Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Digital takeup drives accelerated cybercrime activity: IOCTA

At a time of year when many security professionals are putting the finishing touches to budget proposals, the latest Internet Organised Crime Threat Assessment (IOCTA) has outlined the key risks facing organisations in Europe. Growing use of digital technologies, accelerated by the Covid-19 pandemic, has led to a sharp increase in cybercrime. Europol’s European Cybercrime Centre (EC3) publishes the annual report, drawing on input from EU member states, law enforcement agencies, experts and private sector contributors. 

The report listed ransomware affiliate programmes as a major risk. They enable a larger group of criminals to launch multi-pronged attacks on large corporations and public institutions that includes extortion by threatening to name and shame victims, as well as DDoS attacks. IOCTA also warned of evolving mobile malware that’s allowing criminals to try to get around additional security measures such as two-factor authentication. Online shopping has led to a steep increase in online fraud, Europol said. Bank Info Security’s coverage of the report noted that while ransomware grabs the headlines, other forms of fraud “continue to be a major threat”. The full IOCTA report is free to download from Europol’s website.

STOP PRESS: BH Consulting’s Valerie Lyons to present at RSA Conference 2022

Valerie Lyons, Chief Operations Officer at BH Consulting, has been chosen to present at RSA Conference 2022. The landmark cybersecurity event takes place in San Francisco and has been running for almost 30 years. With an expected attendance of around 45,000, RSA is one of the world’s largest cybersecurity and privacy conferences. The 2022 edition will be a combined in-person and virtual event. Valerie’s session will look at 10 key privacy challenges of the hybrid workforce, drawing on her extensive work and research into information privacy. Her speaker profile is now live on the conference website. 

“You asked for miracles, Theo, I give you the FBI.”

In last month’s newsletter, we looked at why using a VPN doesn’t always protect the user. Now, a recent story shows another long-held piece of security advice that needs an update. ‘Don’t click on links or open attachments in emails’ seems redundant after an attacker was able to take control of the FBI law enforcement portal, no less, and use it to send out thousands of hoax emails warning about a fake cyberattack. 
 
Journalist Brian Krebs, who broke the story, said the attacker took advantage of poor coding on the agency’s website. The FBI confirmed the breach but stressed no data was compromised. Bleeping Computer has a good timeline of the incident. It also proves why the classic advice about email security needs a refresh (since after all, the entire point of email is to share links and attachments). Writing in the SANS newsletter, Brian Honan said: “We should instead be coaching people to be wary of unexpected emails and to review them with care before actioning them.” Not that email is the only communications channel you need to worry about securing. This op-ed from Otavio Freire on Dark Reading highlights the risks on collaboration platforms like Slack.

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe. Sign up here