Category: Uncategorized


Hackers – How are they using ransomware?

By Admin,

Hackers – How are they using ransomware?

CEO of Forticode Tony Smales shares some insights about ransomware and how it plays a major role in the trillion dollar fraud economy

 

Digital Hijacking and Extortion

By Admin,

Individuals and businesses alike continue to become increasingly dependent on computers and smart phones along with the data that’s utilised across the various digital channels – for this reason, cybercrime is becoming more and more lucrative. Over the past few years, Ransomware has become the most prevalent and financially motivated cybercrime threat worldwide and is likely to continue with increasing frequency and variation of campaigns.

As the name suggests, ransomware is a form of malware designed to infiltrate a computer system and hold the user’s files or screens hostage until a ransom is paid. Ransomware infects computers the same way as other types of malware, for example it can be attached to or linked from a malicious email, hide on malicious websites or pretend to be useful applications on peer-to-peer networks. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable or is deleted.

Regardless of whether the victim is a consumer, small business or a large enterprise, ransomware holds the data that’s valuable to them, and potentially their clients, hostage. As a result, many people or businesses affected pay the ransom without any assurances in desperate hope of regaining access to their IT system.

According to research conducted by Cyber Security Ventures, they estimate that ransomware damages will cost the world $8 billion in 2018. This estimate includes the ransom, downtime, wages, device cost, network cost, and lost opportunities. Whilst the ransom cost may be as little as $800 the overall cost to the bottom line can be significant and for most businesses, the cost of a ransomware attack is too big a risk to ignore.

So what can we do to stop this cybercrime juggernaut?

  1. Back up your data: Cyber criminals leverage the threat of deleting important data, if the data is backed up regularly their leverage diminishes.
  1. Update your software: Ransomware often uses bugs in software which the developers patch through updates – make sure they are downloaded and installed.
  1. Educate your staff: All it takes is for one employee to fall victim to clicking a link in a fake email to infect the entire organisation with ransomware. Ensure your team is aware of phishing scams and know the warning signs of malware. Remind them that it’s okay to be sceptical of emails from unknown senders.
  1. Don’t pay the ransom: The criminals have no incentive to release your files once the ransom is paid, instead, they can demand more money and target your business in future knowing you are willing to pay. Furthermore, by paying the ransom, businesses become a part of the vicious cycle of cybercrime by making it profitable creating growth. There are also websites out there that can walk you through dealing with some of the more common ransomware threats including publicly available decryption keys.
  1. Cyber security: Cyber security: Ensure you have anti-virus software installed on your computers and across your system, it’s much cheaper than a ransomware attack.

Ransomware and other forms of cybercrime will continue to grow – that’s inevitable. The best counter-measure is prevention through education, preparation and cybersecurity.

A smart and safe business installs security on the premises to protect it from burglaries and tells staff how to secure the office before they leave: prevention of cyber threats should be no different.

EP16iii – DAVID DALTON – Cipherise could be as big as Paywave

By Admin,

EP16iii – DAVID DALTON – Cipherise could be as big as Paywave

Dave Dalton is back again to discuss how many users would benefit from the use of Cipherise to access their business without passwords, it could be as seamless as using paywave on a credit card.

 

Why Twitter Makes Me Angry

By Admin,

On Thursday last week, Twitter sent out a press release stating that all 330 million users of its service should change their password based upon the fact that a system error had made them readable text in an internal computer system, as opposed to randomised data through a process called hashing.

Now, on one hand we should admire them for being so proactive and coming forward to let us know that we should take this preventative action. However, as an security industry specialist, I still have some very real and major concerns with the announcement, and some deeply disturbing unanswered questions. For example:

  • How did the breach get found in the first place? I find it implausible that this was just discovered through a routine inspection, and more likely that they were alerted by an external party
  • How could it possibly affect all 300 million users? Typically when a. company tells all of its users to change their password, it implies they have no idea of who might have got into their systems
  • Twitter state – in an unattributed blog – that they are “very sorry”, yet they have form on this – the US Federal Trade Commission settled with Twitter over a past 2010 breach, after which audits were meant to occur for ten years. If it was one of these audits that found the breach, then why aren’t the US Federal Trade Commission making comment yet?
  • The timing of the announcement is also telling. Were they forced to alert their users now in advance of the GDPR timeline (May 25th), and thus remove the potential of penalties if someone becomes aware of a causal link to a privacy breach that has its roots in the Twitter data loss.

But perhaps most of all, I am annoyed by yet another service provider (and yes, I know their service is free, and so my expectations shouldn’t be so high) not really taking responsibility for my credentials, and then downplaying the impact as their business is not really that affected. Organisations suffering a breach never consider the impact of a breach from their user’s perspective, and the fact that they’ve compromised a ‘duty of care’…..they fall back behind their always ridiculously verbose Terms of Service, and try to push a message that there is “nothing to see here…move on please”.

And finally, how are they  positively informing all of their 330 million users – surely it would be a simple task for the world’s biggest messaging platform to send out a message to everyone on its list that they should change their password?…..but perhaps this might open them up to more questions from their community?

 

See what Reuters has to say here.

 

EP16ii – DAVID DALTON – EY’s network opportunities

By Admin,

EP16ii – DAVID DALTON – EY’s network opportunities

We now continue the Chat with Dave Dalton and talk about EY’s trust and reputation and how they continue to open up their valuable network to Forticode

 

Day 2 – The Forticode RSA Conference update.

By Admin,

Day 2 – The Forticode RSA Conference update

Vice President of Worldwide Sales at Forticode Ramsay Smith is part of the Forticode contingent in San Fransisco for 2018 RSA conference, he talks about how great Day 2 was for himself and the team.