Category Archives: Cyber Crime

Is it Safer to Backup Data in the Cloud?

Data backup and protection is an important matter; and it becomes more sensitive when you try to backup data to an offsite server with the help of cloud based services. Although the concern is understood, cloud based data is automated, very safe, efficient, and the data is backed up to geographically dispersed locations, typically far away from the origin.  As a result, natural disasters, such as tornadoes, wild fire, floods, etc. won’t affect it.  The system is also efficient because it doesn’t require hardware changes and more storage space is always available for the users. But, is it safe for everyone? Is there any chance of hacking? I will give answer of these questions below.

Keep in mind that not all cloud backup services are the same. They differ in technology, years of experience, and management. But, one thing is clear that you must know your wants and needs when it comes to protecting your data.

Where is the Data Stored?

The cloud has become more popular, but most don’t seem to know what it actually means. Most of the people have concept that using the data storage service is risky because they think that all the data in the cloud usually go to a cyberspace where hackers can easily go and access it without any problem.

Well, this could be true if you are not using reliable data storage services. Cloud is a very simple service with data servers in data centres, connected with the main storage and user’s personal account. Internet is a network of servers that carries the data to and from data centres, just like a highway is for vehicles.

Data centres are very protective areas where highly skilled and reliable workers are appointed for the management of servers. In most of the cases, only a few reliable persons are given access to these data centres. The workers are allowed to access the data centres with several physical security options and with the permission of users, who provide the secret PIN to open the storage vaults. Video surveillance system is used for 24x7x365 in order to ensure security of data. Many do not label their data centre as “Data Centre”, for security reasons; they are just typical buildings that blend with the neighbourhood buildings.

Data centres can not be physically robbed. We have never heard such stories. However, it has a cyber-based system linked to the computers of users. No doubt that there is a minimal risk of cyber-crime or data hacking, but it is very rare, because cloud backup companies have come up with sophisticated systems that can keep hackers off their servers.

Hackerproof?

Is backing up in the cloud really hackerproof? The simple answer is yes and no. If the technology used is a sub-standard, hackers can get access to the data centres with the help of specialised hacking protocols. However, the latest security systems have made it very difficult. For instance, multiple security levels (using emails, phone numbers, and physical statements) have made it almost impossible for hackers to access and compromise data.

Your data is much more secure being backed up in the cloud, where it is handled by qualified security experts than it is in the basement of your home.  Modern security applications and tools are implemented in order to ensure that there will be no risk. On the other hand, users are also encouraged to monitor the activities.

 

Non-Compliance is Very Expensive

For enterprises and businesses, compliance is a term that shows the company is following laws and regulations concerning business, personnel and clients. For businesses, compliance is not optional. In fact, it is obligatory for organizations and divergence to this act results in form of penalties.

 

Accounting scandals of a number of corporations made it necessary to establish an act therefore the Act Sarbanes Oxley was passed against such companies. As a result, non compliant enterprises have to face penalties such as loss of D & O insurance, imprisonment, heavy fines and lose exchange listing. It is given that investors do not have an interest to invest in non-compliant organizations. In case, CFOs or CEOs give fake certifications, they will face charges of one million dollars fine for their un-willful wrong doing. On the other hand, charges for willful doings are up to five million dollars. In addition to penalties, CEOs and CFOs can be imprisoned for up to ten to twenty years based on the evidence presented.

 

HIPAA is an act concerning health insurance portability & accountability. HIPAA is applied to service providers dealing with health care departments. The act also equally applies to health care associates. If service providers are unable to meet the demands of HIPAA Act, they will be fined severe penalties. Health care providers are castigated when they ignore standard of HIPAA. In such cases, the Secretary has the right to charge $100-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.

 

Another important part of HIPAA is its relation to personal health information (PHI). When sensitive information such as PHI of patients is disclosed, health care providers are penalized for their carelessness. In case this infringement is willful, up to $50,000 penalty, with a year imprisonment or both is imposed on the wrong doer. Conversely, if the violation is done with false pretences, an amount of $100,000 is imposed, with five years imprisonment or both. However, if such violation is for to get commercial benefits, a fine up to $250,000, with 10 years of imprisonment or both is imposed.

 

Punishments related to PCI-DSS and data protection act impose charges of up to $500,000 for data breaches. Non-compliant companies not only get charged fines, but also have to face long lasting penalties, such as credit card activity shut down, loss of business, staff cost during recovery process, detailed and increased audit requirements, charges of printing clients’ notification, printing costs, emailing costs, as well as loss of clients’ trust.

 

Controllers of non-compliant data are also punished by Data Protection Act. They are required to get registration and follow data protection act to become qualified for processing sensitive information of customers. If data controllers do not get registration, they can face litigation and penalties. On the other hand, data controllers and agents who misuse personal client information in other ways that are not mentioned in the act, they could be charged under the civil or criminal act sanctions.

 

In short, non compliance can be terrible and costly for companies.

Cyber Security Challenge UK Searching for the Best Hackers in the UK

Cyber Security Challenge UK is on the hunt for the best hackers in the UK after setting up a series of challenges which will test the skills of each competitor.

The challenges have been based on the actions of a fictional terrorist group who have been called The Flag Day Associates.

The fictional group made their first appearance in March in a video which was uploaded to YouTube which had three masked terrorists warning of a future cyber-attack in the UK. There were details embedded in the video which provided a possible date for the cyber-attack.

The first challenge was well supported with over 1,000 people signing up to help decipher the first clue of a fictional investigation. This was based on a suspicious email being intercepted by the National Crime Agency which was then traced to an abandoned warehouse. All that was left was an encrypted hard drive.

The latest challenge has been called Assignment Flag Drive in which entrants must use their computer skills and logic to hack into the encrypted hard drive and find out who it belongs to. Details about this drive will be placed online.

Registration to take part in this second challenge is still open and will close on 14th August. Registration can be completed at the Cyber Security Challenge UK website.

James Lyne who is the global head of security research at Sophos believes that the competition will be very fun and that he is looking forward to seeing the innovated methods that competitors use.

Lyne stated, “This competition is going to be a lot of fun and include many of the key skills security professionals need in the workplace. It will have forensic and offensive aspects to it and be accessible to all levels.”

Lyne added, “Best of all is part of the game involves a collection of interesting Internet of Things devices. I’m looking forward to seeing the creative approaches the players take to overcoming the Associates.”

The highest ranking competitors will qualify for a series of reconnaissance meet-ups as part of Operation Flag Day. Those who impress the most will then move on and be asked to carry out investigations at secret locations around the UK.

The leading candidates from this will make up the final line up who will do battle against The Flag Day Associates at the Masterclass final next year.

Chinese Smartphones Sold with Spyware Installed

German security firm, G Data Software has revealed that they have found that a cheap brand of Chinese-made smartphones have been sold with spyware software preinstalled.

The security firm confirmed that they had found malicious code hidden deep in the software of the Star N9500. G Data software decided to order the phone last month after they had received a number of complaints from its customers.

Thorsten Urbanski who is a spokesman for G Data Software confirmed that there is no trace of who manufactured the phone.

Urbanski stated, “The manufacturer is not mentioned. Not in the phone, not in the documentation, nothing else.”

G Data Software confirmed that the spyware could allow hackers to steal personal information, place rogue calls and turn on the phone’s camera and microphone. They also confirmed that any stolen information was sent to a server in China.

The smartphone Star N9500 is currently being sold by several major retail websites and by several companies that are listed in Shenzhen, southern China.

Bjoern Rupp who is the chief executive of GSMK believes that the frequency of such incidents is going to increase for a variety of reasons.

Rupp stated, “We have to assume that such incidents will increasingly occur, for different commercial and other reasons.”

Christian Geschkat who is a product manager at G Data Software believes that people need to start becoming very suspicious of supposedly great deals.

Geschkat stated, “In general, particularly cheap offers online that seem tempting should make buyers suspicious. There’s no such thing as a free lunch.”

Cybercriminals are developing more sophisticated ways of obtaining confidential data so it is now imperative that confidential data isn’t stored on devices where it isn’t needed.

It is also critical that all companies ensure that they have the best security plan in place and regularly test it to help protect themselves against the threat of cyber hackers and cyber thieves. This should be supported with a robust backup solution to ensure that data can always be recovered no matter what action a hacker or cyber thieves takes such as modifying or deleting the data.

GameoverZeus and Cryptolocker: is your data protected?

A massive international anti-cyber crime initiative has recently made a breakthrough, with a wanted notice for Russian national Evgeniy Mikhailovich Bogachev issued by the US government.  Bogachev is thought to be the mastermind behind two of the most recent (and most infamous) internet phishing schemes, commonly known as Gameover Zeus and the Cryptolocker virus.

GameoverZeus is a piece of malware that, when deployed on a victim’s computer, is able to target and extract login information for a range of applications ranging from social media and email accounts to online banking details. A different type of Zeus malware can also be used to install the ransomware Cryptolocker if the Zeus trojan is unable to find what it’s looking for.

As the Zeus group of malwares are trojans, and are therefore not designed to be found, Cryptolocker has become slightly more well known to users. Its function is to demand a ransom for certain files which have been infected by Cryptolocker. Affected users then face the dilemma of losing what is potentially an important file, or submitting to the ransom demands, with no real guarantee that they will get their file back anyway.

The US Department of Justice has officially issued charges against Bogachev, thought to be a ring leader of cyber-criminals, after the botnet that was operating the phishing scams was brought down. The effort was a collaboration between law enforcers from the US, as well as the UK and private security firms from around the world. The team was able to take control of the “Command and Control (C&C)” servers which had orchestrated the criminals’ operation.

However, the UK’s National Crime Agency (NCA) were quick to point out that this intervention is only temporary, as it would only be a matter of time before the criminals acquired new C&C servers from which they can run their operation. The NCA stressed to users the importance of ensuring that their computers were free of malware and protected against future infection.

The affect of the Zeus and Crytolocker malwares has been huge, and on a truly global scale. The scams can affect both home users and businesses and highlight the need to have the proper security measures in place.

Here at Backup Technology we have seen many of our customers affected by Cryptolocker in particular. Luckily, the files affected were securely backed up in our data centres, and so were retrievable. Had they not been backed up, the affected customers would have suffered the inconvenience, and potentially damaging affect of losing important files.

If you feel you are vulnerable to either Cryptolocker or the Zeus trojan, why not make an enquiry about our Cloud Backup and Disaster Recovery services. They could end up saving you a huge amount of stress and money should the worst happen!

Heartbleed may decrease internet speeds

Cyber Crime, Data Security

As the Heartbleed flaw in the OpenSSL security software spreads to cause more problems, one of the issues highlighted is the possible decrease in internet speeds. This possible drop in speed will most likely be caused by the number of sites refreshing their security certificates as part of everyday interactions on the internet.

Whenever one computer talks to another on the internet, e.g. a home PC or laptop connecting to a webserver hosting a website, security certificates are exchanged so that the two machines can be sure of eachother’s identity. In short, because of the flaws in OpenSSL exposed by the Heartbleed bug, there are many more certificates being exchanged during these interactions, which causes the authentication process to take longer.

The estimated number of affected sites is thought to be around 500,000, and includes big names such as Google, Facebook and Dropbox, sites used everyday by hundreds of millions. However, these bigger sites are thought to have patched the security flaws in OpenSSL, which will prevent cyber-criminals from attacking web servers.

The updating of security certificates ties in with OpenSSL, as it guarantees a site’s identity. OpenSSL simply transports sensitive data to a destination in a secure fashion, but once at the destination the two points communicate with each other in order to verify the identity of one another. If one machine can’t prove it’s secure, the information will not be delivered. This is the same principle as how your email client blocks an email address if you mark it as spam.

The Heartbleed bug virtually rendered OpenSSL (SSL stands for Secure Sockets Layer) insecure, as criminals could get their hands on the security keys of websites which used the software. Once stolen, criminals could then use the key to impersonate another legitimate website, in order to gain information illegally.

The fact that big companies like Google or Facebook were affected does not mean that these corporations don’t take security seriously, it just highlights how common the use of OpenSSL is on the internet. This in turn highlights how quickly a virus or another security scare can spread across the internet if such a flaw is identified.

Some are now calling for these big companies, and governments, who use the OpenSSL software to a huge extent, to contribute to its maintenance and future research. Currently, annual donations to the OpenSSL foundation amount to $2,000, a mere pittance to somebody like Google or Facebook.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal