Security

In October of last year, the RiskIQ Threat Research team released "Compromised E-commerce Sites Lead to 'Magecart," a report profiling the e-commerce threat they discovered and dubbed 'Magecart,' which injects JavaScript code into e-commerce sites running outdated and unpatched versions of shopping cart software from Magento, Powerfront, and OpenCart. By logging consumer keystrokes, these attackers capture large quantities of payment card information. 

Now, by following a new strain of Magecart, the team has discovered a direct link to the outcome of the stolen credit cards for threat actors, offering rare insight into the physical world operations of actors tied to digital threats. 

27 June 2017 – WatchGuard®’s  latest quarterly Internet Security Report reveals that despite an overall drop in malware detection, Linux malware made up more than 36 percent of the top threats identified in Q1 2017. The increased presence of Linux/Exploit, Linux/Downloader and Linux/Flooder attacks highlights the need to protect Linux-based IoT devices and Linux servers from the internet with layered defences.

Other key findings from the Q1 2017 report include:

Maidenhead, U.K. – June 20, 2017 – When WannaCry hit, the world learned that for two months a patch had been available that would have prevented the problem. But its victims were those that hadn’t yet deployed this patch. As many companies discovered the hard way, there is an unacceptable ‘risk window’ that persists between the discovery of a software vulnerability and when the patch is successfully installed. In 2016 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors. 81 percent of those vulnerabilities had patches available on the same day as disclosure. But, on average, it takes companies 186 days to completely install those patches[1].

By Ian Kilpatrick, Executive Vice-President Cyber Security at Nuvias Group

For several years, the IT industry has enthusiastically extolled the virtues of the Internet of Things (IoT), eager to enlighten us to the difference that living in a connected world will make to all our lives.

Now the IoT is here - in our homes and in the workplace. Its uses range widely, from domestic time-savers like switching on the heating, to surveillance systems, to “intelligent” light bulbs, to the smart office dream. 

It was basically only a question of time. Sooner or later, it was clear that cyber-criminals would get their hands on a security flaw that would help them start the scale of attack we saw recently. Nevertheless, its effects still surprised everyone – there were reports practically every minute about newly-infected hospitals, car makers and transport companies. It made us see how weak our entire digital infrastructure really is. Despite quick-fix security measures, including a patch for obsolete operating systems, companies are not all protected against infection – far from it. That’s because updates and patches are not even an option for many of them. Effective protection needs to start at a completely different level.