In one of the last data breach fines to be handed down in a pre-GDPR Europe, the University of Greenwich has been ordered to pay a £120,000 fine to the Information Commissioner’s Office. The breach in question stemmed from a micro-website set up by students in 2004, and ultimately resulted in the details of 20,000 staff members and students being leaked online.
Almost two years ago, the European Union signed the General Data Protection Regulation (better known as the GDPR) into law, allowing for a 24 month period before the regulation would become binding to allow organisations and businesses time to comply with its requirements. At the time of writing, the GDPR will come into force in just eight days, a thought which may strike fear into the hearts of many business owners who are not going to be fully compliant by the deadline. So what exactly is going to happen, come Friday the 25th of May? We’ve taken the time to compile some information and predictions to help cut through the noise and focus on what’s important.
The GDPR, which replaces the 1995 Data Protection Directive, was adopted on 14th April 2016 and will become enforceable on 25th May 2018.
It seems that everyone in the cyber security sphere is talking about ransomware these days. Last year, attacks such as WannaCry, NotPetya and BadRabbit took the business world by storm, costing billions in damages. Ransomware is by no means a new threat (it has been around since at least 2005), but it is one of the fastest growing and most costly. Cyber crime is constantly changing, and criminals keep creating news ways to steal money. Ransomware has gotten increasingly sophisticated since 2005, but the people using and deploying it haven’t necessarily – now some cyber criminals are making more money selling high-tech ransomware strains to non-technical criminals than if they were to conduct the attacks themselves. The result is that more and more ‘hackers’ have access to ransomware and need very little technical know-how to operate it, leading to more and more ransomware attacks each year. It may come as a surprise, then, to hear that the FBI received less reports of ransomware attacks in 2017 than in 2016 and 2015, despite the increase in attacks.
The FBI reported just 1,783 reports of ransomware attacks in 2017, compared to 2,673 in 2016 and 2,453 in 2015.
The cryptocurrency saga continues. A malicious extension has been removed from Google’s Chrome browser after it was revealed that it had been spreading through Facebook, attempting to steal passwords from unsuspecting users and taking advantage of their PCs to mine cryptocurrency. This isn’t the first time that cyber criminals have attempted to hijack other people’s computers in order to mine cryptocurrency for them. The extension, named FacexWorm, used Facebook messenger to spread to other users, sending what appears to be a Youtube link, which actually redirected the user to a fake landing page. The extension then communicated with criminal servers in order to download further malicious code onto the user’s PC.
Last month, Google announced that it would no longer accept Chrome extensions that mined cryptocurrency, in a move suspected to coincide with the removal of FacexWorm
The ongoing battle between cyber criminals and cyber security forces rages on, as one of the world’s largest DDoS-for-Hire websites has been taken down by Dutch police. The website was the target of Operation Power OFF, a coordinated effort by police from the Netherlands, UK, Spain, Croatia, Canada, US, Germany, Europol and several other countries. The site in question, webstresser.org, was believed to have been responsible for attacks against several of the UK’s largest banks in November 2017, as well as carrying out attacks on government websites and police forces around the world. DDoS, or Distributed-Denial-of-Service, is an attack where many online devices (such as PCs or IoT devices) are used to overwhelm a website or online service with traffic, essentially forcing them to freeze up or shut down.