Banking malware threats surging as mobile banking increases, Nokia Threat Intelligence Report

The Nokia 2021 Threat Intelligence Report shows that banking malware threats are sharply increasing as cyber criminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information.

The report, based on data aggregated from network traffic monitored on more than 200 million devices globally where Nokia’s NetGuard Endpoint Security product is deployed, showed an 80%, year-on-year increase in the first half of the year in the number of new banking trojans, which also try to steal SMS messages containing one-time passwords.

“A significant amount of this activity is focused in Europe and Latin America, but this activity is continuously spread to other regions of the world,” according to the report. “Banking trojans use a variety of tricks to collect the information. These include capturing keystrokes, overlaying bank login screens with their own transparent overlay relaying captured information to the intended target, taking screen snapshots, and even accessing Google Authenticator codes.”

Banking malware has been targeted mainly at Android phones, for years the most targeted mobile device type for cyber criminals due to Android’s ubiquity and developer openness, with some banking trojans among the most successful malware attacks in 2021.

The Threat Intelligence Report says that most banking applications allow users to add a multi-factor authentication feature to their accounts to make it more difficult for cybercriminals to obtain personal information. Users are strongly recommended to avoid mobile banking from easily accessible public WiFi access points; and to use both multi-factor authentication when available and strong passwords, which avoid common personal details like birthdays.

The report also found that Covid-19 related malware incidents in residential networks have leveled off at 2.5% after a peak in December 2020 of 3.2%. This demonstrates that people are more aware of the threats posed by Covid-related cyber-attacks and are taking steps to secure their home working environment.

IoT botnets, a network of devices connected with malware, continue to grow in size and sophistication, due to the rising use of IoT devices, like “smart” refrigerators and video surveillance cameras. One known as Mozi, which uses a peer-to-peer command and control protocol, has been used to create botnets consisting of around 500,000 individual devices. Mozi actively scans the network and uses a suite of known vulnerabilities to exploit additional IoT devices. IoT botnets are responsible for 32% of the malware incidents detected by Nokia’s NetGuard Endpoint Security.

Kevin McNamee, Director of Nokia’s Threat Intelligence Center, said: “Cybersecurity threats only evolve and look for new opportunities, as shown by this year’s report. Banking trojans have dramatically increased over the last year as digital banking becomes more prevalent – and this is a trend we see continuing into the future which reinforces the need for better online practices and having robust endpoint security in place.”

www.nokia.com

Cyberattacks in Africa comparable to other parts of the globe, says Kaspersky

With digital transformation a top priority on the corporate agenda as companies identify new ways to grow their business, cyber attackers and opportunist cybercriminals remain very active. And although Africa is not necessarily considered a focus area for the more sophisticated types of cybercriminal activity such as targeted attacks or advanced persistent threats (APTs), the continent is certainly not immune to these or other types of cyber risks, warn Kaspersky researchers.

When looking at the general cyberthreat landscape as it impacts consumers and businesses, Kaspersky research shows that in 2020, worldwide, approximately 10% of computers experienced at least one malware attack. Interestingly, in some African countries, including South Africa, the figure was only slightly under the global 10% average, making the African region comparable to that of North America or Europe in terms of cyberattacks. On some parts of the continent, in countries like Liberia Tunisia, Algeria and Morocco as examples, Kaspersky has seen a slightly higher rate, while other parts show a lower rate – a 5% or 6% average. For the first quarter of 2021, the figures are only slightly lower than 10%, both in relative and absolute terms.

Says David Emm, Principal Security Researcher at Kaspersky; “Generally speaking, and based on our research, Africa has the same hit rate as we would see for other parts of the globe when it comes to cyberattacks and activity. This only emphasises that the cyber threat landscape truly does incorporate the whole globe where no continent or country is free of this growing danger and where all consumers, businesses and industries alike need to pay attention to effective cybersecurity measures – and especially during the current pandemic and resultant turbulent times.”

In South Africa, Kenya and Nigeria, Kaspersky’s research has identified the top malware families as ransomware, financial/banking trojans, and crypto-miner malware. When comparing Q1 2021 with Q2 2021, Kaspersky saw a 24% increase in ransomware in Q2 2021 in South Africa, as well as an increase of 14% in crypto-miner malware. In Kenya and Nigeria, Kaspersky saw a large increase in financial/banking trojans in Q2 2021 when compared to the figures for Q1 2021 – a 59% increase in Kenya and a 32% increase in Nigeria.

While on a technical level, not much has changed when it comes to cyberattacks, what is different is that the pandemic presents a persistent topic in which the world has a vested interest in. So, unlike the Olympics or Valentine’s Day which are limited in terms of a timeline, the pandemic offers a wealth of opportunities for cybercriminals to use malware to attack. Everything from the daily numbers and lockdown restrictions to vaccinations, hackers are leveraging on every aspect of the current situation to compromise systems.

“While the bulk of attacks are still speculative and randomly targeting individuals and businesses, there is a shift happening with the increase of APTs and more strategically targeted based attacks. These use continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period, with potentially destructive consequences. Because of the time and effort required to perpetrate such an attack, these are often levelled at high value targets, such as nation states and large businesses,” adds Emm.

Furthermore, another concern is that as the cyberthreat landscape evolves, the nature of malware is changing.

Continues Emm; “Take ransomware as an example. In the beginning, it was very random targeting as many people as possible hoping for a relatively small amount of money paid in ransom. During the past five years, there has been a shift with a decline in the number of ransomware families being developed as well as an overall global decline in attacks. However, attackers are now focusing on specific companies and individuals where they can get the maximum benefit. The new approach of ransomware is to expose data, negatively impacting the reputation of a company. To this effect, financial crime has become more sophisticated and organised.”

Financial institutions a top targeted industry

The financial services sector remains a top targeted industry in Africa when it comes to cybercriminal activity and such cyberthreats – not surprising when one considers the digital first approach this sector continues to take, driven by the needs and expectations of its customers.

“It is relatively easy for a hacker to target an individual and capture passcodes, one-time passwords, and install malware on their computers to get financial information. Increasingly, this is expanding to financial institutions given the sheer number of new entrants in the market emerging. For hackers, online or cyber fraud offers direct monetisation of an attack and gives them access to money as quickly as possible,” adds Emm.

Financial based malware and cyberattacks are also becoming more targeted, complicated, and difficult to prevent, and with digital transformation progressing at a rapid rate within such a sector, there is no shortage of attack surfaces for cybercriminals to exploit.

“In a world where cybercrime remains rife and is only fuelled by aspects like the pandemic, there is never a moment one should not consider the implications of a cyberattack, especially as the cyberthreat landscape evolves and become even more targeted and sophisticated than it was a mere few years ago. Cybercrime is a business. This means that consumers and companies alike must remain vigilant against an increasing attack surface. Not only does this entail a more focused cyber training approach for staff within an organisation, but also using the latest technologies that feature artificial intelligence and machine learning for accurate and proactive protection and prevention in real-time,” concludes Emm.

www.kaspersky.com

Microsoft to acquire RiskIQ to strengthen cybersecurity of digital transformation and hybrid work

Organizations are increasingly using the cloud to reimagine every facet of their business. Hybrid work has accelerated this digital transformation, and customers are challenged with the increasing sophistication and frequency of cyberattacks. Today, Microsoft is announcing that we have entered into a definitive agreement to acquire RiskIQ, a leader in global threat intelligence and attack surface management, to help our shared customers build a more comprehensive view of the global threats to their businesses, better understand vulnerable internet-facing assets, and build world-class threat intelligence.

As organizations pursue this digital transformation and embrace the concept of Zero Trust, their applications, infrastructure, and even IoT applications are increasingly running across multiple clouds and hybrid cloud environments. Effectively the internet is becoming their new network, and it’s increasingly critical to understand the full scope of their assets to reduce their attack surface.

RiskIQ helps customers discover and assess the security of their entire enterprise attack surface—in the Microsoft cloud, AWS, other clouds, on-premises, and from their supply chain. With more than a decade of experience scanning and analyzing the internet, RiskIQ can help enterprises identify and remediate vulnerable assets before an attacker can capitalize on them.

“The vision and mission of RiskIQ is to provide unmatched internet visibility and insights to better protect and inform our customers and partners’ security programs. We’re thrilled to add RiskIQ’s Attack Surface and Threat Intelligence solutions to the Microsoft Security portfolio, extending and accelerating our impact. Our combined capabilities will enable best-in-class protection, investigations, and response against today’s threats.”—RiskIQ Cofounder and CEO Elias Manousos

In addition, RiskIQ offers global threat intelligence collected from across the internet, crowd-sourced through its PassiveTotal community of security researchers and analyzed using machine learning. Organizations can leverage RiskIQ threat intelligence to gain context into the source of attacks, tools and systems, and indicators of compromise to detect and neutralize attacks quickly.

The combination of RiskIQ’s attack surface management and threat intelligence empowers security teams to assemble, graph, and identify connections between their digital attack surface and attacker infrastructure and activities to help provide increased protection and faster response.

Microsoft has long been a leader in delivering end-to-end cloud-native security with Microsoft 365 Defender, Microsoft Azure Defender, and Microsoft Azure Sentinel that help protect, detect, and respond to threats in multi-cloud and hybrid cloud environments. With the acquisition of RiskIQ, we will continue our mission to help customers defend their growing digital estate against increasing cyber threats.

RiskIQ has built a strong customer base and community of security professionals who we will continue to support, nurture, and grow. RiskIQ’s technology and team will be a powerful addition to our security portfolio to best serve our mutual customers. 

www.microsoft.com

TikTok to promote online safety for women with the Web Foundation

Over the last year, alongside others in the tech industry and representatives from civil society, TikTok have collaborated with the Web Foundation, an international organization advocating for digital equality, to better understand the experiences that women have online and how to make them safer. As a result, they are proud to announce the commitment to address two priorities women have said are critical for their online safety: improved reporting systems and more control over their online experiences.

Over the coming months, TikTok will begin to develop and test a number of potential product changes to their platform that address these priorities and help make TikTok an ever safer place for women.

TikTok, work round the clock to help ensure our platform is a safe, positive space for self-expression. Our platform thrives on the diversity of our community, and we believe that safety is a prerequisite for creativity. Everything we do is about fostering an environment where people feel welcomed, empowered, and safe to express themselves exactly as they are.

Their online safety strategy has multiple aspects. Enforce the Community Guidelines using both technology and thousands of safety professionals around the world. They also develop pioneering safety policies and features, and partner with external safety experts to keep abreast of complex and constantly evolving challenges.

While TikTok continue to invest in cutting-edge technologies and industry-leading safety teams, they also work to ensure their community feels in control of their TikTok experience. Here are just a few examples on how to stay safe on TikTok:

  • In control of comments: Their community can restrict who comments on their videos to no one, just friends or everyone (for those aged under 16, they don’t offer the Everyone setting). Users can choose to filter all comments, so they can decide which comments will appear on their videos. When enabled, comments aren’t displayed unless the video’s creator approves them using the new comment management tool. People can also choose to filter comments containing specific keywords they have selected. Multiple comments can be deleted or reported at once, and accounts that post bullying or other negative comments can be blocked in bulk, too, up to 100 at a time. By default, spam and offensive comments are hidden from users when we detect them.
  • Promote kindness: A prompt asks people to reconsider the impact of their words before posting a comment that may be inappropriate or unkind and reminds users to review our Community Guidelines.
  • Report inappropriate content and behavior: Reporting is fast, easy and confidential on TikTok. If a user sees something – whether it’s a video, a comment, a direct message or an account – they don’t think should be on TikTok, they can use the in-app reporting button to let us know. We will review against our Community Guidelines and take appropriate action.

In addition to investing in technology to keep their community safe, TikTok work to provide resources to their community on important issues like sexual assault. During Sexual Assault Awareness Month they partnered with the Rape, Abuse & Incest National Network (RAINN) to support the important conversations occurring on the platform about sexual violence and connect their community with permanent resources and educational content within the app. Their goal at TikTok is to foster an inclusive space for everyone, including survivors.

“We look forward to sharing more on our progress to deliver on our commitment to improve online safety for women in the coming months”, said TikTok team.

www.tiktok.com

Dimension Data earns top cloud accreditation as an Azure Expert Managed Services Provider

NTT Ltd., a leading global technology services company, has earned the Azure Expert Managed Services Provider accreditation. Branded Dimension Data in the Middle East and Africa region, it has been recognised by Microsoft with the highest accolade for Azure Cloud experience, being named an Azure Expert Managed Services Provider (MSP).

Microsoft’s highly selective programme helps customers identify top tier partners to enable and support hyper-scale cloud implementations, from mission-critical apps, entire data centre footprints, to hybrid environments.

As one of a handful of partners globally, the Azure Expert MSP status forms the fundamental foundation for Dimension Data’s success in the global arena of High Value Services and Managed Services on Azure.

“We are honoured to be recognised for our skills as an Azure Expert Managed Services Provider. There are very few companies around the world who have earned this accolade, and it is a testament to our talented technical teams and deep Microsoft skills and experience. Our current and future cloud clients can be assured that we meet the highest standard for service delivery, support and security.” Says Werner Kapp, Chief Executive Officer, Dimension Data.

This prestigious endorsement is based on Dimension Data’s proficiency across a breadth of capabilities and for its customer service delivery and technical knowledge. Having met the stringent skills and experience prerequisites, Dimension Data also completed a rigorous audit by an independent third party that evaluates its managed services offerings, technical teams, processes and technologies.

“We are thrilled to be a part of this programme,” says Fernando Navarro, Head of Product Management for Managed Services at NTT. “Azure Expert MSP is the highest accreditation as a managed services provider by our strategic partner, Microsoft. We have been able to prove our skills and know-how in the public cloud arena and look forward to helping our clients do great things with Microsoft Azure.”

With deep experience in Microsoft technology, Dimension Data offers full-stack services from networking and infrastructure that supports Azure, to cloud migrations and cloud applications. Backed by unrivalled security and comprehensive managed services, Dimension Data is leveraging Microsoft Azure to innovate and develop cutting edge solutions using data, AI, IoT and Machine Learning.

This achievement further strengthens Dimension Data’s strategic partnership with Microsoft, as the two companies are committed to driving digital transformation with their clients.

“In the last year, our partners have helped their customers to reimagine a new world of business, while at the same time, continuing to invest in specialised skills and capabilities.  Achieving the Azure Expert MSP accreditation is a hallmark of the commitment with which partners like Dimension Data are not only supporting their customers to become more digitally resilient, but also to how they are building new products and services for digital transformation,” says Lionel Moyal, Commercial Director at Microsoft South Africa.

With the widest reach across the Middle East and Africa and together with global parent company NTT, Dimension Data is solidifying its status as an industry leader in cloud managed services.

www.dimensiondata.com

INTERPOL launches initiative to fight cybercrime in Africa

INTERPOL is creating a new cybercrime operations desk with UK funding to boost the capacity of 49 African countries to fight cybercrime. The Africa desk will help shape a regional strategy to drive intelligence-led coordinated actions against cybercriminals and support joint operations.

Cybercrime is one of the most prolific forms of international crime, with damages set to cost the global economy USD 10.5 trillion annually by 2025.

Speaking at the CYBERUK conference in London, UK Foreign Secretary Dominic Raab said: “We are working with like-minded partners, to make sure that the international order that governs cyber activity is fit for purpose.

“Our aim should be to create a cyberspace that is free, open, peaceful and secure, which benefits all countries and all people.

“We want to see international law respected in cyberspace, just like anywhere else. And we need to show how the rules apply to these changes in technology, the changes in threats, and the systemic attempts to render the internet a lawless space.”

A 2017 assessment coordinated by INTERPOL with partners and member countries in Africa found that each act of Internet fraud targeting businesses enabled cybercriminals to steal an average of USD 2.7 million from companies and USD 422,000 from individuals.

“With more than 4.5 billion people online, more than half of humanity is at risk of falling victim to cybercrime at any time, requiring a unified and strong response.” Jürgen Stock, INTERPOL Secretary General.

“The UK’s support for INTERPOL’s cyber initiative in Africa underlines its commitment to this fight and will be an important piece of the global security architecture to combat cybercrime.”
 
The creation of INTERPOL’s new cybercrime desk comes at a time when cybercriminals are attacking the computer networks and systems of individuals, businesses and global organizations when cyber defences might be more vulnerable due to the shift of focus to the pandemic crisis.
 
The project will provide opportunities to take regular pulse checks on cybercrime in Africa and to publish annual threat landscape assessments that will underpin operational activities.     
 
With UK funding for the two-year initiative amounting to almost GBP 3 million, the Africa cybercrime initiative will be implemented by the Cybercrime Directorate at the INTERPOL Global Complex for Innovation in Singapore.

www.interpol.int