Yet, Consumers Implicitly Trust Them According to a CapGemini Report

According to the CapGemini report, while banks and financial institutions enjoy an extraordinary 83% positive level of trust in the cybersecurity of their systems, just 1 in 5 banking executives surveyed are “highly confident in their ability to detect a breach, let alone defend against it.”

For comparison, e-commerce firms enjoy just a 28% positive level of trust while telecom companies and retailers score a paltry 13%.

The full CapGemini Report Can be downloaded here

Trust is a HUGE Factor In Consumer Choice

According to the report authors, trust in an institution’s ability to protect private data and provide a secure environment is a significant factor for 65% of consumers when choosing which bank to do business with.

And yet, while approximately 25% of all financial institutions have reported being a victim of some level of hack only 3% of consumers believe that their own financial institution has ever been breached. It would seem that indeed there is a “trust halo” being enjoyed by banks that the numbers suggest they do not deserve.

If this halo were to become tarnished banks could be in trouble. According to the report 74% of consumers would switch their bank or insurer if they became aware of a breach.

GPDR Regulations Will Likely Drive Transparency

The GPDR regulations set to be introduced next year should drive more transparency and quicker reporting of breaches and this may result in some tarnished halos.

“When GDPR is introduced and all breaches are likely to be made public soon after they occur, many people will be in for a surprise,” said Zhiwei Jiang, Global Head of Financial Services, Insights & Data at Capgemini. “The introduction of GDPR legislation next year is a prime opportunity for business transformation for banks and insurers to become the digital fortresses consumers believe them to be.”

Konsultek Knows Security

From financial institutions to university and healthcare organizations, Konsultek builds customized security solutions that protect networks and the data they house. If you are interested in learning exactly how your network may be vulnerable just give us a call and we’ll discuss how we can find your vulnerabilities before they are found by cybercriminals and hackers.

 

read more

A recent survey conducted by the Pew Research Center found that roughly half are not confident that the companies and organizations they do business with on a daily basis are keeping their personal information secure.

Interestingly enough, social media sites and the federal government came in dead last when it came to cyberprotection confidence! Perhaps those surveyed never had a Yahoo mail account?

The rather comprehensive report also highlights these rather disturbing figures:

41% of Americans have encountered fraudulent charges on their credit cards.

35% have received notices that some type of sensitive information (like an account number) had been compromised.

16% say that someone has taken over their email accounts, and 13% say someone has taken over one of their social media accounts.

15% have received notices that their Social Security number had been compromised.

14% say that someone has attempted to take out loans or lines of credit in their name.

6% say that someone has impersonated them in order to file fraudulent tax returns.

And beyond these specific experiences, roughly half of Americans (49%) feel that their personal information is less secure than it was five years ago.

Think about these figures as you enjoy the Super Bowl this Sunday with friends and family. Statistically speaking, if you are enjoying your Super Bowl viewing experience with 9 other adults the Pew findings mean that roughly:

  • 4 of your fellow game watchers experienced fraudulent credit card charges
  • At least 3 of your fellow game watchers have been notified that some sensitive personal information has been  leaked
  • Probably 1 perhaps 2 have had their Social Security numbers compromised!

Protecting Networks 24X7, Even on Game Day

At Konsultek we build custom security solutions for organizations of all sizes across virtually every area of interest. When you are ready to take your security to the next level or to outsource it someone who has the experience and resources your need please pick up the phone and give us a call.

 

read more

Woke up today to find this gem in the mailbox. Who knew that the FBI and the Central Bank of Nigeria would be looking for me!

This email is entertaining for a couple of reasons (at least!) beyond the alleged working relationship between Mr. Comey and the Central Bank of Nigeria.

Take a look at the portions highlighted with blue text! First a warning that “you should ignore any message that does not come from the above email address and phone number for security reasons.”

Next, look at Mr. Comey’s email address. I would have thought that after all the email scandals in Washington that Mr. Comey would not be using an AOL  email address for such important and sensitive business!

Re: Urgent January Notice…….

From: James B. Comey, Jr., <fbidirector@openmailbox.org> 

Jan 18 at 12:37 PM

OFFICE OF THE EXECUTIVE DIRECTOR,

MR. JAMES B. COMEY, JR,

FEDERAL BUREAUOF INVESTIGATION,

935 Pennsylvania Avenue, NW

Washington, D.C. 20535-0001. USA.

Attention: Beneficiary,After proper investigations, we, the Federal Bureau of investigation (FBI) discovered that your impending (over-due contract) payment with Central Bank of Nigeria is 100% legal and has been approved for release to you.

We recently had a meeting with the Executive Governor of the Central Bank of Nigeria, in the person of Mr Godwin Emefiele and other top officials of the concerned Ministries regarding your case and we were made to understand that your files have been held in abeyance pending on when you personally apply for the claim.

Investigations also revealed that a lady, by name Mrs. Joan B Melvin from New York has already contacted Central Bank of Nigeria with a power of attorney and some documents, which stipulated that you have mandated her to claim your fund of US$25,000,000.00 (Twenty Five Million United States Dollars) on your behalf due to your ill health.

In view of this, we have been urged to warn US citizens who have received information pertaining to their outstanding contract payment to be very careful and not to be a victim of ugly circumstance. In case you are already dealing with anybody or office of the Central Bank of Nigeria, you are strictly advised to STOP further communication with them in your best interest and thereby contact the real office of the Central Bank of Nigeria via the below information:

 

NAME: MR. GODWIN EMEFIELE

OFFICE ADDRESS: Central Bank of Nigeria,Central Business District,

Cadastral Zone, Abuja, Federal.

Capital Territory, Nigeria.

Email: central.bnk0015@aol.com

NOTE: In your best interest, you should ignore any message that does not come from the above email address and phone number for security reasons. And to enable the Central Bank of Nigeria to process and release the fund to you, you are required to re-confirm your full details such as

FULL NAMES: __________________________________

CITY: _________________________

STATE: __________________________________

ZIP: ______________COUNTRY: _______________________

SEX: _______________AGE: __________________

TELEPHONE NUMBER: _____________________

Ensure that you follow the Central Bank of Nigeria due process as enshrined in the International Banking Secrecy Act to avoid any form of discrepancy, which may hinder your fund transfer.Thanks for your understanding and cooperation as we earnestly await your urgent response.

Best Regards,

James B. Comey, Jr.,

Federal Bureau of Investigation

J. Edgar Hoover Building,

935 Pennsylvania Avenue,

NW Washington, D.C

E-mail: jjbcomeyjr@aol.com

 

read more

An Interview with a Hacker

On January 17th, 2017, posted in: Hackers, Information Security by konweb

TechRepublic.com published an interesting interview last week with the hacker Kapustkiy, part of the hacking group New World Hackers.

It’s a quick and interesting interview that covers his life from the early days of hacking as a teen to where he stands today, a member of New World Hacking (NWH) which he considers to be the most elite hacking group at the moment.

 

 

 

 

Here are some of the highlights:

He Makes Money as  Pen Tester, Not as a Hacker

Kapustkiy refers to himself as “penetration tester”. “I wanted to make money [with my skills], so I do bug bounties.”

“I’ll try to find vulnerabilities (most of the time XSS) in websites of my country and I help the administrators to fix them or I’ll report the vulnerable so they could do it on their own. PS: I only spend time on finding vulns in big websites like banks or universities.”

Pen Tester or Hacker? Which is it?

“A lot people are asking me these kind of questions and the reason that I describe myself as a Security Pentester instead of a hacker is, because I like to help websites to improve their security so they are secured. I have always put my focus on Web/Network Security instead of other stuff. A ”hacker” is in my opinion someone who has knowledge with everything.”

Database Bug Exploitation is His Specialty

He considers what he does “not hard at all” and “easy to learn. His inspiration came during his teen years when he read an article about LulzSec (one of his favorite hacking teams) and how they used simple attacks such as SQL injection.

Impressed by NWH Talent

After claiming to be behind the hacking of some high-profile embassies he reached out to NWH hoping to apply to their team. As he puts it “Other groups are good, he said, “but not as skilled as [New World Hackers].” NWH claimed responsibility for the crippling botnet attack that utilized IoT devices to bring a swath of the East Coast Internet providers late last year.

Is What He Does Legal?

“In my opinion, it is legal when you only leak a little bit database to make them aware of it. Also report the vulnerable always and let them know that you try to help them.”

Happy Customers

Kapustkiy offered up screenshots of ostensibly happy clients to TechRepublic who conducted the interview via encrypted applications that allowed the hacker to remain anonymous.

“The thing that motivates me a lot is that administrators appreciate that I try to improve their security better. I got a ”thank you” of the Indian Embassy and the Italian Government and I was very proud of myself that they have fixed the vulnerable.

Hacker or Pen Tester, Konsultek Has You Covered

By identifying weaknesses in your network security before they are discovered by external actors, Konsultek can build a custom security solution to close the gaps and prevent future breaches. If your organization is unclear as to how best protect your valuable information assets please give us a call. We’re here to help.

 

 

read more

2016 DARPA Grand Cyber Challenge

On January 4th, 2017, posted in: Information Security by konweb

One of the most interesting and also underreported Cyber activities of 2016 had to be DARPA’s Grand Cyber Challenge.

Beginning with a call for competitors all the way back in 2013, the challenge held on August 4th, 2016, was the world’s first all-computer Capture the Flag tournament. Out of all the entrants, just seven prototype systems made the final cut and competed in the ultimate information security showdown.

 

Machine Security Experts vs. Human Security Experts

The big benefit of machine security “experts” is that they are incredibly fast and almost instantaneously scalable. Their downfall of course is that they lack inherent expertise. The primary benefit of human security experts is that they have inherent expertise but are slow (as compared to machines) and lack scalability.

The goal of the DARPA challenge was to move the world of infosec towards a world where machines would have both inherent expertise as well as speed and scalability.

Set in Vegas complete with a cool looking stage, color commentary and enough power to run a city block, the DARPA challenge looked more like a pro-gaming event than a Department of Defense research project.

Ultimately though, the hype and sizzle of the show did not disappoint as all 7 machine contenders demonstrated “skills” normally found only in experienced human security engineers.

The Future is Machine AND Human Security Experts

The future of information security will rely upon both human and machines and you can bet that Konsultek will be there. As early adopters of the most cutting edge security technologies, Konsultek’s team of engineers have been and will continue to be at the forefront of security. We look forward to serving you in 2017 and beyond!

 

read more

That’s what Jacob  Brogan writing for Slate.com set out to find when he asked security experts to critique the cybersecurity practices on display in the new Star Wars film Rogue One.

Image Courtesy of Lucas Films

Here are 3 Major Flaws Identified by the Security Experts:

1. The Empire’s massive data vault can be accessed without any sort of key which seems like a major security flaw.

2. The Empire places all their proverbial data eggs in one basket. So much for multiple, secure storage facilities and backups. The Empire seems to house all their critical information in the singular aforementioned vault

3. The Empire demonstrates its penchant for the cool looking parts of cyber security. Biometric authentication and a planet sized firewall are prominently featured. Unfortunately, just like in the real-world, the less exciting aspects of infosec such as access control policies and incident response plans are glossed over.

Oh well, Rogue One is meant to be entertaining and not a tutorial on how to run an effective Interplanetary information security plan.

Got Interplanetary Security Issues?

At Konsultek our team of rebel engineers stand ready to assist you and your intergalactic team. Give us call and let’s dialogue about your particular situation.

 

read more

November was a good month for Ransomware (if you are in the ransomware business!) and a bad month for individuals and small businesses if you are not according to the latest press release from one of our premier partners, Check Point.

Using data drawn from their ThreatCloud World Cyber Threat Map, November saw a 10% increase in the amount of Locky and Crytpowall ransomware attacks. As we have noted elsewhere on this blog ransomware is more frequently targeting small and medium sized businesses because for the same level of effort cybercriminals are seeing a generally larger payout.
Also of note from the November report was the rise in the Ramnit banking Trojan. For the first time ever Ramnit rose into a top 10 position in the threat index, settling in at the #6 most common malware position.

Here is What the Top 3 Most Distributed Malware List Looked Like in November

Desktop
1. ↔ Conficker – Worm that allows remote operations and malware download. Infected machines are controlled by a botnet, which contacts its Command & Control server to receive instructions.
2. ↔ Locky – Ransomware, which started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files. Locky was the no.1 malware family in the largest amount of countries (34 countries compared to Conficker, which was the top malware in 28 countries).
3. ↑ Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
Mobile
1. ↔ HummingBad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
2. ↔ Triada – Modular Backdoor for Android which grants super-user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
3. ↑ Ztorg– Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.

Got Security Concerns? Konsultek has the Answers

At Konsultek we eat, breathe and live information security. With the help of our world class partners such as Checkpoint, we craft customized security solutions and managed service solutions for organizations of all sizes in all industries. When you are ready to learn more about just how secure your information can be with Konsultek on your side just pick up the phone and give us a call!

read more

Through the years we’ve discussed all sorts of digital identity verifications from passwords to fingerprints to retinal scans. Until today however, we’ve never discussed the almighty hand-written signature since it has remained (thankfully) beyond the reach of cyberhackers and criminals.

Well, apparently even your signature might soon be “hackable” thanks to a new handwriting forgery program developed at the University College London.

What separates this new algorithm from past is its ability to flawlessly replicate the most human, individual aspects of a person’s signature.

Flawless Replication of the Details

When a handwriting expert examines a signature he focuses on a number of subtle nuances in order to verify that the signature is authentic.  For example, the expert might look at:

1. How letters are joined together. Every person has a unique, well, “signature” when it comes to how letters are spaced and joined.

2. How the letters and characters are slanted and how they relate to one another spatially.

3. How thick the letters and characters are. This varies by not only what characters are being scribed but also by the ink flow from the pen.

The new algorithm, after analyzing as little as 1 paragraph of cursive writing, can apparently flawlessly reproduce the volunteer’s (or victim’s) signature.


 

Let’s hope that this technology doesn’t become too commonplace too soon or offline identity hacks might just become more problematic than their electronic counterparts.

How can Konsultek Help You?

When it comes to digital information security, including scanned signatures, Konsultek stands between your most valuable assets and the nefarious elements who are constantly trying to steal them. No matter what your industry and no matter how large or small your organization your security is OUR business. If you are looking for a partner you can trust in your secure future then stop looking and simply give us a call!

read more

An update to a 2014 poll regarding the trustworthiness of Social Media was recently released with some interesting results.

To summarize, while the use of social media is increasing (80% of the 2016 respondents indicate they use social media) the overall level of trust in the security of social media is decreasing.

One can only assume that most respondents feel that the rewards presented by social media participation outweigh the perceived increase in information security risk.

It is also interesting that when questioned about specific security threats the results indicate a flat to decreasing sense of risk.

Do you feel more or less secure in the world of social networking?


Image courtesy of Onlineprivacy.com

read more

Our partners at proofpoint just released there 3rd Quarter Threat Summary which you should grab here.

Here is a quick overview, by category, of what’s been trending in the way of information security threats over the past 3 months.

Email and Exploit Kits

  • Volume of malicious email that used Java scripts increased 69% vs Q2
  • The most popular malicious attachment was the ransomware Locky
  • The variety of ransomware introduced increased by 10X
  • Cybercriminals continue to hone their skills in regards to exploiting business email
  • Banking Trojans have diversified and become personalized
  • Exploit kit activity, while still rampant, fell 65% from Q2
  • PokemonGo spawned malicious counterfeits
  • Mobile exploit kits and zero days continue to haunt both iOS and Android
  • Negative and damaging content is up 50%
  • Social phishing has doubled since Q2
  • Cross-pollination between mobile and social accelerates.

Mobile

  • PokemonGo spawned malicious counterfeits
  • Mobile exploit kits and zero days continue to haunt both iOS and Android
  • Negative and damaging content is up 50%
  • Social phishing has doubled since Q2
  • Cross-pollination between mobile and social accelerates.

Social Media

  • Negative and damaging content is up 50%
  • Social phishing has doubled since Q2
  • Cross-pollination between mobile and social accelerates

How Konsultek Protects Clients

By integrating advanced threat protection from proofpoint, Carbon Black, Forescout and others, Konsultek develops customized security plans for clients all industries and all sizes. If you are ready to proactively secure your organization, give us a call to discuss your unique situation.

 

read more