Cyber incidents are fast moving and increasing in number and severity. When a cyber incident occurs, the attacked enterprise responds with a set of predetermined actions. Get trending information on exploits, and vulnerabilities every week to help your organisation to be better equipped to avoid being victim of cybercrimes. Anglo African brings you the weekly cyber-attack news wrap-up and remedy tips to support your business to defend against hackers.
Ransomware scum are suggesting that victims infect their friends instead of paying for decryption keys. The ransomware variant “Popcorn Time”, unrelated to the popular Bittorrent client by the same name, first tells users they have a week in which to pay one one bitcoin (US$770) in order to have their files decrypted. The menace, spotted by the Malware Hunter group, also offers victims the chance to infect two other users to avoid payment.
Cyber attacks on the global banking system Swift are still finding success ten months after $81m (£63.91m; €76.16m) was stolen from Bangladesh Bank, the country’s central bank. The network, which handles trillions of dollars in transfers daily, has warned other central banks across the world of the escalating threat to their systems. “The threat is very persistent, adaptive and sophisticated – and it is here to stay,” Swift officials said, in a letter seen by Reuters. A number of central banks, including the Bank of England, have taken steps and issued warnings to prevent copycat attacks, but one in five attacks are still thought to be successful.
Google Chrome is one of the most used Internet browsers but lately, it is being used by cybercriminals and scammers to infect users with adware, malware and other malicious programs due to the low level of scrutiny on its web store. Recently, an Internet security firm Cyren discovered a malicious Chrome extension spreading nude celebrity PDFs all over the Internet including on Facebook.
Russian security company Dr. Web, who also makes a PC antivirus solution bearing the same name, warns that it discovered a total of 26 smartphone models running Android and infected with malware that’s injected in the stock firmware they are shipped with.
A variety of Netgear router models are vulnerable to a simple hack that allows attackers to take almost complete control of the devices, security experts warned over the weekend. The critical bug allows remote attackers to inject highly privileged commands whenever anyone connected to the local Netgear network clicks on a malicious Web link, a researcher who uses the online handle Acew0rm
Social Engineering an attack to be wary of
Social engineering is use of soft non-technical skills to gain unauthorized access to private computer networks. Social engineers rely on human interactions to lure people into giving out crucial confidential information that would compromise their Internet security. Hackers use social engineering for varied reasons but the end game is always to defraud you financially by manipulating your human instinct to trust rather than using brute force to break into your system.
How to Avoid Social Engineering Attacks
- Be wary of emails, instant messages and phone calls for unsolicited people such as service providers. Verify the source of message before giving out any information.
- Go slow and pay keen attention to fine details in emails and messages. Never let the urgency in attacker’s message cloud your judgment.
- Educate yourself. Information is the most powerful tool in preventing social engineering attacks. Research facts on how to identify, and ward off online criminals.
- Never click on embedded links in emails from unknown senders. If necessary use the search engine to search for suggested website or manually enter the website URL.
- Never download email attachment from unknown senders. If necessary open the attachment in protected view which is enabled by default in many operating systems.
- Reject requests for online tech support from strangers no matter how legitimate they may appear.
- Secure your computer space with a strong firewall, up to date antivirus software and set your spam filters too high.
- Patch up software and operating systems for Zero day vulnerabilities. Follow up on patch releases form your software providers and patch-up as soon as humanly possible.
- Pay attention to website URL. Sometimes online fraudsters make slight changes to URLs in order to direct traffic to their own spoofed sites.
- Avoid being greedy on the web. If you never participated in a lottery, it goes without saying that you can never be the winner. If you never lost money, why would you accept a refund from the FBI?