Cybersecurity in Europe: Key Recommendations for The New Cyber Review

by

. These are some of the questions that Hanover’s Digital Policy team* considers relevant to be addressed for Europe’s cyber preparedness.
Indeed, the major cybersecurity overhaul, which was announced on September 13 by Commission President, Jean-Claude Juncker, at the State of the Union address in Strasbourg, set a new course for Europe’s efforts in fighting cyber vulnerabilities, notably by coming up with a new non-binding cyber strategy and a revised mandate of the ENISA agency with new competences.
Yet, Member countries should be more open to information sharing. Our survey shows that all respondents ‘agree’ with further information sharing amongst Member countries, 35 percent of which even ‘strongly agree’.
Despite these achievements, some outstanding issues need to be addressed, i.e. avoiding fragmentation, which would benefit to further operational efficiency, and preserving the integrity of encrypted communications, to avoid that backdoors for government access are used for malicious purposes.

Data Breach

Alleged Yahoo hacker pleads not guilty to helping Russian agents conduct massive 2014 data breach

by

Alleged Yahoo hacker pleads not guilty to helping Russian agents conduct massive 2014 data breach.
Canadian Karim Baratov has pleaded not guilty to all charges in a US court that he helped Russian agents conduct the massive 2014 cyberattack on Yahoo that saw the data theft of more than 500 million Yahoo user accounts.
Belan also managed to gain illegal access to Yahoo’s Account Management Tool, which is a “proprietary means by which Yahoo made and logged changes to user accounts.”
Belan, Dokuchaev and Sushchin then used the stolen data to “locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorization.”
The others are among the FBI’s most-wanted cyber criminals.
Baratov has been charged with conspiring to commit computer fraud and abuse, conspiring to commit access device fraud, conspiring to commit wire fraud and aggravated identity theft.
If convicted, the alleged hacker-for-hire faces up to 20 years in prison.
After waiving his right to an extradition hearing last Friday, he was extradited from Canada on Tuesday and entered his plea during a brief appearance at a US Federal Court in the Northern District of California, his lawyer Andrew Mancilla said. “Silicon Valley’s computer infrastructure provides the means by which people around the world communicate with each other in their business and personal lives,” US Attorney Brian Stretch said in March. “The privacy and security of those communications must be governed by the rule of law, not by the whim of criminal hackers and those who employ them.

DMARC anti-phishing standard adoption is lagging even in big firms

by

We could cut down on e-mail spoofing, but we don’t Big-name companies are still leaving themselves and their customers open to phishing because they haven’t implemented the DMARC message validation standard.
In this year’s DMARC adoption report [PDF], phishing prevention specialist Agari reckons two-thirds of the Fortune 500 are yet to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) yet.
Specified in RFC 7489 to combine Sender Policy Framework and DomainKeys Identified Mail techniques, DMARC’s aim is to defeat e-mail spoofing.
It was originally put forward by Google, Microsoft, AOL, Facebook, Yahoo!, PayPal and others.
The FTSE 100 had the same non-adoption rate of 67 per cent, while Australian companies care even less, with 73 per cent having no DMARC policy record.
Even among those who are aware of DMARC, hardly any are using it for anything more than monitoring (25 percent of the Fortune 500, 26 per cent of the FTSE 100, and 23 per cent of the ASX 100).
“Quarantine” or “reject” only appeared in eight per cent of Fortune 500 companies, 7 percent of FTSE 100 companies, and four per cent of ASX 100 companies.
To help things along, back in 2012 Agari made its Receiver Program free to try and encourage adoption.
The IT industry and telcos in particular can hang their heads in shame: apart from 21 per cent of US tech companies using DMARC, and a mere one per cent of US telcos, adoption is zero elsewhere (people, even Twitter thinks it’s a good idea).
Organisations must Quarantine, Reject and maintain strong email governance to reap the benefits of DMARC”, the report concludes.

Hackers Are Coming for Your Cell-Phone Number

by

Hackers Are Coming for Your Cell-Phone Number.
Yesterday If you suddenly lose control of a host of Web services at once, there could be a simple root cause: hackers have taken control of your phone number.
The New York Times reports that hackers have been increasingly able to convince carriers to transfer customer phone numbers to devices in their control.
That allows them to reset passwords for sites secured using two-factor authentication, a feature that is now used widely by sites like Twitter and Facebook.
You might be particularly concerned if you’re an early adopter of cryptocurrencies, as attackers appear to be focusing attentions on commandeering logins for currency lockers and then draining them.
The Times points to the particularly troubling experience of Joby Weeks, a Bitcoin entrepreneur who lost “about a million dollars’ worth of virtual currency” last year via this kind of scam, even though he had alerted his cell carrier that he might have been targeted.
Earlier this month, Wired published an interesting piece highlighting the newfound status of the phone number as “the only username that matters.” From the article: WhatsApp was among the first apps to equate your account with your phone number.
Now apps like Snapchat, Twitter, and Facebook Messenger do it too.
Starting this fall, setting up your iPhone will be as easy as punching in your number.
The supposedly super-secure way of logging into apps involves texting you a secret code to verify your identity.

Credit Card Fraud

Six Effective Ways To Keep Your Money Safe While Traveling

by

Pickpockets that often target crowded tourist areas are an added risk to your finances on vacation, so always make sure to plan wisely and take all the necessary precautions when traveling.
Use your credit rather than your debit card.
If your wallet gets stolen, debit cards offer less protection, and dealing with fraudulent charges is less of a hassle on your credit card.
However, if you need to withdraw cash, use your debit card; credit cards have high fees.
– Stacy Francis, Francis Financial, Inc. 2.
For example, you can carry a money pouch under your clothing, with one credit card and a small amount of cash.
Keep a separate credit card and ID hidden in a locking suitcase at your hotel.
Only Use Bank ATMs A major source of money theft comes from where you’d least expect it: the ATM.
Only Use Credit Cards Whenever I travel, I follow a simple rule: no cash, no debit.
Exchange enough money at the airport to get you to your hotel with some to spare.

Online Credit Card Fraud Risk Increases Due to Russian Online Carding Course

by

Online Credit Card Fraud Risk Increases Due to Russian Online Carding Course.
Credit card fraud has always been a problem for digital payments.
It has become increasingly easy for criminals to obtain credit card information, either by keylogging user information or by hacking online retailers.
It now appears Russian hackers have put together a compendium of sorts which allows anyone to abuse stolen credit card information with relative ease.
Credit card fraud has always been a big problem.
The number of credit cards stolen from online retailers or through other cyber attacks has risen almost every single year.
When security researchers stumbled across a six-week online course teaching Russian hackers how to card goods and services using stolen credit card information, things took a turn for the worse.
Credit cards are an integral part of eBay and PayPal, making them prone targets to carding attempts.
This WWH course is on par with regular university courses, as it oozes professionalism and the intent to share knowledge.
The “teachers” claim they will continue to update course materials on a regular basis.

Digital Shadows study explores tactics of credit card fraud gangs

by

Digital Shadows study explores tactics of credit card fraud gangs.
Digital risk management firm Digital Shadows recently released the findings of study that explored the various habits and tactics utilised by credit card fraud gangs.
The company’s global team of analysts evaluated a wide range of criminal forums and discovered a rising trend of remote learning ‘schools’.
Typically taught in the Russian language, these schools offer six-week courses that are so sophisticated, they include webinars, course materials and detailed notes.
Cyber criminals who complete these courses could potential make up to $12,000 a month.
Rick Holland, VP Strategy at Digital Shadows, commented: “The card companies have developed sophisticated anti-fraud measures and high quality training like this can be seen as a reaction to this.” “Unfortunately, it’s a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem and cost card brands, retailers and consumers.
However, the benefit is that the criminals are increasingly exposing their methods, which means that credit card companies, merchants and customers can learn from them and adjust their defences accordingly.”
Other insights from the study show that social engineering techniques are heavily emphasised in the courses as it is the main weapon used by cyber criminals to discover PIN codes, and personal details of the cardholder. “This ecosystem is highly complex and international.

Why Are Millennials Avoiding Credit Cards?

by

Why Are Millennials Avoiding Credit Cards?.
That compares to only 45% of Americans between the ages of 30 and 49, and 38% of those aged 50-64 without credit cards.
The 2009 Credit Card Accountability Responsibility and Disclosure (CARD) Act probably played some part in the decrease by making credit cards difficult to obtain for those under age 21.
Unemployment may be keeping some millennials from qualifying for credit, but others appear to be avoiding credit cards as a matter of principle.
Debt/Interest Rate – Credit card debt is usually the highest interest rate debt you will incur and if you charge more than you can pay off each month, debt can spiral to unmanageable levels.
Ease of Overspending – The flipside of the convenience advantages listed above.
Poor Credit Scores – Just as you can build your credit history with responsible credit card use, you can damage it with irresponsible use.
Having no credit history makes it difficult to qualify for loans and mortgages, but having a poor credit history increases those difficulties.
The most responsible path is to use cards sparingly, pay them off in full each month, and stay at a small fraction of your credit limit (10% or less if possible).
Avoiding credit cards is advisable if you cannot use them responsibly.