Lloyds Banking Services were hit by a massive 3-day long DDoS attack in mid-January, impacting millions of Lloyds, Halifax and Bank of Scotland customer’s ability to conduct online and mobile banking. Lloyds weren’t the only UK business hit with a major DDoS attack in January, web hosting firm 123-Reg was taken down by another large DDoS attack. It seems major DDoS attacks are set to continue in 2017, their scale and capability fuelled by the rise of insecure IoT devices popping online. I think large scale DDoS attacks will be a major menace to the UK national and financial infrastructure for the years to come.
For the first time ‘Cyber Crime’ statistics were included in the England and Wales crime survey, with over 3.6 million fraud cases and over 2 million computer misused offences recorded in 2016, which is more than the typical ‘physical world’ recorded crime. It is worth considering that not all cybercrime is reported in England and Wales, in my view the majority of UK cybercrime isn’t reported.
The latest Beazley Breach Insights Report predicts the number of Ransomware attacks will double again in 2017, and UK schools are the latest sector to become victims of Ransomware. With the growing ransomware threat in mind, the Malware Hunters Team produce an interesting breakdown of a new ransomware strain called FireCrypt this month, well worth a look if you are interested in how the bad guys create, evolve and use ransomware tools.
There are lessons for the UK call centre industry to learn from a US telemarketing firm, which had a database of 400,000 call recordings reportedly breached. These voice recordings were said to hold personal information and more concerningly debit/credit card information. This breach is a reminder of the importance of adequately securing call recording data with call centres, and of the Payment Card Industry Data Security Standard (PCI DSS) industry regulation requirement 3.2, which states debit/credit card “3 or 4 digit security codes”, known in the industry as Sensitive Authentication Data, is never permitted to be recorded or stored beyond the authorisation of the card payment transaction. This is a PCI DSS requirement that far too many UK call centre businesses turn a blind eye to. This strict requirement is there for a reason, as if fraudsters get hold of credit/debit card data with the 3/4 digit security code, they can instantly commit fraud without having possession of the customer’s payment card.
- Lloyds Online Banking Services taken down by Huge 3 day DDoS Attack
- Yahoo sale delayed following Security Breaches
- 3.6 Million Fraud Cases & 2 Million Computer Misuse offences a year – UK Crime Survey
- UK’s Largest Hosting Firm 123-Reg hit by DDoS Attack
- Fraudsters demand £8000 from UK Schools to Unlock Encrypted Data
- Royal & Sun Alliance fined £150K after Hard Drive Loss
- US Telemarketing Firm Leaks 400K Call Recordings, some containing Payment Data
- Thousands Warned they may be Victims of Rogue Webmaster
- Phone-Cracking Firm Cellebrite Hacked
- Microsoft release 1 Critical Patch for Adobe Flash Player
- WordPress updated to fend off SQL and XSS bugs
- Mozilla issues five critical patches for Firefox and Firefox ESR
Awareness, Education and Threat Intelligence
- Overview of the new FireCrypt Ransomware
- Zeus malware resurfaces as Zbot/Terdot, integrates legitimate apps
- KPMG Fraud Barometer Report – Leap in Cyber-Crime Court Case load in UK
- Ransomware Attacks will double in 2017 – Beazley Breach insights Report
- Tripwire Report: UK’s CyberSecurity Skills Shortage Gap Ranks 2nd Worst Worldwide
This is a Security Bloggers Network syndicated blog post authored by Dave Whitelegg. Read the original post at: IT Security Expert Blog