Category: Blog

Covid-19 and Malware Infections
By Michael Hopewell

Covid-19 and Malware Infections

Coronavirus (Covid-19) is disrupting the way we live and killing the economy. Many people have lost their jobs and out of work. Covid-19 does not stop cybercriminals from doing their work. Many more people working from home online and this is an opportunity that is being exploited – it’s actually a great time for cybercriminals.

Cybercriminals are using the current environment to trick users into infecting user systems by downloading malware or simply plain stealing their information.

Microsoft has reported that out of millions of emails it sees, 60,000 are Covid-19 related malicious emails (less than 2%). This is not to say that there has been an increase in malicious emails, but the fact that the email templates, scripts, subject lines are just changing.

For example, there are email campaigns that impersonate the World Health Organisation (WHO) and the Centers for Disease Control and Prevention (CDC) are just some examples.

Phishing is a technique for a way for cybercriminals to persuade you to get your personal information. Once your information is obtained, cybercriminals use your details to login to websites or install malware/backdoors into your system to steal more information.

Phishing emails are emails that are sent to steal information. Here are some examples

As an example, did that email from the DHL delivery company, HSBC, Netflix etc really come from them? 

What about that email from PayPal, Walmart, Amazon etc?

What about that email from the WHO or CDC?

 One of my saying as an auditor is “Trust, but verify”. As consumers, we all need to do this when checking emails. By all means this is not 100% foolproof, but here are just some top tips:

  • Most legitimate companies will not request for your password, credit card, national IDs etc.
  • Most legitimate know your name. Instead of “Dear customer…”, it’s more like “Dear Michael…” in the email.
  • Most legitimate companies have a legitimate domain name (like www.dhl.com) and not fake sites like (www.dhl.abcd.com).
  • Most legitimate companies know how to spell properly. Scammers may have bad spelling. This is likely to be on purpose to target those who are not as educated.
  • Most legitimate companies do not send unusual attachments in the email.

If you are in doubt, ask a colleague or friend before clicking that link or before downloading that file.

Hope that helps.

Stay Safe

#cyberattack, #cybersecurity, #dataprotection, #datasecurity, #datasecuritybreach, #gdpr, #gdprcompliance, #informationsecurity, #infosec, #pcidss, #personaldata, #security, #StayHomeSaveLives

Can’t Wait To Fly Away?
By Michael Hopewell

Can’t Wait To Fly Away?

Countries are locked down. Only essential travel is happening. It is not a great time for airlines and the current environment we live in is going to hurt the bottom line of airlines.

So, it has recently been released that the budget airline EasyJet has been affected by a cyber-attack, affecting nine million customers. That is of course not a small number.

So how could a well-established business fall foul? Not much has been released, but what has been admitted is a “highly sophisticated cyber-attack”.

It is said that emails and travel details have been breached and the business says that no passport or credit card details have been affected. Well that is a relief!  But hang on a minute, can we take that a certain? There are twitter feeds out there clearly showing customers receiving communication “I need to make you aware of an incident that affects the security of the credit card”.

As soon as we became aware of the attack, we took immediate steps

Also reports on other news sites suggest that credit card details have been stolen including the 3 or 4 security digits on the back of the card (CVV – Card Verification Value). How can this be the case?  One of the basic principles is to not store the CVV after authorisation.

So, I’m just guessing a number of couple of scenarios:

  • Their systems were breached and CVV was not encrypted (CVV made unreadable)
  • There was some kind of breach that “sniffed” or intercepted the CVV in transit, usually by deployed malware/unauthorised software on compromised systems.

 Although this was identified back in January, EasyJet have now gone public, their PR department at the ready.

“As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue. We also notified the National Cyber Security Centre and the ICO. We have closed off this unauthorised access,” said the airline in its statement..”

Will this result in a big fine? Let us review the British Airways hack of 2018. The Information Commissioner’s Office (ICO) gave British Airways a £183 million for 380,000 transactions.

So, with EasyJet 9 million transactions compromised… I will let you do the maths. Can we do a comparison? Can we compare apples with apples? I would say this is unlikely as I mentioned earlier airlines are struggling, so any sort of proportionate fine would put the airline out of business.

Highly Sophisticated

It is too early to say for sure, but I’m guessing it is not a “highly” sophisticated attack. Maybe a vulnerability in a system, or a vulnerability in perhaps a website code that should have been identified by normal security practices (vulnerability management, looking for any file changes etc).

But what I can say for sure, is that often the cost of implementing a good security practice is much cheaper than not having one and having your reputation impacted, or worse still closing your business.

Hey? I gave my details with them!

So, what next if you are a customer?

If you have in the past have placed your details with EasyJet, be vigilant:

  • Watch out for phishing emails:  So what’s a phishing email? It’s basically correspondence by email trying to persuade you that the fake email came from a legitimate source (take a quick read of the article here: https://www.linkedin.com/post/edit/6658294581458804736/)
  • Watch out for any suspicious transactions on your credit/debit card. If in doubt, contact your bank.

If you are in doubt, ask a colleague or friend before clicking that link or before downloading that file.

Hope that helps.

Stay Safe

#StayHomeSaveLives, #cybersecurity , #infosec, #informationsecurity, #security, #datasecurity, #datasecuritybreach, #personaldata, #gdprcompliance, #dataprotection, #pcidss, #gdpr, #cyberattack, #dataprivacy