Connect with us

Tech News

2014 was a golden year for cybercrime

Published

on

2014 was not a good year for keeping things safe under digital lock and key

Cast your mind back to March, everyone was panicking about the HeartBleed bug. Based on an error in code upon which the majority of the world’s secure servers relied, experts had plenty of time to fix the issue. Sadly there was an array of conflicting information about changing passwords, leading to widespread confusion. While most IT administrators made sure this was managed in a professional manner, it created a stir that seemed to set the tone for the year.

In May, online auction giant Ebay admitted to having been compromised. The site said its systems, with personal details of tens of millions of users, may have had been vulnerable for months. Everyone was advised, indeed forced, to change their password.

In the same month, iPhones were hijacked and their owners blackmailed by the cunning Oleg Plissransomware, locking phones and threatening to delete data unless cash was paid.

In this case, the criminals managed to acquire a database of usernames and passwords, maybe via HeartBleed, and cracked the passwords. As it’s well-known that many users reuse the same passwords for many accounts, the Oleg Pliss attackers searched for iCloud email accounts and simply stepped through their list of passwords until they were successful. Then they remotely locked the phones and demanded a ransom. What was clever about this attack is that it targeted the weak link – lax security among humans – rather than the tough target, the security of the iPhone itself.

Already 3-0 to the cybercriminals by half-time, it wasn’t looking too good for Team Cybersecurity. In June there was finally a score for law enforcement: Gameover Zeus, a prolific botnet, was brought down through a combined operation from the FBI, UK National Crime Agency and other international agencies. It gave security experts time to hose down their systems, upgrade security measures and re-group, knowing that it would be weeks before this botnet could rally.

The most popular mobile phone and tablet operating system, Android did not have a good year. With the most mobile malware, Android is seen as a system that needs to clean up its act, with vulnerabilities exploited through text messages, and potentially revealing intimate details left behind on second-hand devices that had been supposedly wiped.

In July, the focus was back on Apple’s iOS phone operating system, in which a back door was discovered, proving a major embarrassment for the company. It’s interesting that the subsequent release of iOS, version eight, brought full encryption to the phone, suggesting that Apple has tried to fill this hole – much to the annoyance of some national security agencies.

September arrived with a bang, as dozens of celebrities found naked pictures of themselvesposted online. The issues earlier in the year that proved the potential to gain access to iCloud accounts had been realised, with the images stripped not from the phones themselves but from the iCloud accounts linked to them. Apple’s response was to generate a notification following any access to an iCloud account – but that may be too little too late if an intruder has already copied your more intimate snaps.

Later the same month, the discovery of the Shellshock bug makes it 7-1. This was a another issue arising from decades old code in the Bash shell software, since incorporated into millions of computers and embedded devices worldwide. It’s ironic that, after years in which Microsoft Windows was regularly compromised, 2014 was the year in which the heat was turned on open source systems like Linux.

As November came around we witnessed a spectacular own goal, when a particularly complex and aggressive malware, Regin, was alleged to be the product of Western intelligence agency experts. Of course, nobody has come forward to take the credit – but it’s clear that there are very capable cybersecurity or cybercriminal experts out there who have the time and resources to create bespoke attacks for their own ends.

December brings the season for joy for many – but not for Sony Pictures, which suffered an attack that leaked unreleased films online, posted embarrassing internal emails for all to see, and brought the company’s internal systems to their knees. Perhaps most embarrassing is that this seems to bebecoming a habit for Sony Corporation.

Come Christmas Day, the servers supporting the XBox and PlayStation online gaming platforms were hacked.

All in all, such a 10-1 thrashing points to an eventful year, and unfortunately leaves no doubt that the criminals have the edge, leaving the security experts nursing their own goals and playing catch up.

source:http://mybroadband.co.za/news/security/116171-2014-was-a-golden-year-for-cybercrime.html

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Industry

THE FINTECH REVOLUTION IN INSURANCE

Published

on

Advancing technology has collided with longstanding customer issues to create a series of deep, lasting, systemic challenges for insurance. How will these trends impact insurers’ businesses and the industry overall?

The rise of fintech, changing consumer behavior, and advanced technologies are disrupting the insurance industry. Additionally, Insurtechs and technology startups continue to redefine customer experience through innovations such as risk-free underwriting, on-the-spot purchasing, activation, and claims processing.

The report from Deloitte Global examines forces that are disrupting the insurance industry and presents four possible scenarios for the future. We explore:

  • Changing the channel: Partnerships with product makers and distributors, and embedding insurance into other products and services may enable customers to select products that best fit their lifestyle.
  • Underwriting by machine: Technology advancements including AI innovations and algorithms will likely individualize risk selection and pricing, and customers can select products based on a wider range of price points.
  • Rise of the flexible product: Time-flexible, event-driven, modular and adjustable coverage may evolve to accommodate life stage, lifestyle, and wellness changes among consumers.
  • E-Z life insurance: Given the growth and shopping patterns in emerging markets, insurers who introduce flexible term products, and master digital distribution without compromising underwriting are likely to win in the marketplace.

Read the report to understand what the future holds for the insurance industry.

Key Contact

Neal Baumann

Neal Baumann

Global Insurance Leader

Neal leads Deloitte’s Global Insurance practice and is the US insurance consulting leader. He has 20 years of experience advising financial services and insurance company clients on corporate and comp… More

Continue Reading

Business

EUROPEAN INVESTMENT BANK RUNS BLOCKCHAIN HACKATHON

Published

on

A team from EY triumphed in a 48-hour European Investment Bank (EIB) hackathon designed to find ways to use blockchain technologies to redesign the transaction processing of commercial paper.

The EIB brought together 56 coders from 15 countries in 12 teams for the hackathon, run alongside the bank’s annual forum dedicated to treasury issues.

While the conference was running, the coders were locked in an adjacent room, trying to prove that blockchain tech can improve the transaction process of commercial paper – a short-term financing instrument that is used worldwide in treasury operations and still relies on an ‘archaic’ and complex process.

In the pitching session, the EY team won the contest with an effort that taps a combination of blockchain, robotics and business AI tools to optimise the issuance process and reduce the number of exchanges between the EIB and its counterparties while maintaining each one’s role within the ecosystem.

The EY team won a EUR5000 cash prize and a contract with the EIB to further develop its solution into a proof of concept.

Alexander Stubb, vice president, EIB, say: “There will be major gains from the use of new technologies such as blockchain, generated from the simplification and streamlining of existing financial processes. The new perspectives opened up by digitalisation and Distributed Ledger Technology must be assessed and we must all be ready to make use of them and embark on this new venture.

“As the EU’s financial arm, we decided to be on the active side, learn by experience and make things happen, to be a facilitator and join with our banking partners to pave the way for tomorrow’s financial industry.”

Separately, Barclays is planning a hackathon that will see coders use blockchain technology for post-trade processing of derivatives contracts. The event will take place over two days in September in London and New York, according to Coindesk.

Continue Reading

Industry

GOOGLE NEVER REALLY LEFT CHINA: A LOOK AT THE CHINESE WEBSITE GOOGLE’S BEEN QUIETLY RUNNING

Published

on

More information is leaking out about just how Google is planning to re-enter the Chinese market with a mobile search engine application that complies to the country’s censorship laws.

The Intercept first broke this story when a whistleblower provided them documentation detailing the secret censored search project (codenamed Dragonfly). According to them, an overlooked Google acquisition from 2008 — 265.com — has been quietly laying down the foundation for the endeavor.

In order to run a business in China, tech companies are required to obtain a Internet Content Provider license from the Chinese government. As it’s difficult for foreign businesses to obtain this license, Google has long partnered with Chinese IT company Ganji.com. Back in the early years of Google.cn, Google actually operated directly off of Ganji.com’s license, even claiming the Chinese company was temporarily running its search engine. Facing intense scrutiny from the Chinese government and the media over this license arrangement, in 2007 Google formed a legitimate joint venture company with Ganji.com — the Beijing Guxiang Information and Technology Co.

Because of the necessity of that license, Google has maintained that joint venture and has been operating in China under the name Beijing Guxiang Information and Technology Co. ever since. Even after the shut down of Google.cn, Google’s Chinese advertising enterprise has been operating under the joint venture company as well as, low and behold, 265.com. A whois search of the 265.com domain name, which provides a record of the current domain registrant information, pulls up Beijing Guxiang Information and Technology Co. as the registrant organization.

A significant number of Google employees are reportedly none too happy about Google’s project complying with Chinese censorship laws. This most recent news, that the company has long been collecting data for a moment just like this, surely won’t make morale among these workers any better.

Continue Reading

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 671 other subscribers

Advertisement

Trending

%d bloggers like this: