IT NEWS

Today is the 20th Safer Internet Day. Since 2004, there’s been an annual event designed to “Promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world.”

2004 was a key year for several safety activities, encompassing both Safer Internet Day and the Safer Internet Forum. As it would turn out, a wide range of group security activities would follow hot on its heels the year after, not just through the public but also in professional security, legal, and government circles too.

You may be asking, why 2004? Was the general state of the Internet at the time so bad that all of these events sprang up almost out of necessity? Well, the answer to this makes a compelling case for a “yes”, because security was quite the mess back in the day.

Help required. Apply within

In 2004, a big slice of security advice was most definitely needed from somewhere. The dedicated security firms were primarily big antivirus organisations, some of which were struggling to keep up with the threats now spilling across the Internet.

You had very rich and powerful adware companies, making liberal use of bundled installers. Those meme pictures of someone’s browser filled with 50+ toolbars may be funny to look at now, but it definitely wasn’t at the time.

The adware was frequently incredibly invasive, with affiliate networks often in meltdown promoting every kind of rogue install under the sun. One day, the “agree to install” button would be missing. The next day, the adware would be installed via exploit without permission, something which the adware companies would swear is “not possible”. When it turned out to be entirely possible, and recorded on a Quicktime file, the same old excuses would be made and you knew it’d all be happening again a week later.

Exploits were rampant. People had pretty much no idea about even the most basic of scams as inventive fraudsters came up with everything bar the kitchen sink in the brave new world of social media, AKA “all my fish in one barrel”. Sometimes it felt like all you could do was read the Windows XP vs Linux comparisons while waiting for the inevitable infection to strike.

As for those “time it takes to become infected” numbers…well, they made for grim reading.

Spreading the infection

20 minutes was an important number in 2004. How so? It turns out that 20 minutes was the average amount of time it took your average, unprotected Windows XP installation to become infected with something horrible.

Data collected by the Internet Storm Center dug into “Survival Time History”, which is “calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe”.

Sounds bad, right? Well, it can certainly become more problematic. Before we discuss why, we need to experience a moment of hope in the form of what may be the most well known service pack ever released.

XP SP2: A new challenger enters the ring

2004 was a key turning point for Windows XP, as it happens. In August of that year, Microsoft rolled out a major weapon in the Operating System arsenal: Service Pack 2. XP SP2 was a response to criticism of Windows security and the ever-growing range of threats besieging desktop computers. Many of the additions and improvements brought in with SP2 survive in some form to this day. Some of its greatest hits:

• The Security Center, a one stop shop for all of your security needs at a glance. Prior to this, you mostly went on a Frodo and Sam style journey to find crucial settings hidden away in the far flung corners of your desktop.
• The Windows Firewall enabled by default, and the Internet Explorer popup blocker. The pop up blocker in particular was a big help with the proliferation of adware and spyware plugging into advertising networks.
• Data execution prevention, helping to ward off buffer overflow exploits.

All this and much more, including a bundled collection of any and all security patches. If you’d fallen off with regard to your updating habits, this was the perfect way to fix all of those increasingly exposed security holes.

This all sounds great, and it was. XP SP2 was met with much joy in security circles at the time, and was a much needed playing field leveller to help get all of those unpatched systems back in the game.

However: Remember when I said things could become more problematic?

Things quickly become more problematic

If you were online back in 2004, do you remember how good your Internet was? Were you still on dial up? Incredibly slow broadband? Something else entirely? You can probably see where I’m going with this.

If the estimated time to infect an unpatched XP machine is 20 minutes, and you need to download a large service pack weighing in somewhere between 70MB to 260MB, you’re probably in a lot of trouble, because you’re almost certainly not going to get it onto your system in that magical 20 minute time frame.

To put this into some way-back-when context: If you were caught out by a malware attack which pushed 8 whole megabytes at you, this was treated as a cavalcade of malware. An attack which would potentially take forever to slowly crawl its way onto your system, likely tanking your ability to do anything online while the secret payloads did their thing from the shadows.

In 2005, one malware install which needed the .NET framework to run would helpfully install the whole thing for you if you didn’t have it. If there’s one thing you probably didn’t want downloading out of the blue, it was probably 65 MB or so of .NET framework alongside various bits and pieces of malware.

These numbers are nothing now, but back then it was a big deal! If your Internet wasn’t tanked by increasingly large malware hijacks, it was being gobbled up by increasingly large security updates in a desperate effort to keep people safe.

Say hello to the meet and greets

No wonder, then, that very big and visible safer day/week campaigns became such a huge deal. For one final slice of additional context, 2005 was also a key year for security happenings. The largely forgotten CNET/Download.com Antispyware Workshop, held in San Francisco, was the first time many security folks in the antispy/mal/adware space were in the same room (myself included). As an added bonus, so were many representatives from the adware vendors.

Link Rot has done a number on pretty much all references to the event. If you want to delve into the mists of time and see an early collective response to the mess our desktops found themselves in, this is what I’ve dug up:

• A brief summary of the event itself
• A rundown of the FTC, researchers, and adware vendors arguing over details
• Various adware vendors having to sit and take their medicine
• A summary of the panels. Unfortunately the audio recordings are almost certainly lost forever.

Now yes, I may be cheating a little by referencing an event from 2005 instead of 2004 when our Safer Internet Day events kicked into life. However, it was almost certainly thanks to big, well funded day/week awareness campaigns grabbing the public’s attention that news and media organisations started to consider putting their own events on. There was clearly an increasing appetite for it.

Many folks from that first event would go on to make regular appearances at everything from the Antispyware Coalition (ASC) Workshops to more mainstream events like RSA, warning of the dangers of malware and spyware. By curious coincidence, the ASC also came into existence in 2005. I guess there was just something in the air at this point.

I’d like to think a small contribution to all of the group activity in 2005 and beyond was helped along a little by the work done a year earlier with Safer Internet Day and other awareness campaigns.

Windows XP, possibly the most conspicuous presence on people’s desktops around the time that Safer Internet Day established itself, eventually fell into disrepair. Safer Internet Day continues to keep ticking over and help spread word of safe Internet practices for everyone. This can only be a good thing.

Stay safe out there!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Tallahassee Memorial Healthcare (TMH), a major hospital system in northern Florida, has reportedly been experiencing an “IT security issue” since Thursday evening, which impacted some of its IT systems. When TMH learned of the issue, it took its entire IT systems offline as a precaution and contacted law enforcement.

In a news post on its website, the hospital says it’s making progress managing the security incident while it continues to operate under IT system downtime protocols, which includes the use of old fashion pen and paper.

We will also post updates on https://t.co/UGsradFUmG pic.twitter.com/MhQmM67l6b

— Tallahassee Memorial (@TMHFORLIFE) February 3, 2023

Tallahassee Memorial’s official Twitter account said in a statement on Friday:

“We are reviewing each of our IT systems now, prioritizing them and bringing them back online one-by-one. We do not currently have a timeline for how long this will take as this is an emerging situation,” 

While TMH has yet to reveal details about the issue, major news outlets have begun speculating that it could have been hit by a ransomware attack. According to a source who spoke with CNN, Tallahassee Memorial’s CEO Mark O’Bryant told staff on Friday that the system suffered a “cyberattack”.

The hospital has been regularly posting updates about the issue, even if there are no real updates. It says staff is working round the clock to resolve the incident and get the system back up and running as quickly as possible.

TMH has cancelled and rescheduled non-emergency surgical and outpatient procedures, rescheduled non-emergency appointments, and diverted some emergency medical services patients. It says it is continuing to accept Level 1 traumas. The hospital provides healthcare across 21 counties in northern Florida and Georgia.

TMH is the second US hospital victim to suffer from such an attack this year, following Atlantic General Hospital which was hit by ransomware in January.

How to avoid ransomware

There is no doubt hospitals remain under a bullseye, and attackers can strike at any time. Thankfully, there are ways organizations can help reduce their risk of suffering from a ransomware attack.

• Have an incident response (IR) plan. Organizations should accept the fact that a cyberattack is likely to affect them at some point, whether they’re the direct victim or part of a supply chain. An IR plan can direct your responders on what to do in the event of a cybersecurity attack. This should include restoring from backups, client outreach, and reporting to law enforcement among others.
• Educate your staff. Awareness goes a long way, and everyone in the company has a responsibility to keep the organization’s network safe. Staff should be taught social engineering tactics and red flags of a system attack, so they can alert the right personnel quickly should an attack occur.
• Patch as soon as you can. Many threat actors get into networks by exploiting unpatched vulnerabilities. Have a patching plan in place to ensure that your organization’s network is protected against the latest and most exploited weaknesses.
• Backup your files. Backups have saved a lot of organizations after a ransomware attack—provided they work. When you make a plan, ensure you also have provisions for backup testing.
• Get an EDR solution. Malwarebytes Endpoint Detection and Response offers built-in ransomware protection, 72-hour ransomware rollback, and zero-day ransomware protection. In fact, we guarantee our Endpoint Detection and Response will stop a ransomware infection on your deployed systems, or we’ll refund your annual subscription fee. Try it here.
• Learn more. If you want to read more about protecting your business from ransomware, take a look at our Ransomware Emergency Kit.

Stay safe!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Malwarebytes is excited to announce Malwarebytes Mobile Security for Business, which extends our award-winning endpoint protection to mobile devices.

Don’t get it twisted: mobile devices may be small, but they have huge implications for your security posture. In fact, 73% of organizations experienced a mobile-related compromise that they described as “major” in 2022.

To properly secure your mobile endpoints, you need to tackle two biggies: phishing and malware.

According to Verizon’s 2022 Data Breach Investigations Report, eighteen percent of clicked phishing emails in organizations come from a mobile device. What’s more is that almost 50% of organizations had an employee download mobile malware that threatened their organization’s network and data.

We released Malwarebytes Mobile Security for Business to help organizations crush mobile threats like these on iOS, Android, and even ChromeOS.

Let’s dive in to see how it works!

Deployment

We’re big fans of simplicity here at Malwarebytes (that might be why G2 users rated us the #1 endpoint security product for ease of use), so designed deployment for Mobile Security to be as quick and easy as possible.

To that end, there are two ways to activate the endpoint agent for your mobile devices: Email (self-activation by end users) and via Mobile Device Management (MDM).

Using an MDM tool automates the deployment of Mobile Security for Business. To deploy via Email sharing, the end user must manually complete installation, activation, and grant system permissions for Malwarebytes Mobile Security.

Voila, you’re done.

The Malwarebytes for Business app on IOS (left) and Android (right)

Protection

So you’ve got your mobile endpoints all set up, now it’s time to set a policy.

If you’re a current Nebula user, much of this next part will feel familiar. If you’re new to Nebula though, no sweat. All you need to know is that policies are what let us define how Malwarebytes behaves when using Mobile Security for Business.

After going to the Policy tab in Nebula, head on down to Protection settings to select Web protection and Ad block for IOS and Behavior protection for ChromeOS and Android.

Cool. To control how Malwarebytes behaves when running a scheduled scan, we have to check out the section right under, Scan settings.

Here you’ll find different options for scanning ChromeOS and Android devices for malware.

This policy is looking good! Let’s save and head over to our dashboard to get a bird’s eye view of anything going on with our mobile devices and Chromebooks.

Dashboard

The Dashboard provides a high level view of this activity on your network. It presents a summarized view of the information displayed in more detail on sections of your Nebula console through widgets.

We can narrow our dashboard view so we can just see what’s up with our mobile devices and Chromebooks in particular. With this view IT teams can easily identify malicious threats, PUPs and PUMs on mobile endpoints and act accordingly.

Mobile Devices and Chromebooks: The Cybersecurity Gap

Whether employer-provided or employee- or student-owned, mobile devices and Chromebooks are tempting targets for malicious threat actors—yet, these mobile devices remain woefully under-protected. With our Malwarebytes Mobile Security for Business solution, we’re setting out to change that.

Crush annoying ads, malicious websites, and find dangerous malware all within with a lightweight agent that protects without impacting performance. Check out the Malwarebytes Mobile Security landing page for more information or reach out for a free trial below.

REQUEST YOUR FREE MALWAREBYTES BUSINESS TRIAL

Last week on Malwarebytes Labs:

• A private moment, caught by a Roomba, ended up on Facebook. Eileen Guo explains how: Lock and Code S04E03
• New data wipers deployed against Ukraine
• Update your LearnPress plugins now!
• Riot Games refuses to pay ransom to avoid League of Legends leak
• Analyzing and remediating a malware infested T95 TV box from Amazon
• Google sponsored ads malvertising targets password manager
• 40% of online shops tricking users with “dark patterns”
• How to protect your business from supply chain attacks
• Up to 10 million people potentially impacted by JD Sports breach
• GitHub revokes several certificates after unauthorized access
• Malwarebytes earns AV-TEST Top Product awards for fifth consecutive quarter
• Ransomware in December 2022
• Cybersecurity and privacy tips you can teach your 5+-year-old
• The rise of multi-threat ransomware
• Cyberthreats facing UK finance sector “a national security threat”
• How the CISA catalog of vulnerabilities can help your organization
• Business Email Compromise attack imitates vendors, targets supply chains

Stay safe!

On Friday and over the weekend, several Computer Emergency Response Teams (CERTs) sounded the alarm about an ongoing large scale ransomware attack on VMware ESXi virtual machines.

With some discrepancies between Shodan queries from various researchers, most agree that an estimated 500 entities were affected by the attack over the weekend.

Old vulnerability

The suspected vulnerability, which is listed as CVE-2021-21974 was patched by VMware almost two years ago. The vulnerability can be found in OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) and is a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap. Heap memory is used by all the parts of an application as opposed to stack memory which is used by only one thread of execution.

Mitigation

The products that are vulnerable for CVE-2021-21974 are VMware ESXi, and VMware Cloud Foundation (Cloud Foundation).To remediate CVE-2021-21974 apply the updates listed under 3b in the ‘Fixed Version’ column of the ‘Response Matrix’ to affected deployments.

The fixed versions are:

• For ESXi 7.0: ESXi70U1c-17325551 or later
• For ESXi 6.7: ESXi670-202102401-SG or later
• For ESXi 6.5: ESXi650-202102101-SG or later
• For Cloud Foundation (ESXi) 4.x: 4.2 or later
• For Cloud Foundation (ESXi) 3.x: please refer to VMware KB82705

A recommended workaround if you are not using the OpenSLP service in ESXi is to disable the SLP service on VMware ESXi.

Ransomware

Even though Proof-of-Concept (PoC) instructions were posted only a few months after the vulnerability was patched we haven’t seen any reports of the exploit being used in the wild before February 3, 2023. The attack was aimed at vulnerable ESXi servers that are exposed to the internet on port 427. The threat actor runs an encryption process which is specifically targeting virtual machines files (“.vmdk”, “.vmx”, “.vmxf”, “.vmsd”, “.vmsn”, “.vswp”, “.vmss”, “.nvram”,”*.vmem”). Although some researchers have found instances where only the configuration files were encrypted. More on that later.

The ransomware group that reportedly launched this large-scale attack dubbed ESXiArgs against vulnerable ESXi is believed to be the new Nevada ransomware group.

Recently, it became known that the Royal ransomware group had added the ability to target Linux machines to their arsenal. With the transition of organizations to Virtual Machines (VMs) a Linux based ransomware version allows them to target the very popular ESXi virtual machines.

Decryptable

Security researcher Matthieu Garin posted on social media that the attackers only encrypt the config files, and not the vmdk disks where the data is stored. In such cases, the Enes.dev website may be of help to you. The guide explains how admins can rebuild their virtual machines and recover their data for free.

According to research from BleepingComputer, the encryption routine itself is secure, which means there are no cryptography bugs that allow free decryption.

Disclaimers

Nevada may turn out to be the Linux variant of a well-known ransomware group.

While all clues point to CVE-2021-21974 there are several critical vulnerabilities in VMware ESXi like CVE-2022-31696, CVE-2022-31697, CVE-2022-31698, and CVE-2022-31699, that can potentially lead to remote code execution (RCE) on affected systems.

There may be special circumstances at work in the cases where only the config files were encrypted. For example the ransomware tries to stop the VM so it can encrypt the file, but this may not always be successful in which cases the damage is limited to the config files.

When more details become available we will keep you updated here.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Today we have a fascinating tale of a business email compromise (BEC) group steering clear of targeting executives, in favour of fouling up supply chains instead. The attack, which may sound overly complicated, is a fairly streamlined attack with the intention of making a lot of money.

BEC: What is it?

BEC follows a few different patterns, but primarily revolves around an approach by a criminal who has compromised or spoofed an executive-level email account.

The criminal sends one or more “urgent” emails to a more junior employee about moving money from inside the business to somewhere else entirely. Some attackers perform reconnaissance in advance so they can target people in HR, finance, or accounts.

The criminal is likely to insist the money is moved quickly, and that nobody else is involved.

This technique has been around for a number of years, and some folks are getting wise to it. As a result, attackers are trying to broaden how these scams operate to give them the best chance of flying under the radar.

What we’re looking at below is Vendor Email Compromise (VEC). Instead of going after a company directly, attackers figure out a network of vendors, clients, customers, suppliers…you name it, they’ll try and map it all out. From there, it’s a case of figuring out the weak links in the chain and then pursuing them as best they can.

A splash of fraudulent domain management and social engineering may be all that it takes to get the job done.

VEC

The supply chain steps to success

The group at the heart of this particular campaign, the bizarrely monikered “Firebrick Ostrich”, has been flagged as having its hand in no fewer than 350 campaigns dating back several years. 151 organisations were spoofed across 200 or so different URLs. The attacks are said to have been US-centric, with a particular focus on US business.

According to Abnormal Intelligence, the group behind the research, Firebrick Ostrich was at its peak in August 2022, numbers wise, and the majority of URLs used in the various campaigns were less than a day old when they were used.

The steps to success for the VEC group are listed as follows:

1. Pretend to be a vendor, complete with imitation domain and multiple bogus email addresses related to said bogus “company”.
2. The bogus vendor initiates communication with the potential victim, going down one of several paths as the ball is set in motion. In the example given, the scammers ask to update a bank account on file, and then note that they’ve “lost track” of outstanding payments. This is how they gain insight into actual potential payments owed, or other relevant information which can be further used against the victim.
3. Some or all of the additional email addresses created, mentioned above, may be tied into some of the various email chains to add a layer of “this all looks plausible and real” to the recipients. Would scammers go to all this length to steal money? You bet. Many employees looking at this kind of email chain wouldn’t give it a second thought.

Cashing out

If the email antics are successful, a follow-up mail from the fake vendor includes tweaked payment information for the victim to wire funds. Abnormal Security notes that in some cases, PDF documents are attached to the mails containing the payment details. It’s possible that this is done to try and bypass any email flags looking out for suspicious content (such as payment details in the body of the mails).

With all of the imitation details in place, from fake emails and imitation URLs to including real employee names in some of the communications in case someone perhaps jumps onto Google or LinkedIn, this attack could very well cause big problems for an organisation.

Vendor attacks: a slippy customer

Given that this particular group does not appear to target one industry sector specifically, running the range of manufacturing and retail to energy and education, it could affect any business, and if it’s successful, it will be imitated.

The best defence against these kind of attacks is to ensure that staff are aware that they exist and how they work. Many scams rely on isolating and hurrying employees, so they are less diligent, so it also helps to have processes that ensure more than one employee is involved in significant transactions.

Stay safe out there!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

The Cybersecurity and Infrastructure Security Agency (CISA) maintains a “known exploited vulnerabilities catalog” which can be useful if you need help prioritizing the patching of vulnerabilities. In essence it is a long list of vulnerabilities that are actually being used by criminals to do harm, with deadlines for fixing them.

Many organizations are running a plethora of software and Internet-facing devices and vulnerabilities that can be used to exploit them are found every day. Everybody knows they need to patch, but deciding what to patch when, and then finding time and resources to do it, are a significant challenges.

If you are having difficulty deciding what to patch next whether you use a vulnerability and patch management service or not, the CISA catalog offers useful guidance to help you decide what to focus on.

BOD 22-01

The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 22-01 in November 2021. The directive established the catalog and bound everyone operating federal information systems to abide by it.

Two things made the directive stand out. The first was that it was based on what was actively being exploited, rather than an abstract severity score, like CVSS. The second was that it mandated specific—and very tight—deadlines, for vulnerabilities to be dealt with. Although agencies were given a longer grace period to handle historic vulnerabilities, they only had two weeks to patch anything new—the blink of an eye in patching terms.

At first the catalog focused on vulnerabilities that would allow an attacker to breach a network or compromise a system to gain a foothold suitable for data theft or ransomware.

Later, around the start of the war in Ukraine, CISA added a long list of vulnerabilities that threat actors can use to disrupt operations and networks. Actions that do not lead to financial gain, but can be used in a conflict.

Because it’s based on what criminals are actually exploiting, your organization might still want to feed the catalog into its patch management strategy, even if it isn’t a federal agency that’s obliged to.

The catalog has 9 columns:

• The CVE number of the vulnerability.
• Vendor/Project
• Product
• Vulnerability Name
• Date Added to Catalog
• Short Description (of the vulnerability)
• Action: What needs to be done to mitigate the vulnerability
• Due Date: by when the action needs to be completed by FCEB agencies.
• Notes: point to Emergency Directives about the vulnerability or vendor sites that discuss the vulnerability.

If you’re responsible for keeping your organization’s systems secure, you will already know that having a network inventory is critical: To be effective, you have to know what to protect. With that network inventory in hand, it’s good to know that the catalog can be sorted, among others, by Vendor/Project, by Product, and by Due Date.

Advice

Because the list is regularly updated you will want to keep an eye out for changes, once you are caught up. To make things easier, you can subscribe to receive updates. We also suggest you check out Malwarebytes’ patch management solution, and finally, make sure you ditch any software that has reached its end-of-life (EOL) and is beyond the scope of security updates.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Today we have a ten minute YouTube expedition into the murky world of ransomware.

In the video, “The rise of multi-threat ransomware” (embedded below), I cover a couple of key talking points that always seem to come up in conversation.

Single, double, triple?

The video covers how ransomware made the leap from “just” encrypting your files to double- or even triple-threat ransomware. The threats, the blackmail, the possibility of leaking data, and more.

A timeline of ransomware

It also examines attacks of interest from 2017 to the present day, looking at some of the key incidents from the last couple of years, and the brutal real world impact of ransomware attacks that increasingly affect the spaces and services around us. Schools, hospitals, housing associations, everyone is a potential target.

Keeping the enemy at the gate

The video finishes with a run through some of the ways organisations can avoid the perils of ransomware, and the realisation that cyber insurance may not solve every problem.

The video covers the importance of locking down your remote desktop access and VPNs, rolling out multi-factor authentication, and keeping a tight handle on repeated login attempts.

A determined attacker may find a way through despite your best efforts, but in many cases they’ll give up and look for a less resilient target. If you’re causing ransomware gangs to shrug and go elsewhere, you’re doing OK.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

As the reports covering all of 2022 start trickling in, we can see that cybercrime and other types of fraud had a major impact last year.

Take for example the 2022 half year fraud update by UK Finance, which tells us that criminals stole a total of £609.8 million (roughly $750 million) through authorized and unauthorized fraud and scams in the UK alone.

UK Finance is the collective voice for the UK’s banking and finance industry, representing around 300 firms across the industry. Its report states: “As we have warned previously, the level of fraud in the UK has reached a point where it must be considered a national security threat.”

Another report, called the ‘State of cyber security in the UK’, surveyed 500 UK-based cybersecurity strategy decision makers. It showed that financials are at significantly higher risk than the average UK business. More than half (58.2 percent) reporting between 40 and 60 cyber security incidents in the last 12 months.

Businesses

Many financials not only carry the burden of protecting their customers, but are also at risk of falling victim to cybercrime themselves.

The threat which was mentioned the most in responses to the survey was phishing. Some 67 percent of respondents highlighted it as their main worry for their organization. This is no surprise as phishing is often the prelude to more serious threats like ransomware, breaches, and BEC scams.

Other worries were the rise in premium prices for cyber insurance, and the security implications of the rise in flexible working. The advancing pace of technology (39 percent) also featured, as effects from the pandemic have complicated organizations’ ability to protect themselves from cyber threats.

The report based on the survey also shows a higher-than-expected number of breaches. Which made more organizations realize that having a recovery plan is almost as important as having effective preventive measures.

Consumers

The main types of fraud targeting consumers were:

• Authorized push payment (APP) scams, which use social engineering that tricks victims into authorizing payments to accounts belonging to the scammer. Romance scams and investment scams operate this way, as do purchase scams, where people pay for goods that are never delivered.
• Unauthorized payment card fraud. This category covers fraud on debit, credit, charge, and ATM-only cards issued in the UK. Payment card fraud losses are organized into five categories: Remote card purchases, lost and stolen cards, cards that aren’t received, counterfeit cards, and card ID theft.
• Remote purchase fraud. This type of fraud occurs when a criminal uses stolen card details to buy something on the Internet, over the phone or via mail order. It is also referred to as card-not-present (CNP) fraud, because the threat actor does not have the physical card, but has enough details to pretend that they are authorized to use it.

A common factor behind APP scams is use of online platforms and social media to target victims and trick them into making payments. This includes fraudulent advertising on search engines, fake websites and posts on social media. This is where the first contact between perpetrator and victim usually takes place.

Another worrying side effect of many of these financial frauds is the use of money mules. Often younger people that allow their bank account to be used to ‘cash out’ fraudulent funds, without realizing how sever the consequences can be.

For detailed numbers and more information you are encouraged to look at the UK Finance report.

Cooperation

Because of the direct threats and the responsibility for their customers, the banking and finance industry invests billions in tackling fraud. But it’s not a problem the banking sector can solve on its own.

Some of the initiatives that have been taken by the sector in the UK are:

• Working with the government and law enforcement to establish clear strategic priorities.
• Sharing intelligence on emerging threats.
• Delivering customer education campaigns.
• Training staff to spot and stop suspicious transactions.
• Sponsoring a specialist police unit.
• Cracking down on phone number spoofing.
• Blocking scam text messages.

How can we help?

NatWest, one of the UK’s “big four” banks, is offering all of its customers a free Malwarebytes Premium subscription, which can be used on up to 10 devices. The software protects against viruses, ransomware, and phishing scams, and is available for Windows PCs and Macs, as well as Android and Apple phones and tablets.

In the first half of 2022, Malwarebytes helped stop over seven million security threats that would have impacted NatWest customers. The bank’s customers can access the software by clicking the security tab within their online banking, where they will receive a coupon and a link to the Malwarebytes site.

Stuart Skinner, head of fraud protection at NatWest, said:

We are committed to helping our customers stay safe and secure and are continuously investing in new fraud prevention tools and the latest security technology. I urge you to download Malwarebytes today, to help ensure you are doing everything possible to protect yourself against this crime.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Everything we teach our kids starts at home—we parents are their first teachers, after all. So, why wait for them to start going to school to start learning about cybersecurity and online privacy?

Though it’s hardly news that more and more children are being introduced to mobile computing devices like tablets, smartphones, and laptops at an early age, you may be surprised at what that age is. In 2015, Time featured a study revealing parents handing over such devices to kids as young as six months old. That may be too early an age for teaching a child beyond getting them to sit up, but after nearly a decade, similar trends on age versus technology use have persisted. [1][2][3]

As mobile devices have become an indispensable part of a child’s life, a big question stands: What is the “appropriate” age to start teaching your little one about their security and privacy when using those devices? 

Well, it depends. If your child can understand (simple?) instructions and do them, you’re good to go. Remember, every child is different.

5 cybersecurity and privacy tips you can tell your 5+-year-old

Fostering habits for some simple yet good cybersecurity and privacy best practices early on can go a long way.

1. Lock the device.

When it’s time to put away the phone or tablet so your child can do something else like going to the park, remind them to lock it. They can do this by pressing the power button of the device. Of course, this only works if you have Lock Screen enabled on the device.

If your child is 5 years old and up, you can explain to them that locking the phone or tablet stops other people from using it without asking permission.

2. Use passwords.

Of course, in order to lock a device’s screen, a password is needed in this case. Not going for a pattern lock is deliberate. At this stage, we’re not only seeding the idea of creating strong passwords but also making locking devices the norm (From 2016 to 2018, a reported 28 percent of Americans surveyed failed to use any safeguards to lock their phones).

Don’t be too concerned about length yet, but if you can get your little one to spell out and remember a six to eight-character string—ideally, a word—you’re both golden. We started our little one with a three-letter password to open her tablet when she was four, and we plan to triple that length now that she’s two years older.

3. Keep the device in a safe place.

Instruct your little one to put away the phone or tablet after they lock it. Make sure you already have a designated place in the house that your child knows about. Also, check that this place is accessible, and if it has doors, they can easily open and close them with minimal effort and supervision.

Under a pillow on the master’s bed works, too (just don’t forget to remove it before bedtime).

4. Ask for permission.

Your five-year-old may have access to either the Google Play or Apple App stores via the device you’re letting them use. Whether you have parental controls set up for these stores or not, wouldn’t it be great to hear them ask: “Is this okay to download, mum?” This gives you, the parent or guardian, the opportunity to review the app to see if it’s any good for them (Remember, dubious apps can still end up in these stores.).

The same principle should apply when they’re watching videos on YouTube.

Every now and again, we see or read about cute or cartoony clips that are not actually for kids’ consumption. And believe it or not, some of them were purposefully made to appear inviting to young children. To be safe, a critical eye is needed because, sometimes, even YouTube’s AI can get it wrong.

5. Share only with relatives and close family friends.

Kiddo loves having her picture taken. Sometimes, she would ask me to take a snap and send it to her Nana, who is part of an Instagram group.

Thankfully, only family members—and those close to us who’re treated as family—are members of that group. We would’ve been reluctant to share otherwise.

Kiddo doesn’t have a single social media account, but we’re already instilling in her the value of information related to her and, consequently, us. She knows our home address, for example, and she also knows she should only share it with a policeman or policewoman if she’s lost.

Final thoughts

The computing devices and apps your little one uses are already impacting them in more ways than one. It’s essential to steer them in the right direction by getting ourselves involved in their digital lives as early as possible. There is plenty of room for growth.

So, parents and guardians, be patient. Put these points on repeat and expand on them. And, if you’re lucky, be thankful that before your child starts school, they already have some of the cybersecurity and privacy basics down.

Good luck!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.