Kaspersky’s latest security bulletin has revealed that for the first time mobile financial treats ranked among the top ten malicious programs designed to steal money.
The Kaspersky Security Bulletin Overall Statistics Report for 2015 highlighted a new trend: for the first time ever, mobile financial threats rank among the top ten malicious programmes designed to steal money. Two families of mobile banking Trojans – Faketoken and Marcher – were included in 2015’s top 10 banking Trojans. Another remarkable and alarming trend for the year is the rapid spread of ransomware. Kaspersky Lab detected this in 200 countries and territories in 2015 – including South Africa.
In fact, looking at the geography of banking malware attacks in 2015, South Africa ranked in the top 10 countries – at 09th position.
Other main trends in cybercriminal activity in 2015 included:
· Cybercriminals looking to minimise the risk of criminal prosecution switched from malware attacks to the aggressive distribution of adware. In 2015, adware accounted for 12 of the top 20 web-based threats. Advertising programmes were registered on 26.1% of user computers.
· Kaspersky Lab also observed new techniques for masking exploits, shellcodes and payloads to make the detection of infections and analysis of malicious code more difficult. Specifically, cybercriminals used the Diffie-Hellman encryption protocol and concealed exploit packs in Flash objects.
· Cybercriminals made active use of Tor anonymisation technology to hide command servers, and used Bitcoins for making transactions.
Mobile financial threats mature:
In 2015 two families of mobile banking Trojans (Faketoken and Marcher) appeared in the rankings of the top 10 financial malware families. The malicious programmes belonging to the Marcher family steal payment details from Android devices: they track the launch of two apps after infecting a device – the mobile banking app of a European bank and Google Play. If the user starts the banking application or Google Play, Marcher displays a false window requesting credit card details which then go to fraudsters. Representatives of the Faketoken family work in partnership with computer Trojans: a user is manipulated to install an application on their smartphone, which is actually a Trojan that intercepts the one-time confirmation code (mTAN).
“In 2015, cybercriminals focused time and resources in developing malicious financial programmes for mobile devices. This is not surprising as millions of people worldwide now use their smartphone to pay for services and goods. Based on current trends, we can assume that in 2016, mobile banking malware will account for an even greater share,” – says Yury Namestnikov, Senior Security Researcher at Global Research and Analysis Team, Kaspersky Lab.
“Traditional” financial cybercrime hasn’t declined, however: in total, Kaspersky Lab solutions blocked almost two million (1,966,324) attempts to launch malware capable of stealing money via online banking on computers in 2015, an increase of 2.8% on 2014 (1,910,520).
The numerous modifications of the most widely-used malware family, ZeuS, were dethroned by Dyre/Dyzap/Dyreza. Over 40% of those attacked by banking Trojans in 2015 were hit by Dyreza using an effective web injection method in order to steal data and access the online banking system.
The global nightmare that is ransomware:
In 2015, ransomware rapidly expanded its presence on new platforms. One in six (17%) ransomware attacks now involves an Android device, barely a year after the platform was first targeted. Kaspersky Lab’s experts identified two big ransomware trends during 2015. The first is that the total number of users attacked by encryption ransomware increased to almost 180K, up 48.3% compared to 2014. Secondly, in many cases, the encryptors are becoming multi-module and, in addition to encryption, include functionality designed to steal data from victim computers.
The geography of online attacks:
Kaspersky Lab’s statistics show that cybercriminals prefer to operate and use hosting services in different countries where the hosting market is well-developed: 80% of attack notifications blocked by antivirus components were received from online resources located in 10 countries. The top three countries where online resources were seeded with malware remained unchanged from the previous year: the USA (24.2%), Germany (13%), and the Netherlands (10.7%).
IoT sensors are anything from doctor to canary in mines
Industrial IoT is changing the shape of the mining industry and the intelligence of the devices that drive it
The Internet of Things (IoT) has become many things in the mining industry. A canary that uses sensors to monitor underground air quality, a medic that monitors healthcare, a security guard that’s constantly on guard, and underground mobile vehicle control. It has evolved from the simple connectivity of essential sensors to devices into an ecosystem of indispensable tools and solutions that redefine how mining manages people, productivity and compliance. According to Karien Bornheim, CEO of Footprint Africa Business Solutions (FABS), IoT offers an integrated business solution that can deliver long-term, strategic benefits to the mining industry.
“To fully harness the business potential of IoT, the mining sector has to understand precisely how it can add value,” she adds. “IoT needs to be implemented across the entire value chain in order to deliver fully optimised, relevant and turnkey operational solutions. It doesn’t matter how large the project is, or how complex, what matters is that it is done in line with business strategy and with a clear focus.”
Over the past few years, mining organisations have deployed emerging technologies to help bolster flagging profits, manage increasingly weighty compliance requirements, and reduce overheads. These technologies are finding a foothold in an industry that faces far more complexities around employee wellbeing and safety than many others, and that juggles numerous moving parts to achieve output and performance on a par with competitive standards. Already, these technologies have allowed mines to fundamentally change worker safety protocols and improve working conditions. They have also provided mining companies with the ability to embed solutions into legacy platforms, allowing for sensors and IoT to pull them into a connected net that delivers results.
“The key to achieving results with any IoT or technology project is to partner with service providers, not just shove solutions into identified gaps,” says Bornheim. “You need to start in the conceptual stage and move through the pre-feasibility and bankable feasibility stages before you start the implementation. Work with trained and qualified chemical, metallurgical, mechanical, electrical, instrumentation and structural engineers that form a team led by a qualified engineering lead with experience in project management. This is the only way to ensure that every aspect of the project is aligned with the industry and its highly demanding specifications.”
Mining not only has complexities in compliance and health and safety, but the market has become saturated, difficult and mercurial. For organisations to thrive, they must find new revenue streams and innovate the ways in which they do business. This is where the data delivered by IoT sensors and devices can really transform the bottom line. If translated, analysed and used correctly, the data can provide insights that allow for the executive to make informed decisions about sites, investment and potential.
“The cross-pollination of different data sets from across different sites can help shift dynamics in plant operation and maintenance, in the execution of specific tasks, and so much more,” says Bornheim. “In addition, with sensors and connected devices and systems, mining operations can be managed intelligently to ensure the best results from equipment and people.”
The connection of the physical world to the digital is not new. Many of the applications currently being used or presented to the mining industry are not new either. What’s new is how these solutions are being implemented and the ways in which they are defined. It’s more than sticking on sensors. It’s using these sensors to streamline business across buildings, roads, vehicles, equipment, and sites. These sensors and the ways in which they are used or where they are installed can be customised to suit specific business requirements.
“With qualified electronic engineers and software experts, you can design a vast array of solutions to meet the real needs of your business,” says Bornheim. “Our engineers can programme, create, migrate and integrate embedded IoT solutions for microcontrollers, sensors, and processors. They can also develop intuitive dashboards and human-machine interfaces for IoT and machine-to-machine (M2M) devices to manage the input and output of a wide range of functionalities.”
The benefits of IoT lie in its ubiquity. It can be used in tandem with artificial intelligence or machine learning systems to enhance analytics, improve the automation of basic processes and monitor systems and equipment for faults. It can be used alongside M2M applications to enhance the results and the outcomes of the systems and their roles. And it can be used to improve collaboration and communication between man, machine and mine.
“You can use IoT platforms to visualise mission-critical data for device monitoring, remote control, alerts, security management, health and safety and healthcare,” concludes Bornheim. “The sky is genuinely the limit, especially now that the cost of sensors has come down and the intelligence of solutions and applications has gone up. From real-time insights to hands-on security and safety alerts to data that changes business direction and focus, IoT brings a myriad of benefits to the table.”
Oracle leads in clash of
Three e-commerce platforms have been awarded “gold medals” for leading the way in customer experience. SoftwareReviews, a division of Info-Tech Research Group, named Oracle Commerce Cloud the leader in its 2020 eCommerce Data Quadrant Awards, followed by Shopify Plus and IBM Digital Commerce. The awards are based on user reviews.
The three vendors received the following citations:
- Oracle Commerce Cloud ranked highest among software users, earning the number-one spot in many of the product feature section areas, shining brightest in reporting and analytics, predictive recommendations, order management, and integrated search.
- Shopify Plus performed consistently well according to users, taking the number-one spot for catalogue management, shopping cart management and ease of customisation.
- IBM Digital Commerce did exceptionally well in business value created, quality of features, and vendor support.
The SoftwareReviews Data Quadrant differentiates itself with insightful survey questions, backed by 22 years of research in IT. The study involves gathering intelligence on user satisfaction with both product features and experience with the vendor. When distilled, the customer’s experience is shaped by both the software interface and relationship with the vendor. Evaluating enterprise software along these two dimensions provides a comprehensive understanding of the product in its entirety and helps identify vendors that can deliver on both for the complete software experience.
“Our recent Data Quadrant in e-commerce solutions provides a compelling snapshot of the most popular enterprise-ready players, and can help you make an informed, data-driven selection of an e-commerce platform that will exceed your expectations,” says Ben Dickie, research director at Info-Tech Research Group.
“Having a dedicated e-commerce platform is where the rubber hits the road in transacting with your customers through digital channels. These platforms provide an indispensable array of features, from product catalog and cart management to payment processing to detailed transaction analytics.”