Security Roundup: How to use the 'dark web' safely, cybercriminals target retailers

PCR takes a look at the latest security news in the channel
Author:
Publish date:
Social count:
0
1-pcr-security-shield-web.jpg

This week, NordVPN reveals how you can use the ‘dark web’ safely, Dimension Data explains why cyber attacks on retailers are on the rise, and more.

HOW TO USE THE ‘DARK WEB’ SAFELY

NordVPN has given advice on how to use Tor (a network that provides access to a ‘completely uncensored online experience’) safely.

Tor is growing in popularity with an estimated 2.5 million users daily. Although many government leaders have expressed their disdain over Tor’s existence, some acknowledge that it would be ‘technically impossible’ to shut down.

NordVPN says it is the ‘ultimate expression of internet freedom, and besides a small percentage of people using it for illegal activity, Tor Network is widely used by whistleblowers, activists, human rights fighters and journalists, and is easily accessible by simply downloading Onion browser.’

NordVPN, a VPN service provider, offers a special Tor over VPN feature, which it says makes users’ browsing activity completely safe. 

When using the TOR over VPN solution, user's data first goes to NordVPN server where it gets encrypted. Then the data travels to Tor Network where the data packets are randomly transmitted to multiple servers inside the Tor network and the data is encrypted again and sent out through different Tor exit nodes. After all this process, the request reaches the internet.

“Basically, it's such a safe privacy tool because user's online activity becomes routed into an encrypted tunnel, and their IP address is not an exit node anymore – it’s NordVPN’s server that becomes the exit node. Tor over VPN feature by NordVPN is very user friendly and easy to configure - the user doesn’t have to do much in order to access Onion websites - one click of a button will get them there,” said the firm.

CYBERCRIMINALS TARGET RETAILERS

New research published in Dimension Data’s NTT 2016 Global Threat Intelligence Report reveals that cybercriminals have shifted their focus from traditional financial markets, to targeting the retail sector.

Retail organisations experienced nearly three times as many cyberattacks as those in the finance sector, which was top of the list of cyberattacks on organisations in the 2015 report.

Matthew Gyde, Dimension Data’s Group Executive – Security, explained: “The retail and financial sectors process large volumes of personal information and credit card data. Gaining access to these organisations enables cybercriminals to monetise sensitive data such as credit card details in the black market, which validates that cybercriminals are motivated by the rewards of financial crime.”

IS CRYPTOCURRENCY AS A PAYMENT METHOD FOR RANSOMWARE COMING TO AN END?

Recent research from Andrew Brandt, security researcher at Blue Coat, has revealed a new type of ransomware that targets Android devices delivered through an exploit kit called ‘Towelroot’.

What is unusual about this attack is that the ransomware doesn’t threaten to encrypt the victim’s data. Rather, the device is held in a locked state where it cannot be used for anything other than delivering payment to the criminals in the form of two $100 Apple iTunes gift card codes.

The use of Apple iTunes gift card codes as payment for ransomware is something that hasn’t been seen before, said Brandt. Cryptocurrency is the defacto standard, thanks to its security benefits, is the method often demanded by cyber attackers when it comes to payment. However, it is something that a very niche population would know how to use and therefore limits the revenue potential for the attackers. This begs the question of whether attackers now going for ease of use over a less risky approach.

NEARLY 40% OF UK COMPANIES MORE SECURE THAN A YEAR AGO

SolarWinds has released the findings of a new survey that highlights significant improvements in IT security preparedness and effectiveness among UK organisations, including steps the most successful IT departments have taken to improve their security posture, but also demonstrates that the threat and consequences of security breaches remain.

“The most surprising finding of the survey is just how many UK organisations are less vulnerable today than they were a year ago, and, on a related note, how many have implemented security technologies and better security training,” said Mav Turner, director, business strategy, SolarWinds.

“While this is a sign the industry is trending in the right direction, it’s important for IT professionals to never get too confident in their organisations’ security posture, which could potentially result in overestimating one’s defences. After all, the findings also illustrate how high the stakes are – while less than one-third of UK organisations experienced a security breach in 2015, of those, 77 per cent store potentially sensitive customer data.”

CONSUMERS CLUELESS WHEN IT COMES TO IDENTITY FRAUD ADVICE

The National Audit Office recently reported that government funding of £20m had been allocated in 2014/15 to drive engagement and awareness of the cyber threat among SMEs and individuals.

Despite this investment, when given a list of UK organisations and campaigns linked to cybercrime support and education, only 13 per cent of British adults were aware of GetSafeOnline.org and 84 per cent did not notice any promotion of Safer Internet Day 2016 when it was advertised in February 2016. 

ALSO THIS WEEK

– F-Secure has signed a Memorandum of Understanding (MoU) with Europol’s Cybercrime Centre (EC3) that will allow for enhanced cooperation in the fight against the growing problem of cybercrime.

New Lifestyle Messenger app n-gage has launched claiming to be the most advanced and comprehensive messaging app available today, with more personalisation and privacy features than any other app.

– ALE, operating under the brand Alcatel-Lucent Enterprise, has announced it has added another level of protection against a growing range of vulnerability attacks. It has enhanced its already proven secure OmniSwitch portfolio of products via a technology partnership with LGS Innovations.

– PandaLabs has identified 20 million new malware samples in the first quarter of 2016

Related