether that firewall is secure.
How can we help?
Pentura Threatsweeper service (Powered by Rapid7) has been updated with authenticated and remote checks for CVE-2014-6271. Checks for CVE-2014-7169 will follow as soon as they are verified.
If you have any questions, please contact the Pentura support team: firstname.lastname@example.org
The Pentura Team
Reports surfaced this week that Amazon’s Twitch.TV gaming site had been hit by a malware attack that targeted chat forums to access user’s machines. Hackers were found to be sending phishing messages across the site’s chat forums, which lured users with offers of raffle prizes, then drops a malicious Windows binary file on anyone who replies with their name and email address.
The news presents an interesting twist on traditional phishing scams and provides yet another platform for hackers to target sensitive information. The obvious attraction for criminals are the large numbers of users on chat forums and the fact that the platforms offer a haven for phishing scams.
With chat forums becoming increasingly popular in the corporate environment this is a trend that businesses should be monitoring closely and reacting quickly to adjust data loss prevention strategies to maintain security. With employees turning to chat forums to share best practice and problem shoot they need to be aware that they don’t know the identity, or credentials, of the people they are interacting with.
Hackers targeting chat forums will rely upon users trusting they are there to legitimately share information and assist one another to increase the chances of them opening links and files that contain malware. The attack on Twitch is a warning shot to organisations and has given them advanced warning of this latest tactic of the cyber-criminal.