Loading...

Cyber Crime(October 2017)

Published October 2017

Jean-Pierre Murray-Kline - Internet & Social Media Specialist

This subject is so relevant. This week on news24.com, it was report that hundreds of thousands of South Africans, most without knowing, have had their personal information leaked in what would be the biggest POPI breach. The week prior, one of my own staff was scammed of a month’s salary through an e-mail scam. I have had a friend’s father lose thousands of Rands on cybercrime. Once, at a presentation I did, someone who attended wrote back to me post event, and told me they had worked out my google adwords log in information by monitoring me during the presentation which was on PPC…. Someone called the White rabbit.

Scary stuff!

What is it about this type of crime that people can’t seem to fathom? I encourage everyone to share this article with their colleagues and friends and family because there is a difference between being a victim of a crime, and being a sitting duck naive to the threat.

Let me try and get everyone reading this article up to speed on the status of Cyber Crime and give a general overview on what it’s all about. In a nutshell, the Cyber Crime is defined as theft through a computer or electronic device. The Types of crimes are:

  • Attacks on computer systems. (victims device suffers from malicious software such as viruses, trojans and spyware which either or both monitor your activity to obtain data)
  • Posting of illegal or prohibited content. (Victim might suffer having their private information, or media shared on public platform)
  • Hacking. (modifying or altering victims computer software with the objective to change the creator's original intentions)
  • Online scams. (victim engaging with a website which suggests a certain outcome, but the designers intention is sinister)
  • Identity theft. (victim has a criminal assume their identity online and acting on their behalf)

Cyber Crime is basically there for financial gain, or bragging by a hacker….

Either way, the victim suffers financially, or wastes their time, or has to replace equipment, and in some case needs to try and recover from reputational damage

Some terms you might want to hear and try to remember:

Ransomware

Type of attack where the perpetrator takes control of your device or information. Demanding money in exchange for its release.

Drive-by attacks

Implanted malicious code on; these attacks take advantage of browser vulnerabilities: automatically download malicious code and/or viruses, resulting in a compromised site (or even your browser), pop-ups, and such things.

Malvertisement

Malicious advertisement that attackers use to advertise on the internet, with the intent of infecting the viewer of that advertisement with malware.

Spyware

Perpetrators install malware on your device via different methods and then have access to everything you do on your device, essentially monitoring your every movement.

Wi-Fi Hackers

Perpetrators set-up a fake Wi-Fi hotspot with the same name as the one you use once you connect they can monitor what you are doing online and if needs be gain access to your login information.

3rd Party device attacks

Perpetrators develop apps that users unwittingly download and use and while doing so have their sensitive information such as passwords, PINs stolen.

Premium SMS costs

Through phishing or compromised third-party apps, perpetrators use your phone, send premium rate SMS’s without your knowledge, thus draining you of credit. Very nasty.

Botnets

Perpetrators can infect your device with software and make your device part of their robot network. Your own hardware then becomes part of their crime network which the perpetrators can use to attack others or make money for them online.

Okay, so you know some of the lingo for Cyber Crime, but honestly, how bad is it?

From research:

  • Damage costs to hit $6 trillion annually by 2021.
  • Cyber crime will result in triple the number of unfilled cybersecurity jobs.
  • Human attack to reach 4 billion people by 2020.
  • Global ransomware damage costs are predicted to exceed $5 billion in 2017.
  • In Q3 2016 alone, 18 million new malware samples were captured. That would equate to 51 000 a day average!
  • It hits home! South Africa is ranked the World’s Third Highest Cybercrime Victims.
  • Hackers take around 140 days to track down!
  • IT departments ignore their own protocols - 45% of IT personnel have knowingly circumvented their own policies.
  • Inside jobs are responsible for over half the crimes. 59% of employees steal proprietary corporate data when they quit or are fired.
  • Average number of attacks per company, per year is now at two successful attacks per week.
  • 8.8 million is the number of South Africans hit by cyber crime.
  • FedEx has cut its annual profit forecast, citing the $300m cost of a June cyberattack on its TNT Express unit.
  • Hackers steal £650 million from global banks, in 2015 alone.
  • Cryptocurrency: reported now there’s a one-in-10 chance you’ll end up a victim of theft.
  • Ransomware emerges as a top cyber threat to business.
  • Standard Bank South Africa computer system was hacked in a R300m ATM fraud hit in Japan.
  • In South Africa, cyber-crime has an economic impact equal to 0.14% of the national GDP – about R5.8 billion a year. Mixture of already detailed types of crimes, but also Online child sexual abuse (child porn) and Cyber-bullying.

Some interesting cases – there really are a lot …

Friends for everyone!

In the biggest data breach of the year, user details of more than 412 million accounts were exposed in a data breach at FriendFinder Networks.

Yahoo, no need to search, info is out there already.

2014 breach at Yahoo that exposed a record 500 million accounts. 2016. Staying with the same company, Yahoo, then acquired by Verizon Communications believes a security breach exposed all 3 billion of its users at the time.

Clients of banks, no need to rob the branches anymore.

2016 November - Tesco Bank was forced to halt online banking hackers managed to £2.5million.

Health care not even safe.

WannaCry virus hits the NHS, 2017. Hackers causes chaos among the UK's medical system. It was only stopped when a 22-year-old security researcher from Devon managed to find the kill switch, after the NHS had been down for a number of days.

Russian hackers.

Between 2014 -2016 a group of Russian-based hackers managed to gain access to secure information from more than 100 institutions around the world. The cyber criminals used malware to infiltrate banks' computer systems and gather personal data. It was estimated that around £650 million was stolen from the financial institutions in total.

Drama at Sony Pictures.

Known to be furious about the upcoming release of communism-mocking film The Interview, North Korea (who technically denied involvement but called it a “righteous deed”) wreaked havoc on the network of developers Sony Pictures. Syphoning a glut of sensitive data, leaks of upcoming films such as Annie and Still Alice bled onto the web.

Mafia Boy.

Some people just want to watch the world burn. “MafiaBoy” Calce, a 15-year old Canadian, was responsible for bringing some of the world’s biggest sites to their knees. Using an often ridiculed form of cyberattack, distributed denial-of-service (DDoS), MafiaBoy was able to disrupt online powerhouses like CNN, Amazon, eBay and Yahoo.

PlayStation not a game, for their Passwords.

Breach with no less than 77 million accounts filled with passwords, names and address were compromised. Occurring between 17th and 19th of April, forced Sony to switch off their PlayStation Network and music service Qriocity. The outage prevented any PS3 or PSP owner from accessing online content, and lasted for a total of 23 days. Sony announced shortly after that damages tallied up to $171 million (£115 million).

eBay.

eBay confirmed their corporate network was the victim of a cyber attack, compromising the passwords and financial information of their 145 million active users.

TalkTalk… of the town.

Major telecommunication company TalkTalk announced that around 157,000 of its customers’ personal details were accessed, and over 15,000 bank account numbers and sort codes were stolen.

Jean-Pierre Murray-Kline - Internet & Social Media Specialist

Back to South Africa.

What’s popular back home other?, bearing in mind, its reported only half of victims ever manage to recover funds in SA.

I heritance mail.

Victim gets advised they are to inherit funds, and need to place a fee to recover it.

Banking, but not with your bank.

I personally get about 3 mails a week like this, asking me to check some sort of banking issue online, asking me to log in, trying to direct me to a fake site to obtain my log in information.

The deposit scam.

A criminal orders goods or services from a business and makes a payment into the victim’s account, mostly by means of a fraudulent cheque.

The refund scam.

This scam is characterised by perpetrators requesting a quotation for a specific service or goods. ‘Payment” is then allegedly made and proof of payment is then provided for an amount that far exceeds the quotation.

What’s being done about Cybercrime and what to do when you encounter it.

In February 2017, South Africa made changes to our cybercrime bill … which are highly debated, and I am not even going to go into the pros and cons as to avoid boring my readers.

If you wish to read up on it, here are some good links:

http://www.justice.gov.za/legislation/bills/CyberCrimesBill2017.pdf
http://www.labourguide.co.za/most-recent/2178-cybercrime-law-in-south-africa

My summary of the Bills is that any changes that give state power, should be avoided and that access to reporting channels which are independent needs to be priority.

I will reserve an article for this Bill once it is finally passed, and I have monitored how it is implemented. I mean, some penalties for offences range from 1-10 years in prison or up to a R10-million fine…. So this will be interesting to observe.

How do we protect ourselves?

My tips and advice:

  • For Social Media, see this link: LockingDownSocialMedia.pdf – see steps.
  • Keep your computer current with the latest patches and updates.
  • Make sure your computer is configured securely. If you don’t know what this means, normally just go with default settings and call a friend.
  • Choose strong passwords and keep them safe. Nothing with your name and birthyear.
  • Make sure your social networking profiles (e.g. Facebook, Twitter, YouTube, MSN, etc.) are set to private. Don’t know how to do this? Google!
  • Never login to any site that uses HTTP instead of HTTPS when using public Wi-Fi; in fact, even when not using public Wi-Fi.
  • For an added layer of security, you should always use 2FA (2 factor authentication) for all your online accounts that support it. (Gmail, Facebook, etc.)
  • Turn Off Wi-Fi when not in use.
  • For companies, please protect your data. Use encryption for your most sensitive files, make regular back-ups of all important data and store it in a different location.
  • Protect your computer with security software. I personally love AVG.
  • Be social media savvy… don’t go posting pictures of your platinum credit card and BMW car key as a brag…. You might lose both because of it.
  • Secure mobile devices. More often than not, we leave our mobile devices unattended. Never store passwords, pin numbers and even your own address on any mobile device.
  • Help others, report odd people… suspicious characters! It’s a mind-set we have to adopt. Cybercriminals are no long just nerd looking.
  • If in doubt, block!
  • You have enough friends … probably. So say no to social media invitations (such as Facebook-friend or LinkedIn connection requests) from people you don't know.
  • Have more than one e-mail account. Remember, a hacker who has cracked your main email password has the keys to your [virtual] kingdom.
  • Ignore pop-ups.
  • I am so happy to give this advice: Macs are as vulnerable as PCs. That glitter PC can be attacked too.
  • Two-step verification is a must! If your email or cloud service offers it - Gmail, Dropbox, Apple and Facebook do - take the trouble to set this up.
  • Only shop online on secure sites. Do a reference check if you are not sure … just google.
  • Basic rule: didn't expect, don't click… goes for emails, pop ups, you name it.
  • Do not pay a ransom! There is no guarantee you will get your data back.
  • Different site, different passwords.
  • Never do online banking on public Wi-Fi.
  • Turn on Your Firewall.
  • Sharing connection – DON’T! (Turn it off)
  • Here are some helpful secure downloads :
    http://toolbar.netcraft.com/
    https://adblockplus.org/
    https://www.bitdefender.com/solutions/trafficlight.html

Okay, so you have done all the above, and you have still been attacked?

Who do you report the issue to?

I found this link very helpful:

https://alertafrica.com/awareness/who-to-report-to/

Published October 2017

Disclaimer:

  • While I attempt to ensure information is accurate and up to date at time of being published, I will not accept liability should information be used, and found to be incorrect. If you do see an error, please let me know.
  • The links, images, videos, or text from this article are not necessarily under my direct management, ownership or care. Should you be the owner or manager of any content, and wish for the content to be removed, please let me know and it will be done.