Each January, the PwC Annual Global CEO Survey is published detailing the major perceived threats to corporate growth. This year the results of the survey show that CEOs are more worried about the cost of dealing with cyberthreats, and believe that they can actually have a major negative impact on corporate growth.
Cost of dealing with cyberthreats a major impediment to 2016 growth
The global survey probed 1,409 CEOs about their concerns about impediments to growth, with cyberthreats ranking as one of the top ten major problems. 61% of respondents said they were worried about cyberthreats and the effect they will have on growth this year.
Over-regulation and geopolitical uncertainty were considered to be more pressing concerns, being cited by 79% and 74% or respondents, while the availability of key skills was mentioned as a major threat to growth by 72% of CEOs. The cost of dealing with cyberthreats was ranked as the eighth biggest impediment to growth in 2016.
While 60% of CEOs believe there are more opportunities for growth than 3 years ago, 66% said there were now more threats to growth. 26% said they only saw more opportunities, while 32% saying they only saw more threats.
The cost of dealing with cyberthreats is considerable, although nowhere near as high of the cost of failing to deal with them. Last year the Ponemon Institute calculated the cost of cyberthreats and determined the cost to businesses is soaring, with the IBM sponsored study determining the average cost of dealing with security breaches had risen to $3.8 million.
Some of the large organizations included in the study suffered cybercrime losses as high as $65 million, with the cost of cyberthreats having risen by 23% over the course of the past two years.
The IBM Cost of Data Breach Study determined the cost per stolen record to be between $145 and $154. When cybercriminals manage to steal millions of customer records, the cost to business can therefore be considerable.
Major cyberthreats of 2016
- Cloud computing
- Mobile devices
- State sponsored hacking
- Phishing attacks
- Medical devices
Cyberthreats may be an impediment to growth, but it doesn’t mean that those threats cannot be mitigated. Given the increasing risk it is imperative that adequate security defenses are put in place to repel attacks. Malware and ransomware are becoming more sophisticated and much more difficult to identify, as are the phishing campaigns that are used to deliver the malicious software. Anti-phishing strategies must therefore be implemented to block malicious emails and staff members must be trained how to identify phishing attacks when they do occur.
Implement SpamTitan to block emails from being delivered to employee’s inboxes, conduct regular staff training exercises to better educate employees, and perform phishing email tests to ensure that members of staff get practice at identifying dummy phishing emails.
It is also essential to develop policies and controls to limit the types of websites that employees are able to visit when using their work computers as well as for BYOD. Drive-by malware downloads are an increasing threat. Exploit kits are much more commonly used to probe for security vulnerabilities, such as out of date plugins. These can be exploited and used to download malware to devices without any interaction from the user.
To mitigate the risk, patch management policies must be developed. It is more essential than ever to ensure that all software is updated as soon as patches are released.
What was the best antivirus software solution for 2015 for the enterprise?
Protecting against the ever increasing number of cyberthreats is a full time job. The attack surface is now broader than ever before and hackers are developing increasingly sophisticated methods of obtaining data. The measures that must now be implemented to keep cyberattackers at bay have also increased in diversity and complexity.
Once of the core protections required by all organizations and individuals is an anti-virus software solution, and there is certainly no shortage of choice. But what was the best antivirus software solution for 2015?
The best AV software engines rated by AV-Comparatives
What AV engine detects and removes the most malware? What product offers the best real world protection? Which boasts the best file detection rates? These are all important considerations if you want to keep your organization protected. These and other factors were assessed over the course of the year by AV-comparatives.
AV-Comparatives is an independent testing lab based in Innsbruck, Austria. Each year the company publishes a report detailing the results of the AV tests the company conducted over the course of the year. The report is an excellent indicator of performance.
The company tested 21 of the top AV products on the market, subjecting each to a wide range of rigorous tests to determine the potential of each to protect users against malicious attacks.
The test results clearly show that not all antivirus products are the same. While all AV engines under test offered an acceptable level of performance, “acceptable” may not be good enough for enterprise installations.
The best antivirus software solution of 2015
AC-Comparatives rated performance and issued a number of awards to companies that excelled in specific areas of antivirus and antimalware protection. Gold, Silver and Bronze awards were awarded along with an overall best antivirus software solution for 2015 award.
Antivirus award categories:
- Real-world detection
- File detection
- False positives
- Overall performance
- Proactive protection
- Malware removal
Contenders for the ‘Best Antivirus Software Solution for 2015 Awards’
The Antivirus protects tested and considered for the awards were:
- Avast Free Antivirus
- AVG Internet Security
- Avira Antivirus Pro
- Baidu Antivirus
- Bitdefender Internet Security
- BullGuard Internet Security
- Emsisoft Anti-Malware
- eScan Internet Security Suite
- ESET Smart Security
- F-Secure Internet Security
- Fortinet FortiClient (with FortiGate)
- Kaspersky Internet Security
- Lavasoft Ad-Aware Free Antivirus+
- McAfee Internet Security
- Microsoft Windows Defender for Windows 10
- Panda Free Antivirus
- Quick Heal Total Security
- Sophos Endpoint Security and Control
- Tencent PC Manager
- ThreatTrack VIPRE Internet Security
- Trend Micro Internet Security
The Best Antivirus Software Solution for 2015 Award
After assessing all categories of anti-virus protection there were two AV products that excelled in all categories and received an Advanced+ rating: Bitdefender and Kaspersky Lab, with Kaspersky Lab bestowed the best antivirus software solution for 2015. Kaspersky Lab is one of the two AV engines at the core of SpamTitan anti-spam solutions.
The Russian antivirus company also received a Gold Award for “Real-World” protection, file detection, and malware removal, as well as a Silver Award for proactive (Heuristic/Behavioral) protection, and a Bronze Award for overall low system impact performance.
The astronomical cost of remediation after a cyberattack prompts many companies to take out a cyber insurance policy, but what exactly do cyber insurance policies cover? Is phishing covered by cyber insurance for instance? How about accidental data exposure by employees? Fraudulent bank transfers? Before taking out a cyber insurance policy it is vital to check exactly what the policy covers. If you already have a policy, it might be a good idea to check that too before you need to make a claim.
Debate over whether phishing covered by cyber insurance
In the United States, one company is currently embroiled in a dispute with their cyber insurer over whether phishing is covered by a cyber insurance policy taken out by the company to protect against computer fraud and cyberattacks.
Ameriforge Group Inc., took out cyber insurance with a subsidiary of Chubb Group. The policy, provided to AFGlobal Corp by Federal Insurance Co., was believed to cover computer fraud and funds transfer fraud. A claim was recently submitted to recover $480,000 after a member of staff from its accounting department fell for a spear phishing attack and made a $480,000 bank transfer to the account of the attacker. The insurance policy provided up to $3 million in cover, yet the claim was denied by the insurer on the grounds that the policy did not cover CEO fraud or business email compromise (BEC) as a result of phishing.
In order for the policy to payout, a cybersecurity attack must involve the forgery of a financial instrument. That did not occur in this case. The insurer maintains that the scam email did not qualify as a financial instrument, and therefore the losses suffered cannot be claimed under the terms of the policy.
The business email compromise scam that the policy does not cover
The phishing scam in question is one that is being conducted with increasing frequency. The risk is so high that last year the FBI issued a warning about BEC attacks. These attacks are being conducted all too often on U.S. businesses.
In this case, the person to fall for the BEC phishing scam was AFGlobal Corp’s accounting director Glen Wurm. He received an email from his CEO requesting a bank transfer be made for $480,000. The email was written in a style which was typical of the communications sent from the CEO. This suggested the attacker was well aware of the relationship between the two individuals and had been monitoring email communications.
The phishing email is reported to have contained the following message:
The email was followed up with a phone call from a person claiming to be Steven Shapiro, after which, wiring instructions were sent to allow the transfer of funds to an Agricultural Bank of China account. The money was transferred as requested and it was only when a follow up email was received a week later requesting a further transfer of $18 million that suspicions were raised. Of course, by that point the transferred funds had been withdrawn and the account had been closed.
Chubb Group claims phishing not covered by cyber insurance policy
Chubb Group maintains that this cyberattack is not covered by the insurance policy issued, as the incident falls outside the forgery coverage provided. The claim refers to forgery by a third party and that the email was a financial instrument. The issue in this case is whether the phishing email qualifies as a financial instrument. Chubb’s legal team claims it doesn’t.
In order to be a financial instrument, Chubb says:
For the claim to be paid, the financial instrument must have involved a written promise, order or direction to pay that is ‘similar’ to a “check” or “draft”. As it stands, Ameriforge Group will be required to cover the cost.
This is not the first time that Chubb Group has refused to pay a fraud claim, and Chubb Group is certainly not the only insurance company to refuse to pay out after a phishing attack. Companies are therefore advised to check whether phishing is covered by a cyber insurance policy, and also to find out the specific criteria that must be met in order for a successful claim to be made. It may be a wise precaution to obtain additional cover if the terms of the policy do not allow phishing fraud claims to be made.
If you receive an email alerting you to a new WhatsApp voicemail message that you have received, it could well be the latest WhatsApp scam email that is currently doing the rounds. This new scam is particularly nasty.
Malicious WhatsApp scam email discovered
The WhatsApp scam email is being used as part of an attack on businesses and consumers, and will result in Nivdort malware being loaded onto the device used to open the email.
Security researchers at Comodo discovered the WhatsApp scam email and have warned that the malware contained in the email attachment has been developed to affect users of Android phones, iPhones, as well Mac and PC users.
The WhatsApp scam email looks like it has been sent by WhatsApp, although there are a number of tell-tale signs that the WhatsApp scam email is not legitimate. For a start, WhatsApp will not send messages to a user’s email account, but will only inform users of a missed call or voicemail message through the app itself. However, many of the 900 million users of the chat software program will not be aware of that.
The email contains the imagery typically associated with the Facebook-owned messaging platform, but a check of the sender’s address will reveal that this email has not been sent from WhatsApp. The email also contains a zipfile attachment. Opening the zip file will result in malware being installed onto the device used to open the attachment.
The attackers are sending out multiple variants of the email with different subject lines. Each subject line also contains a string of three, four, or five randomly generated characters after the message, such as “xgod” or “Ydkpda”
The subject lines in some of the scam emails have been detailed below:
If you receive any email from WhatsApp you should treat it as suspicious. You should never open any email attachment from any person you do not known, and must be particularly caution with .zip files. If in doubt, delete the email and remove it from your deleted email folder.
Malware Delivered by the WhatsApp scam email campaign
Nivdort is a family of Trojans that collect data from the computers on which they are installed. In order to avoid being detected the malware is loaded into the Windows folder. The latest variant is loaded to multiple system folders and also the registry. Even if detected by anti-virus software it is possible that not all traces of the malware will be removed. The malware may still be able to receive commands and exfiltrate data from the infected device.
It seems like almost every day that a new bank transfer email scam is launched, yet the perpetrators of these email scam campaigns appear to rarely be caught and punished for their offenses. However, one such scammer has now been arrested and made to stand trial for his alleged crimes against companies in Texas.
Nigerian, Amechi Colvis Amuegbunam, 28, of Lagos was arrested in Baltimore and has now been charged with defrauding 17 companies in North Texas and obtaining $600,000 via bank transfers.
Nigeria is famed for 419 email scams, otherwise known as advance fee scams. These spam email campaigns receive their name from the section of the Nigerian criminal code that the email scams violate. These bank transfer scams typically require the soon-to-be victim to make a transfer of a sum of money to cover fees or charges in order to receive a substantial inheritance. This type of email bank transfer request scam is not only conducted by criminal gangs operating out of Nigeria, although that is where a substantial number of the criminals are based.
Convincing bank transfer request scam used to defraud Texas companies of over $600,000
However, Amuegbunam obtained funds from Texan companies using a much more believable scenario; one that is being increasingly used by organized criminal gangs operating out of Africa, the Middle East, and eastern Europe.
The emails Amuegbunam sent appeared to have come from the email accounts of company executives, which had been forwarded onto members of staff who were authorized to make bank transfers on behalf of the company. By using the real names of top executives, account department employees were fooled into believing the transfer requests were legitimate. The companies being targeted had been researched, the correct email account format determined, names of senior executives and management determined, and the names of account executive targets discovered.
To make the bank transfer request scam more believable, Amuegbunam used a domain name that differed from the real company domain by two characters. By transposing just two characters, the email address appeared to be genuine at first glance, certainly enough to fool the victims.
The FBI started investigating the bank transfer request scam in 2013 after employees from two companies in North Texas were fooled into making large bank transfers. Amuegbunam has used the domain lumniant.com instead of luminant.com to make an email appear to have come from within the company. The account executive who fell for the bank transfer request scam made a transfer of $98,550. The second company fell for the same scam and transferred $146,550.
Amuegbunam has now been charged with defrauding 17 Texas companies using the same method. If convicted of the crimes, he faces a fine of up to $1 million and a jail term of up to 30 years. He is just one individual however. Many more are operating similar scams.
It is therefore essential that members of the accounts department, and others who are authorized to make transfers on behalf of the company, are told how to identify a bank transfer request scam. They must also be instructed to carefully check domain names on any transfer requests and to specifically look for transposed letters.