It’s 2018, and cyber crime is on the rise. It seems every other week there is another data breach or cyber attack somewhere in the world, and many people are rightfully apprehensive that they may be hacked too, or even that their details may have been exposed online through a breach of a service that they use. What if your email and password were compromised in the Adobe breach in 2013, the Yahoo breach in 2016, or the LinkedIn breach in 2012? What if your email had been obtained online and sold to cyber criminals as part of a spam list, such as Exploit.In, or the Anti Public Combo List, both discovered in 2016? If so, you may be at risk of hackers gaining access to your accounts, or even committing identity fraud against you. Luckily, security researcher and Microsoft regional director Troy Hunt has developed a database so that you can check to see if you’ve been compromised – so you can secure your online presence again.
The cryptocurrency saga continues. A malicious extension has been removed from Google’s Chrome browser after it was revealed that it had been spreading through Facebook, attempting to steal passwords from unsuspecting users and taking advantage of their PCs to mine cryptocurrency. This isn’t the first time that cyber criminals have attempted to hijack other people’s computers in order to mine cryptocurrency for them. The extension, named FacexWorm, used Facebook messenger to spread to other users, sending what appears to be a Youtube link, which actually redirected the user to a fake landing page. The extension then communicated with criminal servers in order to download further malicious code onto the user’s PC.
Last month, Google announced that it would no longer accept Chrome extensions that mined cryptocurrency, in a move suspected to coincide with the removal of FacexWorm
We’ve all seen the headlines when a large multi-national corporation suffers a data breach, but are small businesses able to ‘fly under the radar’ for cyber crime? Well, according to Verizon’s annual data breach incident report, the opposite may be the case. While large organisations make headlines, the report found that 58% of data breaches actually occurred in small and medium-sized companies.
“Many small businesses don’t have the resources focused on security and training, and employees are not cognizant of being at risk,” according to the Vice President of Experian Data Breach Resolution, Michael Bruemmer. “Some of these businesses, especially startups, may have no or small revenue, but they may be processing credit cards or holding personal data for other companies, and they don’t realize they have to protect it.”
Half of all cyber attacks are currently believed to target small businesses (Source: Verizon Annual Data Breach Report)
It’s been a bad year for Facebook so far. They recently revealed that they may have improperly shared the details of 87 million users with a third-party, the now-infamous political consulting firm Cambridge Analytica. Then, on Wednesday, Mark Zuckerberg himself admitted during a press conference that “malicious actors” may have took advantage of Facebook to obtain the public data of all or most of Facebook’s 2.2 billion strong user base.
Social Engineering is becoming a larger problem for businesses and consumers alike over the past years. So what does it mean if cyber criminals have access to your public data?
Trend Micro, one of the largest cyber security firms in the world, has released their annual security roundup report, and the results show some alarming trends. With the GDPR upcoming, cyber criminals have been refining their techniques in order to increase their financial gains, moving away from exploit kits which can be an unpredictable earner, to more reliable tactics such as business email compromise, phishing and spam, ransomware, and the relatively new threat to businesses, malicious crypto-currency mining.