Tag Archives: Kaspersky Lab

Tesco.com data breach – comment from Kaspersky Lab and SafeNet

In response to this morning’s news that Tesco.com has experienced a significant data breach, David Emm (senior security researcher at Kaspersky Lab) and Jason Hart (vice-president of cloud solutions at SafeNet) offer advice on how consumers can make sure their data isn’t compromised in this type of attack.

“This latest data breach experienced by Tesco.com serves to prove the dangers of using one password across the board,” asserted David Emm (senior security researcher at Kaspersky Lab), “as this simply means that cybercriminals can gain access to all your online assets in one fell swoop.”

Emm continued: “It’s possible to create strong, memorable passwords which don’t use personal data. We’ve all heard the advice from security professionals:

1. Make every password at least eight characters long… and 15 plus is better
2. Don’t make passwords easily guessable. There’s a good chance that personal details such as your Date of Birth, place of birth and partner’s name, etc can be found online (maybe even on your Facebook wall)
3. Don’t use real words as they’re open to ‘dictionary attacks’ (whereby someone uses a program to quickly try a huge list of possible words until they find one that matches your password)
4. Combine letters (including uppercase letters), numbers and symbols
5. Don’t ‘recycle’ passwords (eg ‘david1’, ‘david2’, ‘david3’, etc)

Tesco has suspended thousands of online accounts after cybercriminals targeted log-in credentials and Clubcard points

Tesco has suspended thousands of online accounts after cybercriminals targeted log-in credentials and Clubcard points

“We are all aware that, if we follow this advice, there are too many, and they’re too complicated to remember – especially in the case of an account we don’t use very often.

“Instead of trying to remember individual passwords, start with a fixed component and then apply a simple scrambling formula. Here’s an example… Begin with the name of the online resource. Let’s say ‘mybank’. Then apply your formula. For example…

1. Capitalise the fourth character
2. Move the second last character to the front
3. Add a chosen number after the second character
4. Add a chosen non-alphanumeric character to the end

“This would give you a password of ‘n1mybAk;’.”

There is an alternative method, too. “Instead of using the name of the online resource as the fixed component,” stated Emm, “create your own passphrase and use the first letter of each word. So, if your passphrase is ‘the quick brown fox jumps over the lazy dog’, the fixed component of each password starts out as ‘tqbfjotld’. Then apply your four-step rule.”

Emm also commented: “By using either of these methods, consumers can ensure they have a unique password for each online account and therefore secure themselves against these types of breaches that make use of previously gained information.

“If you find even this too complicated, consider using a password manager – software that automatically creates complex passwords for you, keeps them secure and auto-enters them when you need to log in.”

Companies must focus on what matters most – the data

A former ethical hacker for more than 15 years, Jason Hart (vice-president, cloud solutions at SafeNet) explained: “In 2013, there were over 595 million data records lost or stolen, demonstrating that conventional breach prevention and perimeter-based security are not sufficient for protecting modern data. It’s clear that it’s not a matter of ‘If’ a data breach will occur, but ‘When’.

“On that basis, it’s vital that organisations are taking the correct precautions to ensure their most sensitive data remains protected.

“While the latest Tesco data breach was not a result of a direct attack on the Tesco.com website, it does highlight the wider implications of data breaches. Many people often use the same password across multiple sites, so the true impact of the any data breach is always likely to be bigger than first anticipated.”

Hart went on to state: “This is not the first time that supermarkets have fallen foul to a cyber attack and should serve as a reminder to all retailers of the threat posed by data breaches. Too many Security Departments hold on to the past when it comes to their security strategies, focusing on breach prevention rather than securing the data that they’re trying so hard to protect.

“Methods used by cybercriminals are becoming increasingly sophisticated and, if they want to hack the system or steal data, they will find one way or another to do so.

In conclusion, Hart stressed: “Companies need to focus on what matters most – the data. By using technologies such as encryption that render any data useless to an unauthorised party, as well as tamper-proof and robust key management controls, companies can be safe in the knowledge that their data is protected whether or not a security breach occurs.”

Leave a comment

Filed under IFSECGlobal.com News

Kaspersky Lab “detects 315,000 new malicious files every day”

Kaspersky Lab’s Security Bulletin ‘Review of the Year’ shows that the overall global Internet threat level has grown by 6.9 percentage points. During 2013, 41.6% of user computers were attacked at least once.

In order to conduct all of these attacks, cyber criminals used 10,604,273 unique hosts (60.5% more than were used in 2012).

The USA and Russia are the leading hosts of malicious web resources. 45% of web attacks neutralised by Kaspersky Lab products were launched from these countries.

2013 also saw a further increase in security issues around mobiles, with a new level of maturity in terms of the sophistication and number of these threats. Most malicious mobile apps principally aimed to steal money and, subsequently, personal data. Android is still the main target, attracting a massive 98.05% of known malware.

Kaspersky Lab’s 2013 Security Bulletin focuses on the rise in malware throughout the year, especially that aimed at mobile devices

Kaspersky Lab’s 2013 Security Bulletin focuses on the rise in malware throughout the year, especially that aimed at mobile devices

Christian Funk, senior virus analyst at Kaspersky Lab, said: “There’s unlikely to be any slowing down in the development of malicious apps, especially for Android. To date, the majority of malware has been designed to gain access to the device. In the future, there’s also a high probability that the first mass worm for Android will appear. Android ticks all the boxes for cyber criminals. It’s a widely-used OS that is easy to use for both app developers and malware authors alike.”

Day-by-Day: the picture in 2013

Kaspersky Lab detects 315,000 new malicious files every day. Last year’s figure was 200,000 each day

Kaspersky Lab’s products repelled an average of 4,659,920 attacks on users every day when they were online

Twice as dangerous

The number of browser-based attacks over the last two years has almost doubled to 1,700,870,654

Kaspersky Lab detected 104,427 new modifications of malicious programs for mobile devices, which is 125% more than in 2012

In October 2013 alone, Kaspersky Lab saw 19,966 mobile malware new modifications. That’s 50% of the total that Kaspersky Lab found in the whole of 2012 uncovered in just a single month

Who’s at the highest risk?

Based on 2013’s figures, 15 countries can be assigned to a high risk group based on their risk level while surfing the Internet.

Russia, Austria, Germany, several former Soviet republics and several Asian countries had 41-60% of Kaspersky Lab users reporting attempted web attacks on their computers

Most popular vulnerable applications exploited by cyber criminals

90.52% of all detected attempts to exploit vulnerabilities targeted Oracle Java. These vulnerabilities are exploited in drive-by attacks conducted via the Internet, while new Java exploits are now present in many exploit packs.

Top malicious programs on the Internet

Seven of the Top 20 malicious programs on the Internet were threats that are blocked during attempted drive-by attacks. This is currently the most common attack method for web-based malware.

Kaspersky Lab’s ranking includes scripts that redirect to exploits as well as to the exploits themselves.

Villain of the Year

Obad, probably the most remarkable discovery in the mobile field in 2013, is distributed by multiple methods (including pre-established mobile botnets). This is probably the most versatile piece of mobile malware found to date, including a staggering total of three exploits: a backdoor, SMS Trojan and bot capabilities and further functionalities. This could be compared to a Swiss Army knife, as it comprises of a whole range of different tools.

Local threats

Kaspersky Lab products detected almost three billion malware attacks on user computers. A total of 1.8 million malicious and potentially unwanted programs were detected in these attacks.

The full Kaspersky Lab report is available to view on www.securelist.com

Leave a comment

Filed under IFSECGlobal.com News

Brits feel unsafe on social networks yet still admit to ‘over-sharing’ information

According to Kaspersky Lab’s latest research, most of us (73% of Europeans) now use more than one device to access social networks, even though an overwhelming 75% consider social media to be unsafe.

An international survey of consumers has found that as many as 17% of Brits confess to “sharing more than they probably should” on social media, leaving them at risk of losing valuable personal data to cyber criminals intent on identity theft and other crimes.

A growing social security risk is individual account hacking and then targeting the personal data of the victim’s contacts. Four in ten Brits (38%) can’t tell when an online friend’s account has been hacked, so it’s not surprising that one in six (14%) haves been stung into clicking on a dangerous link in a hacked account.

Without adequate protection, the more you post, the more vulnerable you are.

A growing social security risk is individual account hacking and then targeting the personal data of the victim’s contacts

A growing social security risk is individual account hacking and then targeting the personal data of the victim’s contacts

Mobile devices: attractive targets for online criminals

“The average household in Western Europe has more than five Internet-connected devices, including two smartphones or tablets, and these mobile devices have become the new standard tool for browsing, interacting and shopping online,” said David Emm, senior security researcher at Kaspersky Lab.

“However, despite using these devices to access the same Internet as traditional computers, many users don’t think they require the same fully-fledged protection. Mobile devices – especially those without security protection – are increasingly attractive targets for online criminals.”

In response to the growing risk, Kaspersky Lab is launching a new multi-device version of Kaspersky Internet Security. The security software provides real-time protection for multiple Windows PCs, Macs, and Android smartphones and tablets, all with a single licence. Users can apply the award-winning Kaspersky Lab security to any combination of devices.

Key features of Kaspersky Internet Security – Multi-Device include: Safe Money, Automatic Exploit Prevention (to stop the criminals reaching you through weaknesses in popular programmes), ZETA Shield (designed to scan incoming e-mails and the attachments they contain) and a ‘Trusted Applications’ mode designed to protect financial and personal data on all internet-connected devices.

“Without protection, PCs, Macs, tablets and smartphones are all susceptible to Internet threats,” said Emm. “Tablets and smartphones in particular, being small and lightweight, are the most vulnerable to loss and theft – along with the personal data stored on them. With award-winning Kaspersky Lab technologies, Kaspersky Internet Security – Multi-Device optimises security for each device, providing real-time protection against all Internet threats.”

Kaspersky Internet Security – Multi-Device is supplied in three and five-device versions and will be available at http://www.kaspersky.co.uk from 10 September 2013 at a cost of £49.99 (three-device) and £59.99 (five-device).

Leave a comment

Filed under IFSECGlobal.com News