3.2.17

Over half of US citizens ‘have experienced a data breach’


The Pew Research Center has found that over half of American citizens have been victims of data breaches in recent years.
The online security survey, released on 26 January this year, revealed that 64% of adults in the US have either reported or were notified of a data breach that had impacted their personal data.
Respondents’ answers highlighted that credit card fraud was the most common form for a data breach to take, with 41% of Americans having fallen victim to it. 35% had experienced their personal data (such as account numbers) being compromised, while 6% found someone else to have impersonated them to file a tax return.
Along with data breaches and threats from cybercriminals, the survey found Americans to lack trust in the federal government and social media platforms when it came to protecting their personal data.  
Of the 1,040 adults who took part in the survey, 49% believed their personal data to be less secure than it was five years ago. Older citizens were significantly less trusting.
While data breaches are a growing problem, citizens around the world are not doing enough to protect themselves online.  
Despite having a lack of trust in the safety of their personal data, the results showed that the majority of Americans fail to implement extra safety measures themselves.
While experts advise against disclosing a password to a friend or family member for an online account, 41% of participators admitted to having done this.
It was also found that 69% of adults didn’t worry about how secure their online password was – even if they had previously experienced a data breach.
According to the study, neither are Americans prioritizing personal mobile security as they should. 28% of smartphone owners admitted they didn’t have a screen lock set up on their device, while 10% of users have never installed updates on their mobiles.
When it comes to online banking safety, 54% said they have accessed their bank online via an unsecured Wi-Fi network.
Organizations are not doing enough to protect themselves online either, as reported by a study carried out in November 2016.
Both surveys highlight that more needs to be done to educate citizens about staying safe online through adapting simple measures in everyday life.


2.2.17

Mobile World Congress 2017 : Threat Intelligence, versleutelende ransomware en gegevensbescherming centraal bij ESET


ESET, Europese leider in IT-beveiliging, presenteert zijn nieuwste producten voor bedrijven en mobiele platformen, zijn nieuwste onderzoek alsook zijn strategie met betrekking tot de EU wetgeving in zake gegevensbescherming op Mobile World Congress, van 27 februari tot 2 maart 2017. Zoals andere jaren, vindt men de ESET stand in Hall 5, plaats B05. Gedetailleerde informatie over de directieleden van ESET aanwezig op het congres, is te vinden op dedicated website.

ESET Threat Intelligence, een van de nieuwste diensten, zal in het brandpunt staan. Deze dienst voorspelt en informeert de klanten op een proactieve wijze over de real-time bedreigingen en biedt hen een grotere flexibiliteit om zich aan te passen aan een snel veranderende bedreigingsomgeving.

Gerichte aanvallen, APTs (advanced persistent threats), zerodays en botnet activiteiten maken deel uit van de Threat Intelligence analyse. De service is eveneens beschikbaar voor veiligheidsteams van bedrijven en Security Operations Centers, om specifieke malware te analyseren en informatie over de functionaliteiten en de impact ervan te verstrekken.

Het nieuwste onderzoek laat zien dat mobiele bedreigingen, en meer bepaald versleutelende en lock-screen ransomeware voor het Android platform, centraal staan. Vorsers van ESET publiceren een witboek met de meest recente gegevens over dit onderwerp en Juraj Malcho, CTO ESET, zal persoonlijk deze resultaten op het congres presenteren. “Elk jaar zien we een graduele toename van die bedreiging, voor alle platformen maar meer specifiek voor de mobiele. Nochtans beschermen gebruikers zich onvoldoende of ze hebben online onvoldoende aandacht voor een verantwoordelijk gedrag,” aldus Malcho.

                                                                                                                                                         
Een ander onderwerp in het brandpunt bij ESET op het congres is de Europese wetgeving in zake gegevensbescherming. De resultaten van een door ESET bestelde en door IDC uitgevoerde enquête bij IT-beslissers uit verscheidene Europese landen over gegevensbescherming en GDPR, de Europese regelgeving.

Gegevensbescherming is een sleutelelement in de Europese wetgeving waardoor het voor bedrijven verplicht wordt de persoonlijke gegevens op passende wijze te beschermen. De producten en technologie van ESET zijn goed uitgerust om aan de kernpunten van deze vereisten te beantwoorden,” zegt Palo Balaj, hoofd Business Development ESET EMEA, die op de stand aanwezig zal zijn.

Andere directieleden van ESET die eveneens op de stand aanwezig zijn: Ignacio Sbampato, Chief Business Officer, en Miroslav Mikus, hoofd EMEA verkoop en marketing. Zij zullen ook beschikbaar zijn voor interviews.


Voor bedrijfsdeelnemers presenteert Juraj Malcho, CTO ESET, de nieuwste trends in beveiliging op het ESET Targeted Neworking Event, op dinsdag 28 februari, van 16.00 tot 18.00, in de MWC Networking Garden 3/5.

31.1.17

Austrian hotel experiences ‘ransomware of things attack’


By Editor

Toward the end of 2016, ESET senior security researcher Stephen Cobb expressed concern about the possible mingling of three different types of system abuse: holding computer systems and data files hostage (ransomware); denying access to data and systems (DDoS); and infecting the Internet of Things (IoT) with malicious code.
He hypothesized that in 2017 we would likely see instances of jackware, whereby cybercriminals not only encrypt IoT devices, but also ask for a payment to be made in order for access to be restored to the user. “Think of jackware as a specialized form of ransomware,” he said. “As a malicious software that seeks to take control of a device [whose] primary purpose is neither data processing nor digital communications.”
Only one month into the new year, and it appears that we may well have our first example jackware in 2017. According to The Local, which first revealed the story, the four-star Austrian hotel Romantik Seehotel Jaegerwirt found itself the victim of a ‘ransomware of things attack’, one that bears all the hallmarks this new threat.
Cybercriminals were able to compromise the hotel’s electronic key system, as well as all of its computers. At first it was wrongly reported that guests were locked in their rooms. Speaking to Motherboard, Cristoph Brandstaetter, owner of Romantik Seehotel Jaegerwirt, confirmed that this was not the case. When the incident took place, all 180 guests that had already checked in were still able to get in and out of their rooms “because the owners were able to open the doors with their internal system, which wasn’t networked with the infected computers”.
Where the problem lay, Brandstaetter explained, was in the hotel’s ability to be able to issue new cards to new guests, subsequent to the ransomware attack. With the local authorities supposedly unable to offer suitable and speedy assistance, the owner felt he had no other choice but to give in to the demands of the cybercriminals. Approximately $1,603 in bitcoins were handed over.
This worked. The individuals behind the incident restored access to the electronic key system, as well as to all of the computers at the hotel. While this was welcomed, Brandstaetter felt as though this was not the end of it. Convinced the cybercriminals had left a backdoor in the system, he decided to update the existing security system, as well as all of the infected computers.
Interestingly, he is now looking at “old fashioned” security methods as a suitable solution to this new, technological threat that exploits connected devices. “With our next modernization, we are planning to change the key system so that we go back to old, normal keys,” he told Motherboard.
What this story reveals is that cybercriminals are keener than ever to deploy ransomware attacks, that they are willing to target anyone and everyone – even schools are not immune to this threat – and, in an ever-connected world, to hit, in particular, IoT devices in even greater numbers.
There is still room for optimism. Cobb, while frank about the challenges posed by jackware, concluded his expert piece on a positive note: we are, in even greater numbers, becoming aware of the risks associated with, for example, IoT devices, and coupled with industry efforts to develop solutions – and even government participation in bolstering security in this area – leaves a lot to be upbeat about. However, in the interim, vigilance is required. There are plenty of vulnerabilities waiting to be exploited.
For more on the ransomware of things, see Cobb’s expert piece. The full Trends 2017 paper can be found here.

29.1.17

Worrying about data privacy isn’t enough: Here’s how to own your online presence



“Who has access to my data?”
If you’ve asked yourself this question and can’t help but feel concerned, you are not alone. 
According to a National Cyber Security Alliance study from 2016, more than 90% of American internet users worry to some extent about their data privacy. For almost 70% of the surveyed Americans, their number one concern is the lack of control over the information they have posted online.
Even more so with regard to social media: an alarming 96% of respondents to a recent poll said they don’t have much faith in the services social networks provide to protect their information.

Similarly, for nine out of ten European citizens, the confidentiality of their personal information, online communication and behavior is an important issue, as shown in the recent Eurobarometer on ePrivacy.
“More than 90% of American internet users worry about their data privacy.”
The reactions to the newly publicized WhatsApp vulnerability only continue to prove just how strongly this topic resonates with both end users and security experts.
What better occasion to take a closer look at this issue than on the occasion of  international Data Privacy Day,  a global initiative dedicated to promoting a culture of privacy awareness in an increasingly digital world.
Here are a few tips to get match you online safety to your concerns.
Lock down your data by creating strong passwords or passphrases and make a habit of frequently changing them. Never use the same password for multiple services. Ideally, your password-protected accounts should be made even more secure by introducing an additional factor into your login routine. This extra layer can be ‘something you know, have, or are’: think pin codes, smartphone login approvals, security tokens or fingerprint authentication.

To own your online presence, periodically review your privacy settings on web services and social media accounts and adjust these selectively with regard to data sensitivity. If enabled by the medium, keep track of who sees what by splitting your social circle into categories with individual settings.
When browsing (official) app stores, make sure to get to know the app permissions before downloading or updating. Instead of blindly accepting the terms you’re confronted with, weigh out your potential losses and gains. If in doubt, read what other users have to say in their reviews.
Whatever your preferred means of expression, it is important to be aware of the possible consequences. Be your own strict editor and only allow yourself to post, like, share, comment in a way that won’t make things awkward for you if taken out of context.  
If you’re faced with tempting offers demanding immediate action, stop and think about their source and conditions. If something on the internet sounds too good to be true – be it unrealistic contest campaigns or “magical” popularity boosting apps – it most probably is.
“Only allow yourself to post, like, share, comment in a way that won’t make things awkward for you if taken out of context.”
Finally, don’t be selfish with your data privacy efforts; instead apply them just as thoughtfully when sharing information that concerns others.
Although different groups of people are prone to different kinds of unsafe online behaviours, the need for greater awareness as a first step towards improvement is universal. To support the endeavors of Data Privacy Day, we encourage you to pass these tips on to your family and friends.
Author Ondrej Kubovič, ESET