A recent report has revealed that hackers are obtaining compromising material and then holding it hostage until their demands are met. IHAB MOAWAD sheds some light on this new tactic that many are calling “sextortion.”|A recent report has revealed that hackers are obtaining compromising material and then holding it hostage until their demands are met. IHAB MOAWAD sheds some light on this new tactic that many are calling “sextortion.”
In April Trend Micro released a research paper about sextortion: the means through which cybercriminals obtain compromising personal images or videos of Internet users – which they then hold hostage until their demands have been met. Fast forward to July and we have seen the hack of controversial adultery/dating site, Ashley Madison. Cybercriminals wreaked havoc as they threatened to slowly leak the data of the adulterers using the site, until it and its companion site, “Established Men”, shut down.
An article on time.com calls this tactic “hacking 2.0”, stating that this new hacking method is not about the data, but the context. Making money from stolen data, like credit cards, is a lot of work and cybercriminals have latched onto the fact that they have a larger pay cheque to gain from those that stand to lose more than just money. Hence, a hack like Ashley Madison’s that could – and has – destroyed reputations and families is a gold mine for the team responsible for the hack (The Impact Team).
Now, moral opinions about Ashley Madison aside, I’m sure that no one appreciates any of their personal information being kidnapped and held for ransom. But cybercriminals are cunning and they know that if they keep the sums low enough, people that stand to lose more than money would rather pay up. In this case, the Ashley Madison hackers offered users the ultimatum of paying $19 to have all their information wiped off the site or having it leaked. But there is of course, no guarantee that you can trust a cybercriminal.
How does data kidnapping affect my business?
According to time.com, there is a new reality that’s making matters worse for corporate security teams and it’s that in recent years, there has been heavy investment in protecting financial data – spending money to fortify the most valuable data. So while credit cards may be protected, email servers may have been left in the lurch, but this will slowly change as personal data of different contexts becomes a bargaining chip for cybercriminals.
Ashley Madison is just one example of an enterprise that has been targeted in this manner. Another example is the malware Cryptolocker which forced victims to pay a sum to unscramble their data and subsequently made $27 million in just the first two months from small home owners and businesses. And then there was the Sony hack in December 2014, in which cybercriminals stole corporate emails and embarrassed the company. In hacking 2.0 cybercriminals don’t need to steal your money, all they need is any data that is valuable to you.
This means that executives should be working tirelessly to do an honest assessment about what their enterprise’s valuable data really is. Then wise investments need to be made in protecting data that might seem inconsequential if stolen in one context, but a disaster if stolen in another. The bottom line? Every company will now have to plan for ransom and extortion scenarios.
So what now?
In addition to a stealthy security policy, companies now need a data kidnapping and extortion policy in order to properly protect themselves. This is on top of robust business security solutions. Employees, and in turn the business, for example, could benefit from having Trend Micro Security 10 on the mobile devices of employees. Trend Micro Security 10 is a recently launched security and privacy tool that’s fully compatible with Windows 10.
The new version’s security features are simple-to-use, yet provide state-of-the-art protection for employees’ data, delivered with optimal performance. This allows users to securely connect and engage safely online – on the company network – while protected from today’s evolving threat environment. The software will feature protection from exposing private information or becoming susceptible to data-theft and other malicious online threats on both personal and business devices.
Trend Micro Deep Discovery is also an option for business as is detects, analyses and responds to today’s stealthy targeted attacks in real time and then Deep Security delivers automated and highly scalable cloud security. But really, what you should do is speak to a Trend Micro professional about a customised security solution for all your business’s security needs. As is the case with any form of cybercrime, prevention is better than cure, and you don’t want to wait until you’ve had data kidnapped to react to hacking 2.0.
* Ihab Moawad, Vice President MMEA and CIS at Trend Micro
AppDate: DStv taps Xbox, Hisense for app
DStv Now app expands, FNB gets Snapchat lens, Spotify offers data saver mode, in SEAN BACHER’s apps roundup
DStv Now for Xbox and Hisense
Usage of DStv Now, the online DStv service available free to DStv customers, is increasing rapidly with more than two million plays of live and Catch Up content per week. In addition to using DStv Now to watch TV on tablets and smartphones, an increasing number of DStv customers are also opting to use it as their primary method of getting DStv on additional TVs in the house. This is set to increase with the release of two new big-screen TV apps, one for Xbox gaming consoles (Xbox One, Xbox One S, Xbox One X) and another for Hisense smart TVs (2018 and newer models).
Expect to pay: A free download.
Platform: Any of the Xbox One range of gaming consoles and 2018 or later Hisense smart TVs.
Stockists: Visit the store linked to your Xbox console or HiSense smart TV.
Santam Safety Ideas
Start-up businesses that have a FinTech or InsurTech business venture brewing are called to enter the third annual Santam Safety Ideas competition. Safety solutions or InsurTech ventures that are ready for piloting could win up to R150 000 worth of incubation support and R200 000 in seed funding.
The Safety Ideas competition was launched two years ago in partnership with LaunchLab, Stellenbosch University’s startup incubator that facilitates valuable connections for corporates and startups sourced from the startup ecosystem and partner universities in South Africa. The previous winners are Herman Bester and Anton Swanevelder, co-founders of MyLifeLine – a wearable panic device that won the competition last year; and Ntsako Mgiba and Ntandoyenkosi Shezi, co-founders of Jonga – a cost-effective security system for low income families, which won the competition in 2017.
Entries close on 28 February 2019. For more information on how to enter, visit: www.santam.co.za/safetyideas/
Click here to read about the FNB Snapchat lens, Spotify Free with data saver, and 00:37.
Fortnite fixes hackers’ hole
Epic Games has repaired a vulnerability that exposed Fortnite, the world’s most popular game of the moment, to hackers. The hole, which was left in Epic’s web infrastructure, allowed hackers to target players with email that appeared to come from Epic Games, but would have led them to a phishing site, where their log-in details would have been stolen.
Researchers at cyber security solutions provider Check Point Software alerted Epic to vulnerabilities that could have affected any player of the hugely popular online battle game.
Fortnite has nearly 80 million players worldwide. The game is popular on all gaming platforms, including Android, iOS, PC via Microsoft Windows and consoles such as Xbox One and PlayStation 4. In addition to casual players, Fortnite is used by professional gamers who stream their sessions online, and is popular with e-sports enthusiasts.
If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information as well as enabling them to purchase virtual in-game currency using the victim’s payment card details. The vulnerability would also have allowed for a massive invasion of privacy, as an attacker could listen to in-game chatter as well as surrounding sounds and conversations within the victim’s home or other location of play.
While Fortnite players had previously been targeted by scams that deceived them into logging into fake websites that promised to generate Fortnite’s ‘V-Buck’ in-game currency, these new vulnerabilities could have been exploited without the player handing over any login details
Click here to read how the Fortnite hack worked
To win a set of three Fortnite Funko Pop Figurines, click here.