The week in security: Hackers swarm banks, break for World Cup

It seems even cybercriminals love their soccer, with statistics suggesting that the volumes of online attacks almost stopped during the nailbiting grand final this month. Yet others were up to their usual tricks, with a Wordpress plugin targeted and still others ransoming the European Central Bank after stealing user contact information.

Document protection is emerging as a priority for organisations struggling to keep cybercriminals from their data, while financial protection was proving important in Europe as a wave of cybercrime saw cybercriminals withdrawing money from European banks. Authorities notched up two small victories on that front by securing 14 years' incarceration for two hackers who were stealing money to bring foreign criminals into the UK.

With scams rife and Nigerian scammers among those expanding their brief by targeting businesses, it's little wonder that companies like Apple are expanding their use of protective mechanisms like fingerprint scanners. Making the most of such technologies will require better security skills training, with one University of Adelaide security researcher doing his part by launching a series of security training workshops that seek to both educate uni students and nurture their curiosity in a move that might plant the seeds for a career.

Apple will also be in many of those security professionals' crosshairs, however, if allegations that it admitted to building a backdoor into iOS prove true; Apple published an explanatory note that it hopes will clear the air. Indeed, personal security was all over the news: while a US court argued that it was OK for law-enforcement officials to seize emails en masse while investigating a subject, famous NSA whistleblower Edward Snowden expressed a desire to work on privacy-preserving technologies in the future.

Yet the Electronic Frontier Foundation beat him to it – in a way – releasing a Chrome and Firefox plugin to stop third-party tracking of users. This sort of protection is likely to become even more important as ever-stealthier Web tracking tools find new ways to follow users around the Web.

Even Tor appears not to be anonymous anymore – although just why that's the case remains a mystery after a Black Hat conference presentation on the technique was cancelled at the last minute; Tor's authors are said to be working on a fix. Yet anonymity is only part of the problem, as analysts warn that half of point-of-sale systems are vulnerable to attack and the cost of cybercrime continues to grow, a new ransomware program called 'Critroni' was said to be more powerful and resilient than the notorious Cryptolocker. Another ransomware variant, called Simplocker, was also expanding its scope by targeting English-speaking users with FBI-themed alerts.

Security breaches are not only difficult and annoying for the targeted organisation, but they can pose very real business problems – as eBay has found out in now facing a class-action lawsuit over a data breach earlier this year. A UK travel services company learned the same lesson after it was fined £150,000 for a data privacy breach, while Apple is facing its own privacy lawsuit after a Chinese state broadcaster raised security concerns about the iPhone's location-tracking functions. Such repercussions have an increasing number of people wondering whether IT groups are really ready for the security challenges of new technologies like BYOD.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about AppleeBayElectronic Frontier FoundationFBINSAUniversity of Adelaide

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place