Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
The year 2014 was marked by a notable amount of cyber security problems that affected small to large companies and merchants. Hewlett Packard has worked hard to produce and publish the Cyber Risk Report 2015 that will take us through the vulnerabilities and attacks from last year.
The purpose of the report is to give the reader an understanding of the threat landscape; what went wrong and how problems were fixed; support organisations, helping them to avoid similar issues by showing them how to invest their cybersecurity budgets wisely.
This is an extensive report and includes input and analysis from the HP Security Team, Open Source Intelligence, ReversingLabs and Sonatype. It is also based on the HP ZDI (Zero Day Initiative) and has been contributed to by middleware and IT management software vendors (see below a map of ZDI contributors distribution).
Software developers and vendors are trying their best to make hackers’ lives more difficult. They are doing this by including security requirements within their development process and applying secure coding practices to increase the sophistication of their security controls. However, these measures still don’t seem to be sufficient and during 2014 a number of high-profile vulnerabilities were discovered, causing organisations to urgently deploy patches across their estate. Just look at the effort organisations had to make to ensure that Heartbleed and P.O.O.D.L.E. were properly mitigated across their estate, which were due to a failure to appropriately validate input that could then be exploited.
Security requirements and controls need to be included during each step of any application development process. A ‘secured’ Software Development Lifecycle is commonly referred to as Secure SDLC (SSDLC) with every step in the process incorporating appropriate security controls.
Problems like the iCloud Leak (aka Fappening) experienced at the end of 2014 could be avoided by simply including appropriate security requirements within the first phase of the SDLC.
2014 also showed an increasingly growing threat from malware targeting mobile applications. Attacks against mobile devices are no longer a novelty and it is clear that mobile devices are a major areas of interest for hackers. Surprisingly, using a centralised distribution channel such as the Google Play market, was not the main target; the HP Team found most malware was being distributed through other channels.
Malware kept on flourishing over 2014. In particular ransomware (restricted access to the infected systems and characterized by the creator of the malware requesting a ransom to remove the restriction) continued to exploit businesses using encryption to prevent access. For instance CryptoLocker is a ransomware that appeared during the last quarter of 2013 which still continues to cause serious damage and disruption to businesses. We also saw custom malware developed to target Point-of-Sale (POS) devices; it’s interesting to notice that the HP report highlights how well the attackers knew the targeted environments.
Whilst we see consumer interest growing in IoT products, they also seem to understand the privacy related issues. Enterprises have to make sure that their networks and systems are monitored in that sense because a television or a thermostat can become a source of risk and security problems.
Security Tests are an important security measure to implement during the development of IoT technology in order to secure the products that will enter the houses of consumers.
We have seen significant growth in the number and sophistication of ‘Hacktivists’ who are politically motivated hackers; Turkish hacktivists are growing year by year in number and experience; Chinese attackers are increasingly targeting the intellectual property of foreign companies; Iranian ones are targeting symbols of the West, such as large corporations and governmental institutes; and finally North Korean hackers are continuing to develop extremely sophisticated cyber warfare capabilities.
The report is a fascinating read, which identifies several key themes that deserve attention:
Our experts at Advantio are always up to date. The issues described in this report can be approached, minimized or even solved. Do you already know how to improve the security level of your company? Let us know if we can assist you by bringing adequate security to your business.
Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.
My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.