Each week on PCR we are inundated with security news, and this week was no different. But a lot of the research and reports coming into our inboxes of late have featured two particular themes – holiday shopping and IS cyber attacks.
What an IS cyber attack on the UK might look like
In light of the recent and horrific terror attacks that Islamic State has claimed ownership of, the British government is set to double UK cyber-crime funding.
Catalin Cosoi, chief security strategist at Bitdefender, has offered up his insight into what an IS cyber attack might look like and what defences must be improved.
“A cyber-attack from Islamic State could have devastating consequences for British businesses and infrastructure. As organisations continue to deploy innovate technologies to increase productivity, the number of attack surfaces is increasing and leaving business exposed.
“A possible worst-case scenario is the crippling of all communication and critical infrastructures, ranging from mobile phone to water supply, electricity, and gas. This could be co-ordinated alongside a physical tactical assault, as disrupting any form of communication or internet-connected technology could be used as a serious tactical advantage on the ground.”
How online retailers can avoid becoming the victim of a cyber attack
With online retailers’ sites becoming a treasure trove of personal data over the Christmas shopping period, they must ensure their sites are prepared to deal with the strain.
Here are Blue Coat top tips for retailers who want to ensure their website runs smoothly over the holiday season:
– Online retailers must boost the security of their network ahead of Cyber Monday. This can be achieved through the use of Advanced Threat Protection solutions, which can proactively prevent and detect against sophisticated threats.
– Retailers should inform customers of how to stay safe online, by telling them to not click on any links that don’t look legitimate or open any file attachments they weren’t expecting.
– Businesses must prepare for the worst and address the potential threat by having an incident response team on board. This will help the way an organisation responds to a crisis, like a data leak.
Hackers targeting smart TVs over the holiday season
New research from Symantec has uncovered a number of ways cybercriminals can trick people into infecting their smart TVs with malware, allowing them to mine for personal data, host click-fraud botnets and even hold the TV for ransom.
Smart TVs are set to be a top selling item for Black Friday and are growing in popularity. Their connectivity to other devices in a home make smart TVs an attractive target for attackers.
“Ransomware attacks, which increased 113 percent last year, are an especially prevalent threat that can infect any connected device – TVs, smartphones, tablets, smartwatches, etc. – so it’s important that people understand how to protect any new devices they purchase this holiday,” said Symantec.
You can read the firm’s blog post on how to guard yourself against smart TV malware here.
Malware and spam campaigns aim to catch out retailers and shoppers during the run-up to Christmas
This year’s Black Friday internet sales are set to be the biggest in retail history, with analysts expecting them to surpass £1bn over 24-hours.
While online fraud has become increasingly common all-year-round, Kaspersky Lab is warning that the country is likely to experience a high level of cybercriminal activity over this popular shopping period – urging Christmas bargain shoppers to be alert.
“It’s important to be aware that online fraud comes in many shapes and sizes,” said David Mole, head of Retail at Kaspersky Lab. “One of the most popular methods to target consumers is the use of phishing emails – targeting consumers with tailored emails with the aim to get them to click on a malicious link. These types of emails are increasingly common when money is the outcome.”
Point of Sale malware is gaining momentum as holiday shopping season approaches
Mark Bower, global director, Enterprise Data Security for HPE Security, has commented on a new rash of point of sale (POS) terminal malware, including Abaddon, identified just as the holiday shopping season gets underway.
“Point of sale (POS) systems – what consumers often call the checkout system – are often the weak link in the chain and the choice of malware. They should be isolated from other networks, but often are connected. A checkout terminal in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data,” said Bower.
“Risks of theft from point of sale (POS) malware like Abaddon is totally avoidable. The good news is that savvy merchants are already tackling this risk and giving the malware nothing to steal through solutions that also have a dramatic cost reducing benefit to PCI compliance. Encrypting the data in the card reading terminal ahead of the POS eliminates the exposure of live information in vulnerable POS systems.
“If it’s GammaPOS, Abaddon, Dexter or other variations of malware designed to steal clear data in memory from POS applications, resulting in the loss of magstripe data, EMV card data or other sensitive data exposed at the point of sale, the attackers get only useless encrypted data.
“No live data means no gold to steal. Attackers don’t like stealing straw.”
In other news:
– Cryptzone has announced its ‘Segment of One’ solution for cloud and hybrid environment access control, which aims to reduce attack surfaces by up to 95 per cent.
– Trend Micro has found that security breaches impacting the healthcare industry were prevalent in Q3.
– NTT Com Security has discovered that quarter of online users would continue to use a site that has suffered a data breach.
– myPINpad has found that 69 per cent of consumers feel secure shopping in-store thanks to Chip and PIN, while 90 per cent said they would use PIN while shopping online if it was available.
Throughout November, PCR is running a dedicated Sector Spotlight on Security – Click the logo below for more articles
Image source: Shutterstock