Fighting Cybercrime One Step At A Time

Fighting Cybercrime

In the wake of a recent Distributed Denial of Service (DDoS) attack on TalkTalk, a British mobile phone, internet and pay-TV service provider, government and business leaders are under pressure to quickly provide effective safeguards and solutions. The DDoS attack, remotely controlling hundreds of thousands of compromised machines, collapsed TalkTalk servers, allowing cyber criminals to implement an SQL-injection attack in the ensuing chaos. This second attack used deliberately malformed requests to crash database programs, thereby giving attackers access to database content. It’s been reported that thereafter the hacker/s demanded a ransom for the pilfered data. A 15-year-old Northern Ireland teenager and 16-year-old West London teenager were arrested and bailed in connection with the fiasco, and subsequently a 20-year-old man has been arrested. Though it now appears the attack was for financial reasons, initial speculation included possible terrorist involvement and an impending cybercrime onslaught from stolen personal data.

TalkTalk has now confirmed that although some bank account details have been accessed, not enough information was stolen for thieves to steal money from customer accounts. Dido Harding, TalkTalk chief Executive, has stated that the company’s website was hacked, but not its core systems, and says, “none of our customers’ credit card information has been exposed.” This is the third known cyberattack this year on TalkTalk, and the company has been criticised for keeping silent about this most recent attack for more than a day.

DDoS Prevention

“As computing technology has grown in sophistication and power over the years, so has the criminal element that seeks to exploit it. Individual interest groups, religious factions, even entire countries are at work seeking any and every weakness available inside lines of code, forms, executable files and any other seemingly innocuous paths that can lead eventually to disruption, destruction, theft and chaos…” Read Article by Steve Prentice on the rise of sophisticated cybercrime.

With the growing number of DDoS attacks taking down websites and network infrastructures, industry specialists have a host of solutions at the ready. Cloudflare’s layer 3 and 4 protection is designed to absorb attacks before they reach servers, and its layer 7 protection differentiates between harmful and beneficial traffic. F5 Networks’ Silverline provide massive traffic scrubbing capacity, offering protection onsite, in the cloud, or in combination, across levels 3 to 7. Black Lotus’ service focuses on the hosting industry and includes a patent pending Human Behaviour Analysis technology to improve its service, and Incapsula has received accolades for it’s DDoS protection with its global network of data centres providing more scrubbing centres than any other provider.

Data Privacy & Homomorphic Encryption

In a separate debacle, Apple, finding data theft linked with advertiser Youmi, has removed 250 apps from its app store. Developers of these apps were unaware of the breach, caused simply by using Youmi’s service to display ads. Going to significant lengths to hide their activity, Youmi’s attempts to circumvent Apple’s rules and attain unauthorised access to information were not picked up by Apple immediately. Homomorphic encryption is one technique that can protect against applications leaking secure data. It allows computations to be carried out on ciphertext without any decryption occurring. This technique essentially allows applications to ask questions of data without knowing any specifics of the data that forms the answer.

Though the technical tools are available to provide proper protection, people need to be aware of the simple, interpersonal scamming methods that are often the real cause of theft. TalkTalk has stated that no information was stolen that would allow hackers to access customer bank accounts, but many customers have reported theft from their accounts subsequent to the TalkTalk debacle, apparently after giving relevant details to callers supposedly from TalkTalk. Anyone who has any sensitive or personal data connected to any network, and I feel confident saying that’s at least 99.9% of us, needs to educate themselves on IT security. Understanding the risks is still the strongest defence.

By Jennifer Klostermann

Gary Bernstein
Secure Remote Authentication When employees are working remotely, they need to be able to access company resources and applications just as if they were in the office. This means that remote authentication needs to be ...
MIT
Smart Manufacturing Startups AI and machine learning's potential to drive greater visibility, control, and insight across shop floors while monitoring machines and processes in real-time continue to attract venture capital. $62 billion is now invested ...
Rakesh Soni
Businesses now see the cloud as a standard, and they are always on a hunt for ways to leverage the cloud to its full potential. And if enterprises need to be competitive in the ever-expanding ...
Wealth Management Software Solutions - ServiceNow
Financial wealth management services (Updated: 06/29/2022) Many want to live in abundance, but very few people have what it takes to harness true wealth. True wealth is harnessed through the effective management of resources. Despite ...
Dmitry Chekalin
How Much Should a Modern Website Cost? A website is a valuable instrument for growing your business. Your website presents your brand to users. Also, it compels your prospects to become your customers. So, how ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.