A hacking and cyberespionage group is currently targeting industrial control systems at energy companies. According to a survey by Symantec they have broken into 27 corporate networks so far. The Dragonfly group, also known as Energetic Bear is using spear phishing campaigns and malware-infected websites to collect credentials for corporate networks. Dragonfly has been active since at least 2011 and was exposed by security analysts in 2014. Afterwards, the group seemed to go underground and has only recently emerged again in the public eye. Symantec researchers refer to the current attacks as “Dragonfly 2.0” because they replicate many aspects of the previous attacks. The attacks target industrial control systems (ICS) which belong to companies that operate pipelines, generate electricity, and other energy-related companies. The Dragongly group appears to be particularly active in Switzerland, Turkey and North America.
The growing popularity of cloud services coupled with security concerns is driving demand for managed VPNs. In particular, the success of public cloud services is gradually encouraging more enterprises to move away from conventional remote network access methods in favor of cloud-based remote access. Providing remote access via the public cloud brings organizations multiple advantages including ease of management, flexibility and lower costs. However, opinions are divided over the level of security it affords. Most users of public cloud services consider security a primary benefit. Yet mistakes can and do happen, leading to high profile consequences. One aspect of cloud management technology that is not in dispute is its capacity to simplify secure VPN connectivity for large numbers of remote workers.
Sometimes it’s hard to believe the stories we read. In the case of CEO fraud incidents, cybercriminals earn double-digit sums in the millions by persuading employees that they are acting on behalf of the CEO or another senior manager. Employees then transfer the required amount to an alleged account of a partner or supplier, based only on an e-mail or telephone request without seeking reassurance. CEO fraud follows a similar method to telephone cons targeting the elderly but causes significantly higher financial damage. In mid-2016, an international network was unraveled which was alleged to have earned USD 60 million through the cybercriminal methods of Business Email Compromise (BEC) and CEO fraud. Similar attacks are now occurring on a daily basis in Germany, with similar dramatic consequences.
A new report from UK anti-fraud organization Cifas shows identity theft at “epidemic levels”. From the present controversy over Net Neutrality to the openness of public Wi-Fi, personal information has seldom been more exposed. The Internet’s susceptibility to surveillance and cyber attacks compromises privacy, leading to concern in some quarters that it could ultimately erode public trust in our present way of life. Fortunately, most people believe tighter security standards and encryption are key reasons to be confident about the future. Virtual Private Network (VPN) software is a proven way for employers to ensure workers are secure and anonymous whenever they connect to the office over the public Internet. VPNs encrypt data passing between businesses and their employees, helping to shield company confidential information from fraudsters and other unwelcome onlookers.
Smartphones are part of everyday life, either for private or professional use. However, while many users have taken basic measures to protect their desktop PC or laptop, this is not the case for mobile devices. A study by Consumerreports.org showed that in 2014 one third of all American smartphones did not have a single security measure, neither a PIN code, nor anti-virus software, let alone encryption. This may look different for professional and enterprise managed devices, but many use their personal mobile device at least partly for professional purposes. This means that links, files, photos, contacts and other internal company data are stored on personal smartphones. This makes easy pickings for a thief or digital attacker.
People have become accustomed to using their mobile devices for the dual purposes of business and leisure. Yet, research shows when they travel they don’t really give the data on their devices a second thought. Instead they are much more likely to care about whether the hotel or apartment they are staying at has good Wi-Fi access. This reliance on public Wi-Fi on holiday risks exposing any sensitive business information on personal devices to hackers and snoopers. For this reason, it is best to always take your VPN technology with you on holiday to encrypt all Internet communications while away.