An estimated 25% of all Internet users choose weak passwords that are easy to remember. Around 60% use the same password for several or all of their accounts.(1) These dangerous habits are due to the growing number of websites requiring online authentication.

Read More

Suggestions

The French subsidiary of the BeIN Sports chain suffered an attack involving fraudulent funds transfers, which cost the company €2.4 million in February 2013. The attack commenced with the use of a malware.

  • The fraud started with a booby-trapped e-mail sent to the accountant of a TV station. In a relatively conventional fashion, a link gave access to an “invoice” which in reality concealed malware to capture the station’s data.
  • The hacker used the stolen data in order to understand how BeIN processes funds transfers, and thus to set up the fraud. First, he identified HSBC as BeIN’s bankers. Then, he called the employee responsible for the BeIN account. Claiming to be the company’s financial director, he asked for six urgent international transfers. When the HSBC employee called the number of the BeIN finance department to confirm the legitimacy of the transfer request, she was connected to the hacker, who in fact had re-routed the telephone lines. By the time the finance department realised that a fraud was taking place, the funds had already been sent to banks in Cyprus and Romania. It is very difficult to recover an international transfer.
  • BeIN has recently obtained a court judgement against HSBC, the judge finding that the bank had “fallen seriously short of its obligations in terms of surveillance, control and vigilance”.

Read More

Suggestions

Windows 10 has been distributed since July 2015 by means of Windows notifications and e-mails. This is an interesting opportunity for hackers to employ social engineering methods to encourage users to download viruses.

  • The first malware based on faking Windows 10 distribution was CTB-Locker, a ransomware which is not uncommon. In this campaign, an e-mail, apparently sent by update@windows.com, contains an attachment which supposedly downloads Windows 10, but in reality is a .zip file which deploys CTB-Locker. Compared with other ransomware, such as Cryptowall, CTB-Locker differs by asking the victim to pay in bitcoins via a TOR site for his files to be released.
  • Another campaign, in Brazil, uses similar e-mails to make victims download malware. This is a VBE script to introduce further malware, which captures the victim’s data.

Read More

Suggestions

In July, the dating site AdopteUnMec.com was challenged by a data leakage and a warning from CNIL (French Data Protection Authority) concerning its customer files.

  • Journalists realised that the source code of pages corresponding to the profiles of site members revealed information that should never have been made public. Anyone could see the hashed password, last IP address, geographical coordinates and e-mail address.
  • In parallel with this, CNIL issued a warning to AdopteUnMec.com and seven other dating sites. Comments attached by employees to customer files are sometimes inappropriate, or even offensive. Dating sites are criticised for failing to apply the necessary precautions when collecting and handling sensitive information, in particular on the ethnicity or sexual preferences of individuals.

Read More

Suggestions

Researchers working in IT security claim that the logins of thousands of American public employees can be found on sites in the Dark Web.

  • These e-mail addresses and passwords concerning 47 American public agencies are believed to have been made available in recent years on various toxic communication networks.
  • This leakage of data over a period of time has two principal sources. A number of American public bodies have recently suffered major cyber-attacks: since 2014, the US Postal Service, the State Employment Department, the Department of State, the US Investigations Services and the Office of Personnel Management have all experienced massive data leakage through cyber-attacks carried out by Chinese State hackers, or by hacktivists involved in operations of a more political nature such as OpSaveGaza. However, a major part of these governmental logins probably comes from attacks on third-party sites on which public employees have registered using their business credentials.
  • The risk of cyber-espionage is made greater by the fact that most governmental web sites only require single-factor authentication in the logon process, rendering the credentials easily and directly exploitable.

Read More

Suggestions