Fighting Cybercrime One Step At A Time

Fighting Cybercrime

In the wake of a recent Distributed Denial of Service (DDoS) attack on TalkTalk, a British mobile phone, internet and pay-TV service provider, government and business leaders are under pressure to quickly provide effective safeguards and solutions. The DDoS attack, remotely controlling hundreds of thousands of compromised machines, collapsed TalkTalk servers, allowing cyber criminals to implement an SQL-injection attack in the ensuing chaos. This second attack used deliberately malformed requests to crash database programs, thereby giving attackers access to database content. It’s been reported that thereafter the hacker/s demanded a ransom for the pilfered data. A 15-year-old Northern Ireland teenager and 16-year-old West London teenager were arrested and bailed in connection with the fiasco, and subsequently a 20-year-old man has been arrested. Though it now appears the attack was for financial reasons, initial speculation included possible terrorist involvement and an impending cybercrime onslaught from stolen personal data.

TalkTalk has now confirmed that although some bank account details have been accessed, not enough information was stolen for thieves to steal money from customer accounts. Dido Harding, TalkTalk chief Executive, has stated that the company’s website was hacked, but not its core systems, and says, “none of our customers’ credit card information has been exposed.” This is the third known cyberattack this year on TalkTalk, and the company has been criticised for keeping silent about this most recent attack for more than a day.

DDoS Prevention

“As computing technology has grown in sophistication and power over the years, so has the criminal element that seeks to exploit it. Individual interest groups, religious factions, even entire countries are at work seeking any and every weakness available inside lines of code, forms, executable files and any other seemingly innocuous paths that can lead eventually to disruption, destruction, theft and chaos…” Read Article by Steve Prentice on the rise of sophisticated cybercrime.

With the growing number of DDoS attacks taking down websites and network infrastructures, industry specialists have a host of solutions at the ready. Cloudflare’s layer 3 and 4 protection is designed to absorb attacks before they reach servers, and its layer 7 protection differentiates between harmful and beneficial traffic. F5 Networks’ Silverline provide massive traffic scrubbing capacity, offering protection onsite, in the cloud, or in combination, across levels 3 to 7. Black Lotus’ service focuses on the hosting industry and includes a patent pending Human Behaviour Analysis technology to improve its service, and Incapsula has received accolades for it’s DDoS protection with its global network of data centres providing more scrubbing centres than any other provider.

Data Privacy & Homomorphic Encryption

In a separate debacle, Apple, finding data theft linked with advertiser Youmi, has removed 250 apps from its app store. Developers of these apps were unaware of the breach, caused simply by using Youmi’s service to display ads. Going to significant lengths to hide their activity, Youmi’s attempts to circumvent Apple’s rules and attain unauthorised access to information were not picked up by Apple immediately. Homomorphic encryption is one technique that can protect against applications leaking secure data. It allows computations to be carried out on ciphertext without any decryption occurring. This technique essentially allows applications to ask questions of data without knowing any specifics of the data that forms the answer.

Though the technical tools are available to provide proper protection, people need to be aware of the simple, interpersonal scamming methods that are often the real cause of theft. TalkTalk has stated that no information was stolen that would allow hackers to access customer bank accounts, but many customers have reported theft from their accounts subsequent to the TalkTalk debacle, apparently after giving relevant details to callers supposedly from TalkTalk. Anyone who has any sensitive or personal data connected to any network, and I feel confident saying that’s at least 99.9% of us, needs to educate themselves on IT security. Understanding the risks is still the strongest defence.

By Jennifer Klostermann

Wasabi

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think. In his new book, author David Friend refers to the cloud as "bottomless," and disputes peoples' assessment that data is ...
Mark Barrenechea

Introducing the Information Advantage

Technology. Information. Disruption. The world is moving faster than ever before at unprecedented scale. Businesses today are operating in the next industrial revolution, and the rules have changed. This is Industry 4.0. It is imposing ...
Jen Klostermann

Telemedicine to medical smartphone applications

Telemedicine to medical smartphone applications With the current and growing worldwide concerns regarding the Coronavirus (COVID 19). Telemedicine is more important now than ever. What are some of the key areas in the coming years ...
Martin Mendelsohn

How Will COVID-19 Impact Security Talent?

New Security Talent As we emerge from the era of COVID-19, unemployment will recede, and new jobs will be created more rapidly than jobs were lost between March and May of this year. We’re already ...
Gilad David Maayan

Accessing (HPC) High Performance Computing

HPC in the Cloud Big data and Machine Learning (ML) can provide businesses with incredible insights and an innovative edge. However, to properly analyze the data collected or to train your ML models, you need ...
Juan Pablo Perez Etchegoyen

The S/4 HANA Decade is Here: Three Tips for a Successful Migration

Three Migration Tips For organizations using SAP, migrating to S/4 HANA is a project that’s either in the works or on the horizon as the 2027 deadline for completion looms. The new generation of SAP ...