According to this report, malnets (malicious networks) came into play as a significant threat to organisations security in 2011: “These infrastructures last beyond any one attack, allowing cybercriminals to quickly adapt to new vulnerabilities and repeatedly launch malware attacks. By exploiting popular places on the internet, such as search engines, social networking and email, malnets have become very adept at infecting many users with little added investment.”

The average company faces approximately 5,000 threats a day. The report highlights that malnets gain access through three main entry points: Search engines; Email; and social networking sites.

The threat of search engines

• 1 in 142 search queries lead to a malicious link
• 20% of all requests in 2011  were searches
• To protect: Web filtering. This will ensure that users cannot access malicious sites or download any malicious files from the internet. The software that MSC provides their clients enables organisations to monitor internet usage and put specific user policies in place.

Email

• 68% increase in email attacks over 2010
• 17^th most popular category of content
• To protect: Email protection and content control. MSC’s email protection solution combines effective anti-spam, anti-virus and anti-phishing cover with uniquely low false positives. Content control from MSC protects against external threats, abuse and the misuse of sensitive or classified information for a secure working environment.

Social networking

• 1 in 6 malnet attacks
• Includes 95% of all web content
• To protect: Again, the deployment of web filtering software will protect against malicious sites that attempt entry into an organisation through social networking. Given the increasing number of threats that social networking sites pose, it is recommended that organisations put security policies into place in conjunction with web filtering policies.

For any further information about the threats your organisations may be facing and how to combat these, please get in touch with MSC today.

info@msc247.com | 0333 55 55 247

The BBC has reported that a spokesperson said the site was taken offline at 22:30 on Wednesday, but that the attack did not “pose a security risk to the organisation”.

SOCA has been the victim of such attacks in the past by members of the ‘hacktivist’ group LulzSec. This attack could be retaliation to the recent shut-down of 36 sites selling credit card details, of which SOCA played an integral part.  However, SOCA has not confirmed if it knew the source of the attack or the motive and therefore this is purely speculation.

Two men have been arrested in the UK for allegedly purchasing illegal data from the websites and one person has been arrested by authorities in Macedonia.

After cybercriminals have obtained credit cards details through means such as key-logging, they then sell the information through illegal websites to make a substantial profit. Over the last couple of years, SOCA, the FBI and various law enforcement agencies across the globe have collaborated to fight credit card fraud. During this time, an estimated £500m of potential losses to financial institutions have been avoided. A spokesperson from SOCA has indicated that the potential losses associated with the data on the 36 recently shut down websites will further add to that figure.

This will publicise which companies have left a website open to cyber-attack as well as those that run a completely secure website.  This will be measured by testing the website to see whether and how well they have implemented basic security software.

TIM has been founded by a group of security experts and entrepreneurs. They want to see a change in how online safety is approached and tackled. Initially, they will be testing the website’s Secure Socket Layer (SSL). This is a technology that many sites use to encrypt the sensitive data that users enter onto sites, for example credit card numbers and personal information.

Given that 52% of the sites that TIM have tested so far were running a version of SSL known to be compromised, this naming and shaming project is essential to reinforce the importance of online security to companies and consumers worldwide.

If you have any worries that your website may not be as secure as it should be, please get in touch with MSC today.

info@msc247.com | 0333 55 55 247

• You can no longer gain access into your email or social media account;
• Your friends may have questioned you about a suspicious email they received from your account; or
• Your personal information may have been changed on one of your social networking sites.

To be the subject of any of these situations does not feel good. Many people do not take any action as they are unaware of what they should do or the consequences of not doing anything.

Firstly it’s important to understand how you may have been hacked. The most likely scenario is that you have not been careful with your password. Perhaps you have used a public computer and logged onto password secured accounts online without taking appropriate precautions. You may have visited a website that has been compromised with malware that has the ability to install a data-stealing Trojan onto your PC. This can then steal any sensitive data you enter, for example usernames and/or passwords. Cybercriminals can then use this information in any way they wish. This is especially dangerous if you re-use a specific password across a number of accounts – once a cybercriminal has found out your Facebook password, they may then have access to your online banking or your email account.

If you think you may have been hacked – it is essential to change your passwords immediately and ensure that each online account is accessed with a different password.

Please read this blog to find out how to create a strong password.

Furthermore, you should report the hacking to the technical support or customer services department.

For any further advice, please get in touch with Managed Services Centre.

info@msc247.com | 0333 55 55 247

Macs are traditionally marketed being a much more secure system than PCs that run Microsoft Windows. However, this is not entirely true. While the Mac operating system may have built in security, this does not provide complete protection from malware and other vulnerabilities.

The main reason that Macs appear to be more secure than PC is the fact that Macs have always had a somewhat lower share of the market than that of PCs running Windows. This has led cybercriminals to ignore Macs as a target for spreading malware and focus on compromising computers that run Windows.

The recent Flashback Trojan is a prime example of how Macs are at great risk of cyber-attack. Cybercriminals are very aware that Macs are now outselling Windows-based PCs at an ever increasing rate, this combined with the fact that Mac users tend not to install antivirus or malware protection make them inherently vulnerable.

More than half a million Mac computers were infected with the Flashback Trojan, which installed itself after users were redirected to a counterfeit website via compromised resource or a traffic distribution system. According to PC Magazine Security Watch, these malicious websites exploited Java vulnerability (CVE-2012-0507) that allowed the Trojan to download itself without altering the user.

Mikko Hypponen, Chief Research Officer at F-Secure, tweeted that “Flashback would now have infected 1% of Macs, making Flashback roughly as common for Mac as Conficker was for Windows”.

This statement alone should push the message to Mac users that they DO need to take out security measures on their computers.

Such situations may include: adverse weaher conditions, major events such as the Olympic Games, or the recently announced potential petrol srike.

Would your business be able to cope if the majority of your employees were unable to work for a number of days? What would the financial implications be?

Managed Services Centre have put together some recommendations to ensure that your business runs smoothly even when your office is unaccesible.

Our main piece of advice is to provide your employees with remote access to your company network. One of the most secure and effective remote access technologies that MSC recommend to businesses comes from Juniper. Juniper’s Remote Access Appliance, an SSL device, enables small to medium organisations to securely and cost effectively access their corporate network from an internet browser anywhere, without the need of a client being installed.

This therefore provides a solution that enables staff to work productively from their home machine, an internet café, a library or on their laptop while they’re on the move. This can be branded to your organisation so that it gives the appearance of being your own intranet.

The SSL device allows you to set up a security policy to put restrictions on who has permission to access the network, what they are permitted access to as well as regulating what can be accessed dependant on where they have made the connection. For example, if Juniper has picked up that you are logging on from an internet café, extra security measures, such as disabling printing and restricting what you can access, can be put in place. It will also check the integrity of the device to ensure the anti-virus is up to date and it will advise on any updates that should be made.

Further recommendations to ensure that your business can always run smoothly:

• Cloud based data back-up: In the event that you lose power supply, or you face any other disasters, your data will be kept safe and readily available.
• Cloud based email archiving and full messaging contingency: allowing you to send and receive emails and access old emails even if your exchange server is offline or down.
• Two-factor authentication: ensuring only those authorised can access your networks and providing extra security if employees have to use public computers or public wireless connections to access sensitive data.
• Deploy the option for calls to be diverted to home or other numbers: this will enable all calls to still be answered and reduce the risk of potentially losing customers.
• In the case that employees are using personal laptops or mobile phones for business use, ensure that the appropriate security measures are put in place.

For any further information or advice about the options available for keeping your business running securely at all times then please contact us.

This new regulation has been drafted in order to keep up with how the internet has changed the way data is handled, used and, in particular, secured. The main aim of the regulation is to implement one common law across the EU.

A breach of the new law will result in significantly higher fines than the amount businesses would currently face. This regulation also requires all public authorities and all businesses employing more than 250 employees to appoint a data protection officer. Covering not only businesses based in the EU but also those outside that offer goods or services into the EU, businesses must amend their procedures and policies accordingly and ensure that all employees are aware of the new regulation.

The operations of data controllers will be affected greatly by this change to the data law. Such organisations, that determine the purposes for which and manner in which personal data is processed, will be required to take extensive responsibilities. Firstly to ensure that they working within the new data law and secondly they must keep documentation to demonstrate their compliance with the new regulation. Furthermore, data controllers must also notify their ‘data subjects’ of the time period for which they will process their personal data. In conjunction with this, all policies that relate to the processing of personal data must be ‘transparent’ and ‘easily accessible’.

It is also set out in the new law that data controllers must notify their relevant data protection supervisory authority of any personal data breach within 24 hours, where possible.

A recently carried out survey has highlighted that UK businesses fear the impact of the new EU data law. The primary worry is the cost that this will have to businesses. As previously mentioned, the fines for breaching the act are going to be substantially higher. However, as indicated by almost two-thirds of the survey respondents, this will surely aid towards the improvement of business and security processes? Furthermore, in line with the thoughts of 58% of the respondents, this will undoubtedly improve data protection.

It is essential for businesses to review their data security procedures. Are they up to date? Are they providing maximum protection? Organisations must ensure that not only all data they hold is protected but also that their organisation is secured from unauthorised visitors.

For further information about data security, the threats and how to overcome these, please follow this link.

Common factors among UK businesses

• IT is a constantly evolving area. Even the most proficient IT departments may not always employ leading edge technology;
• In many cases IT security services are not regularly reviewed to ensure maximum protection against the latest threats;
• Data back-up methods are often out-dated and do not offer full protection;
• For smaller companies without an IT department, there is often a reliance on a sole individual, leaving a business inherently vulnerable.

Real-time security

Real-time security continuously monitors the entire network enabling potential vulnerabilities to be detected and rectified immediately. It is no longer adequate for IT security teams to carry out sporadic security checks. Security should include a range of continual monitoring services for securing each part of an organisation’s IT systems, network and online presence.

Key-logging protection 

Data-stealing malware is one of the biggest threats to a company. The goal of cybercriminals is to steal confidential data that can be turned into a profit. The most common ways of inserting this malware onto a victim’s computer include: malicious programs hidden within enticing emails; exploiting open entry points critical to a company’s productivity; hidden within online advertisements; redirecting users from legitimate websites to fake, infected websites; and literally by sneaking the malware into a corporate network.
Data-stealing malware can reside on a computer without being recognised by commercial antivirus software; it can operate undetected for long periods of time.
It is increasingly difficult to prevent the intrusion of data stealing malware. The most effective security measure is to disable its function by deploying key-logging protection. This software prevents users’ keystrokes, screen captures and mouse clicks from being recognised by data-stealing malware. This straightforward security solution ensures ultimate data protection, of both corporate and personal data.

Continuous secure data back-up

Many firms still rely on traditional methods such as tapes or hard disks: this lacks up-to-date security measures, reliability and takes up valuable time.
Remote, automatic data back-up is reliable, safe and time efficient. It encrypts data which is backed-up throughout the day. It causes no disruption to employees and provides rapid secure recovery in the event of data loss.

Conclusion

Real-time security services, key-logging protection and remote back-up are an essential part of a suite of managed security measures that are vital to the protection of IT systems and data; their absence should require an organisation to review its IT security and seek expert advice immediately.

This is the key message from the recently launched campaign by the National Fraud Authority, Telecommunications UK Fraud Forum (TUFF) and Financial Fraud Action UK.

The campaign, ‘The Devil’s in Your Details’ has been commissioned in order to raise awareness of the growing threats of fraud in the UK and the importance of keeping your personal information safe. It serves as a reminder to the public that sensitive details, such as passwords and banking details, must not be openly shared with anyone that requests it. There are a rising number of cases whereby fraudsters telephone or email their victims under the pretence of being from their bank and ask them to hand over their details. It is strongly encouraged that individuals take measures to ensure that they are certain that the request for their information is genuine and that if there is anything or anyone they are unsure or suspicious about they should keep asking questions and challenge or they should end the engagement.

While security measures put forward by banks, as well as those that home users and businesses take out themselves, are getting increasingly sophisticated to aid the prevention of fraud – criminals are also becoming increasingly sophisticated. It is therefore imperative to ensure that you are always one step ahead – which is not always easy to do. The Devil’s in Your Details campaign enforces that individuals keep SAFE:

Suspect anything or anyone you don’t know – no matter what or who they claim to be.
Ask questions. Whatever a fraudster tries, you have the power to stay in control.
Find out for certain who you’re dealing with. Challenge anything that seems suspect.
End situations that make you uncomfortable. If you feel threatened, contact the police.

In conjunction with this essential advice, it is also fundamental to ensure that both individuals and business take measure to ensure that they are protected from electronic fraud. While this campaign essentially covers how you can keep safe from handing your details over to a fraudster, it is important to be aware about keeping safe from unknowingly handing your details over.

Data-stealing malware has been a major threat in the UK for a number of years. Affecting both businesses and individuals, cybercriminals are continuously finding new ways to infect PCs with banking malware such as the Zeus Trojan. Once this type of malware is present on a PC, it has the ability to copy and steal every keystroke made. It can therefore detect when a user enters their online banking details, for example, and then send this information to the cybercriminal who will then usually sell this on the black market – making a substantial profit.

The most common methods used to infect PCs with data-stealing malware include:

• Hiding the malware within enticing emails;
• Exploiting open entry points critical to a company’s productivity;
• Hiding the malware within online advertisements;
• Redirecting users from legitimate websites to fake, infected websites; and
• Literally by sneaking the malware into a corporate network.

 
Data-stealing malware can reside on a computer without being recognised by commercial antivirus software; it can operate undetected for long periods of time.

Given the sophistication of the infection methods, it is increasingly difficult to prevent the intrusion of data stealing malware. The most effective security measure is to disable its function by deploying key-logging protection. This software prevents users’ keystrokes, screen captures and mouse clicks from being recognised by data-stealing malware.

For further information about keeping yourself or your business safe from fraud, especially this summer with the high volume of scams related to the 2012 London Olympics, please get in touch with Managed Services Centre.

To find out more about The Devil’s in Your Details campaign:

• See the videos
• See the Facebook application