Home Tags Egypt

Tag: Egypt

Report: Ban on laptops in planes may expand to Europe

A no-laptops rule might be imposed on flights from Europe to the US.

ALTV launches hit prank show from the streets of Cairo

Hit show ‘Khod Aqolak’ extends ALTV’s presence as the fastest growing digital platform for current entertainment across the Middle East and North AfricaCairo, Egypt, 18th April 2017: ALTV, one of the fastest growing free streaming services recently launched in the Middle East and North Africa, has found further success in providing exciting and locally relevant content with ‘Khod Aqolak’ after the platform attracted the attention of the show’s star, Ibrahim Farouk.The show’s title comes from... Source: RealWire

Orange Egypt integrates Openet’s Real-time Offer Manager to improve subscriber experience

Openet enables Orange Egypt to stimulate data usage through real-time offers to create new revenue streamsDUBLIN, Ireland – 12th April, 2017 – Openet, a global leader in the supply of real-time BSS (business support systems) and customer engagement systems, today announced that Orange Egypt, a leading Egyptian operator, has deployed Openet’s Real-Time Offer Manager (RTOM) solution plus reporting tools to improve subscriber experience and increase data revenues. Orange Egypt is using Openet’s RTOM solution to... Source: RealWire

Now UK bans carry-on lappies, phones, slabs on flights from six...

Hit list: Turkey, Lebanon, Egypt, Jordan, Tunisia, Saudi Arabia The UK has banned airline passengers on direct inbound flights from six countries in the Middle East and North Africa from taking a range of electronic devices into the cabin due to fears of a terrorist attack.…

ALTV launches first ever user-generated daily current events show in Egypt

The digital video community’s new show ‘Street’s Point of View’ proves a hit with audiences hungry for relevant local contentCairo, Egypt, 15 March 2017: ALTV, one of the fastest growing free streaming services recently launched in the Middle East and North Africa, is breaking new ground in the Egyptian broadcast arena with the success of the region’s first ever user-generated current events show.ALTV’s mission to turn viewers from across the MENA into digital content creators... Source: RealWire

Man gets three years in prison for laser strike on police...

Enlarge / Jordan Clarence Rogers fired a laser similar to this one, which was aimed upward in Egypt in 2012.Ed Giles / Getty Images News reader comments 61 Share this story A Kansas City man was sentenced Thursday to three years in prison after he pleaded guilty in September 2016 to pointing a laser at a local police helicopter. Jordan Clarence Rogers has now joined the ranks of people who have been convicted of laser strikes relative to the thousands of incidents that are reported to the Federal Aviation Administration every year. The federal government takes such laser strikes very seriously and prosecutes cases when and where it can. The Department of Justice told Ars that more than 28,000 laser illumination incidents in the United States have been reported to the Federal Aviation Administration between 2011 and 2015. But as of 2014, only 134 arrests were made, and there were only 80 convictions. As of October 22, 2016 the FAA reported 5,564 incidents nationwide. That’s more than 22 laser strikes reported in the United States every day. However, in 2015, just 12 were reported in Kansas City, Missouri, where Rogers fired his laser. According to federal prosecutors, Rogers was “generally aware” that firing a laser at a car or an aircraft was potentially dangerous. In a pre-sentencing memorandum, the government asked the judge to impose a sentence of four years.  “It creates a danger not only to those in the aircraft but also to those on the ground,” Brian Casey, an assistant United States Attorney, wrote in that filing, referring to Rogers' 2013 laser strike. “In this case, the defendant struck the aircraft over a residential neighborhood. Thankfully the pilot was able to remain in control, but this defendant created a real and entirely unnecessary risk of tragedy. This is a serious offense and the defendant’s punishment should reflect that fact.” Casey also pointed out that Rogers had a "horrendous" criminal history that includes prior drug and property crimes. Carrie Allen, who served as Rogers’ public defender, had asked the judge to impose a lesser sentence than what the government was asking for. “Mr. Rogers did something that many young people might impulsively do: impulsively attempt to hit an object with a laser pointer,” she wrote in her own pre-sentencing memorandum. “Unfortunately, a helicopter is an enticing target in these circumstances. Mr. Rogers did not go to an airport and intentionally point a laser pointer at planes carrying hundreds of people. Yet, the guidelines would not distinguish between that sort of thought out action, endangering large amounts of innocent civilians, and this impulsive behavior.” In December 2016, Ars reported on the case of Barry Bowser, a California man who went to trial after the government accused him of the same crime. He was found guilty and was sentenced to 21 months in prison.

ProtonMail launches Tor hidden service to dodge totalitarian censorship

Known oppressive regimes including Egypt, and er... the UK? Oh, the IP Act is law... ProtonMail, the privacy-focused email business, has launched a Tor hidden service to combat the censorship and surveillance of its users. The move is designed to counter actions "by totalitarian governments around the world to cut off access to privacy tools" and the Swiss company specifically cited "recent events such as the Egyptian government's move to block encrypted chat app Signal, and the passage of the Investigatory Powers Act in the UK that mandates tracking all web browsing activity". Speaking to The Register, ProtonMail's CEO and co-founder Andy Yen said: "We do expect to see more censorship this year of ProtonMail and services like us." First launched in 2014 by scientists who met at CERN and had become concerned by the mass-surveillance suggested by the Edward Snowden revelations, ProtonMail is engineered to protect its users' communications by using client-side encryption through users' browsers, meaning ProtonMail's servers never have access to any plaintext content. Combined with Switzerland's strong privacy laws, the freemium service has increasingly been seen as a popular destination for spooked citizens.
It has faced enormous DDoS attacks by assumed nation-state adversaries, and following the election of Donald Trump, sign-ups at the service doubled. Users can navigate to the Tor network through: https://protonirockerxow.onion Today, ProtonMail is announcing the introduction of a Tor hidden service, or onion site, which will allow users to directly connect to their encrypted email accounts through the Tor network at the URL https://protonirockerxow.onion, which ProtonMail said it expended "considerable CPU time" to generate for the sake of finding a hash that was more human readable and less prone to phishing. Additionally, the onion site also has a valid SSL certificate issued to Proton Technologies AG by DigiCert.

This is a reasonably novel innovation as the classical Certificate Authority system isn't compatible with Tor, where onion addresses are self-generated rather than purchased from a registrar. Yen told The Register: "The problem is, if you act as your own CA, you run the issue of not trusting that certificate authority by default." As such, ProtonMail reached out to the Tor Project, which suggested it get in touch with DigiCert, who had previously provided the CA service for Facebook. "Given ProtonMail's recent growth, we realize that the censorship of ProtonMail in certain countries is inevitable and we are proactively working to prevent this." said Yen. "Tor provides a way to circumvent certain Internet blocks so improving our compatibility with Tor is a natural first step." In the coming months, the Tor Project stated it would be "making additional security and privacy enhancements to ProtonMail, including finishing some of the leftover items from our 2016 Security Roadmap". ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub

Hack reveals data company Cellebrite works with everyone from US cops...

Enlarge / Leeor Ben-Peretz is the executive vice president of the Israeli firm Cellebrite.JACK GUEZ/AFP/Getty Images reader comments 38 Share this story On Thursday, Vice Motherboard reported that an unnamed source provided the site with 900GB of data hacked from Cellebrite, the well-known mobile phone data extraction company. Among other products, Cellebrite's UFED system offers "in-depth physical, file system, password, and logical extractions of evidentiary data," and is often the go-to product for law enforcement to pull data from seized phones and other devices. In a statement, Cellebrite called this hack "illegal" and noted that "the company is not aware of any specific increased risk to customers as a result of this incident; however, my.Cellebrite account holders are advised to change their passwords as a precaution." In addition, the trove of materials contains “customer support tickets” showing that the Israeli company sells its services to countries with questionable human rights records, including Turkey, Russia, and the United Arab Emirates. Cellebrite’s own website shows that the company works with numerous local, state, and federal law enforcement agencies, ranging from the Hartford, Connecticut police to the North Wales police in the United Kingdom. (The company reportedly aided the FBI to unlock the seized San Bernardino iPhone that became the center of a protracted legal battle.) However, little is known about the company’s business in many parts of the world. This would not be the first time that a digital surveillance company sold to unsavory regimes.
In 2015, data dumps from Hacking Team showed that it sold exploits to Egypt, Russia, Saudi Arabia, Bahrain, and the United Arab Emirates. Similarly, in 2014, documents leaked online showing that software created by the controversial UK-based Gamma Group International was used to spy on computers that appeared to be located in the US, the UK, Germany, Russia, Iran, and Bahrain.

Sneaky chat app Signal deploys decoy domains to deny despots

Reasonably secure messenger has, for now, outwitted those who would block it The latest update of Signal, one of the most well-regarded privacy-focused messaging applications for non-technical users, has just been revised to support a censorship circumvention technique that will make it more useful for people denied privacy by surveillance-oriented regimes. In response to reports that Egypt and the United Arab Emirates have been blocking Signal messaging through regional ISPs, Open Whisper Systems has revised the Android version of Signal to implement a technique called domain fronting. "With today's release, domain fronting is enabled for Signal users who have a phone number with a country code from Egypt or the UAE," said company founder Moxie Marlinspike in a blog post. "When those users send a Signal message, it will look like a normal HTTPS request to www.google.com.

To block Signal messages, these countries would also have to block all of google.com." As described in a 2015 paper by researchers from the University of California, Berkeley, Psiphon, and Brave New Software, domain fronting relies on the use of different domain names at different application layers to evade censorship. In contrast to a typical HTTPS request, where the domain name is echoed across the DNS query, the TLS Server Name Indication (SNI) extension, and the HTTP Host header, a domain-fronted request includes a decoy domain and a real domain. The DNS query and SNI present the "front domain" while the HTTP Host header, inaccessible in transit thanks to HTTPS, contains the actual destination – presumably a domain that's disallowed or censored. When the front domain is something like "google.com," then blocking that domain would deny everyone on the censored network access to Google. According to Marlinspike, Open Whisper's goal is to make disabling the internet the only option for regimes that would disable Signal. Domain fronting requires a CDN, to receive the request on an edge server and forward the request to the domain in the HTTP host header, or a service that provides similar functionality, like Google's App Engine, through a reflection script. Such service typically isn't free.

The research paper cites costs ranging from $0.10–0.25 per GB among service providers like Google App Engine, Amazon CloudFront, Microsoft Azure, Fastly, and CloudFlare.

This may explain why Signal isn't making domain fronting a default everywhere. Marlinspike said an iOS version of Signal that supports domain fronting is available through Signal's beta channel and a stable version is expected soon.
Subsequent updates, he said, will improve censorship detection and circumvention and broaden the availability of domain fronting. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub

Report: Egypt Censors Encrypted Signal App

Developer Open Whisper Systems says the country is censoring its messaging and voice calling program.

Egypt has reportedly censored encrypted chat service Signal.

App developer Open Whisper Systems on Monday confirmed the transcontinental country is censoring its messaging and voice calling program.

We'll begin deploying censorship circumvention in Signal over the next several weeks. Until then, Tor or a VPN can be used to access Signal.

— Open Whisper Systems (@whispersystems) December 19, 2016

The issue surfaced on Saturday, when IT specialist Ahmed Gharbeia tweeted about "wide reports" of Signal failure in Egypt.

"Everything is functioning normally on our end," Open Whisper Systems wrote in response, suggesting "something might be up" on the local network.

The firm reached out to the Open Observatory of Network Interference (OONI)—a global organization operating under the Tor Project to detect censorship, surveillance, and traffic manipulation on the Internet.

The project last week released two new software tests designed to examine the blocking of WhatsApp and Facebook Messenger, allowing anyone to monitor the accessibility of the apps and collect data as evidence.

Signal, a free app for Android, iOS, and desktop, is one of several messaging services to support end-to-end encryption—including Facebook's WhatsApp and Messenger. It is also one of several to come under fire from law enforcement officials who can't keep tabs on the conversations of suspected criminals.

Further details on the alleged censorship were not revealed; Open Whisper Systems did not immediately respond to PCMag's request for comment.

Constraints to encrypted social media are not new in Egypt: Facebook's free Internet service was shut down in December 2015 because the country's government could not spy on the browsing activities of local users.

The Egyptian Ministry of Communications and Information Technology also did not respond to a request for comment.

Open Whisper Systems recently ruffled some more government feathers with added support for disappearing messages. Users can determine how long—from five seconds to one week—a chat message is available to recipients before it self-destructs.

Worried about US surveillance, Internet Archive announces mirror in Canada

EnlargeAlirod Ameri reader comments 41 Share this story In a Tuesday blog post, Brewster Kahle, the founder of the Internet Archive, announced plans to mirror the entire massive repository in Canada—largely over fear of the incoming Trump administration. “On November 9 in America, we woke up to a new administration promising radical change," he wrote. “It was a firm reminder that institutions like ours, built for the long-term, need to design for change. For us, it means keeping our cultural materials safe, private, and perpetually accessible. It means preparing for a Web that may face greater restrictions.” He continued, warning that government surveillance “looks like it will increase.” As such, the Internet Archive is “fighting to protect our readers’ privacy in the digital world.” Currently, the Internet Archive physically hosts all of its materials in data centers in the San Francisco Bay Area, with some materials mirrored offsite in Egypt and the Netherlands. However, there is no fully complete mirror as of now. "If we had five or six copies, I think I could sleep," Kahle said in a talk in 2011. The Internet Archive currently hosts not only webpages, but books, movies, pieces of audio, software, and more. The organization has not announced when or where the “Internet Archive of Canada” would come online. Kahle did not immediately respond to Ars’ request for comment.

IT threat evolution Q3 2016

 Download the full report (PDF) Overview Targeted attacks and malware campaigns Dropping Elephant Targeted attack campaigns don’t need to be technically advanced in order to be successful.
In July 2016 we reported on a group called Dropping Elephant (also known as ‘Chinastrats’ and ‘Patchwork’). Using a combination of social engineering, old exploit code and some PowerShell-based malware this group was able to steal sensitive data from its victims. This group, which has been active since November 2015, targets high profile diplomatic and economic organizations linked to China’s foreign relations – an interest that is evident from the themes the attackers use to trap their victims. The attackers use a combination of spear-phishing e-mails and watering-hole attacks.

The first involves sending a document with remote content. When the victim opens the document, a ping request is sent to the attackers’ Command-and-Control (C2) server.

The victim then receives a second spear-phishing e-mail, containing either a Word document or a PowerPoint file (these exploit old vulnerabilities – CVE-2012-0158 and CVE-2014-6352 respectively). Once the payload has been executed, a UPX-packed AutoIT executable is dropped on to the system: once executed, this downloads further components from the C2 server and the theft of data from the victim’s computer begins. In Q3 2016, @kaspersky repelled 172m malicious attacks via online resources located in 191 countries #KLreport #Infosec Tweet The attackers also created a watering-hole website that downloads genuine news articles from legitimate websites.
If a visitor wants to view the whole article, they are prompted to download a PowerPoint file: this reveals the rest of the document, but also asks the victim to download a malicious object.

The attackers sometimes e-mail links to their watering-hole website.
In addition, they maintain Google+, Facebook and Twitter accounts, to develop relevant search engine optimization (SEO) and to reach out to wider targets. The success of the Dropping Elephant group is striking given that no zero-day exploits or advanced techniques were used to target high-profile victims – it’s clear that by applying security updates and improving the security awareness of staff, the success of attacks like this can be prevented.

At the start of the year we predicted that APT groups would invest less effort in developing sophisticated tools and make greater use of off-the-shelf malware.

Dropping Elephant provides a further example of how low investment and use of ready-made toolsets can be very effective when combined with high quality social engineering. ProjectSauron In September, our Anti-Targeted Attack Platform flagged an anomaly in the network of a customer’s organization.

Further investigation led us to uncover ProjectSauron, a group that has been stealing confidential data from organizations in Russia, Iran and Rwanda – and probably other countries – since June 2011. We have identified more than 30 victims: the target organizations all play a key role in providing state services and come from government, military, scientific research, telecommunications and financial sectors. ProjectSauron is particularly focused on obtaining access to encrypted communications, hunting for them using an advanced, modular cyber-espionage platform that incorporates a set of unique tools and techniques.

The cost, complexity, persistence and the ultimate goal of the operation (i.e. stealing secret data from state-related organizations) suggest that ProjectSauron is a state-sponsored campaign. ProjectSauron gives the impression of an experienced threat group that has made a considerable effort to learn from other highly advanced attacks, including Duqu, Flame, Equation and Regin – adopting some of their most innovative techniques and improving on their tactics in order to remain undiscovered. One of the most noteworthy features of ProjectSauron is the deliberate avoidance of patterns: the implants used by the group are customized for each victim and are never re-used.

This makes the use of traditional Indicators of Compromise (IoC) almost useless.

This approach, along with the use of multiple routes for the exfiltration of stolen data (such as legitimate e-mail channels and DNS) enables ProjectSauron to conduct well-hidden, long-term spying campaigns in targeted networks. Key features of ProjectSauron: core implants that are unique for each victim; use of legitimate software update scripts; use of backdoors that download new modules or run commands in memory only; focus on information relating to custom network encryption software; use of low-level tools orchestrated by high-level LUA scripts (the use of LUA is very rare – previously seen only in Flame and Animal Farm attacks; use of specially prepared USB drives to jump across air-gapped networks, with hidden compartments for storing stolen data; use of multiple exfiltration mechanisms to conceal transfer of data in day-to-day traffic. The method used to initially infect victims remains unknown. The single use of unique methods, such as control server, encryption keys and more, in addition to the adoption of cutting-edge techniques from other major threats groups, is new.

The only effective way to withstand such threats is to deploy multiple layers of security, with sensors to monitor for even the slightest anomaly in organizational workflow, combined with threat intelligence and forensic analysis. You can find further discussion of the methods available to deal with such threats here. ShadowBrokers In August, a person or group going under the name ‘ShadowBrokers’ claimed to possess files belonging to the Equation group.

They provided links to two PGP encrypted archives.

They provided the password to the first for free, but ‘auctioned’ the second, setting the price at 1 million BTC (1/15th of the bitcoins in circulation). Having uncovered the Equation group in February 2015, we were interested in examining the first archive.
It contains almost 300MB of firewall exploits, tools and scripts, under cryptonyms such as BANANAUSURPER, BLATSTING and BUZZDIRECTION. Most of the files are at least three years old, with change entries pointing to August 2013 and the newest time-stamp dating to October 2013. The Equation group makes extensive use of RC5 and RC6 encryption algorithms (these algorithms were designed by Ronald Rivest in 1994 and 1998 respectively).

The free trove provided by ShadowBrokers includes 347 different instances of RC5 and RC6 implementations.

The implementation is functionally identical with that found in the Equation malware – and has not been seen elsewhere. The code similarity makes us believe with a high degree of confidence that the tools from the ShadowBrokers leak are related to the malware from the Equation group. Operation Ghoul In June, we noticed a wave of spear-phishing e-mails with malicious attachments.

The messages, sent mainly to top and middle level managers of numerous companies, appeared to be coming from a bank in the UAE.

The messages claimed to offer payment advice from the bank and included an attached SWIFT document.

But the archive really contained malware.

Further investigation revealed that the June attacks were the most recent operation of a group that researchers had been tracking for more than a year, named Operation Ghoul by Kaspersky Lab. The group successfully attacked more than 130 organizations from 30 countries, including Spain, Pakistan, UAE, India, Egypt, the United Kingdom, Germany and Saudi Arabia.

Based on information obtained from the sink-hole of some C2 servers, the majority of the target organizations work in the industrial and engineering sectors. Others include shipping, pharmaceutical, manufacturing, trading and educational organizations. The malware used by the Operation Ghoul group is based on the commercial spyware kit Hawkeye, sold openly on the Dark Web. Once installed, the malware collects interesting data from the victim’s computer, including keystrokes, clipboard data, FTP server credentials, account data from browsers, messaging clients, e-mail clients and information about installed applications.

This data is sent to the group’s C2 servers. The aim of the campaign seems to be financial profit – all the targeted organizations hold valuable data that can be sold on the black market. The continued success of social engineering as a way of gaining a foothold in target organizations highlights the need for businesses to make staff awareness and education a central component of their security strategy. Malware stories Lurk In June 2016 we reported on the Lurk banking Trojan, used to systematically siphon money from the accounts of commercial organizations in Russia – among them, a number of banks.

The police estimate the losses caused by this Trojan at around $45 million. During our research into this Trojan, it became apparent that victims of Lurk had also installed the remote administration software, Ammyy Admin. While we didn’t give it much thought at first, it became apparent that the official Ammyy Admin website had been compromised and was being used by the Lurk gang as part of a watering-hole attack: the Trojan was downloaded to victim’s computers along with the legitimate software. The dropper on the Ammyy Admin site started distributing a different Trojan on 1 June 2016, ‘Trojan-PSW.Win32.Fareit’: this was the day that the alleged creators of the Lurk Trojan were arrested.
It seems that those responsible for the Ammyy Admin website breach were happy to sell their Trojan dropper to anyone who wanted to distribute malware from the compromised site. The banking Trojan wasn’t the only cybercriminal activity the Lurk group was involved in.

The group also developed the Angler exploit kit, a set of malicious programs designed to exploit vulnerabilities in widespread software to install malware.

This exploit kit was originally developed to provide a reliable and effective delivery channel for the group’s malware. However, in 2013 the group started to rent out the kit to anyone who was willing to pay for it – probably to help pay for the group’s huge network infrastructure and large number of ‘staff’.

The Angler exploit kit became one of the most powerful tools available on the criminal underground. Unlike the Lurk banking Trojan, which focused on victims in Russia, Angler has been used by attackers across the world – including the groups behind the CryptXXX and TeslaCrypt ransomware and the Neverquest banking Trojan (the latter was used against almost 100 banks).

The operations of Angler were disrupted after the arrest of the alleged members of the Lurk group. In Q3 2016, 45.2M unique malicious URLs were recognized by @kaspersky web antivirus components #KLreport #IT Tweet The group was involved in other side activities too.

For more than five years, the group moved from developing very powerful malware for automated money theft with Remote Banking Services software, to sophisticated theft involving SIM-card swap fraud, to becoming hacking specialists familiar with the internal infrastructure of banks. Kaspersky Lab provided assistance to the Russian police in the investigation into the group behind the Lurk Trojan.

The arrests marked the culmination of a six-year investigation by our Computer Incidents Investigation Team. You can read about the investigation here. Ransomware Hardly a month goes by without reports of ransomware attacks in the media: for example, a recent report suggested that 28 NHS trusts in the UK have fallen victim to ransomware in the last 12 months. Most ransomware attacks are directed at consumers, but a significant proportion target businesses (around 13 per cent in 2015-16).

The Kaspersky Lab IT Security Risks Survey 2016 indicated that around 42 per cent of small and medium businesses became victims of ransomware in the 12 months up to August 2016. One recent ransomware campaign demanded a massive two bitcoins (around $1,300) as a ransom.

The ransomware program, named Ded Cryptor, changes the wallpaper on the victim’s computer to a picture of an evil-looking Santa Claus. The modus operandi of this program (i.e. encrypted files, scary image, and ransom demand) is unremarkable, but the pre-history of this attack is interesting.
It is based on the EDA2 open-source ransomware code, developed by Utku Sen as part of a failed experiment. Utku Sen, a security expert from Turkey, created a ransomware program and published the code online. He realized that cybercriminals would use the code to create their own cryptors, but hoped that this would help security researchers to understand how cybercriminals think and code, thereby making their own efforts to block ransomware more effective. Ded Cryptor was just one of many ransomware programs spawned by EDA2.

Another such program that we saw recently was Fantom.

This was interesting not just because of its connection to EDA2, but because it simulates a genuine-looking Windows update screen This is displayed while Fantom is encrypting the victim’s files in the background.

The fake update program runs in full-screen mode, visually blocking access to other programs and distracting the victim from what’s really happening. Once the encryption has been completed, Fantom displays a more typical message. There’s no doubt that public awareness of the problem is growing, but it’s clear that consumers and organizations alike are not doing enough to combat the threat; and cybercriminals are capitalising on this – this is clearly reflected in the growing number of ransomware attacks. It’s important to reduce your exposure to ransomware (and we’ve outlined important steps you can take here and here). However, there’s no such thing as 100 per cent security, so it’s also important to mitigate the risk.
In particular, it’s vital to ensure that you have a backup, to avoid facing a situation where the only choices are to pay the cybercriminals or lose your data.
It’s never advisable to pay the ransom. In Q3 2016, @kaspersky web #antivirus detected 12,657,673 unique malicious objects #KLreport #netsec Tweet If you do find yourself in a situation where your files are encrypted and you don’t have a backup, ask your anti-malware vendor if they can help and check the No More Ransom website, to see if it holds the keys to decrypt your data.

This is a joint initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky Lab and Intel Security – designed to help victims of ransomware retrieve their encrypted data without paying cybercriminals. In a recent ‘ask the expert‘ session, Jornt van der Wiel, an expert from Kaspersky Lab’s Global Research and Analysis Team, provided useful insights into ransomware. Data breaches Personal information is a valuable commodity, so it’s no surprise that cybercriminals target online providers, looking for ways to bulk-steal data in a single attack. We’ve become accustomed to the steady stream of security breaches reported in the media.

This quarter has been no exception, with data leaks from the official forum of DotA 2, Yahoo and others. Some of these attacks resulted in the theft of huge amounts of data, highlighting the fact that many companies are failing to take adequate steps to defend themselves.

Any organization that holds personal data has a duty of care to secure it effectively.

This includes hashing and salting customer passwords and encrypting other sensitive data. Consumers can limit the damage of a security breach at an online provider by ensuring that they choose passwords that are unique and complex: an ideal password is at least 15 characters long and consists of a mixture of letters, numbers and symbols from the entire keyboard.

As an alternative, people can use a password manager application to handle all this for them automatically. It’s also a good idea to use two-factor authentication, where an online provider offers this feature – requiring customers to enter a code generated by a hardware token, or one sent to a mobile device, in order to access a site, or at least in order to make changes to account settings. Given the potential impact of a security breach, it’s hardly surprising to see regulatory authorities paying closer attention to the issue.

The UK Information Commissioner’s Office (ICO) recently issued a record fine of £400,000 to Talk Talk for the company’s ‘failure to implement the most basic cyber security measures’, related to the attack on the company in October 2015.
In the view of the ICO, the record fine ‘acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue’. The EU General Data Protection Regulation (GDPR), which comes into force in May 2018, will require companies to notify the regulator of data breaches, with significant fines for failure to secure personal data. You can find an overview of the regulation here. We took a look back at the impact of the Ashley Madison breach, one year after the attack that led to the leak of customer data, offering some good tips to anyone who might be considering looking online for love (and good advice for managing any online account).