Latest news
Detectives from the Police Central e-Crime Unit (PCeU) arrested three people in connection with using ransomware to blackmail people.It has been alleged that computer users were targeted and led to believe that they were required to pay a fine as part of an ongoing police inquiry with the hackers using a popup page containing the Metropolitan Police logo to force users to pay up to £100 to retrieve the data on their computer.
It has also emerged that cybercriminals in the US are also adopting this tactic, using the FBIs logo to trick and then defraud users.
Paul Davis, Director of Europe at FireEye has made the following comments:
With more people waking up to the realities of spear phishing and other methods of attack on their data ransomware is looking like the next logical step in social engineering. And that is a very frightening prospect indeed. While this type of scam has been around for quite some time, recent incidents on both sides of the Atlantic suggest that hackers are increasingly making it part of their ongoing quest to capture valuable data.
Worryingly, the panic created in people who happen to visit the wrong website at the wrong time could make them succumb to the financial demands of cybercriminals simply to avoid embarrassment.
Though it is arguably a scam targeted at consumers, ransomware can easily find its way onto the corporate network paving the way for larger-scale attacks against organisations. With employees increasingly browsing social networking websites and opening email attachments from strangers, they are fast becoming a real threat to IT security after all, it takes just one person to click the wrong link for malware to infect the entire system. The information that is harvested and held to ransom can then be sold on to other hackers who really know how to use it.
As with all sophisticated, elaborate IT security threats, the only way to ensure the most robust protection for the corporate network without imposing a blanket ban on personal internet use is for organsiations to have a comprehensive security solution in place across the entire IT estate.
Its been said time and time again that traditional perimeter solutions are not strong enough to fight the calibre of threats that we are seeing today, and advanced security tools must be used to protect all potential vectors of attack. Only then can IT teams be sure that all bases are covered, even in the event that one employee slips up.
Spotlight
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
