The week in security: Hackers swarm banks, break for World Cup
- 28 July, 2014 16:06
It seems even cybercriminals love their soccer, with statistics suggesting that the volumes of online attacks almost stopped during the nailbiting grand final this month. Yet others were up to their usual tricks, with a Wordpress plugin targeted and still others ransoming the European Central Bank after stealing user contact information.
Document protection is emerging as a priority for organisations struggling to keep cybercriminals from their data, while financial protection was proving important in Europe as a wave of cybercrime saw cybercriminals withdrawing money from European banks. Authorities notched up two small victories on that front by securing 14 years' incarceration for two hackers who were stealing money to bring foreign criminals into the UK.
With scams rife and Nigerian scammers among those expanding their brief by targeting businesses, it's little wonder that companies like Apple are expanding their use of protective mechanisms like fingerprint scanners. Making the most of such technologies will require better security skills training, with one University of Adelaide security researcher doing his part by launching a series of security training workshops that seek to both educate uni students and nurture their curiosity in a move that might plant the seeds for a career.
Apple will also be in many of those security professionals' crosshairs, however, if allegations that it admitted to building a backdoor into iOS prove true; Apple published an explanatory note that it hopes will clear the air. Indeed, personal security was all over the news: while a US court argued that it was OK for law-enforcement officials to seize emails en masse while investigating a subject, famous NSA whistleblower Edward Snowden expressed a desire to work on privacy-preserving technologies in the future.
Yet the Electronic Frontier Foundation beat him to it – in a way – releasing a Chrome and Firefox plugin to stop third-party tracking of users. This sort of protection is likely to become even more important as ever-stealthier Web tracking tools find new ways to follow users around the Web.
Even Tor appears not to be anonymous anymore – although just why that's the case remains a mystery after a Black Hat conference presentation on the technique was cancelled at the last minute; Tor's authors are said to be working on a fix. Yet anonymity is only part of the problem, as analysts warn that half of point-of-sale systems are vulnerable to attack and the cost of cybercrime continues to grow, a new ransomware program called 'Critroni' was said to be more powerful and resilient than the notorious Cryptolocker. Another ransomware variant, called Simplocker, was also expanding its scope by targeting English-speaking users with FBI-themed alerts.
Security breaches are not only difficult and annoying for the targeted organisation, but they can pose very real business problems – as eBay has found out in now facing a class-action lawsuit over a data breach earlier this year. A UK travel services company learned the same lesson after it was fined £150,000 for a data privacy breach, while Apple is facing its own privacy lawsuit after a Chinese state broadcaster raised security concerns about the iPhone's location-tracking functions. Such repercussions have an increasing number of people wondering whether IT groups are really ready for the security challenges of new technologies like BYOD.