European Banks Need Better Phishing Protection

Phishing scams are big business, which is why we were shocked to read an article on BullGuard’s website.

It would appear as though European banks – those monoliths that we believe to be impenetrable to cyber-attacks and scams – are not doing enough to protect is from phishing scams.

We’ll let BullGuard fill you in:

Phishing scams and European banks

Up to a quarter of major European banks are not providing best practise phishing protection to their customers according to a survey from Sectigo, a cybersecurity analyst firm.

The firm looked at banking websites and rated them based on the presence of SSL certificate verifications provided by a Certificate Authority (CA), which confirm that a website is authentic and legitimate.

  • Each bank’s website was rated according to the type of certificate used to secure the home and login pages for the bank’s online banking service.
  • Full marks were awarded for the presence of Extended Validation (EV) SSL certificates and the maximum level of identity verification on the home and login pages.
  • Websites without an EV certificate on the home and/or login pages received a lesser rating.

An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the organisation that provides the sites/software are who they claim to be.

In Europe, 25% of banks did not receive the highest rating, but thankfully, there wasn’t one single bank that warranted a ‘not secure’ status.

What does this mean in practice? 

Cybercriminals often create counterfeit websites to trick people into unknowingly providing valuable information such as account logins, credit card numbers and personally identifiable information that can be used for identity theft.

  • A website using an EV SSL Certificate displays security indicators directly in the browser address bar, such as a padlock, HTTPS, and the verified company name and country.
  • A website that doesn’t display these signs suggests it’s a counterfeit website or as the Sectigo survey shows, a bank that isn’t paying full attention to its online presence.

User advice

Given the widespread use of phishing campaigns and counterfeit web pages it’s recommended that you check the following points when logging onto a site in which you might make a payment or enter sensitive data:

  • Look for the full company name at the left of the address bar to ensure the site is legitimate.
  • Don’t enter credit card numbers, personal information, logins, or other sensitive data on any web page that is not secured with a certificate that is, displaying a padlock in the browser bar.
  • Avoid clicking on links in emails that you weren’t expecting and which attempt to get you to enter personal information. These are typically phishing emails.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.  

 

Cyber Attacks – What Happened In 2017 and What’s In Store For Us This Year?

Cyberattacks

 

2017 was quite a year for cyber attacks. According to Hackmageddon.com, every month saw dozens of serious cyber attacks affecting the personal information of billions of internet users worldwide.

Shocked? We were too.

We were too.

BullGuard outlined some of the biggest ones in a recent blog post.

WannaCry

The WannaCry ransomware spread through 150 countries affecting more than 300,000 computers including the UK’s National Health Service, FedEx, rail stations, universities, car manufacturers and a national telco.

It spread rapidly because of a worm-like component expedited by a large number of organisations using unpatched XP operating systems.

It was considered among the worst breaches of all time because of the amount of sensitive information that was taken.

Yahoo

Yahoo dropped a bombshell in August 2017 announcing that every one of its three billion accounts was hacked in 2013.

This was three times what was first thought to be the case. According to the former Yahoo CEO Marissa Mayer, the company only found out about the breach in 2016 when it reported that 1 billion accounts were hacked.

The company still doesn’t know who was responsible.

National Security Agency

The National Security Agency (NSA) is responsible for spying on other countries and mass surveillance of its citizens.

As you would expect, it has an arsenal of cyber tools for hacking into foreign banks, infrastructure, government departments, etc. However, a group of hackers called Shadow Brokers leaked a suite of hacking tools widely believed to belong to the NSA, which were then used in some of the year’s most significant global cyber attacks, including Wanna Cry.

How embarrassing!

Uber

Back in 2016, hackers stole the data of 57 million Uber customers. The company paid the hackers $100,000 to cover it up. The breach was only made public in November 2017 by the new Uber CEO Dara Khosrowshahi.

It also turns out that Uber was also playing on the other side of the fence too. A former member of Uber’s security team recently revealed details about a secretive unit within Uber dedicated to stealing trade secrets, spying on competitors, using self-destructing messages and dodging government regulators.

What can we expect in 2018?

It doesn’t take a rocket scientist to work out that a prime target of the hackers is going to be the Internet of Things.

Smart devices face the same cybersecurity challenges as your desktop PC, laptop and smartphone. The only difference being that smart devices are attached to real things in the real world.

As BullGuard reports:

“When someone hacks a PC, personal data is at risk. But when someone hacks a robotic manufacturing arm that entire manufacturing line is at risk, if someone hacks a medical monitor a patient is at risk, if some hacks a smart lighting system that smart home is at risk.”

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: BullGuard

2017 Will See More Advanced Cyber Attacks Says Panda Security

Cyber attacks

 

Cyber attacks are getting more sophisticated. Hardly a month goes by without another report such as the one that recently hit the NHS.

Companies are being warned to be more and more vigilant as the cyber criminals find new ways of infecting their increasingly connected worlds.

To look at this further and identify the potential weak spots that could be targeted in 2017 and beyond, Panda Security has ranked the most popular attacks of the year and analysed their evolution.

Cybercrime

Cybercriminals focus their efforts on those attacks which can rake in the most profit, using more effective tactics and professionalising their operations in a way that allows them to make quick and easy money in an efficient manner.

Ransomware

This Trojan Horse will take centre stage with regard to cybersecurity and will cannibalise other more traditional attacks that are based on data theft. The pursuit of profit is the primary motivation of cybercriminals, and ransomware is the simplest and most effective way to achieve this. Some things never change: victims of this hijacking malware will have to decide whether to pay, or not, to recover their data. Of course, paying the ransom does not guarantee the total recovery of stolen data.

Companies

The number of attacks directed at corporations will increase, as these attacks become more and more advanced. Companies are already the prime target of cybercriminals, as their information is more valuable than that of private users.

Internet of Things (IoT)

The next cybersecurity nightmare. The technological revolution has ushered in the complete integration of smaller devices into the grid, which can be converted into entryways into corporate networks.

DDoS Attacks

The final months of 2016 witnessed the most powerful DDoS (Distributed Denial of Service) attacks in history. These attacks were carried out by bot networks that relied on thousands of affected IoT devices (IP cameras, routers, etc.). 2017 will see an increase in this kind of attack, which is typically used to blackmail companies or to harm their business (by blocking web access, online shopping, etc.).

Mobile Phones

Focusing on one single OS makes it easier for cybercriminals to fix a target with maximal dissemination and profitability. Android users will get the worst of it in the next 12 months.

Cyberwar

The precarious situation with regard to international relations can have huge — and serious — consequences in the field of cybersecurity. Governments will want access to still more information (at a time when encryption is becoming more popular), and intelligence agencies will become still more interested in obtaining information that could benefit industry in their countries. A global situation of this kind could hamper data sharing initiatives in the next year.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Panda Security

Panda Security Warns of More Advanced Cyber Attacks in 2017

Cyber Ransomware

 

Cyber security continues to be a hot topic, and 2017 is unlikely to be any different.

Panda Security has done an interesting piece of work. They have looked at the most popular cyber attacks of last year and analysed their evolution to see what could be in store in 2017.

Here’s what they found.

Cybercrime

Cyber criminals are interested in one thing – finding the attacks that rake in the most profit and exploiting them to the max. Their increasingly effective tactics and professionalisation of their operations is what is allowing them to make quick and easy money in an efficient manner.

Ransomware

As mentioned, profit is the driving force behind cyber crime, which is why ransomware is a firm favourite. It is the simplest and most efficient way to achieve this. Victims of this hijacking malware face a decision; should they pay or not, to recover their data. Of course, it’s important to bear in mind that paying the ransom does not guarantee the total recovery of stolen data.

Companies

Attacks on large corporations are set to increase. The information stored by businesses is far more valuable to cyber criminals than that of private users, so it’s vital that companies remain vigilant.

Internet of Things (IoT)

Greater connectivity is a Godsend for cyber criminals. This technological revolution has led to the complete integration of smaller devices into the grid, which are converted into entryways into corporate networks.

DDoS Attacks

At the end of 2016, we saw the most powerful DDoS (Distributed Denial of Service) attacks in history. Carried out by bot networks, they relied on thousands of affected IoT devices (IP cameras, routers, etc.). This type of attack is likely to increase in 2017, which is typically used to blackmail companies or to harm their business (by blocking web access, online shopping, etc.).

Mobile Phones

Focusing on one single OS makes it easier for cybercriminals to fix a target with maximal dissemination and profitability. Android users will get the worst of it in the next 12 months.

Cyberwar

The precarious situation about international relations can have enormous consequences in the field of cyber security. Governments will want access to more information (at a time when encryption is becoming more popular), and intelligence agencies will become more interested in obtaining information that could benefit industry in their countries. A global situation of this kind could hamper data sharing initiatives in the next year.

If you think this paints a bleak future, you could be right, but only if you fail to take precautions to protect your data. To put your mind at ease, get in touch, and we’ll talk you through your options to make sure you have a trouble free future.

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Panda Security

 

How Protected is Your Company?

keep data safe

 

One of the biggest headaches you face is keeping your business data safe from prying eyes.

You might think that because you’re not one of the big global players no one would bother about hacking into your systems, but cyberattacks on small businesses are becoming more common.

Data is big business and your clients rely on you to take every possible precaution to keep their personal information safe, so you owe it to them to make sure you’re covered.

Chinks in Your Armour

If you’re reading this thinking, “this doesn’t apply to me, I’ve got it covered,” think again.

Did you know that 25% of tablets and 35% of smartphones used in businesses are not equipped with security software?

Can you in all honesty say you’ve got 100% coverage?

This gap is leaving businesses vulnerable to all sorts of infections and attacks because they can come from anywhere at any time:

  • 39% come from accessing unsecured websites
  • 23% from downloading programs from the internet
  • 19% of malware comes via email

Those are some pretty scary statistics.

So what can you do to protect your business from such attacks?

Small Business Protection

You can protect your business without it costing the earth.

After scouring the marketplace, we recommend that our clients use Panda Security’s Small Business Protection.

It doesn’t cost the earth and offers lightweight, powerful antivirus protection for both new and older PCs. You can download it and enjoy complete protection without having to ask for technical assistance.

They’ve even produced this infographic to help illustrate the benefits of the product. We hope you find it useful.

Panda Security Small Business Protection

For more information about the product, get in touch and we’ll tell you everything you need to know.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.