Britain packs on the pounds lost to fraud, topping a billion

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The cost of fraud to Britain rose 1.1 bil­lion pounds ($1.4 bil­lion) for the first time in five years in 2016, dri­ven in part by a huge surge in cyber crime. The total val­ue of fraud in Britain soared 55 per­cent last year, despite the num­ber of cas­es drop­ping by near­ly a third from 310 to 220, KPMG’s Fraud Barom­e­ter showed. KPMG cit­ed a rise in “super cas­es” worth more than 50 mil­lion pounds ($62.5 mil­lion), while the val­ue of the aver­age fraud case dou­bled, to 5.2 mil­lion pounds ($6.5 mil­lion). The barom­e­ter also high­light­ed a 1,266 per­cent jump in cyber fraud, which reached 124 mil­lion pounds ($155 mil­lion) in 2016One new case saw cold callers pre­tend­ing to be mem­bers of bank fraud depart­ments and per­suad­ed some 750 vic­tims to reveal secu­ri­ty details. Source: The Mir­ror

Ransomware slips into Google Play store 

sh_google-play_280A form of mobile ran­somware that also steals data from its vic­tims has been removed from the offi­cial Google Play store for Android. Dubbed Charg­er by cyber­se­cu­ri­ty researchers at Check Point, the zero-day mobile ran­somware was found embed­ded in Ener­gyRes­cue, an app sup­pos­ed­ly designed to enhance the bat­tery life of phones and tablets. Once down­loaded, the app ini­tial­ly steals con­tact data and text mes­sages from the device before ask­ing the user for admin per­mis­sions, which, if grant­ed, run the ran­somware, lock­ing the device and dis­play­ing a note demand­ing pay­ment. Source: ZD Net

Former CIA chief says private sector leads charge on cybersecurity

Though the U.S. gov­ern­ment can still claim to be the top phys­i­cal secu­ri­ty play­er in the world, it can no longer claim lead­er­ship as the top cyber­se­cu­ri­ty play­er, says retired Gen. Michael Hay­den, who has served as the direc­tor of both the Nation­al Secu­ri­ty Agency and the CIA. “I no longer believe that to be the case,” Hay­den said at the ICIT Win­ter Sum­mit. “I am now con­vinced that, except in a very thin veneer in very, very extreme cas­es, the main body [in cyber] is the pri­vate sec­tor.” Source: Mer­iTalk

Hackers fake news to make news 

sh_new-york-times_280The New York Times is inves­ti­gat­ing an appar­ent hack of one of its Twit­ter accounts on Sun­day. The newspaper’s video account, @nytvideo, tweet­ed around 9:40 a.m. ET a hoax about a mis­sile attack from Rus­sia against the Unit­ed States. The mes­sage attrib­uted news about the “mis­sile attack” to a “leaked state­ment” from Russ­ian Pres­i­dent Vladimir Putin. That tweet was quick­ly delet­ed. But sub­se­quent tweets popped up claim­ing to be from Our­Mine, a group that has hacked high-pro­file social media accounts, includ­ing that of Twit­ter CEO Jack Dorsey, to adver­tise secu­ri­ty ser­vices. The Times account lat­er tweet­ed that it delet­ed tweets pub­lished “with­out our autho­riza­tion.” Source: CNN

GSA to alter, speed up identity protection 

The Gen­er­al Ser­vices Admin­is­tra­tion will stream­line the way it pro­vides iden­ti­ty pro­tec­tion ser­vices, from its cur­rent role of Com­pre­hen­sive Pro­tec­tion Solutions—which pro­vides cus­tomized prod­ucts for cred­it mon­i­tor­ing ser­vices, risk assess­ment and mit­i­ga­tion ser­vices, inde­pen­dent risk analy­sis and data breach analysis—to one that focus­es on iden­ti­ty pro­tec­tion and data breach response. Source: The Fed­er­al Times

SEC takes aim at Yahoo over breach-revelation delay 

sh_yahoo_280The Secu­ri­ties and Exchange Com­mis­sion opened a for­mal inves­ti­ga­tion into the record-break­ing data breach at Yahoo, said to focus on why it took until Sep­tem­ber 2016 to report a breach that took place in 2014. The Yahoo breach includ­ed the pil­fer­ing of infor­ma­tion on half-a-bil­lion accounts. If brought to pros­e­cu­tion, it would mark the first time the SEC has pur­sued a case based on fail­ure to dis­close a data breach. The FBI, Sen­ate and oth­er groups also have announced plans or begun to inves­ti­gate Yahoo. Source: The Hill

Man who hacked celebrity accounts get nine months 

A Chica­go man was sen­tenced to nine months in prison in a plea deal for hack­ing the elec­tron­ic accounts of 30 celebri­ties and steal­ing their per­son­al data, includ­ing nude pho­tos and videos. Edward Majer­czyk was accused of orches­trat­ing a phish­ing scheme that net­ted per­son­al infor­ma­tion from celebri­ties includ­ing Jen­nifer Lawrence, Kate Upton and oth­ers. Lawrence likened the pri­va­cy inva­sion to a “sex crime” and said she wor­ried about its impact on her career. Source: CNN

Health professional charged with identity theft of patients

sh_patient medical records_750A para­medic super­vi­sor of a med­ical emer­gency ser­vice in Illi­nois has been charged with mul­ti­ple counts of wire fraud, iden­ti­ty theft, and theft of con­trolled sub­stances. Dur­ing Jason Laut’s employ­ment at Med­Star Ambu­lance, he is accused of alter­ing and fal­si­fy­ing doc­u­ments, includ­ing patient records, to con­ceal the theft of fen­tanyl and mor­phine. Author­i­ties claim Laut used his admin­is­tra­tor access to alter patient care reports, to false­ly indi­cate that the con­trolled sub­stances were giv­en to the patients. Source: KMOV.com

Major Russian cyber official arrested in bribery case

The man­ag­er respon­si­ble for inves­ti­gat­ing hack­ing attacks at Russia’s biggest pri­vate cyber­se­cu­ri­ty firm has been arrest­ed amid alle­ga­tions of bribery and trea­son involv­ing senior intel­li­gence offi­cers. Kasper­sky Lab, a cyber­se­cu­ri­ty firm based in Moscow, con­firmed the arrest of Rus­lan Stoy­anov, head of its com­put­er inci­dents inves­ti­ga­tions team. Stoy­anov pre­vi­ous­ly worked in Depart­ment K, the Russ­ian Inte­ri­or Ministry’s cyber crime unit. Source: The Tele­graph

More consumers have lots of linked devices, raising security risks

sh_internet-of-things_280Eight out of 10 U.S. con­sumers have a home data net­work, and more than a third con­nect enter­tain­ment sys­tems, gam­ing con­soles and oth­er smart devices to the inter­net, increas­ing the risk of home cyber attacks, says a sur­vey by Zog­by Ana­lyt­ics for HSB. Of the 81 per­cent of con­sumers who said they have a Wi-Fi or oth­er home data net­work, 38 per­cent had elec­tron­ic devices oth­er than com­put­ers, smart­phones or tablets linked to the internet—smart tele­vi­sions, music sys­tems, ther­mostats, secu­ri­ty cam­eras, door locks, alarms, light­ing and home automa­tion devices. Source: Busi­ness Wire

Useful consumer tools also prove useful to bad guys 

Secu­ri­ty researchers report­ed fur­ther evi­dence of cyber attack­ers abus­ing legit­i­mate tools after the dis­cov­ery of net­works of hun­dreds of thou­sands of fake accounts lying dor­mant on Twit­ter. For­ce­point researchers said the Car­banak cyber crime group was using Google ser­vices to issue its com­mand and con­trol com­mu­ni­ca­tion to mal­ware to evade detec­tion. Twit­ter accounts can be used in a sim­i­lar way, for boost­ing fol­low­er num­bers, send­ing spam or tweet­ing mes­sages. Source: Com­put­er Week­ly