Sign up to our newsletter
Not only is this the start of a new working week (and month in fact), it is also the start of something new on We Live Security. Welcome then to our inaugural weekly round-up, in which we recap some of the biggest, most interesting stories and opinion pieces from the world of information security from the past seven days.
ESET’s senior security researcher Stephen Cobb examined, in detail, the fascinating debate over car hacking, taking particular issue with an article in Scientific America that stated “remotely hackable cars are still only a hypothetical threat”. Mr Cobb said that there is ample evidence which proves contrary to this anomalous argument, highlighting the following two papers as suitable, well-researched examples: Comprehensive Experimental Analyses of Automotive Attack Surfaces and Fast and Vulnerable: A Story of Telematic Failures.
Happy birthday internet! The global computer network turned 46 on October 29th, providing ESET’s security evangelist Ondrej Kubovic with a timely opportunity to reflect on the seismic impact of this technology, as well as consider how far information security has come over the years to help keep this “super city” safe and inclusive. While the internet has made substantial progress – this is the first webpage ever built – it’s had its fair share of problems, Mr Kubovic elaborated, with cybercriminals developing all sorts of techniques over the years to exploit users, cause damage and wreck havoc on individuals and organizations.
After the media hysteria of the TalkTalk cyberattack, in which the UK-based telecommunications company’s website was subject to a “significant and sustained” onslaught, We Live Security decided to take stock of the situation and offer a factual account of what is one of the biggest security stories of 2015. What this case has confirmed is that cybercrime is more prevalent and costlier than ever and set to be a growing nuisance. Dido Harding, CEO of TalkTalk, captured this new reality well when she referred to it as “the crime of our generation”.
Similar to the buzz surrounding big data, the excitement and intrigue over the Internet of Things (IoT) has been particularly acute in the technology industry. However, few people outside of the tech world have a firm grasp on the potential of IoT, let alone know what security pitfalls come with it. We Live Security put together a detailed feature discussing its long history – it begins with an internet-connected Coke machine – noting how the technology has been exploited and elaborating on the future implications of an ever-connected world.
Vodafone UK revealed that it was the latest high-profile target of cybercriminals, announcing that an attempt had been made to access its customers’ details. It estimated that up to 2,000 individuals may have been affected, with information including names, mobile numbers, bank sort codes and the last four digits of bank accounts stolen. It added that while its “systems were not compromised or breached in any way” and that no credit or debit card numbers were extracted, caution was still needed. Criminals can still, for example, attempt to lure in victims through phishing, echoing similar sentiments its German division made in 2013.
A couple from Lincolnshire, a county in east England, spoke about the very real threat of scamming, which is likely to emerge following a major data breach like that of TalkTalk. Robert and Susan Turner said that for a year they were subject to endless and occasionally aggressive phone calls from fraudsters who claimed to be from TalkTalk, asking them for their credit card details for all sorts of reasons. While they had ended their contract with the company in May – before the recent cyberattack – they nevertheless believe that their details had been leaked in one of two earlier incidents at TalkTalk this year. The key lessons to be learnt are to never hand out your bank details over the phone and to report such scams to Action Fraud.
After a period of relative quiet, there were some notable developments in the TalkTalk story – two arrests within a matter of days. First, it was announced that a second teenage boy had been arrested in connection with the case on October 29th (this time in Feltham, West London); while only yesterday (November 1st), the Metropolitan Police Cyber Crime Unit revealed that a third arrest had been made on Halloween. A 20-year-old man, it said, had been apprehended in Staffordshire, in the West Midlands. It added: “Detectives continue to investigative and have launched a joint investigation with the Police Service of Northern Ireland’s Cyber Crime Centre and the National Crime Agency.”
Author Editor, ESET