Rogue Refrigerators and Critical Infrastructure

Several weeks ago, Proofpoint announced that their investigation of a major cyber-attack launched in late December 2013 uncovered the use of more than 100,000 malware-infected consumer devices as the source of malicious email. The devices included “home-networking routers, connected multi-media centers, televisions and at least one refrigerator”. As the Proofpoint announcement noted, this appears to…

The Danger of Denial

I was very surprised recently, in a conversation I had with someone I used to work with, to hear him remark that he didn’t think there is any such thing as stealthy, targeted attacks. His comment was something like “those warnings about APTs, targeted attacks, whatever you want to call them, is just a distraction…


Security Analytics and the OECD Security Guidelines

In 2002, the OECD (Organization for Economic Cooperation and Development) published a revision of their 1992 Security Guidelines, reflecting significant changes in information technology and information security during that 10-year period. The 2002 OECD Guidelines for the Security of Information Systems and Networks played an important role in fostering a “culture of security”, including through their influence on the ISO 27001 standard.

Workplace Security: Are You the Weakest Link?

As an employee at some company somewhere, you are probably putting your organization at risk every day – and you don’t even know it. Do you re-use the same password to login to multiple accounts? Are you visiting social networking sites and planning your upcoming summer vacation while at work? Have you ever logged in to check your work email from unsecured wireless hotspots? These are just some of the activities employees around the world do every day that seem relatively harmless, but could be putting their company at risk.

Calling IT Professionals: Addressing the Security Skills Gap

Art Coviello at RSA often refers to the skills gap in the number of Cyber security professionals in his keynotes. A UK National Audit Office report out today quotes it could take “up to 20 years to address the skills gap.” The truth is the number of IT and cyber security professionals in the UK has not increased in line with the growth of the internet and the NAO warns that the UK faced a current and future cyber security skills gap, with “the current pipeline of graduates and practitioners” unable to meet demand.

Europe’s new Cybercrime Centre (EC3) opens for business

The European Cybercrime Centre officially opened its doors this month based at the European Police Office in the Netherlands. According to a BBC report cybercrime in europe is estimated to cost €1.5 billion. The EC3′s focus is on illegal online activities carried out by organized crime groups — especially attacks targeting e-banking and other online financial activities, online child sexual exploitation and crimes that affect the critical infrastructure and information systems in the European Union.

Phishing: They Should Just Call It Catching

Online banking losses have increased 28% year-on-year. UK Cards offered some explanation quoting the fact that phishing attacks had increased by 199% over the past 12 months. The only reason I can think of why phishing attacks continue to rise is because fraudsters are still catching victims. Phishing is still a viable form of credential harvesting providing a meaningful return on investment for fraudsters.

The Natural Selection of Fraud

Evolution isn’t just about making things better but to adjust living creatures to their ever changing surroundings. Fraud in that sense is also adapting, but instead of searching for food like a giraffe, it adapts to obtaining as much money as possible. If money from one fraud chain depletes, it would adapt and create a different one.

Phishing in Season: A Look at Online Fraud in 2012

The results are in for the first half of 2012, and once again, phishing attack numbers mark a notable increase on the global scale. Compared with H2 2011, end of June numbers show a 19% increase as phishers heavily target the UK, U.S. and Canada – and their associated brands – with the same old online…

Rogue Mobile Apps, Phishing, Malware and Fraud

Mobile apps, and the content they provide, are the reason smartphones and tablets are so popular; recent statistics show that mobile users around the globe download over 67 million app every day! Although these numbers are staggering, security-awareness did not follow, and it was a matter of time – and only logical for cybercriminals – before online threats, such as phishing and malware, became a reality on mobile devices.