Some of the top security stories from this week

Security roundup: ISIS attacks WordPress sites, GCHQ’s smartphone clampdown

PCR has rounded up some of the biggest security stories from the past seven days.

ISIS hacks

Many websites are being hacked and defaced with ISIS flags.

Nimrod Luria, Israel Defense Forces security veteran and CTO and co-founder of Sentrix, the website protection company, commented: "The sites appear to have one thing in common: they are all built on the WordPress content management platform.

"According to NBC, the alleged ISIS attacks were made by mainstream hackers who used the ISIS names to gain attention. They executed a defacement attack, in which hackers change the appearance of a web page. Defacement is executed via a Web-based attack such as a SQL injection, which introduces malware to change the site’s its appearance or by malware introduced from inside the network; for example: an employee distributing it from a flash drive. The malware then scans the internal network for web servers and once found, it changes their IP to the attacker’s server IP, directing visitors to the attacker’s servers."

GCHQ wants to strip staff of smartphones

Businesses have been advised by GCHQ to confiscate smartphones and memory sticks from employees to minimise cyber attacks.

Phil Beckett, partner at corporate forensic investigation and e-disclosure experts Proven Legal Technologies has commented on the news.

"Cyber attacks are not limited to large organisations and critical infrastructure companies; they actually pose a ‘clear and present danger’ to organisations of any shape or size," he said. "It is therefore crucial that companies tighten up their data security across the board, leaving no area of the business vulnerable to data loss. 

"The proliferation of Bring Your Own Device (BYOD) policies has resulted in potential risks to all businesses, as the segregation between business and personal data becomes more and more hazy. As such, by inviting personal devices into the office – and then allowing them to leave again, often containing confidential information – firms may actually be compromising their intellectual property as well as their security."

Cloud apps used without permission

More than two thirds (67 per cent) oforganisations admit that unauthorised cloud applications are being implemented without IT’s knowledge or involvement, and correspondingly pose a security risk to the business, according to a poll by Centrify. 

Barry Scott, CTO EMEA at Centrify, said: "It probably seems like an easy solution for people looking to cut corners and avoid having to go through the formal process of getting IT approval.

"The problem is that so much cloud-based software is easily available and requires no IT skills whatsoever to manage, so staff are just are just downloading the tools they like or that will help in their work, without considering the risks."

Kaspersky Phound! For lost phones

A survey of Internet users has found that one in 20 consumers have lost their smartphone or tablet as a result of carelessness or theft.

To ensure that any sensitive data on these devices doesn’t fall into the wrong hands, Kaspersky Lab has released Phound! – a free Android app which enables users to find a lost gadget quickly and keeps any valuable information stored on it safe from prying eyes.

Cyber risks cause concern in the shipping sector

Reliance on connected technology could cause problems for the shipping industry in the future, as hackers targeting ships and ports may cause interruption costs, notwithstanding liabilty or reputational losses.

Captain Rahul Khanna, said: "Cyber risk may be in its infancy in the sector today, but ships and ports could become enticing targets for hackers in future. Companies must simulate potential scenarios and identify appropriate mitigation strategies.

"A cyber-attack targeting technology on board, in particular electronic navigation systems, could possibly lead to a total loss or even involve several vessels from one company."

34 per cent of businesses don’t have data breach response plan in place

Research from Experian found that only 23 per cent of companies that have a plan in place in case of a data breach include specialist crisis comunications, and just 27 per cent have legal support.

34 per cent of the 400 senior business execs admitted that they don’t have a plan in place at all.

Less than half have data breach of cyber insurance policies, and even if they did 39 per cent said there was no reporting procedures prepared for lost data or devices.

Jim Steven, head of data breach services at Experian, said: "We have already reached a situation where the cost of lost business following a breach accounts for almost half of the overall financial impact.

"The financial ‘halo effect’ has grown rapidly over recent years and will continue to do so. This is an issue that businesses simply cannot afford to ignore."

Twitch forces users to change password following hack

Livestreaming service Twitch confirmed that it suffered a security breach that may have seen some users’ accounts accessed.

Twitch said in a blog post: "We are writing to let you know that there may have been unauthorized access to some Twitch user account information.

"For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account.

"We also recommend that you change your password at any website where you use the same or a similar password. We will communicate directly with affected users with additional details."

Check Also

CompTIA introduces new cybersecurity advisory council

CompTIA has formed a new Cybersecurity Advisory Council, comprised of 16 experts from a multitude …