Tag Archive for: Ahead

Hackers out to get you? Here’s 5 tips to stay ahead

/in


“In today’s connected world, it is a matter of when rather than if you will experience someone trying to hack you.” – Cybersecurity experts.

Your mobile gadgets may be your pride and joy, but for cybercriminals, they’re gold-in-transit.

Truth is, technology has simplified our lives, making it easy to communicate with people from all corners of the globe, but it has also left us vulnerable to cyber-attacks.

Think about it, your cell phone contains nearly every detail of your life – your pictures, personal information, and even your banking credentials.

Having control of your admin at your fingertips may be convenient, but guess who else appreciates the ease of access – the guy on the world-wide-web eagerly waiting for a chance to pounce.

ALSO READ: How the ‘get to know me’ social media challenge could end in tears

‘It’s only a matter of time’

“In today’s connected world, it is a matter of when rather than if you will experience someone trying to hack you.

“With cybercriminals becoming more sophisticated in their attempts, it is possible that at some point or another you may interact with a scammer or click on a phishing link,” said Kaspersky, a cybersecurity firm.

Since we’ve reached the point of no return when it comes to the use of technology, the only option available is to beef up our online security.

Kaspersky shared useful tips to apply as you navigate your way in the digital era.

Don’t give any more information

Cell phone usage has become somewhat a thoughtless exercise, with users paying less attention as they scroll on the Internet.

Kaspersky cautioned Internet users against giving away their information online.

“If something feels ‘off’ about a website you are led to after clicking a link, asking for your name, email, phone number, or bank card information, close it immediately.”

Criminals have also been increasingly attempting to scam people via phone calls, often asking for personal information.

“If you are talking to someone on the phone, and the conversation seems even just a little strange, hang up immediately and do not answer if they call back.

“And if you…

Source…

The $10 billion cyber-insurance industry sees a dangerous year in cybercrime ahead. AI, ransomware, and war are its biggest concerns

/in


It’s rare to find an insurance policy against war breaking out, but there’s a $10 billion market for cyber-insurance that guards against the threat of ransomware attacks. With the world as violent and turbulent as it is right now, though, lines between the two are blurring.

The ongoing wars in Ukraine and Gaza have insurers on such high alert that many simply aren’t offering coverage any longer, on top of which AI is creating new and unpredictable cybersecurity risks. And insurers expect a “significant” increase in hacks in 2024, to boot.

Those were the three key findings of a new report on cyber-insurance trends from consultancy Woodruff Sawyer. Insuring against cybercrime has grown from a tiny niche to a $10 billion market, with firms that offer coverage ranging from small specialty carriers to household names such as Chubb and Travelers. They offer coverage for losses incurred relating to companies’ IT and computer systems—for example, if companies are hacked and lose data or have to pay ransoms to get it back.

Woodruff Sawyer surveyed over 40 of its clients and found that the industry has a gloomy outlook this year: 56% of respondents said they believed cyber risk would “increase greatly” in 2024. They pointed to ransomware and war-associated risks as two of their biggest concerns.

“If you have an attack that is part of a war campaign, it can affect private companies across the globe that have nothing to do with war,” said Woodruff Sawyer national cyber practice leader Dan Burke in an interview with Fortune. “That is the true risk that’s elevated by conflict and war and geopolitical tension. That’s really what underwriters are mostly concerned about.”

A famous example of this type of ransomware attack was a virus called NotPetya, which circulated in 2017. Originating in Ukraine, it quickly went global and compromised the computer systems of dozens of companies, including drug giant Merck and shipping company Maersk. The White House estimated it caused $10 billion in damages.

“The NotPetya attack was a Russian-based attack against an accounting software in Ukraine. And it turns out that that specific piece of software was used by multinational…

Source…

‘Ethical’ hacker tries to stay a step ahead of the bad guys

/in


The internet is a tough neighborhood and Nikolas Behar is a hacker. He’s among the many who show up every year at DEFCON in Las Vegas, the hacker convention. But Niko, as everyone calls him, insists he’s on the right side of the firewall.

He considers himself an ethical hacker, and he works for groups that need protection from criminal hackers trying to break into their vaults of valued passwords and data.

“A lot of people, when they think about hackers, they think about people in hoodies,” Behar said. “But there’s a movement in the industry that’s trying to change that narrative and show that hackers aren’t necessarily bad.”

As an ethical hacker, Behar has to think like a criminal. When he works for a client, he tries to break into their system to spot vulnerabilities. One example, he was able to hack into the system of a hospital client.

“So what I was able to do was park across the street in my rental car with a special antenna. And I was able to connect to their Wi-Fi and communicate with a heart monitor on their network from across the street,” he said. “All because they didn’t configure their Wi-Fi correctly and it was leaking outside the building.”

Another time when he was working for a hedge fund, he got into their building after hours and jumped over a cubicle wall to find two unlocked computers.

“So we demonstrated that we would have been able to make a $5 million trade without anybody really noticing because there’s a cubicle that’s supposed to be secure and the wall of the cubicle doesn’t go all the way to the ceiling. And the stuff in the cubicle is not locked or encrypted.”

So, who exactly are the unethical hackers? Sometimes, they work for national governments that want to pose a security threat to the U.S. Sometimes, they’re just looking for money, and that’s why they target people like us and your personal information.

“First name. Last name. Social security. Date of birth. And then you take all that data and you can sell in bulk to the highest bidder,” said Christian Dehoyos, a cybersecurity architect who leads San Diego’s chapter of the group the Open Worldwide Application Security…

Source…

US regulators sue SolarWinds and its security chief for alleged cyber neglect ahead of Russian hack

/in


U.S. regulators on Monday sued SolarWinds, a Texas-based technology company whose software was breached in a massive 2020 Russian cyberespionage campaign, for fraud for failing to disclose security deficiencies ahead of the stunning hack.

The company’s top security executive was also named in the complaint filed by the Securities and Exchange Commission seeking unspecified civil penalties, reimbursement of “ill-gotten gains” and the executive’s removal.

Detected in December 2020, the SolarWinds hack penetrated U.S. government agencies including the Justice and Homeland Security departments, and more than 100 private companies and think tanks. It was a rude wake-up call that raised awareness in Washington about the urgency of stepping up efforts to better guard against intrusions.

In the 68-page complaint filed in New York federal court, the SEC says SolarWinds and its then vice president of security, Tim Brown, defrauded investors and customers “through misstatements, omissions and schemes” that concealed both the company’s “poor cybersecurity practices and its heightened — and increasing — cybersecurity risks.”

In a statement, SolarWinds called the SEC charges unfounded and said it is “deeply concerned this action will put our national security at risk.”

Brown performed his responsibilities “with diligence, integrity, and distinction,” his lawyer, Alec Koch, said in a statement. Koch added that “we look forward to defending his reputation and correcting the inaccuracies in the SEC’s complaint.” Brown’s current title at SolarWinds is chief information security officer.

The SEC’s enforcement division director, Gurbir S. Grewal, said in a statement that SolarWinds and Brown ignored “repeated red flags” for years, painting “a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information.”

The very month that SolarWinds registered for an initial public offering, October 2018, Brown wrote in an internal presentation that the company’s “current state of security leaves us in a very vulnerable state,” the complaint says.

Among the SEC’s damning allegations: An internal SolarWinds…

Source…