Posts

, , ,

GDPR cyber ransom demands predicted to increase

Leading cyber security researchers, F-Secure, have predicted a significant rise in the ransom demanded for stolen or encrypted data following the General Data Protection Regulation (GDPR) compliance deadline in May 2018. Potentially the sums demanded, due to GDPR cyber ransom, could be in the order of telephone numbers.

In the past, cyber attackers have often been unaware of how much stolen data is worth to organisations. However, the implementation of GDPR means that organisations can be fined up to 4% of their global annual turnover or €20m, whichever is greater, if found to have a data breach. These fines effectively provide cyber criminals with a price point. This means it is now possible for criminals to understand how much data is worth to organisations and demand a far higher GDPR cyber ransom.

GDPR Cyber Ransom:

As a result, hackers are likely to understand that companies will be willing to pay almost anything less than such fines, in order to keep the data breach quiet. This is in order to avoid the heavy fines and keep their reputation intact. Currently criminals typically only demand thousands of Pounds as a ransom for stolen data. This is predicted to increase to tens of thousands, hundreds of thousands, or even millions of Pounds, depending on the organisation.

GDPR as a business opportunity:

With just over six months to go before the compliance deadline, companies are being urged to get their data in order. This is not only due to the potential fines, but also as GDPR can be seen as a business opportunity.

Many organisations have focused on the fines associated with GDPR.  In reality, GDPR is an expansion of the ability to manage the use of data. This regualtion aims to level the playing field between the public and the private sector, in order to facilitate the exchange of data. In addition, GDPR enables companies to understand the data that they have, how to best secure it and how to manage the data effectively in order to use it to identify potential business opportunities.

GDPR will essentially work to create a global standard for data protection. This provides European businesses with the opportunity to produce goods and services worldwide that adhere to this standard. In turn, this generates trust between organisations and customers, which is essential for online business.

Read more information on GDPRCyber Security, Cyber Fraud, and Compliance. Don’t get held to GDPR cyber ransom.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

Malicious Chrome Extension Steals Data Posted to Any Website

Malicious browser extensions continue to bear fruit for hackers who have been using them to spread banking malware and adware, and hijacking popular add-ons to spread other nasty code.

The latest abuse involves a Google Chrome extension being spread in phishing emails that steals any data posted online by victims. This is a departure from previous attacks that monitor browser activity for specific URLs and extract credentials.

This campaign may be limited to Brazil and other Portuguese-speaking nations, according to Renato Marinho, chief research officer at Morphus Labs and a SANS Internet Storm Center (ISC) handler. Marinho told Threatpost that the phishing message is written in Portuguese and some characteristics associated with compromised computers including directory names leads him to believe the malware used in these attacks originated in Brazil.

“Based on the messages I received on my spam trap, the campaign is ongoing and possible making many victims,” Marinho said.

The emails, Marinho said, include a lure hinting at photos from a weekend event sent over WhatsApp (“Segue as (Fotos Final de Semana ) Enviadas via WhatsApp (30244)”). Should the victim click on the link, a malware dropper called whatsapp.exe is executed and presents a phony Adobe Reader installer, which downloads and installs a .cab file on the victim’s computer. The .cab file is a 9.5MB compressed file that spews a pair of 200MB-plus files once decompressed, Marinho wrote in a report to the SANS ISC site. Most of the code, he said, is bloat in an attempt to bypass anti-malware scanners that avoid large files.

One of the files attempts to disable the Windows Firewall and kill all Chrome processes before installing the malicious browser extension, written in JavaScript.

The extension captures all data posted by the victim on any website, Marinho said, before it’s sent to a command and control server using jQuery and Ajax connections.

Marinho added that existing browser security measures such as SSL or TLS won’t protect the victims because the stolen data is captured in clear text inside the browser, before it is sent through HTTPS connection.

“That’s another reason this is approach is attractive to cybercriminals,” Marinho said.

Marinho said he expects cybercriminals to continue to make use of malicious extensions to access a victim’s personal or sensitive data.

“It wasn’t necessary for the attacker to attract the victim to a fake website with doubtful SSL certificates or deploying local proxies to intercept web connections. Quite the opposite, the user is accessing original and legitimate websites and all the interactions are working properly while data is captured and leaked,” he said. “In my opinion, internet browsers should better control extensions and plugins’ installation processes as the Android and IOS mobile ecosystems do. By default, only the extensions available on official store should be accepted for installation.”

Source: ThreatPost

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!