Tuesday, June 24, 2014

Moving away the evil spirits of cybersecurity

The purifying fire scares away evil spirits, bonfires on the beach are become the main protagonists of the night of Saint John, the shortest night of the year. A magical night in which the rites and legends intertwine to make way for the summer. We wish it was that easy to keep us away from cybercriminals, right?

Two months ago, a very serious vulnerability was discovered in a highly popular cryptographic library called OpenSSL. The flaw, called Heartbleed, affected hundreds of thousands of servers worldwide. Half of them, about 300,000, have not yet been updated. Servers can not jump bonfires to keep out malicious minds, so their administrators should take action on the matter.

In fact, it seems that Heartbleed has been the gateway for an attack that hit about 1,000 devices from employees at AVIVA insurance company in the UK. The hacker responsible for the incident gained access to the management system server of MobileIron, an AVIVA’s supplier, sent messages to employees and then cleaned all their devices.

Other companies recently shaken by two security incidents, the French and Belgian subsidiaries of Domino's Pizza, breathe a sigh of relief... At least, for now. Cybercriminals from Rex Mundi group who assured them that would make public the data from 650,000 of their customers if they did not pay a ransom, have not yet carried out their threats.

The fire will not be useful to keep phishing emails away either. It has been detected a campaign using Dropbox visual image to deceive users to click on a link that supposedly will redirected them to a file stored on such service, but in reality it will be a fake page to steal their Yahoo!, Gmail, Hotmail or AOL credentials.

But phishing attacks targeting banks are even more dangerous. A 64 years old Austrian man became a victim of one of them when a malicious email led him to enter login details to his bank account on a bogus webpage. Fortunately he denounced such events to the police so the bank gave him the amount stolen back and law enforcement managed to arrest three people for that crime.

We can not rely on myths and superstitions to fight these unscrupulous guys who turns Internet into a minefield. In this sense, the exchange of information among security professionals is paramount. Therefore, Microsoft has launched "Interflow", a platform that facilitates this task by connecting cybersecurity experts from different sectors and industries in real time, so that they can give a faster respond to threats.

If you do not feel safe, despite having jumped over a bonfire tonight, you can keep yourself informed about the world of cybersecurity through any of our social channels (find the links at the right sidebar) or here on our blog.


Post a Comment