Credit card details stolen, ~70 million affected
Cyber criminals now have opportunities that were inconceivable just a few
years ago.
One graphic example of how sophisticated cyber criminals have become was
the security breach in Point of sale (POS) hardware that happened somewhere
between November 28th and possibly up to December 15th, 2013 at the US
retailer “Target”. It is still unknown
how many people were affected but the estimate is that around seventy million
customers had their credit card details stolen.
Despite constant headlines about security breaches, ranging from phishing to
wide-scale denial of service attacks, Cisco researchers suggest that we could be facing
"unprecedented growth" in advanced malicious attacks over the coming
year.
A year ago if someone had predicted that cyber criminals would lift
sensitive personal data from point-of-sale hardware on around one-third of the
U.S. population they probably would have been laughed
out of town, but it happened.
Internet of Everything:
Proofpoint Inc, a security-as-a-service provider based in Sunnyvale
California, has uncovered what may be the first proven IoT (Internet of Things) based cyber-attack involving household smart (i.e. internet
connected) appliances. The global attack campaign was initiated when criminals took over the ip addresses of 100,000 (not so) smart appliances and used these unsecured ip addresses to send more than 750,000
malicious email communications. The everyday consumer
gadgets were such humble things as home-networking routers, connected multi-media centres,
televisions and at least one refrigerator (seriously).
As the number of such connected devices is expected to grow to more than four times the number of connected computers in the next few years, proof of an IoT-based attack has significant security implications for both consumers and Enterprise.
As the number of such connected devices is expected to grow to more than four times the number of connected computers in the next few years, proof of an IoT-based attack has significant security implications for both consumers and Enterprise.
Talking about household appliances being taken over by cyber criminals or
terrorists was bad science fiction a year ago.
Now it’s happening, and we have
no idea what is in store for us next. Xbox motion sensors being used as spy cams?
Malware
Cisco's 2014 Annual Security
Report goes into detail about mobile malware and the users that were most
affected. Malware is short for "malicious software," meaning software
that is used solely to gain access to a private computer system. The study
found that 99% of mobile malware attacks were targeted at Android devices. On
top of this, users of Android devices encountered other forms of malware such
as phishing (stealing data), "like" jacking (tricking social media users into
"liking" a fake post), and thus causing a forcible redirect (websites that
take you straight to malware ads) This type of attack happened to 71% of android devices.
But to understand what’s happening, it's best to review how we got here.
Here are a some of the contributing factors.
Advanced mobile devices save time and money and make our lives easier, but at what cost? Given how new and novel consumer connected devices are it is unavoidable that they should also come with unanticipated weaknesses and inadequately defended
assets. Cyber criminals are increasingly targeting these type of Internet infrastructures
"with the goal of proliferating attacks across legions of individual
assets served by these resources."
Organised cyber-crime is getting better organised, with more fine-tuned
motivations and smart use of targeted analytic's, for example cyber-criminals focus on specific outcomes such as public versus private sector or financial rewards versus inflicting damage on reputations.
In mobile, approximately 99 percent of all malware targets Android
software with Java being the most
exploited programming language.
The Cisco report states that Malware is also being more directed toward critical
services such as oil, gas, and energy companies.
Based on a sample of 30 of the world's largest Fortune 500 company
networks, 100 percent of Malware attacks generated visitor traffic to Web sites
that host malware.
John N. Stewart, senior vice president and chief security officer for
threat response intelligence and development at Cisco, acknowledged in the
report that these observations collectively "paint a grim picture."
Regardless, he stressed that "to truly protect against all of these
possible attacks, defenders must understand the attackers, their motivations
and their methods – before, during and after an attack."
That type of security awareness requires a major rethink for most CIO’s
So what’s in it for BlackBerry?
The recent news that BlackBerry has secured a deal to provision 80,000
BlackBerry devices on the new US DOD MDM system was derided in some quarters as
insignificant and irrelevant. In terms
of handset sales the BlackBerry detractors are absolutely correct. 80,000 handsets is one 100th of
Samsung sales in Q3 2013, but that is not the real story here. What we have seen here is a significant boost
in confidence for John Chen, his team and his product. We have witnessed a US federal contractor
where security is non-negotiable saying to the world that BlackBerry is the device
of choice for keeping their data locked down. They have also, very importantly,
demonstrated by this move that they have confidence in the longevity of
BlackBerry as a business.
According to the Cisco report cyber criminals are focusing on oil, gas,
and energy companies. These services are
essential to society and theses providers take risks with mobile data at their (and our)
peril.
Cyber Criminals will look to take advantage of weakness. In
critical services such as power, Healthcare, Defence, Enterprise and law
enforcement cannot afford to gamble with data security.
BlackBerry cannot secure the worlds data but they can play a big part in securing
mobile data. Enterprise is beginning to
wake up from their BYOD dreams and realise that security is not a luxury it is a
necessity and given the confidence placed
in them by the US DOD they have proven that BlackBerry have the core competencies
to manage that security.
If there is one lesson that can be learned from the Cisco report it is
that the battle for security is moving from niche to mainstream and is becoming
the new battleground in the mobile space. Unlike the consumer battle where BlackBerry
lost catastrophically they have the tools to excel in this environment.
By his actions to date, John Chen understands
that fact very well.
Sources
http://www.marketwatch.com/story/cisco-annual-security-report-documents-unprecedented-growth-of-advanced-attacks-and-malicious-traffic-2014-01-16http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/http://www.proofpoint.com/about-us/press-releases/01162014.phphttp://www.businessinsider.com/nearly-all-mobile-malware-in-2013-targeted-android-devices-2014-1#ixzz2rAYHChirhttp://www.theverge.com/2013/12/9/5191338/nsa-gchq-videogame-spying-leaked-documentshttp://www.nextgov.com/mobile/2014/01/blackberrys-will-make-98-mobile-devices-new-defensewide-system/77105/http://www.telegraph.co.uk/technology/mobile-phones/10448819/Smartphone-sales-account-for-more-than-half-of-global-mobile-phone-market.htmlhttp://en.wikipedia.org/wiki/Core_competency
No comments:
Post a Comment