Connect with us

Tech News

IBM: Retail cyberattacks become less frequent, but more effective

Published

on

ibm_logo

If the 2014 holiday shopping season is any indication, cyberattackers have shifted their tactics, placing quality of attacks over quantity as they zero in on high-reward targets by compromising retailers’ database vulnerabilities.

In a study released Jan. 5, IBM Managed Security Services researchers revealed that the number of cyberattacks on retailers dropped by a third during late November and December as compared to the same period in 2013, and half as many breaches occurred during the busy Black Friday and Cyber Monday shopping period.

For the two-week period from Nov. 24 to Dec. 5, IBM identified 3,043 daily cyberattacks, nearly one-third less than the 4,200 attacks over the same period in 2013.

IBM’s analysis of data compiled by the Privacy Rights Clearinghouse shows a similar trend for 2014 as a whole, with retail breach incidents last year down 50% from just two years ago.

Nevertheless, malicious hackers managed to steal more than 61 million records last year. The findings demonstrate “cybercriminals’ increasing sophistication and efficiency,” IBM researchers said.

Security Readers’ Choice Awards 2014
IBM noted that the 50% drop in the number of retail breaches during the holiday season resulted from attackers scaling back on attacks around Black Friday, the traditional opening of the Christmas shopping frenzy on the day after Thanksgiving, and Cyber Monday, usually the business online shopping day of the year.

By contrast, the 2013 holiday shopping season saw massive security breaches at retailers like Target, resulting in a record number of consumer records being compromised.

Interestingly, when IBM analyzed the total number of retail records compromised in incidents involving fewer than 10 million records, it found that the number of records compromised in 2014 rose 43% over 2013, and that percentage doesn’t include what may prove to be a massive data breach at Chick-Fil-A Inc. first reported Dec. 31.

“While we have seen fewer breaches reported in the last two years,” said IBM in the report, “these breaches were more significant and wide-reaching in terms of victims affected.”

Database vulnerabilities lead to retail data breaches

While point-of-sale (POS) malware attacks continue to increase, IBM found that the “vast majority” of incidents targeted retailers’ databases via command injection or SQL injection methods. For example, the researchers found that nearly 6,000 attacks against retailers involved command injection.

“The complexity of SQL deployments and the lack of data validation performed by security administrators made retail databases a primary target,” IBM Security concluded.

POS malware remains a threat, but cyberattackers are upping the ante as they probe for more weaknesses in retailers’ networks. Along with the Shellshock vulnerability that targets retailers’ servers, the security researchers found that POS malware like Alina, BlackPOS, Citadel, Dexter and vSkimmer remain in play.

“Shellshock is not going away anytime soon, much like SQL Slammer,” IBM warned. “Patching is of paramount importance for this specific attack vector.”

How should enterprises respond as the database threat grows? IBM security specialists stressed that “shellcode characters should never be allowed to enter an organization’s network via HTTP.” They added that deployment of security appliances focusing on these attack vectors, like firewall deployments, should become standard practice.

IBM said the data it analyzed consisted of records compromised and breaches disclosed by retailers, in addition to data compiled by the Privacy Rights Clearinghouse. Other data used in the retailer security study was compiled internally by IBM’s Managed Security Services team.

John Kuhn, an IBM senior threat researcher, said in an interview that data on attacks and threats was gleaned from its customer base. The data was “boiled down” by analytical engines to detect potential attacks and threats; analysts then weeded out any false positives.

As the threat to customer databases grows, Kuhn said vulnerable retailers need to initiate thorough audits of their systems. Those audits should include penetration tools and testers.

Kuhn said he expects to trend of fewer but more sophisticated attacks to continue, the result being a steady increase in the number of stolen customer records.

However, some industry watchers counseled a wait-and-see approach.

“Black Friday [and] Cyber Monday were just five weeks ago,” noted Rick Holland, principal analyst for security and risk management with Forrester Research Inc., based in Cambridge, Mass. “Given how long it takes organizations to detect intrusions, it could be premature to say that attacks were down. Let’s revisit the numbers in 12 months.”

Others agreed that more holiday breaches may eventually surface, but the IBM findings still reveal a new level of sophistication that is yielding more stolen records.

Looking at IBM’s data, “If you assume a margin of error of 10%, that’s still a significant drop” in the number of attacks, said Christina Richmond, security services analyst with IDC in Framingham, Mass.

The point, Richmond added, is that even though IBM found that the most recent holiday shopping season may “not be as much of a free-for-all” as the year prior, retailers still need to remain vigilant against many potential attackers and attack methods.

source:http://searchsecurity.techtarget.com/news/2240237641/IBM-Retail-cyberattacks-become-less-frequent-but-more-effective?utm_medium=EM&asrc=EM_NLN_38438888&utm_campaign=20150107_Why%20retail%20cyberattacks%20are%20becoming%20more%20lethal_mbacon&utm_source=NLN&track=NL-1820&ad=898186

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

News

IN KILLING INBOX, GOOGLE TAKES ANOTHER SWIPE AT ITS MOST PASSIONATE USERS

Published

on

For all its skill and dominance in artificial intelligence, Google can be surprisingly lacking in the natural kind.

In move after move, Google snatches defeat from the jaws of victory. And all because the company’s culture is blind to the value of passionate users.

I’m quite certain that Google watches user numbers and applies analytics to everything it can measure. A radically analytical approach is powerful, but it can blind you to the factors that cannot be measured. Factors such as user passion.

My favorite example is Google+. After an initial surge of usage in the first couple of years, the social network gradually fizzled — smothered by a reputation for low engagement.

That reputation was largely false. But over time it became a self-fulfilling prophecy as Google took repeated action to hide and suppress engagement.

It killed Circle sharing, the best way to discover high-quality active users. It added Communities, which reduced attention aimed at users. Its dumb algorithms flagged (and thereby hid from public view) high-quality comments, while simultaneously failing to flag obvious spam. (Eventually, Google’s algorithms got much better, but only after most users had already abandoned the platform.)

This is a great plan — if your objective is to minimize user engagement.

DealPosts
sale 15931 primary imagePrep for Cisco, CompTIA, and More IT Certifications With This $39 Bundle
sale 16146 primary imageHere’s How You Can Train To Get Your MCSA and MCSE Certifications
sale 7548 primary imageYou Can Get 85 Hours Of Cybersecurity Certification Training For $69
Google+ was, and still is, the online playground for Google’s most loyal fans. Google could have brought a billion people into this playground, where Google fans could hold sway and persuade everybody else to share their enthusiasm for Android, Pixel phones, Pixelbooks, Google Search, Google Assistant, Google Home, Gmail, YouTube and all the rest.

Instead, it actively buried or suppressed user engagement until Google+ became a shell of its former self. It has robbed its own most passionate users of audience, demonstrating that it doesn’t understand the value of those users.

And now it’s doing something comparable with email.

Google giveth, and Google taketh away
Google this week announced the end of two email-related products.

The first is the experimental alternative to Gmail called Inbox. The other is a Chrome app for offline Gmail.

The Gmail Offline Chrome app, which Google introduced seven years ago and hasn’t updated for five years, will be removed from the Chrome Web Store on Dec. 3. It has been superseded in functionality by the web version of Gmail, which has supported superior offline capability for years. (You can turn on the offline feature by going into Gmail Settings, choosing the Offline tab and making sure the “enable offline mail” checkbox is checked.)

But nobody cares about the Gmail Offline Chrome app. Good riddance to it. Technically, it never even made it out of beta.

The termination of Google Inbox, on the other hand, is more problematic. Inbox will be killed in March, according to a Google blog post this week.

Inbox, which is officially and oddly branded Inbox by Gmail, was launched as an experimental app in 2014. And probably in a panic.

Back in 2013, Gmail was proudly text-based and largely devoid of significant interface design. The service was popular and growing, and it looked as if Google would rule the email roost indefinitely.

Then catastrophe struck.

In early 2013, a startup announced an app for iPhone called Mailbox. More than a million people signed up to try it before it even launched, based on the innovation and appeal of its user interface.

The key Mailbox innovation — common now but revelatory then — was the use of swiping left or right to move or snooze messages. Mailbox emphasized other interface elements as well, including the containment of elements into boxes or “cards.” The combination of Mailbox features facilitated the quick achievement of “zero inbox” — Mailbox made it easy to skim and process emails.

It’s possible that the interface of Mailbox, and the obvious appeal of it, shocked Google into rethinking its hyper-minimalist design and may have influenced the course of its design language, Material Design, which the company introduced in the summer of 2014.

Google announced Inbox — one of the first Material Design products — a few months later.

Google may have rushed Inbox to market to stave off the loss of users to swipe-centric, card-happy upstarts such as Mailbox and its subsequent imitators.

Alas, poor Mailbox never had a chance. Its fatal flaw was that it wasn’t an email service, but a front end to the email services owned by other companies.

The companies that did control email services, including Google, easily copied the most appealing user interface elements of Mailbox, making them ubiquitous and Mailbox, therefore, worthless.

Dropbox, having acquired Mailbox one month after its launch, killed it in December 2015.

Gmail itself gradually got a Material Design makeover, as well as many (but not all) of the features popular in Inbox, such as Smart Replies.

Gmail still lacks Inbox’s Reminders integration, mobile app inbox swiping to manage messages, message bundling, inbox pinning and what fans call a “cleaner” UI.

Importantly, the overall feel of Inbox and Gmail — and the muscle memory required to use each — are still very different.

Why killing Inbox is a mistake
Google probably has around 1.3 billion email users by now.

Most of them use only Gmail. A sizable minority uses only Inbox. And lots of people — including yours truly — switch back and forth between the two.

That switching is facilitated by a number of factors. One of these is that filters created in Gmail Settings function inside Inbox.

Many users prefer using Gmail in their desktop browser because they like the granular control over everything, but they prefer Inbox on mobile for the Mailbox-like ease of use.

Google’s thinking appears to be that:

One email system is better than two.
More people use Gmail than Inbox.
Gmail is close enough now to Inbox in interface and features,
And, therefore, it’s time to kill Inbox.

The problem with this thinking is that all users are being treated equally here. If Google were able to measure the passion of users, it would almost certainly realize that far more passionate users are using Inbox.

Which is not to say that passionate Google users don’t use Gmail. They do. Some power users love Gmail because it allows more user control.

Still, many users stick to Gmail because they really don’t care that much. They’re used to it and don’t feel like changing anything.

Inbox users are the users looking for the newest thing, the users who can more quickly adapt to a new way of doing things, the users who jump on all of Google’s newly launched innovations because they trust Google.

The most cynical summary of this history is that Google had Gmail and everybody was happy. Then Google created a more innovative alternative, and its best and most active and engaged users loved that alternative. Then it killed that alternative after its most loyal fans had dedicated countless precious hours mastering it.

This is a great plan — if your objective is to minimize confidence and loyalty among your most passionate users.

And that’s why killing Inbox is a mistake. It’s yet another slap in the face of the passionate minority.

What Google doesn’t understand is that not all users are the same. Passionate users are far more valuable to Google than indifferent users. They try new things. They buy stuff. They persuade the public in Google’s favor.

By mismanaging Google+, killing Reader and now killing Inbox, Google has been making passionate users less passionate.

If it keeps this up, its most passionate users are going to take their passion somewhere else.

Continue Reading

Business

ONEPLUS IS GOING TO START MAKING TVS

Published

on

OnePlus is is getting into a new line of business: making TVs. Best known for its phones, China’s OnePlus also has a small catalog of really good accessories like wireless earphonesand surprisingly awesome backpacks, though nothing as complex or expensive as a television set. In announcing the news on the OnePlus online forums, company chief Pete Lau describes it as “the first step in building a connected human experience.”

Every hardware manufacturer is now looking intently at ways to monetize the smart home space. Samsung and Huawei recently announced smart speakers, Apple and Google already have the HomePod and Google Home, respectively, and Microsoft and Sony are old incumbents with their Xbox and PlayStation consoles. OnePlus has decided to make its entry point into this market the TV itself, which has always been at the center of home entertainment, though often with the help of other connected devices. Reading Lau’s teaser announcement, the OnePlus TV — which so far only has a project name, no timeline or specs have been revealed — will serve as the connectivity hub for OnePlus’ future vision of the smart home.

The OnePlus smart TV will be developed by a new division within OnePlus, led by Pete Lau himself. Still at the earliest stages of development, OnePlus is currently seeking input from its fans, as it often does, about what their priorities with a future smart TV will be.

Continue Reading

Finance

LAGOS TO HOST BIANNUAL AFRICA FINTECH SUMMIT FOR THE FIRST TIME IN NOVEMBER

Published

on

The Summit, organized by Dedalus Global, gathers innovators, investors, policy makers and other key stakeholders in the Fintech sector to discuss technologies transforming finance on the continent, debate regulatory policies, compare best practices, and forge new ventures
LAGOS, Nigeria, September 17, 2018/ — Africa’s premier fintech event, the Africa Fintech Summit, (www.AfricaFintechSummit.com) will be held for the first time in Lagos, Nigeria, onNovember 8-9, 2018. This event comes on the heels of the earlier edition in Washington D.C. which featured leading policy makers, c-suite business executives, start-ups, and investors.

The Summit, organized by Dedalus Global, gathers innovators, investors, policy makers and other key stakeholders in the Fintech sector to discuss technologies transforming finance on the continent, debate regulatory policies, compare best practices, and forge new ventures.

Speaking on the decision to bring the Summit to Lagos, the Chairman of the Summit, Leland Rice, said, “Lagos is an ideal host city; it’s an epicenter of Africa’s fintech revolution and the driving force behind the continent’s entrepreneurial spirit. The successes of companies such as Paga, Flutterwave, Mines.io, and Paystack have strategically positioned Lagos as the destination of choice for investors.”

“The first edition of the Summit in D.C. was a launch pad for several milestone fintech deals struck among its delegates in the months after the event. We plan to build on these successes in Lagos, with a focus on bringing innovators and policy makers together to move the needle on fintech regulation and bringing founders and investors together to facilitate further capital raises,” added Leland.

The two-day event will feature investor missions from the US, UK, and UAE, an Alpha Expo featuring the most exciting startups and entrepreneurs in Nigeria, a half-day blockchain masterclass, and an awards ceremony.

Reacting to the decision to host the Summit in Lagos, the Senior Special Assistant to the President on Technology, Lanre Osibona, stated, “This reflects the progress Nigeria is making in the areas of technology and financial services. The event is very important as it comes at the heels of the Vice President Osinbajo’s trip to Silicon Valley to promote Nigeria’s tech sector. We look forward to collaborating with the organizing committee and to a successful event in Lagos.”

In similar vein, Tayo Oviosu, the founder of Paga—a payment company that recently raised $10 million in Series B2 funding—said that “the Africa Fintech Summit in Washington D.C. provided valuable insights into the fintech space and connected me with key players in the industry. I look forward to the Lagos edition.”

Speakers lined up for the event include Chief Economist of PwC Nigeria, Dr. Andrew S. Nevin; Managing General Partner of EchoVC, Eghosa Omoigui; CEO of Diamond Bank, Uzoma Dozie; Founder of Flutterwave, Iyinoluwa Aboyeji; and CEO of PayStack, Shola Akinlade, whose company recently raised $8 million Series A funding

Distributed by APO Group on behalf of Dedalus Global.

View multimedia content

For more information, please contact:
Ridwan Sorunke
Directory of Communications, AFTS
Ridwan@AfricaFintechSummit.com
+234 (0) 8037885760
+1 2023166726

About Dedalus Global

Dedalus Global (https://VC4A.com/dedalus-global/) is an investment and strategy advisory firm focusing on emerging markets and emerging technologies. With networks throughout Africa and the Middle East, we leverage granular market knowledge to drive innovation, accelerate capital deployment, and create value for our clients and the economies where they operate.

About Africa Fintech Summit (AFTS)

The Africa Fintech Summit (www.AfricaFintechSummit.com) is a biannual event that brings together leading disruptors, tech and finance professionals, regulators, and investors from around the globe to debate policies, compare best practices, and forge Africa-focused ventures. AFTS leverages the growth of the fintech sector in Africa to bring key stakeholders to discuss the technologies transforming finance on the continent.

To learn more about AFTS, please visit www.AfricaFintechSummit.com

View a recap from the AFTS Washington: https://www.youtube.com/watch?v=ZIdDS-u0rXE

SOURCE
Dedalus Global

Multimedia content

Continue Reading
Advertisement

Trending