Octree Observer

  • UK shoppers lose workday picking up aftermath of cyber-crime

    by : Octree

    More than 12 million Brits (20 percent) have been victimised by cyber-criminals this past year

    UK consumers lost more than one full working day (nine hours) when dealing with the aftermath of online crime, costing roughly £134 each person or £1.6 billion across the country.

    "The fact that over a fifth of consumers have had their personal details stolen should come as no surprise – criminals seek money, consumers have it, and personal details are the online route to it. The criminals are entrepreneurial, well-resourced and technically able, so it is unrealistic to hope to prevent breaches," said Paul McEvatt, senior cyber-threat intelligence manager, UK & Ireland at Fujitsu.

    The Norton Cyber-Security Insights Report surveyed more than 1,000 UK consumers to shed light on the global impact of consumer cyber-crime. Brits are more likely to point fingers at foreign governments with 45 percent blaming them as the main guilty party of online crime. Two of every five Brits choose not to take time to change their account passwords after a security compromise. Over 10 percent of victims in the past year stated that their identity was stolen and one in seven had their financial information stolen after shopping online.

  • Are you serious about cyber-security? Security Serious Week opens

    by : Octree

    It's Security Serious Week, a campaign designed to bring industry experts together to make others more serious about cyber-security.

    My thanks to Max Metzger of SC Magazine for this news article.

    To mark the opening of Security Serious Week, the cream of UK cyber-security marshalled at London's St Katharine's Docks, to discuss the campaign as the opening salvo of an industry-wide effort to raise security awareness.

    Yvonne Eskenzi, one of the founders of the campaign, explained the drive behind it: “Security Serious is all about those that can't, learning from those that can – it's simple really. I plan to bring together our leading experts to convey their words of wisdom to those people and organisations who want to become more security savvy.”

  • Police nab 9 for allegedly spoofing bank employees in £60 million scam

    by : Octree

    UK police have arrested nine people over allegedly spoofing phone calls from victims' banks to drain them of a total of £60 million.According to a release from the Metropolitan Police, the gang fooled their marks into handing over confidential information by posing as bank employees on the phone.

    My thanks to Lisa Vas of Sophos for this article.

    UK police have arrested nine people over allegedly spoofing phone calls from victims' banks to drain them of a total of £60 million.

    According to a release from the Metropolitan Police, the gang fooled their marks into handing over confidential information by posing as bank employees on the phone.

    The UK gang was arrested on Wednesday after a series of coordinated raids on 14 addresses in Ilford, Watford, Slough and Scotland.

    Police had been investigating
  • What should business owners do on Monday morning?

    by : Octree

    Over the weekend there has been much publicised and printed regarding the recent breach at TalkTalk but we’ll leave it to the ongoing investigation by the appropriate authorities to report on the facts in due course.

    It has however raised calls by leading business organisations for urgent action to be taken to tackle cyber-crime with the Institute of Directors (IOD) claiming only “serious breaches” of crime make the headlines but attacks on British businesses “happen consistently”.

    Little over 12 months ago the UK Government launched a cyber hygiene standard for businesses called Cyber Essentials, by implementing Five Key Controls it is claimed that around 80% of cyber-attacks could be prevented if businesses implemented controls covering.....
  • Hackers use Windows 10 to install ransomware on computers

    by : Octree

    Crafty ransomware hiding as operating system upgrade installer

    Users have been warned not to fall for a scam that pretends to be a Windows 10 installer but in fact installs ransomware instead.

    The email scam was discovered by security researchers at Cisco. Hackers have sent out emails claiming to be from Microsoft with an email attachment. The scammers claim the zip file is the Windows 10 upgrade, but in fact is its origins are from an IP address in Thailand. The email colour scheme is very similar to the Windows 10 update app. It even goes as far as to say the message “has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.”

    The researchers said another red flag was several characters in the email message that haven't parsed properly, which could be due to the hackers using a non-standard character set.

  • 22 Advantages Of Cloud Computing

    by : Octree

    New to cloud computing? Looking for some evidence to prove that it’s worth your company’s time?

    You’ve come to the right place.

    Here’s a list of 22 cloud benefits, straight from experts in the cloud computing industry, to help you learn exactly what you can get when your company uses the cloud.

    1. Increased Flexibility
    Cloud-based remote servers have a vast capacity, which allows bandwidth needs to be met anytime, anywhere.

    “Cloud computing allows your employees to be more flexible—both in and out of the workplace. Employees can access files using web-enabled devices such as smartphones, laptops, and notebooks... In this way, cloud computing enables the use of mobile technology.” —Rick Blaisdell, Technical and Business Strategist

  • Businesses exposing confidential data to ex-employees

    by : Octree

    One third of IT decision makers say ex-employees are able to access systems after leaving

    Just under one third (32 per cent) of UK companies have admitted that people who've left their employ still have access to confidential files and systems, meaning their business could be wide open to a major security breach.

    However, the number is much higher in the US, where over half of all companies said outgoing employees were probably able to log into systems after leaving the organisation.

    Almost half of respondents to the research carried out by Centrify said they had the processes in place to 'offboard' leavers, the same number again have access rights and password knowledge that would allow them to break into systems up to a week after they cease working at the company.

  • How relevant is Cyber Essentials to your business proposition?

    by : Octree

    Now starting its second year, Cyber Essentials certification is quickly becoming recognised as an invaluable kite mark and roadmap for organisations wishing to improve their cyber-security.

    My thanks to Chris Stanley of MASS for this endorsement of the Government’s still relatively new security initiative aimed primarily at SME businesses, Cyber Essentials, for which Octree is already certified and employ accredited consultants for the standard.

    In 2011 the Cabinet Office called for the UK, by 2015, to “derive huge economic and social value from a vibrant, resilient and secure cyberspace”. As part of the National Cyber Security Programme, the government engaged with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop a set of technical controls. These controls would form the basis of a kite mark for ensuring business protected itself against cyber-attacks.

  • Companies Buy Good Security, But Fail to Deploy It Properly

    by : Octree

    Companies may be investing more in multilayered IT security solutions, as everyone says that they should, but once purchased those solutions are not being properly deployed.

    Thanks to Tara Seals of Infosecurity Magazine for this startling and revealing article.

    A Lieberman Software survey has revealed that companies are putting their customers’ data at risk because IT teams don’t have the expertise or time to deploy complicated IT security products.

    The results were a bit alarming; about 69 percent of respondents said that do not feel they are using their IT security products to their full potential. As a result, a staggering 71 percent of IT professionals believe this is putting their company, and possibly customers, at risk.

  • UK Employees download Apps and Porn despite warnings

    by : Octree

    Report highlights fact that British employees ignore IT and security best practices in favour of entertainment

    A new report commissioned by Blue Coat and carried out by Vanson Bourne finds that Britons continue to take cyber-security risks and ignore IT policy to download apps, open emails from unknown senders and even view adult content at work.

    The report, which takes in the views of 1580 employees across 11 countries, finds that one in three UK employees has downloaded apps without IT approval, even though two-thirds of these (66 percent – more than 300) knew that it was wrong.

  • 7 Common User Errors that will get you Hacked!

    by : Octree

    Common knowledge has it that users are the weakest link in the IT risk management world—particularly negligent or uneducated users.

    My thanks to Ericka Chickowsi of Dark Reading for this illuminating article. Beware the insider threat!

    It is widely accepted that users and their endpoints are the weakest link in the IT risk management world—particularly negligent or uneducated users. But how exactly are the bad guys exploiting this ignorance or lack of care to break into users' endpoints and corporate accounts? Many of their methods involve just a little bit of psychological influence because phishing and social engineering tend to play a part in most attacks. Here are a few of the worst ways users expose themselves.
  • New Tory Government Pushes Ahead With Snooper’s Charter

    by : Octree

    The controversial 'Snooper's Charter' surveillance law could be fast-tracked now that the Conservative political party has formed a majority government in the House of Commons.

    Officially known as the Draft Communications Data Bill, the law is expected to force UK internet service providers (ISPs) into keeping huge amounts of data on customers, and make this information available if requested by government and intelligence agencies.

    The last government tried to push the bill through in 2013, but this was subsequently blocked at the House of Commons by the Liberal Democrats, who were part of the coalition government at the time. There were later attempts to sneak the changes through, via amendments to the Counter-Terrorism and Security Bill, although this was also defeated, this time at the House of Lords.
  • It’s a fact: your employees are the biggest threat

    by : Octree

    A company's own employees are a significant factor in the majority of data breaches, either through malicious activity or avoidable mistakes

    A company's own employees are a significant factor in the majority of data breaches, either through malicious activity or avoidable mistakes, say two new studies, but companies aren't doing enough to address this issue.

    According to a recent survey by CompTIA, human error accounts for 52 percent of root causes of security breaches, while technology errors account for 48 percent.

    "The main reason that companies exhibit a low level of concern over human error is that it is a problem without an obvious solution," said the report. "A high level of concern over malware or hacking can be addressed with an investment in technology."

    But human error can only be addressed with training, and there are few metrics to evaluate the effectiveness of training, said the report, which was released just over a week ago.

  • FBI warns WordPress users of ISIS threat: Patch and update now

    by : Octree

    Anyone running a WordPress installation needs to be mindful of security, whether they are in charge of a corporate blog or simply running a pet project from home

    Once again thanks to the guys at Sophos for this rather sobering article on vulnerabilities associated with Wordpress, the very popular web development framework.

    The content management system, which powers around 20% of all the sites on the internet, is itself fairly robust, offering regular security patches and software updates to plug newly discovered vulnerabilities. But users themselves are often slow to react, failing to install updates as they become available, if at all.

    By the time you factor in the plethora of available plugins - developed by third parties to add additional functionality to the basic WordPress platform - there are many potential points of failure for an attacker to target.

    In fact, back in 2013, Sophos reported how over 73% of all WordPress installations were susceptible to attack, simply because they were running with known vulnerabilities that any hacker with a modicum of knowledge could detect via automated web tools.

    Add in the fact that many WordPress owners have palmed administration duties off to third parties - who may not prioritise their best interests as they would if it were their own site - and you have a situation in which site visitors, potential business partners and/or customers are placed at risk.

  • Cyber security clearly not a priority for SMBs

    by : Octree

    Just 16 per cent of SMBs consider improving their cyber security a priority, according to the government.

    According to new research carried out by Cyber Streetwise - a cross-government campaign, funded by the National Cyber Security Programme - small and medium sized companies are putting a third (32%) of their revenue at risk because they are falling for some of the common misconceptions around cyber security, leaving them vulnerable to losing valuable data and suffering both financial and reputational damage.

    Two thirds (66%) of SMEs don’t consider their business to be vulnerable, and just 16% say that improving their cyber security is a top priority for 2015.

    When asked if they agreed with some of the most common misconceptions around keeping their business secure online, over three quarters (78%) of small businesses believed at least one. These included the following myths:
  • Huge spam campaign drops Trojan on UK bank customers

    by : Octree

    A huge spam campaign has been installing the Dyreza banking Trojan on tens of thousands of UK computers, specifically targeting those with accounts at major banks.

    According to Bitdefender, an email phishing campaign has seen up to 30,000 malicious emails being sent in a single day and to customers of NatWest, Barclays, RBS, HSBC, Lloyds Bank and Santander. These malicious emails carry links to HTML files, which in turn direct users to URLs pointing to highly-obfuscated JavaScript code, which downloads the Trojan.

    The target is then directed to the webpage of a fax service provider as soon as the download is complete.

    This is part of a widespread campaign which has also affected major international banks such as the Bank of America, Wells Fargo, JP Morgan Chase in the US and Deutsche Bank and Axa Bank Europe in Germany. Banks in Romania and Australia have also been targeted.

    And apparently the malware - which is also called 'Dyre' - is very similar to the infamous Zeus Trojan. It installs itself on the user's computer and becomes active only when the user enters credentials on a specific site, usually the login page of a banking institution or financial service. Through a man-in-the-browser attack, hackers inject malicious JavaScript code, which allows them to steal credentials and further manipulate accounts – all in a completely covert way.

    18 February 2015 0 Comments Cybercrime
  • UK named and shamed as Europe's worst country for data breaches

    by : Octree

    Over one billion records were compromised last year as data breaches became a regular occurrence, especially in the UK

    The latest Breach Level Index from Gemalto's SafeNet revealed that the number of compromised data records increased by a staggering 78 percent to just over one billion in 2014, with data breaches also on the up, rising 49 percent year-on-year to 1,541 incidents.

    The report is particularly bad reading for UK businesses and their IT security departments, as it concluded that the country was the worst in Europe, and the second worst in the world, when it came to the sheer number of breaches last year.

    Citing high-profile examples such as Mumsnet, Moonpig and Axa Healthcare, Gemalto revealed that there were 117 breaches in the UK last year, compared to just 9 in France and 8 in Germany. To put this figure in context, there were 190 breaches in Europe as a whole, meaning the UK's portion accounted for over 60 percent.

    This figure put the country – whose Prime Minister David Cameron has been pushing for an end to encryption – second in the world, behind only the United States with 1,164 breaches in the last year. The US accounted for every three in four breaches (76 percent).

    Interestingly, while ‘malicious outsiders' were cited for over half of data loss incidents, a quarter were down to accidental loss, which significantly eclipsed the much-talked-about malicious insider (15 percent) and state-sponsored actors (4 percent). Hactivists were to blame for an even smaller portion than that.
  • Why small firms struggle with cyber security

    by : Octree

    The tidal wave of security threats is almost overwhelming for almost every business

    My thanks to Mark Ward, Technology Correspondent at the BBC, for this illuminating article.

    Keeping cyber thieves at bay is hard. They are busy, well-motivated and well-financed.

    Just one example serves to show just how prolific they are. Every day, come rain or shine, they crank out about 250,000 novel variants of viruses. Their vigour has helped them steal data from some really big companies, Target, Home Depot and eBay, in the last few months.

    And, what is a problem for the big companies is even more acute for the smaller firms. They have an even tougher time keeping the bad guys out.

    "They are exposed to many of the same attacks as much larger enterprises, yet they don't have the security expertise and resources available to those larger firms," said Maxim Weinstein, a security advisor at security firm Sophos.

  • What Price a Cyber Security Breach?

    by : Octree

    Hack to cost Sony $35 million in IT repairs

    Have you ever wondered what a data breach at your company is likely to cost you? In real tangible terms it may be investigation services, replacement equipment, improved security counter measures, more vigilant network monitoring. But what about the hidden and unknown costs – reputation, loss of business, legal and regulatory punitive measures?

    The Japanese media giant Sony Corporation has put an estimate to the damage caused by the massive cyberattack against Sony Pictures Entertainment last year -- US$35 million. This was just one of numerous attacks against Sony, including the now infamous Lizard Squad attack on Christmas Day that took down the Sony Playstation Network’s authentication servers.

  • Cybercrime is child’s play, it seems

    by : Octree

    How a 7-year-old girl hacked a public Wi-Fi network in 10 minutes

    So we all like the convenience of free Wi-Fi at a coffee shop or other public space – a welcome sign for millions of people every day who want to get some work done, make a video call, or just catch up on a bit of online shopping.

    According to research nearly two thirds (59%) of Britons regularly use unsecured Wi-Fi hotspots, with one in five (20%) doing so weekly or more to bank online (19%) shop (25%), send emails and documents (31%), and use social media platforms (50%). All of this activity could put their passwords, bank details, confidential information and their very identities in the hands of hackers. The survey found that sensitive data was often transferred when users logged on, with online banking and responding to emails two of the most popular habits to carry out when connected.

  • 90% of data breaches could be avoided

    by : Octree

    Online Trust Alliance advises a best practice approach to information security

    The Online Trust Alliance (OTA), the global non-profit organisation "with the mission to enhance online trust and empower users, while promoting innovation and the vitality of the internet", released its 2015 Security & Privacy Best Practices and Security & Privacy Risk Assessment guides last week.

    According to its analysis of “nearly 500 breaches reported in the first half of 2014", more than "90% could have been avoided had simple controls and security best practices been implemented."

Octree Cyber Essentials
Cyber security – don’t know where to start?
Talk to Octree, specialists in helping SMEs achieve Cyber Essentials status.
GDPR Survey

Recent Posts

Blog Categories

Blog Archive