Fighting Cybercrime One Step At A Time

Fighting Cybercrime

In the wake of a recent Distributed Denial of Service (DDoS) attack on TalkTalk, a British mobile phone, internet and pay-TV service provider, government and business leaders are under pressure to quickly provide effective safeguards and solutions. The DDoS attack, remotely controlling hundreds of thousands of compromised machines, collapsed TalkTalk servers, allowing cyber criminals to implement an SQL-injection attack in the ensuing chaos. This second attack used deliberately malformed requests to crash database programs, thereby giving attackers access to database content. It’s been reported that thereafter the hacker/s demanded a ransom for the pilfered data. A 15-year-old Northern Ireland teenager and 16-year-old West London teenager were arrested and bailed in connection with the fiasco, and subsequently a 20-year-old man has been arrested. Though it now appears the attack was for financial reasons, initial speculation included possible terrorist involvement and an impending cybercrime onslaught from stolen personal data.

TalkTalk has now confirmed that although some bank account details have been accessed, not enough information was stolen for thieves to steal money from customer accounts. Dido Harding, TalkTalk chief Executive, has stated that the company’s website was hacked, but not its core systems, and says, “none of our customers’ credit card information has been exposed.” This is the third known cyberattack this year on TalkTalk, and the company has been criticised for keeping silent about this most recent attack for more than a day.

DDoS Prevention

“As computing technology has grown in sophistication and power over the years, so has the criminal element that seeks to exploit it. Individual interest groups, religious factions, even entire countries are at work seeking any and every weakness available inside lines of code, forms, executable files and any other seemingly innocuous paths that can lead eventually to disruption, destruction, theft and chaos…” Read Article by Steve Prentice on the rise of sophisticated cybercrime.

With the growing number of DDoS attacks taking down websites and network infrastructures, industry specialists have a host of solutions at the ready. Cloudflare’s layer 3 and 4 protection is designed to absorb attacks before they reach servers, and its layer 7 protection differentiates between harmful and beneficial traffic. F5 Networks’ Silverline provide massive traffic scrubbing capacity, offering protection onsite, in the cloud, or in combination, across levels 3 to 7. Black Lotus’ service focuses on the hosting industry and includes a patent pending Human Behaviour Analysis technology to improve its service, and Incapsula has received accolades for it’s DDoS protection with its global network of data centres providing more scrubbing centres than any other provider.

Data Privacy & Homomorphic Encryption

In a separate debacle, Apple, finding data theft linked with advertiser Youmi, has removed 250 apps from its app store. Developers of these apps were unaware of the breach, caused simply by using Youmi’s service to display ads. Going to significant lengths to hide their activity, Youmi’s attempts to circumvent Apple’s rules and attain unauthorised access to information were not picked up by Apple immediately. Homomorphic encryption is one technique that can protect against applications leaking secure data. It allows computations to be carried out on ciphertext without any decryption occurring. This technique essentially allows applications to ask questions of data without knowing any specifics of the data that forms the answer.

Though the technical tools are available to provide proper protection, people need to be aware of the simple, interpersonal scamming methods that are often the real cause of theft. TalkTalk has stated that no information was stolen that would allow hackers to access customer bank accounts, but many customers have reported theft from their accounts subsequent to the TalkTalk debacle, apparently after giving relevant details to callers supposedly from TalkTalk. Anyone who has any sensitive or personal data connected to any network, and I feel confident saying that’s at least 99.9% of us, needs to educate themselves on IT security. Understanding the risks is still the strongest defence.

By Jennifer Klostermann

Tom Fanelli

Episode 9: Taking a Deep Dive into WordPress for Small and Medium Business

Deep Diving Into WordPress WordPress. For a lot of people this name might initially conjure up a place for amateur bloggers, almost a hobbyist site. But nothing could be further from the truth. As an ...
Kevin Ovalle Anderson Frank

How cloud-based business management can help an SMB go global

Global SMB Business Management Most companies today are familiar with the cloud; using software-as-a-service (SaaS) apps and customer relationship management (CRM) for years. However, many businesses are now running the whole show from the cloud ...
David Gevorkian

Why Web Accessibility is Important and How to Avoid Lawsuits

Why Web Accessibility is Important In today’s digitally driven world, those with disabilities are normally the ones experiencing difficulties when using and navigating the web. This is the prime reason why web accessibility is conceived ...
Customers Will Recover From Downtime. But Will Your Business?

Customers Will Recover From Downtime. But Will Your Business?

Downtime Recovery Today’s society relies heavily on being connected to service providers. The ability of a business to transact or provide services online is now just as important as the products they offer, or the ...
Alex Brisbourne

Industrial IoT Cyberattacks Continue To Rise

IoT Industrial Security The Internet of Things (IoT) includes both traditional electronics and everyday ‘things’ embedded with sensors, computing, and networking capabilities. From smart coffee makers and smart homes to smart lighting and smart cities, ...
Mark Banfield

A Seamless Customer Experience Is Essential to Success in Today’s Digital Economy

Implement A Seamless Customer Experience The need for digital interaction has never seemed more critical than it does today. As the coronavirus continues to spread, citizens around the world are being asked to hunker down ...