Connect with us

Featured

Cyber crooks recruit from the inside

Published

on

Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources.

Telecommunications providers are a top target for cyber-attack. They operate and manage the world’s networks, voice and data transmissions and store vast amounts of sensitive data. This makes them highly attractive to cybercriminals in search of financial gain, as well as nation-state sponsored actors launching targeted attacks, and even competitors.

To achieve their goals, cybercriminals often use insiders as part of their malicious ‘toolset’, to help them breach the perimeter of a telecommunications company and perpetrate their crimes. The global research based on 2016 Corporate IT Security Risks Survey by Kaspersky Lab and B2B International, reveals that 28% of all cyber-attacks, and 38% of targeted attacks now involve malicious activity by insiders. The intelligence report examines popular ways of involving insiders in telecoms-related criminal schemes and gives examples of the things insiders are used for.

Compromising employees

According to the Kaspersky Lab researchers, attackers engage or entrap telecoms employees in the following ways:

·         Using publically available or previously stolen data sources to find compromising information on employees of the company they want to hack. They then blackmail targeted individuals – forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear-phishing attacks on their behalf.

·         Recruiting willing insiders through underground message boards or through the services of “black recruiters”. These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail.

The blackmailing approach has grown in popularity, following online data breaches such as the Ashley Madison leak, as these provide attackers with material they can use to threaten or embarrass individuals. In fact, data-leak related extortion has now become so widespread that the FBI issued a Public Service Announcement on 1 June warning consumers of the risk and its potential impact.

 The insiders most in demand

According to the Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify those who can enable network mapping and man-in-the-middle attacks.

However, insider threats can take all forms. The Kaspersky Lab researchers noted two non-typical examples, one of which involved a rogue telecoms employee leaking 70 million prison inmate calls, many of which breached client-attorney privilege. In another example, an SMS center support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing OTP (One-Time Passwords) for the two-step authentication required to login to customer accounts at a popular fintech company.

“The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organisation in world where attackers don’t hesitate to exploit insider vulnerability. Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it the better you can prepare,” said Denis Gorchakov, security expert, Kaspersky Lab.

In order to protect the organisation from insider threat, Kaspersky Lab advises the following:

·         Educate your staff about responsible cyber-security behaviour and the dangers to look out for, and introduce robust policies about the use of corporate email addresses;

·         Use Threat Intelligence Services to understand why cybercriminals might be looking at your company and to find out if someone is offering an insider “service” in your organisation;

·         Restrict access to the most sensitive information and systems;

·         Do a regular security audit of the company’s IT infrastructure.

Featured

Smash hits the Nintendo Switch

Super Smash Bros. delivers what the fans wanted in the latest “Ultimate” instalment, writes BRYAN TURNER.

Published

on

Super Smash Bros. Ultimate, the latest addition to the popular Nintendo Smash series, has landed on the Nintendo Switch with a bang, selling 5-million copies in the first week of its release. The game has been long-anticipated since the console’s release, as many fans consider iy to be a Nintendo staple. And the wait was well worth it.

It features 74 playable fighters, 108 stages, almost 1300 Spirit characters to collect while playing, and a single-player Adventure mode that took about three days (or 28 hours) of gameplay to complete. The game offers far more gameplay than its predecessors, making it the Smash game that gives its players the best bang for their buck.

For those new to the game, the goal is to fight opponents and build up their damage score (draining their health) to knock them off the stage eventually. This makes the game seem chaotic, as many players jump around the platforms as if they were on quicksand, in order to avoid being hit by the other players.

It also services two kinds of players: the competitive and the casual.

Competitive players can be matched on the online service by skill ranking to enjoy playing with similarly high-skilled opponents. This is especially important in e-sports training for the game, and for players wanting to master combos against other human players. The casual gamer is also catered for, with eight-player chaos and button-mashing to see who comes out luckiest. This segment is also important for those wanting to learn how to play.

Training mode is also a place to go for those learning to play. It offers “CPU” players that are graded by intensity to train as a single player to learn a character’s moves, combos and general fighting style. More challenging CPU players can also be used by competitive players to train when there isn’t a Wi-Fi connection available.

Direct Play features in this game, allowing two players with two Switch consoles to play against each other over a direct connection – no Wi-Fi needed. This is especially useful to those who want to have a social gaming element on the go, similar to that of the cable connector of the Gameboy.

Click here to read Bryan Turner review of Super Smash Bros. Ultimate.

Previous Page1 of 3

Continue Reading

Competitions

Win Funko Fortnite in Vinyl

Gadget and Gammatek have nine Funko Fortnite figurines to give away.

Published

on

A Funko Pop figurine based on a character set is indicative of reaching the heights of pop culture. It is no surprise, then, that the world’s biggest online game, Fortnite, has its own line of Funko Pop figurines. The Funkos are modeled on the characters in game, including Drift, Ragnarok, Dark Vanguard, Volar, Tracera Ops, and Sparkle Specialist.

Now, local Funko distributor Gammatek has released the Fortnite figurines in South Africa. To celebrate, Gadget and Gammatek are giving away a set of three Funko Fortnite figurines to each of three readers (9 figurines in total). To enter, first click on your favourite Funko Pop on the next page and post the Tweet that appears. Then, follow Gadget on Twitter.

You can put the tweet in your own words, but entries must have the competition’s hashtag (#FunkoFortnite) and mention @GadgetZA to be considered valid.

Click here to select the Funko Fortnite character you want to tweet.

Previous Page1 of 2

Continue Reading

Trending

Copyright © 2018 World Wide Worx