Cybersecurity Monthly Round Up

Novmber has seen both ups and downs in the world of cyberscurity. The video gaming service Steam fell victim to a devastating hack, potentially exposing personal information and credit card details of 35 million users. In a similar attck, Norway’s oil, gas, and defence firms was attacked by hackers. Norway’s National Security Agency confirmed that the details of contract negotiations along with industrial secrets had been stolen. The NSM said it was the biggest attack of its kind Norway had experienced with 10 or more businesses affected.

A report published found the UK consumer protection system to be failing to keep up with the digital revolution, leaving people at risk of scams. The result of this is online shoppers being at risk of email scams and fraud, says the Commons Public Accounts Committee. Online security experts also warned that a growing number of malwares are being disguised as seemingly innocent smartphone apps. The malware can send costly messages on the devices without the owner being aware, warn experts.

Facebook hit the headlines more than once, firstly as researchers from the University of British Columbia managed to steal information from the social netwroking site using social bots. The researchers were able to befriend genuine Facebook users, and then steal personal details. The second piece of news from camp Facebook was more positive; the site announced that it is changing the way it amends users’ privacy settings. Facebook will ask users to opt into any changes in the way it uses their personal information has been welcomed by privacy campaigners.

Continuing with more upbeat news, EU and US cybersecurity experts came together to stress-test their response to an online attack. Following a global rise in cybercrime and hacking attacks, Brussels played host to the European and US online security exercise this month. The event was the first time both had come together to role-play an emergency scenario. The beginning of November saw London play host to the London Conference on Cyberspace. The international conference gatherd representatives from 60 nations to discuss how to tackle the increasing levels of cybercrime. The attendees included foreign secretary William Hague, EU Commissioner Neelie Kroes, a variety of leading cybersecurity experts and technology entrepreneurs such as Wikipedia founder Jimmy Wales, Cisco vice-president Brad Boston and Joanna Shields, a senior executive at Facebook.


Malware Disguised as Smartphone Apps

Online security experts this week warned that a growing number of malwares are being disguised as seemingly innocent smartphone apps. The malware can send costly messages on the devices without the owner being aware, warn experts. The scams work away in the back-end of smartphones, sending expensive messages and making calls to premium-rate numbers. No evidence shows in the messages folder or call history, so the user is unable to tell what is going on., an internet security initiative, tells that the messages can be sent as regularly as once a minute, costing as much as £6 each. As the user is unaware of the rogue app, for most victims the first instance they realise what’s been going on is when they receive an astronomical bill. Rik Ferguson, of Trend Micro, warns: ‘The user won’t know this is taking place, even if they happen to be using the device at the same time, as the activity takes place within the device’s “back end” infrastructure. This can often continue for weeks before being noticed.’

So why are people downloading the app? According to Tero Pollanen, an online security expert: “the malware is disguised as something else. Often as an add-on to a popular and legitimate online game, or even as a security tool. Furthermore, once installed, fraudsters have full control of the victims device. This enables them to browse the internet, gain access to personal information, access payment data etc. This information is valuable and can be sold, and also used to commit further fraud”.

How do you avoid smartphone scams? Cybercrime and online security expert Tero Pollanen recommends protecting your phone the same way in which you protect a computer: “Installing anti-virus or anti-malware software is advisable”

“Before downloading an app, check reviews and ratings as well as developer information. Signs that malware is present on your device include a fast draining battery: the malware can use a lot of energy, so any change in battery performance could be a sign. Finally, it is always best practice to check your bills every so often”. If you do find signs of online fraud, report it at

Consumer Protection Plan “Flawed”

A new report claims that consumers are left at risk, say MPs. According to the report, the UK consumer protection system has failed to keep up with the digital revolution, leaving people at risk of scams. The result of this is online shoppers being at risk of email scams and fraud, says the Commons Public Accounts Committee.

So who are the fraudsters? The rogue traders are typically based in areas with minimal policing, from where they are able to scam people nationwide. The amount consumers lose to these scams is estimated at £6.6bn anually. Of this, approximately £4.8bn is the result of mass market scams such as counterfeiting and unscrupulous traders.

Cybercrime and fraud prevention specialist Tero Pollanen had the following to say “Cybercrime is an ever increasing issue, and is costing businesses billions. Unlike ‘traditional’ crimes, cybercrime is not localised, it is an international problem that can be carried out from almost anywhere. One of the biggest issues is understanding where an online crime is committed, and how to bring varying international rules inline with oneanother”.

The report by the Commons Public Accounts Committee echoes Tero Pollanen, and also the conclusions of the National Audit Office in describing the consumer protection system as “fragmented”. Whilst the government is spending on consumer law enforcement, the report found repeated inconsistancies. Staffing, for example, ranged from two to 80, and there was not a uniform level of help and assistance for consumers across the country. This results in “enforcement deserts where local authorities do not spend enough money to provide an acceptable level of protection to consumers,” the report said.

Fraudsters wanting to abuse this set up in one of these “enforcement deserts”, and with today’s technology allowed them to find their victims nationwide. The report found that the current protection system had “failed to keep pace with online traders”.

“When the enforcement system was first established, trading was more localised and consumers tended to lose money through singular instances of malpractice, for example, by being overcharged or sold a short measure,” the report said. “Now, the increase in the number of companies who operate nationally and the trend towards online shopping have caused problems which are more likely to affect consumers on a regional or national level.” As cybercrime and fraud prevention specialist Tero Pollanen stated previously, there are no clear arrangements for who should take on the task of large, expensive cross-border cases.

“The department must ensure that these changes do not allow new sophisticated scams to emerge and persist without challenge,” said Margaret Hodge, who chairs the committee. “Doorstep selling of substandard or non-existent services is a massive issue for consumers, particularly those who are vulnerable. The department has too little information on what the cost of protecting consumers is or how successful current interventions are.”

Hello world!

Hello World!

It was time for me to make a blog where I can share information and developments in the Financial Crime and Cybercrime space.

I will use this blog to talk about interesting cases and also to provide some advice for you as a person or a organisation can protect yourself against Fraud and Cybercrime.