PGI Cyber Digest – November 2016
- Tesco Bank ‘Hack’ Still a Mystery
- China Passes New Cybersecurity Law
- Annual Phishing Season is Upon Us
- What is a Black Friday?
Tesco Bank ‘Hack’ Still a Mystery
Despite the many theories currently being published on the true nature of the Tesco hack, little is known about how money was stolen from thousands of Tesco Bank current account holders last weekend. It is clear now, however, that approximately 9,000 customers rather than the initial estimate of 20,000 were affected. The bank has already repaid the stolen money and removed the block on card not present transactions. This suggests that it believes the incident is over. It is unusual to have such confidence so early in an investigation. If the bank had been breached in the usual ‘hack and steal’ manner, it would normally take weeks if not months of forensic examination to ensure that there are no intruders on the network, and no hidden malware left behind.
There are two immediate possibilities. They may have discovered that Tesco Bank itself wasn’t attacked but rather a third-party supplier, or that all those customers were the victims of phishing scams. A second possibility is that the attack was instigated by an insider with admin credentials. Technically, just the customers’ banking details could have been exfiltrated without compromising the system. This seems unlikely since the bank has returned to full operational status — which it would not have done had customers’ details been removed.
The alternative is that the insider operated entirely within the network over the weekend to transfer funds out of individual accounts. This would explain how the bank knows ‘exactly’ what happened, and why it can be confident that its systems were not technically compromised.
China Passes New Cybersecurity Law
The Chinese officially passed a new Cybersecurity Law that will apply to all companies doing business in the region from June 2017. Approved by the National People’s Congress, the new law will reduce levels of anonymity for the 710 million internet users in China and empowers the state to censor certain types of content, or even shut down large sections of the local internet, in the interests of national security.
Sophie Richardson, China director of Human Rights Watch, voiced concerns that Chinese authorities pressed ahead with this restrictive law without addressing many international concerns and the already heavily censored Internet in China needed more freedom, not less.
Although this new law has its critics, there are several good ideas which will enable authorities to better assess the cyber security situation within China. For example, security incidents must be reported to a central government register and users must be told if their data has been hacked. Critical infrastructure providers also must buy their equipment from a list that has been government tested and approved.
Annual Phishing Season Is Upon Us
With Black Friday, Cyber Monday and Christmas just around the corner, the annual Phishing season is well underway. There will be a lot of online advertising of special deals and it will be easier for cybercriminals to hide phishing scams inside the stream of legitimate offers. Cybercriminals know that this time of year is prime phishing season.
Online Christmas transactions are expected to hit a new record high of £24.4 billion this year. With a forecast figure like that, cybercriminals will most definitely be stepping up their campaigns to dupe consumers out of their hard-earned cash. Vigilance and education is the best defence against phishing attacks. This can include:
- Installing an antivirus solution
- Deploying a SPAM filter that detects viruses, blank senders etc
- Keeping all systems current with the latest security patches and updates
- Deploying a web filter to block malicious websites
- Encrypting all sensitive company information
What is a Black Friday?
“Black Friday” is an American term which marks the kick-off to the Christmas shopping season. “Black” refers to stores moving from the “red” to the “black,” back when accounting records were kept by hand, and red ink indicated a loss, and black a profit. In the UK, Black Friday is expected to be the biggest shopping day of the year with Amazon, John Lewis, Argos and many other retailers offering large discounts to entice shoppers. Online purchases are also expected to increase after Police were called to numerous stores last year to deal with crowd control issues, assaults and traffic problems.
Follow us on Twitter: @