Monthly Archive June 2015

PCI Breach Trend Report June 2015

In the last twelve months, Security Risk Management (SRM) ltd has been contacted by over 65 companies legally required to seek assistance in securing data breaches. The largest number of cases (38%) came from specialist online retailers and clothing retailers (27%).

The majority of businesses affected with a breach were at the small end of the business scale. Where figures have been released, the average number of cards affected per breach was 850 on average.

The most common attack method was through Remote File Inclusion (RFI), a method of running malicious code on a victim’s system, providing the intruder with unrestricted access and enabling them to steal sensitive information and execute malicious actions.

Trend Report Businesses Affected

 

SRM delivers Managing Cyber Threat lecture to City lawyers

Last month, Tom Fairfax, Managing Director of Security Risk Management Ltd joined forces with Robert Newcombe, Barrister with Dere Street Barristers, to deliver a talk on Managing Cyber Threat. The event took place in Church Court Chambers near Lincolns Inn, London, with the speakers addressing an audience containing a number of leading barristers and solicitors in their fields.

Tom Fairfax talked on practical ways to manage the cyber environment while Rob, who specialises in cyber cases, provided the legal perspective. This lecture combination was first delivered by Tom and Rob in November 2012.

Tom Fairfax said: “It was noted by several people, that whilst the practical cyber environment has changed significantly over the past 3 years, the legal position is relatively unchanged. While this might be evidence of excellent drafting of legislation, it also highlights a challenge for society based on the fact that the technological environment is evolving so much faster than the control and governance environment we have created to manage it.

“There has also been a significant shift in emphasis from perimeter protection to incident response over the past decade, acknowledging the fact that organisations increasingly see cyber incidents as issues that must be managed rather than things which can be avoided.”

Information Security Breach Report – 02 June 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Angler Exploit Kit Loads Up CryptoWall 3.0, Flash Flaw – http://www.infosecurity-magazine.com/news/angler-exploit-kit-loads-up/

Blue Coat Fixes Several Flaws in SSL Visibility Appliance – http://www.securityweek.com/blue-coat-fixes-several-flaws-ssl-visibility-appliance?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Over 1,000 Vietnamese websites hacked by Chinese during weekend: report – http://www.thanhniennews.com/tech/over-1000-vietnamese-websites-hacked-by-chinese-during-weekend-report-45148.html

DYRE Banking Malware Upsurges; Europe and North America Most Affected – http://blog.trendmicro.com/trendlabs-security-intelligence/old-banking-malware-resurfaces-europe-north-america-most-affected/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29

Now Twitter and Snapchat get stung by the iPhone text crash – http://www.hotforsecurity.com/blog/now-twitter-and-snapchat-get-stung-by-the-iphone-text-crash-11888.html

Grabit Espionage Campaign Steals Thousands of Files From SMBs – http://www.eweek.com/security/grabit-espionage-campaign-steals-thousands-of-files-from-smbs.html

eBay bug turns phishing email links into malware-stuffed booby prizes – http://www.theregister.co.uk/2015/05/23/beware_forms_that_arent_ebay_hit_by_serious_security_problem/

Sally Beauty: Cybercriminals Planted Malware on PoS Systems for 6 Weeks – http://www.securityweek.com/sally-beauty-cybercriminals-planted-malware-pos-systems-6-weeks?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

More than 60 undisclosed vulnerabilities affect 22 SOHO routers – http://seclists.org/fulldisclosure/2015/May/129

 

Miscellaneous Infosec stories:

Tackling the human problem of security – http://www.itnews.com.au/Feature/404650,tackling-the-human-problem-of-security.aspx?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

Business Risks Associated With Data Breaches – http://www.addrenal.com/groups/business-risks-associated-with-data-breaches/

Retail sector falling short in customer data protection – http://www.itproportal.com/2015/05/30/retail-sector-falling-short-customer-data-protection/

On Reflection: Don’t bring cyber crime in through the back door – http://www.windpowermonthly.com/article/1349274/reflection-dont-bring-cyber-crime-back-door

Number of Botnet-Powered DDoS Attacks Dropped in Q1: Kaspersky – http://www.securityweek.com/number-botnet-powered-ddos-attacks-dropped-q1-kaspersky?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

How a hack on Prince Philip’s Prestel account led to UK computer law – http://www.theregister.co.uk/2015/03/26/prestel_hack_anniversary_prince_philip_computer_misuse/

UAE firms targeted by cyber spying – http://gulfnews.com/business/sectors/technology/uae-firms-targeted-by-cyber-spying-1.1527377

CESG launch new Certified Cyber Security Consultancy scheme for government and industry – http://www.gchq.gov.uk/press_and_media/press_releases/Pages/CESG-launch-new-Certified-Cyber-Consultancy-scheme.aspx

Surfing porn, downloading apps: Employees ignore obvious cyber risks at work – http://www.firstpost.com/business/surfing-porn-downloading-apps-employees-ignore-obvious-cyber-risks-work-2274786.html

Protecting banks from the coming data breach liability storm – http://www.easier.com/130347-protecting-banks-from-the-coming-data-breach-liability-storm.html

 

Tools, Tips and How it’s done:

The cyber security expert Michael Fratello has made a detailed analysis of the locker ransomware that implements a unique delivery mechanism – http://securityaffairs.co/wordpress/37325/malware/locker-ransomware-analysis.html

Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems – http://www.rand.org/pubs/research_reports/RR620.html

10 Rules for Writing Safety Critical Code – http://spinroot.com/p10/

Malvertising Assaults Result in Attack Toolkit Magnitude and Ransomware says Zscaler – http://securitynewswire.com/latestsecuritynews/mobile_article.php?title=Malvertising_Assaults_Result_in_Attack_Toolkit_Magnitude_and_Ransomware_says_Zscaler

Technical analysis of Hola vulnerabilities enabling cyber attacks – http://blog.vectranetworks.com/blog/technical-analysis-of-hola

The vulnerable Border Gateway protocol, a quick-fix solution from 1989, still directs most internet traffic – http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/

5 things you need to do to maintain your professional online hygiene – https://www.linkedin.com/pulse/5-things-you-need-do-maintain-your-professional-online-yotam-gutman

Shady Ad Network Using “Camo Sites” – https://www.bluecoat.com/security-blog/2015-05-30/shady-ad-network-using-camo-sites

The Importance of Operational Security and User Education – http://securityaffairs.co/wordpress/37368/security/operational-securit-user-education.html

What enterprise should do when helpless employees lose hope in fighting cyber attacks – http://www.networksasia.net/article/what-enterprise-should-do-when-helpless-employees-lose-hope-fighting-cyber-attacks

 

Miscellaneous Privacy stories:

Why you shouldn’t worry about privacy and security on your phone – https://nakedsecurity.sophos.com/2015/06/02/why-you-shouldnt-worry-about-privacy-and-security-on-your-phone/

Lower Merion School District explains the 56,000 Webcamgate shots – http://www.forbes.com/sites/kashmirhill/2010/04/22/lower-merion-school-district-explains-the-56000-webcamgate-shots/

Haunted by a stranger who stole my life online – http://www.dailymail.co.uk/femail/article-3105080/Haunted-stranger-stole-life-online-imposter-used-executive-s-photos-create-fantasy-life-duped-falling-fake-woman.html

Jennifer Newman: What employers look for when checking your Facebook, LinkedIn – http://www.cbc.ca/news/canada/british-columbia/jennifer-newman-what-employers-look-for-when-checking-your-facebook-linkedin-1.3094131

Unmasking hidden Tor service users is too easy, say infosec bods – http://www.theregister.co.uk/2015/05/30/researchers_claim_tracking_hidden_tor_services_is_easy/

Data breach liability: confidentiality vs. privacy – http://www.databreaches.net/data-breach-liability-confidentiality-vs-privacy/

 

Safeguarding Children and School E-Safety stories:

Filmed on Skype… the chilling exchange between reporter posing as a child and Islamic State fighter from London – http://www.dailymail.co.uk/news/article-3094448/Filmed-Skype-chilling-exchange-reporter-posing-child-Islamic-State-fighter-London-told-pick-going-picking-wife.html

Internet celebrities speak out against cyber bullying – http://www.3news.co.nz/nznews/internet-celebrities-speak-out-against-cyber-bullying-2015053115#axzz3bvBj1eI1

Students make lecturers life a ‘misery’ – http://m.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11458573

Whose privacy matters most? – http://www.csoonline.com/article/2928700/privacy/whose-privacy-matters-most.html#tk.rss_all

 

If you would like this report sent direct to your inbox, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM Blog

SRM Blog