Connect with us

Security

Most hacked passwords revealed as UK cyber survey exposes gaps in online security

Published

on

The NCSC’s first ‘UK cyber survey’ published alongside global password risk list

  • NCSC’s first ‘UK Cyber Survey’ shows 42% of Brits expect to lose money to online fraud
  • Breach analysis finds 23.2 million victim accounts worldwide used 123456 as password
  • Global password risk list published to disclose passwords already known to hackers
  • NCSC urges using 3 random words as passwords on the eve of CYBERUK 2019 event

Brits have been urged to apply steps to stay safe online after results of the UK Cyber Survey exposed exploitable gaps in their personal security knowledge.

The polling was independently carried out on behalf of the National Cyber Security Centre (NCSC), a part of GCHQ, and Department for Digital, Media and Sport (DCMS).

The findings, released ahead of the NCSC’s CYBERUK 2019 conference in Glasgow this week, will inform government policy and the guidance offered to organisations and the public. 

The cyber summit will see a range of sessions delivered by industry, academia and government, including a keynote speech by Cabinet Office Minister David Lidington.

Amongst the results – which have been published in full on www.ncsc.gov.uk – were that;

  • Only 15% say they know a great deal about how to protect themselves from harmful activity
  • The most regular concern is money being stolen – with 42% feeling it likely to happen by 2021
  • 89% use the internet to make online purchases – with 39% on a weekly basis 
  • One in three rely to some extent on friends and family for help on cyber security
  • Young people more likely to be privacy conscious and careful of what details they share online
  • 61% of internet users check social media daily, but 21% report they never look at social media
  • 70% always use PINs and passwords for smart phones and tablets
  • Less than half do not always use a strong, separate password for their main email account

The NCSC has also today published separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches. 

The results show a huge number of regularly used passwordsbreached to access sensitive information.

Most used in totalNamesPremier League football teamsMusiciansFictional characters
123456 (23.2m)ashley (432,276)

liverpool (280,723)blink182 (285,706)superman (333,139)
123456789 (7.7m)michael (425,291)chelsea (216,677)50cent (191,153naruto (242,749)
qwerty (3.8m)daniel (368,227)arsenal (179,095)eminem (167,983tigger (237,290_
password (3.6m)jessica (324,125)manutd (59,440)metallica (140,841)pokemon (226,947)
1111111 (3.1m)charlie (308,939)everton (46,619)slipknot (140,833)batman (203,116)


Dr Ian Levy, NCSC Technical Director, said:

“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable.

“Password re-use is a major risk that can be avoided – nobody should protect sensitive data with somethisng that can be guessed, like their first name, local football team or favourite band.

“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”

Margot James, DMCS’ Digital and Creative Industries Minister, said: 

“Cyber security is a serious issue, but there are some simple actions everyone can take to better protect against hackers.

“We shouldn’t make their lives easy so choosing a strong and separate password for your email account is a great practical step. 

“Cyber breaches can cause huge financial and emotional heartache through theft or loss of data which we should all endeavour to prevent.”

David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: 

“Given the growing global threat from cyber attacks, these findings underline the importance of using strong passwords at home and at work. 

“This is a message we look forward to building on at CYBERUK 2019, an event that reaffirms our commitment to make Britain both the safest place in the world to be online and the best place to run a digital business.” 

The NCSC hope to reduce the risk of further breaches by building awareness of how attackers use easy to guess passwords, or those obtained from breaches and help guide developers and System Administrators to protect their users.

The compromised passwords were obtained from global breaches that are already in the public domain having been sold or shared by hackers.

The list was created after breached usernames and passwords were collected and published on Have I Been Pwned by international web security expert Troy Hunt. The website allows people to check if they have an account that has been compromised in a data breach.

Troy Hunt said: 

“Making good password choices is the single biggest control consumers have over their own personal security posture.

“We typically haven’t done a very good job of that either as individuals or as the organisations asking us to register with them.

“Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”


Notes to editors

  • The NCSC‘s two-day CYBERUK 2019 conference will see 2,500 delegates come to Glasgow’s Scottish Exhibition Centre on 24 and 25 April for a range of speeches, workshops and interactive displays.
  • The conference is the flagship event for the tech community in the UK and includes participation from Government, industry and academia sharing knowledge to help make the country the safest place to live and do business online.
  • The Government’s Cyber Aware campaign on online safety can be found here.
  • The survey was commissioned by the National Cyber Security Centre and Department for Digital, Culture, Media and Sport as part of the UK Government’s National Cyber Security Programme. Ipsos MORI were commissioned to carry out the research.
  • The findings will inform Government policy and the guidance which is offered to organisations and the public on a range of cyber security issues, as part of making the UK the safest place to live and do business online.
  • Over 2,500+ respondents aged 16+, businesses and charities were surveyed from late November 2018 to January 2019 via telephone.
  • The NCSC has also published a blog post alongside the release of the most common passwords that have been accessed by third parties in global cyber breaches


Password breaches

  • The 20 most commonly occurring names used as passwords in breaches;
1. ashley432,27611. andrew261,453
2. michael425,29112. joshua259,079
3. daniel368,22713. justin256,388
4. jessica324,12514. anthony256,277
5. charlie308,93915. jennifer245,653
6. jordan297,88216. robert233,773
7. michael1294,66217. matthew221,591
8. thomas284,14818. andrea220,764
9. michelle278,54519. hannah219,400
10. nicole278,17020. george215,350
  • The full ‘table’ of Premier League football teams whose name was used to breach accounts;
1. liverpool280,72311. mancity13,796
2. chelsea216,67712. palace13,796
3. arsenal179,09513. cardiff12,594
4. man utd59,44014. leicester7,921
5. everton46,61915. fulham5,984
6. wolves35,25616. watford5,563
7. newcastle32,14317. southampton3,691
8. tottenham19,59618. burnley3,494
9. westham18,80119. bournemouthNot in the top 100k
10. brighton15,52320. huddersfieldNot in the top 100k


See the full 100k in full here.

Cyber Survey – some of the findings

Almost half (46%) agree that most information about how to be secure online is confusing, though this falls to 18% who agree strongly.

The most pressing security-related considerations for people online are protecting their privacy and avoiding money being stolen


The proportions who feel they will be a victim of cyber crime in the next two years range from 12% having information stolen and a ransom demanded, through to 42% who feel they will have money stolen which is later reimbursed. 

Only 51% feel that apps being accessed without consent will have a big personal impact whilst 91% feel having money stolen without reimbursement would have a big impact.

that have been accessed by third parties in global cyber breaches

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Companies See Work From Home As A Security Threat

Published

on

By

Once rare, telecommuting has become routine during the pandemic.

But the Financial Times (FT) reported moving from a furnished office space to a living room table can present cybersecurity risks. It comes as cybercriminals are already taking advantage of the pandemic.

Hackers find ways into computers, tablets and cellphones to steal data and other valuable information. As more devices connect to the web, it creates more opportunities for these thieves, FT reported

“When everybody has to move to homeworking, everyone has to become their own cybersecurity expert and make their personal network as robust as they can,” Roderick Jones, founder of cybersecurity protection group Concentric Advisors told FT. “Otherwise they risk exposing their corporate information.”

Already, cyberattackers have attempted to exploit the chaos caused by the pandemic.

The International Criminal Police Organization (INTERPOL), the worldwide police cooperation and crime control network based in France, reported 907,000 spam messages, more than 700 malware attacks and 48,000 malicious domains that mention the coronavirus were discovered from January through April, according to FT.

IBM reported the average cost of a single breach for a business is nearly $4 million, according to FT. About 70 percent of the 500 companies surveyed said that they expected remote working during the pandemic to increase the cost of a breach; four-fifths told researchers said they expected it will take longer to notice and secure a breach.

Last month, an AT&T survey of 800 cybersecurity professionals revealed 70 percent of those employed by big businesses said remote working leaves them more vulnerable to cyberattacks, FT reported.

In separate news, PYMNTS reported that bad actors taking advantage of the pandemic has caused a surge in cybercrime and fraud attempts.

Lukayn Hunsicker, vice president of Product Management, Financial Solutions at Feedzai, told PYMNTS financial institutions and other service providers need to step up their fraud-fighting strategies. They not only need to fight crime, but collaborate with the customer to ensure security without compromising the user experience.

NEW PYMNTS STUDY: LEVERAGING THE DIGITAL BANKING SHIFT – SEPTEMBER 2020  

The September 2020 Leveraging The Digital Banking Shift Study, PYMNTS examines consumers’ growing use of online and mobile tools to open and manage accounts as well as the factors that are paramount in building and maintaining trust in the current economic environment. The report is based on a survey of nearly 2,200 account-holding U.S. consumers.

Source: https://www.pymnts.com/news/security-and-risk/2020/data-shows-companies-see-home-workstations-as-security-threat/

Continue Reading

Security

Google removes 17 Android apps caught engaging in WAP billing fraud

Published

on

By

Google has removed this week 17 Android applications from the official Play Store. The 17 apps, spotted by security researchers from Zscaler, were infected with the Joker (aka Bread) malware.

“This spyware is designed to steal SMS messages, contact lists, and device information, along with silently signing up the victim for premium wireless application protocol (WAP) services,” Zscaler security researcher Viral Gandhi said this week.

The 17 malicious apps were uploaded on the Play Store this month and didn’t get a chance to gain a following, having been downloaded more than 120,000 times before being detected.

The names of the 17 apps were:

  • All Good PDF Scanner
  • Mint Leaf Message-Your Private Message
  • Unique Keyboard – Fancy Fonts & Free Emoticons
  • Tangram App Lock
  • Direct Messenger
  • Private SMS
  • One Sentence Translator – Multifunctional Translator
  • Style Photo Collage
  • Meticulous Scanner
  • Desire Translate
  • Talent Photo Editor – Blur focus
  • Care Message
  • Part Message
  • Paper Doc Scanner
  • Blue Scanner
  • Hummingbird PDF Converter – Photo to PDF
  • All Good PDF Scanner

Following its internal procedures, Google removed the apps from the Play Store, used the Play Protect service to disable the apps on infected devices, but users still need to manually intervene and remove the apps from their devices.

JOKER IS THE PLAY STORE’S BANE

But this recent takedown also marks the third such action from Google’s security team against a batch of Joker-infected apps over the past few months.

Google removed six such apps at the start of the month after they’ve been spotted and reported by security researchers from Pradeo.

Before that, in July, Google removed another batch of Joker-infected apps discovered by security researchers from Anquanke. This batch had been active since March and had managed to infect millions of devices.

The way these infected apps usually manage to sneak their way past Google’s defenses and reach the Play Store is through a technique called “droppers,” where the victim’s device is infected in a multi-stage process.

The technique is quite simple, but hard to defend against, from Google’s perspective.

Malware authors begin by cloning the functionality of a legitimate app and uploading it on the Play Store. This app is fully functional, requests access to dangerous permissions, but also doesn’t perform any malicious actions when it’s first run.

Because the malicious actions are usually delayed by hours or days, Google’s security scans don’t pick up the malicious code, and Google usually allows the app to be listed on the Play Store.

But once on a user’s device, the app eventually downloads and “drops” (hence the name droppers, or loaders) other components or apps on the device that contain the Joker malware or other malware strains.

The Joker family, which Google tracks internally as Bread, has been one of the most ardent users of the dropper technique. This, in turn, has allowed Joker to make it on the Play Store —the Holy Grail of most malware operations— more than many other malware groups.

In January, Google published a blog post where it described Joker as one of the most persistent and advanced threats it has dealt with in the past years. Google said that its security teams had removed more than 1,700 apps from the Play Store since 2017.

But Joker is far more widespread than that, being also found in apps uploaded on third-party Android app stores as well.

All in all, Anquanke said it detected more than 13,000 Joker samples since the malware was first discovered in December 2016.

Protecting against Joker is hard, but if users show some caution when installing apps with broad permissions, they can avoid getting infected.

IN OTHER ANDROID SECURITY NEWS

Bitdefender reported a batch of malicious apps to Google’s security team. Some of these apps are still available on the Play Store. Bitdefender didn’t reveal the name of the apps, but only the names of the developer accounts from which they were uploaded. Users who have installed apps from these developers should remove them right away.

  • Nouvette
  • Piastos
  • Progster
  • imirova91
  • StokeGroove
  • VolkavStune

ThreatFabric also published a report about the demise of the Cerberus malware and the rise of the Alien malware, which contains features to steal credentials for 226 applications.

Source: https://www.zdnet.com/article/google-removes-17-android-apps-doing-wap-billing-fraud-from-the-play-store/

Continue Reading

Security

2 Companies Ready For a Huge Cybersecurity Opportunity

Published

on

By

It was always there. But it would be naive to say the COVID-19 pandemic hasn’t accelerated the cybersecurity market’s growth pace. With millions of employees still — and perhaps permanently — working from home, many enterprises remain far too vulnerable to hacking and digital security breaches.

The depth of the need for cybersecurity solutions, however, may still not be fully appreciated by investors. That in turn means that cybersecurity providers Palo Alto Networks (NYSE:PANW) and Fortinet (NASDAQ:FTNT) may remain underestimated. Not only are they two of the top names in the business, but each has a security solution available right now for employees connecting to a company’s network from home.

A couple of recent predictions flesh out this opportunity.

Workers sitting at computer workstations

IMAGE SOURCE: GETTY IMAGES.

Just the beginning

The cybersecurity market is currently worth around $200 billion, according to numbers from Mordor Intelligence, but it’s on pace to grow a bit more than 14% per year through 2025. That’s impressive, particularly compared to other industries’ growth outlooks.

But it’s an estimate that still fails to adequately paint a complete picture of what the right company could do given the opportunity at hand. Even with power players like the aforementioned Fortinet and Palo Alto in place, Mordor says the market remains highly fragmented. Both companies could continue to make acquisitions, achieving economies of scale as they expand.

Even without dealmaking, though, the industry’s rising tide will lift these boats.

Technology market research firm Gartner supplies one of the clearest reasons to expect that tide to keep rising. Last month it opined that “bring your own PC,” or BYOPC, security will be normalized in five years or less. And within 10 years, secure access service edge, or SASE, will be the norm for enterprise-level organizations.

The terms and their acronyms may not mean much to the layperson, but cybersecurity folk may be nodding their heads in agreement. Bringing-your-own-PC security is exactly what it sounds like. Rather than a tech department issuing devices to workers with security features pre-installed, employees procure their own devices and then — hopefully — take all the necessary steps to ensure cloud-based connections are secure. A secure access service edge is a newer digital security theme that creates a networking environment that allows for, among other things, BYOPC.

In some regards, they’re the next step in the natural evolution of connectivity. Gartner may not be overstating things, however, when it suggests the two technologies “will have transformational impact on global businesses within the next 10 years.” In a post-COVID world, Gartner research director Rob Smith explains, “[Cyber] security leaders should expect the need to support BYOPC to be dependent upon a long-term work-from-home strategy, and also expect to support security tools needed for a BYOPC environment.”

In the same vein, technology market analytics outfit International Data Corp. (IDC) recently predicted that by 2024, 60% of the United States’ employees will work remotely — either at home or out in the field with customers and at project sites. That would push the total number of remote workers to more than 93 million, and subsequently expand the likelihood of cyberattacks.

Already ready

The cybersecurity industry isn’t starting from scratch, however. Both Palo Alto and Fortinet had remote connectivity protection available even before the pandemic took hold.

For Palo Alto Networks, one of those products is Prisma Access, which is a secure access service edge — or SASE — offering that Gartner suggests will become commonplace by 2030. It’s built specifically for mobile users and branch offices that need reliable, safe access to a corporate network. Palo Alto also offers cloud-based SD-WAN, or software-defined wide-area networking, with the help of recently acquired CloudGenix. It’s a testament to the potential of the right sort of dealmaking that allows for bolt-on improvements of the company’s existing capabilities.

As for Fortinet, it’s got a few tools in its mobile cybersecurity toolbox as well, like the FortiGate platform. Among other things, it’s a way of putting a firewall in place, managing virtual private networks that encrypt communications from devices all the way to a company’s servers, and implementing an intrusion prevention system. FortiGate customers also automatically have access to an SD-WAN solution for remote offices or remote employees, and the platform was a key part of last quarter’s growth.

These offerings aren’t exactly brand new, and more are apt to be on the way. What’s new is the sudden, true realization of the need for them. As Gartner’s Rob Smith noted: “Prior to the COVID-19 pandemic, there was little interest in BYOPC. At the start of the pandemic, organizations simply had no other alternative. The urgent need to enable employees to work from home and a lack of available hardware bolstered its adoption globally.” International Data Corp.’s senior research analyst Bryan Bassett expects that adoption has only begun, saying: “To meet the needs of more mobile, remote, and work-from-home workers, U.S. enterprises have indicated that mobile security and mobile management solutions will be top spending priorities going forward.”

Bottom line

While the bullish outlook for these companies is strong, would-be investors in either should note that the predictions from IDC and Gartner are long-term in nature. Gartner’s SASE adoption expectation could take up to 10 years to play out fully. International Data Corp.’s mobile worker outlook looks to the end of 2024. Investors not thinking in multi-year terms may find this opportunity isn’t for them.

Still, the opportunity is real for those willing to wait for it to fully gel. It’s long-term enough, in fact, that investors interested in plugging into it don’t necessarily have to do so today, this month, or even this year.

Source: https://www.fool.com/investing/2020/09/04/companies-ready-for-huge-cybersecurity-opportunity/

Continue Reading
Advertisement

Trending

Copyright © 2020 Inventrium Magazine

%d bloggers like this: