Author: Paul

Contactless Card Fraud Has Doubled

The UK’s fraud reporting service, Action Fraud, has reported that contactless card fraud doubled in 2018 to £1.8m stolen compared with £711,000 in 2017.

Average Theft Amount Increased

The latest Action Fraud figures have also revealed that the average theft through contactless fraud in 2018 rose to was £657, compared with £493 in 2017.

Back in February 2017, figures from UK Finance showed that contactless card fraud had already overtaken cheque fraud, prompting finance experts to warn banks against raising the £30 limit for payments, to avoid incentivising more criminals to steal them.

Contactless Technology

Contactless cards incorporate a special chip that can be read quickly and easily by a payment terminal (without making direct contact), meaning that entering a PIN is not necessary, thereby speeding up transactions.

How Can Hundreds Be Stolen? I Thought It Was Only Up To £30?

Current rules mean that only payments of up to £30 can be made using contactless technology, and as such, many of the contactless thefts have involved the thieves taking multiple small amounts using the same card so that users don’t notice immediately.

Why The Doubling of Contactless Card Fraud?

Many commentators believe that the simple fact that contactless is overtaking chip and PIN as the most popular way of paying for goods and services now, and that a PIN is not required to use a stolen card are the main reasons why contactless card fraud levels have soared.

Worldpay figures, for example, show that more card payments were made using contactless technology than chip and PIN in the UK over the year from June 2017 to June 2018, and that after increasing by 30% on the previous year, contactless payments are now the most used card payments in shops.  Yolt figures show that 76% of Britons have used contactless payments, and 40% make half or more of their card payments using contactless.

Secure?

Even though UK Finance, the body which represents many banks, is quick to point out that no contactless fraud has been recorded on cards still in the possession of the original owner, contactless cards have robust security features built-in, and that customers are fully protected against any losses from contactless card fraud, the Action Fraud figures still appear to show a security problem.

This problem has not gone unnoticed by consumers.  For example, even though many of us are now used to having and using contactless technology, MoneySuperMarket research from as recently as last September showed that 55% of those surveyed had concerns about the security of tap-and-go technology.

What Does This Mean For Your Business?

For businesses, contactless payments offer the chance to reduce the cost and hassle of having to handle cash, cut queues, increase the speed and hopefully the frequency of transactions (increase footfall), increase average transaction values (ATV), provide a clear audit trail and assured payment, and even (for some types of businesses) the chance to change to better business models e.g. card / contactless only cafes and bars in cities.  For customers, contactless offers a better, more convenient and faster retail experience for the majority of their purchases (£30 and under), which in turn has a positive rub-off value for retailers.

The prevailing trend in developed countries is a move away from cash to cards, and particularly contactless. For example, UK Finance projects that in Britain cash will be used in just one-fifth of all sales by 2026, and Paymentsense has reported the removal of 4,735 cash machines in the last year.

Even though customers may be protected (i.e. re-reimbursed later) if their card is stolen and used by fraudsters, it is still an unpleasant experience to have money removed from their account that can cause financial hardship in the short term and can affect their ability to pay important bills and could have a negative impact on their credit rating.  The Action Fraud figures appear to show, therefore,  that there is a growing problem with contactless card fraud that banks are not yet fully tackling.

Warning – TV Licensing Scam Operating

Action Fraud, the UK’s Cybercrime reporting centre, has warned that fake TV licence payment scam emails have generated 5,247 complaints between 1st October and the end of December, with 1,983 complaints in December alone.

What Emails?

According to Action Fraud, the highly convincing scam involves sending people emails that use headlines such as “correct your licensing information” or “your TV licence expires today”.  In some cases, the email title and contents suggest that the recipient is eligible for a TV Licensing refund.  On opening the email, recipients are encouraged to click on a link to a fake version of the TV Licensing website.

When the victim visits the fake site, they are asked for their personal payment details – account number, sort code, and card verification value (CVV) code.

There have also been reports that victims who have submitted personal details to the fraudsters via the website are contacted a week or two later by the fraudsters who claim to be from the fraud department of the victim’s bank, claim that the victim’s bank account has been compromised, and ask the victim to transfer their money to a new, so-called ‘safe account’.

Some media reports put the amount of cash stolen by fraudsters using this scam in the region of £230,000+.

Official TV Licensing Never Email Customers Unprompted

The spate of fraudulent emails has prompted the real TV Licensing authority to confirm that they never email customers unprompted to ask for personal or payment details or to inform customers of eligibility to any refunds.

Real Glitch Last Year

Some of us may remember that a real security risk involving the genuine TV licensing website was identified back in September 2018 when an Infosec blogger noticed that Google Chrome was flagging the TV Licensing website as insecure.  The blogger estimated that as many as 130,000 people may have been affected by the breach.  TV Licensing then notified customers who accessed its website between 29th August and 5th September 2018 that their personal details may have been stolen but maintains that there was a very small risk of the information having been accessed. 

What Does This Mean For Your Business?

This latest scam is one of many convincing scams that use phishing to steal payment details and other personal information. Phishing is one of the most popular cybercrime methods.

Action Fraud advice for avoiding falling victim to this scam includes:

  • Check the sender’s email address – does it look like one TV Licensing would use?
  • Check the subject line and treat any requests such as “action required” or “security alert” with suspicion.
  • Check the spelling and grammar, as grammatical errors are often signs of scam emails.
  • Look at the style of the emails.  If it appears too familiar or casual, this could be a sign that it is a scam.
  • Check where the link goes – is it the official TV Licensing website?  It is worth remembering that the official TV Licensing authority never emails customers unprompted to ask for personal or payment details.

If you think that you may have fallen victim to this scam, the advice is to report it to Action Fraud by calling 0300 123 2040 or report it through the website here: https://www.actionfraud.police.uk/report-phishing.

Ways to help protect your company against the threat of phishing attacks include education and training of staff to help them spot and deal with phishing, and even using phishing attack simulator tools (such as ‘Attack Simulator’ in Office 365) to help sharpen your organisation’s defences.

Apple Blames China In Revenue Warning To Investors

On 2nd January, Apple’s CEO, Tim Cook, issued a revenue warning for this quarter to investors, and pointed to challenges in China as being one of the main downward driving forces.

Letter

Bearing in mind that Apple is one of America’s (and the world’s) tech giants, and that it became the world’s first trillion-dollar public company back in August 2018, it has been somewhat of a surprise to hear that its share price has tumbled more than 20% since October, and that the company has now sent a revenue warning letter to its investors revising down its expected earnings for this quarter. In the letter, Mr Cook pointed to the unforeseen “magnitude of the economic deceleration, particularly in Greater China” as one key reason why a previously predicted rise in revenue had now turned into warnings of a fall in revenue.

What’s The Problem?

Tech market analysts and commentators have cited several reasons for Apple’s woes and the link to the Chinese market, including:

  • Apple needs new iPhone sales, but a lack of technological advances in the iPhone since iPhone 8, combined with a hike in the price of iPhones at a time of global economic pressures on consumers have meant a fall in sales.
  • Some competing Android phones may simply be more interesting and offer better value in terms of price / features e.g. Google Pixel, Oppo’s X, OnePlus 6, or the Huawei P20 Pro.
  • Apple relies heavily on phone sales in the Chinese market (Apple makes a massive 20% of its revenue in the Greater China region) but has faced very stiff competition there from the likes of Huawei, Xiaomi, and Oppo with their high value, lower priced phones.
  • Trade war talk and tensions between the U.S. and China have put more downward pressure on Apple phone sales in China.  For example, the detention of a senior Huawei executive caused a patriotism-fuelled backlash against Apple’s phones in China.
  • Apple investors are worried about iPhone sales generally, which have clearly been in decline since the iPhone 8.
  • Apple investors have concerns and questions about how other Apple services will be developed as revenue generators e.g. ApplePay, Apple Music, the App store, plans for television and movies, and goals for competing in the health industry.

What Does This Mean For Your Business?

Apple products and services are known for their quality, reliability, ease of use, and useful features, and many UK businesses / business people will continue to use them. It is difficult to deny, however, that many new Android phone models, such as those from Huawei or Samsung, offer UK buyers great value for money and useful features compared to Apple’s relatively high-priced alternative. This, combined with Apple’s reliance on getting a large part of its revenue in a country (China) where it is facing stiff competition and trade-war pressures are contributing to a challenging time for Apple.

It is, however, worth remembering that Apple is a trillion-dollar tech giant and is better placed than most to weather any storms and find ways to develop new opportunities and revenue streams.

UK Government Warns ‘No Deal’ Brexit Could Mean Get A .COM Replacement For Your .EU

The UK Government’s Department for Digital, Culture, Media and Sport has issued advice to holders of .eu domains that, in the event of a ‘no deal’ Brexit, they may need to switch to another top-level domain such as .com and may also need to seek legal advice.

What? Why??

The government guidance, published online on 21st December, says that the European Commission’s notice states that where a holder of a domain name no longer fulfils the general eligibility criteria, the registry for .eu will be entitled to revoke the domain name. This is because the rules for .eu domains are decided by the European Commission and the operator, which won a contract to run .eu, is obliged to follow these rules.

This could mean that even though you were the owner of the .eu domain up until 29 March 2019, after that date, and with a ‘no deal’ Brexit, you may no longer be able to access your .eu website or email. This may also essentially mean that .eu domains cannot be bought or renewed after Brexit by people or organisations located outside the European Union.

Is This A Real Threat?

Yes. In March last year, the European Commission announced it planned to simply cancel all 300,000 domains under the .eu top-level domain that have a UK registrant, after the UK’s departure from the European Union. EURid, the company that runs the .eu domain registry was not even consulted about the EC’s decision. 

Also, last September the EU added the .eu registry to the official State of the Union document, stating that the implementation and functioning of the .eu top-level domain name would be included alongside copyright, cybersecurity, and privacy reforms.  This means that, if the EU is serious (which it appears to be) and proposed amendments are made to the State of the Union document for post-Brexit, anyone who wants to purchase a .eu domain may need to provide proof of EU citizenship, and registry operators will need to verify that proof.

Lost Revenue

As well as damaging the profits of Eurid, the UK citizens who hold a .eu domain make 10% of the registry, and by taking such a hard line, the European Union would be reducing its own revenues by a significant amount if it simply excluded UK citizens from owning a .eu domain.

What Does This Mean For Your Business?

The government may have just lost a ‘no deal’ Brexit vote, but it looks as though the EU had already set itself on a course to stop UK citizens from owning .eu domains with Brexit anyway, even though they will lose the revenue from nearly 300,00 domains.  There had been plans to set up a Commission on the implementation of the rules, but this is unlikely to happen or to be able to change the EU’s decisions in such a short time.  This means that UK businesses holding .eu domains, having websites with those domains and using email linked to them are now faced with the cost and trouble of having to switch to another top-level domain. One key challenge here, is that they may not be able to find their .com or .uk equivalents, thereby causing even more problems.  The EU’s decision looks like being a bad deal for both UK businesses and the EU, and seeking advice both from the registry and / or other independent legal advice may be advisable at this point.

Drone Laws Promised After Airport Chaos

The chaos caused to flights from Gatwick just before Christmas (and latterly, Heathrow) by drone sightings near the airports has prompted Transport Secretary, Chris Grayling, to announce new counter-drone measures to be taken to protect UK airports.

Increased Exclusion Zone

Mr Grayling, speaking in the House of Commons as the government published its response to its consultation on the future of drones in the UK, and in the wake of the three-day shutdown of Gatwick by unauthorised drone activity in December, announced that the UK government would increase drone exclusion zones around airports from 1km to 5km, and further from the ends of runways.

New Technology

Following the three-day Gatwick (1000+ flight cancellations) issue that caused a national outcry, disrupted the travel plans of 140,000 people, and may have cost the airport more than £120 million, it has reported that Gatwick has spent £5m on anti-drone equipment. The equipment, which uses advanced technology, is believed to be of the same level as was originally supplied for the armed forces.

Heathrow (the world’s busiest airport) is also reported to have invested in anti- drone technology, although it appears unlikely that this is fully operational as the north runway was forced to close for an hour on Tuesday 8th January after reports of possible (unconfirmed) drone sightings in the area.

New Laws Too

Part of the anti-drone measures will include new laws that could see drone users who break the rules being fined or jailed, and police being granted new powers e.g. to be able to ‘down’ drones in certain restricted areas.

Also, from November this year, operators of drones weighing between 250g and 20kg will have to register their drones and take an online safety test.

Big Problem

The problems caused by drones are not limited to just a few prominent incidents. In fact, 117 near misses between manned aircraft and drones were recorded up to November in 2018.

Gatwick was also the scene of a near miss with a drone last summer that put 130 lives at risk, and the airport was also closed for around 20 minutes back in 2017 due to drone activity nearby.

Other Countries – Drones Also A Problem

The UK is by no means the only country suffering problems caused by drones being flown near airports / in the path of aircraft.  For example, back in 2017 a remotely piloted drone struck a Skyjet turboprop passenger plane as it made its approach to land at Jean Lesage Airport in Quebec, Canada, flying at a height of about 450 metres / 1,500 feet and at an estimated 3,000 metres from the runway at the airport. Thankfully, only minor damage was caused to the aircraft which was carrying 8 passengers and was able to land safely.

What Does This Mean For Your Business?

Drones are part of a new industry where the technology and products have been developing before the law has had an opportunity to catch up. Drones clearly have many productive, value-adding, and innovative business uses, and they have been tested and tipped for wider use by brands such as Amazon for parcel deliveries. A move towards autonomous vehicles and new transport technologies means that drones currently have a bright future when used responsibly and professionally. The fact that drones are widely and easily available (with minimal restrictions) to individuals as well as companies, as shown by the many aircraft near misses, and the huge disruption and cost of incidents such as the one at Gatwick in December 2018, indicate that most people would now welcome the introduction of regulations and the investment in technology that contribute to public safety. It is important, however, that any new laws take account of the rights of the majority of responsible drone users, and don’t restrict the commercial potential of drones.

Tech Tip – Prepare For Microsoft’s ‘’Reserved Storage’

The next big update of Windows 10 (in April) will mean that Microsoft will reserve 7GB of your device’s storage in order to accommodate its future ‘quality updates’ or new versions of the OS.  Measures you can take to check that you will have enough reserved storage space or to avoid storage space problems include:

– Manually deleting unnecessary temporary files and (temporarily) moving important files e.g. photos and videos to external storage devices to make enough space for the update.

– Checking the size of the reserved storage on your system by clicking Start > Search for ‘Storage settings’ > then Click ‘Show more categories’ > Click ‘System & reserved’ > and look at the ‘Reserved storage’ size.

– Avoid buying devices with little storage capacity.

Finding out more about the ‘Reserved Storage’ here:https://blogs.technet.microsoft.com/filecab/2019/01/07/windows-10-and-reserved-storage/

Concerns Over Huawei and ZTE Equipment and Software

A statement from the Czech National Cyber and Information Security Agency (NCISA) has warned network operators that using software or hardware made by Chinese telecom equipment suppliers Huawei and ZTE could represent a security threat.

Why?

Huawei, which the world’s biggest producer of telecoms equipment, is based in China, and according to the NCISA, private companies residing in China are required by law to cooperate with intelligence services.  This could mean that the products and services of those companies could, in theory, become part of the Chinese state security systems e.g. Huawei and ZTE could be used for spying on behalf of China.

Global Suspicion & Action

According to the Wall Street Journal, espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. (the so-called ‘Five-Eyes’), agreed at a meeting in July this year to try to contain the global growth of Chinese telecom Huawei because of the threat that it could be spying for China.

The US, Australia and New Zealand have barred Huawei Technologies Ltd. as a supplier for fifth-generation networks, and Japan also looks set to ban government purchases of equipment from Huawei and ZTE.

The U.S. government is also reported to have been putting pressure on Deutsche Telekom, the majority owner of T-Mobile US, to stop using Huawei equipment, although the head of Germany’s Federal Office for Information Security (BSI) Arne Schoenbohm is reported to have told German news outlet Der Spiegel that proof is required to substantiate the accusations.

Detained

Meng Wanzhou, the chief financial officer of Huawei, was recently detained in Vancouver at the request of U.S. authorities for violating US sanctions on Iran. The arrest of Meng Wanzhou happened on the same night that President Trump was dining with Chinese President Xi Jinping during the G20 summit in Argentina.  China’s state-run media, and some other commentators have suggested that Meng’s detention appears to be politically or economically motivated.

Response

The response by a Huawei spokesperson to the NCISA warning has been to deny any suggestion that a national security threat is posed by Huawei to the Czech Republic, and to call for NCISA to provide proof of its claims.

What Does This Mean For Your Business?

If the ‘Five-Eyes’ are to be believed, Huawei’s products and network software could have backdoors built-in to them which could, in theory, allow covert surveillance or control, or destruction of phone networks (which are accessible via the internet).  The fear is that those acting for the Chinese state could gain access to the data stored / routed through Huawei devices, telecoms equipment and software, and could even, perhaps, monitor the conversations on mobile phones.

There does, however, appear to be a lack of clear proof for the allegations, and bearing in mind that Huawei is the world’s biggest producer of telecoms equipment, and that its products are popular (this year it overtook Apple in terms of the number of handsets it was shipping worldwide) and that UK stores are still stocking and selling its handsets, the warnings of various governments look unlikely to be heeded for now.  It is worth noting that BT uses Huawei systems as part of its network, but is now is removing Huawei systems from the core of the mobile network EE, which it purchased in 2016.

The advice as part of the recent Czech warning is that system administrators in critical information infrastructure should take ‘adequate measures’ against the threat.  This advice appears a little vague, and until conclusive proof can be produced, many people and businesses will feel that they can decide for themselves what, if any, action to take.

London Police Facial Recognition Trial

It has been reported that the police are conducting a trial of a facial recognition system in Soho, Piccadilly Circus and Leicester Square over two days in the run-up to Christmas in a bid to identify people among the Christmas shoppers who are wanted by the police or the courts.

Overt

Far from being used secretly, the Metropolitan Police are reported to be publicly announcing the use of the system using knee-height signs on pavements leading up to the surveillance areas, along with A4 posters on lamp posts and leaflets handed-out to members of the public by uniformed officers.

The actual surveillance using the facial recognition link-up to the police database of wanted offenders is reported to have been carried out (on Monday and Tuesday) by a green van with cameras mounted on the top. It has been also been reported that for this London trial of facial recognition, the Metropolitan Police will have been studying the crowds for 8 hours per day over the two day period, and have been specifically using a target list of 1,600 wanted people in the hope that crime and violence can be more effectively tackled.

Criticism

Criticism from privacy and freedom campaigners such as Big Brother Watch and Liberty has focused on mixed messages from police about how those who turn away from the van because they don’t want to be scanned will be treated.  For example, it has been claimed that some officers have said that this will be treated as a trigger for suspicion, whereas a Metropolitan Police press release has stated that those who decline to be scanned (as is their right) during the deployment will not be viewed as suspicious by police officers.

Concern has also been expressed by Big Brother Watch that, although the police may believe that the deployment of the system is overt and well publicised, the already prevalent signs and advertisements in the busy central London areas where it is being deployed could mean that people may not notice, thereby allowing the police to blur the line between overt and covert policing.  It has also been pointed-out by privacy groups that the deployment involves an unmarked van and plainclothes officers, which are normally associated with covert activity.

Doesn’t Work?

Big Brother Watch and Liberty are currently taking legal action against the use of live facial recognition in South Wales (the site of previous trials) and London, and ICO head Elizabeth Dunham is reported to have launched a formal investigation into how police forces use facial recognition technology (FRT) after high failure rates, misidentifications and worries about legality, bias, and privacy.

Serious questions have been raised about how effective current facial recognition systems are.  For  example, research by the University of Cardiff, which examined the use of the technology across a number of sporting and entertainment events in Cardiff for over a year, including the UEFA Champion’s League Final and the Autumn Rugby Internationals, found that for 68% of submissions made by police officers in the Identify mode, the image had too low a quality for the system to work. Also, the research found that the locate mode of the FRT system couldn’t correctly identify a person of interest for 76% of the time.

Google Not Convinced

Even Google (Cloud) has announced recently that it won’t be selling general-purpose AI-driven facial recognition technology until it is sure that any concerns over data protection and privacy have been addressed in law, and that the software is accurate.

Fooled With A Printed 3D Head!

The vulnerability of facial recognition software to errors and inaccuracy has been further exposed by a journalist, Thomas Brewster, from Forbes, who claimed that he was able to fool the facial recognition on four Android phones by using a model 3D head with his own face printed on it!

What Does This Mean For Your Business?

For the retail businesses in the physical area of the trial, anything that may deter criminal activities like theft and violence and may also catch known criminals is likely to be a good thing.

Most businesses and members of the public would probably agree that CCTV systems have a real value in helping to deter criminal activity, locating and catching perpetrators, and providing evidence for arrests and trials.  There are, however, several concerns, particularly among freedom and privacy groups, about how just how facial recognition systems are being and will be used as part of policing e.g. overt or covert, issues of consent, possible wrongful arrest due to system inaccuracies, and the widening of the scope of its purpose from the police’s stated aims.  Issues of trust where our personal data is concerned are still a problem as are worries about a ‘big brother’ situation for many people, although the police, in this case, have been clear that it is just a limited trial that has been conducted as overtly as possible with the support of literature and posters / literature to make sure the public is informed.

Warnings of Printer Chip-Frying

Swedish YouTube vlogger, PewDiePie, is reported to have inspired some of his 77 million followers to hack 50,000 printers to promote his YouTube channel, and to draw attention to vulnerabilities in their printer firmware that could even be exploited by hackers to ‘fry’ a printer chip.

Messages Sent Through Printers

The vlogger, PewDiePie, primarily wanted to make a point that popular printer firmware has vulnerabilities in it that could leave people open to hacks that could disable and even permanently damage their printer. Also, there is the risk that a printer hack could enable attackers to see and alter potentially sensitive information as it’s printed out.

Thankfully for printer owners, the chosen method of raising awareness by some followers of PewDiePie was to send messages through their printers.  The messages, in this case, asked people to subscribe to PewDiePie’s YouTube channel and asked them to unsubscribe from a rival channel called T-Series.

Could ‘Fry’ The Printer Chip

According to PewDiePie, one of the most alarming risks that people could face thanks to vulnerabilities in the printer firmware is hackers forcing a stream of data to be continuously written by the printer’s chips. Since the chips only have a limited lifespan of ‘writes’, keeping them on such a continuous loop for long enough could overload and ‘fry’ the printer chip, thereby stopping the printer from working altogether.  This would most likely require the victim to purchase a new printer.

Unsubstantiated

Although it has been claimed that followers of PewDiePie have caused 100,000 machines to print out the message, this figure has not been verified, and currently, there is only anecdotal evidence in the form of some Twitter posts from alleged victims in the UK, US, South America, Spain and Australia.  There have, thankfully, been no reports of any printer chips being fried as yet.

Example

One example of how printers can be compromised dates from early 2017 when a hacker named Stackoverflowin was able to take control of more than 150,000 printers manufactured by HP, Brother, Epson, Canon, Lexmark and Minolta, and ordered them to print out a message.

What Does This Mean For Your Business?

This may be a publicity stunt by a YouTube vlogger that is likely to expand the number of his followers, but it appears to have had a serious point about a security vulnerability that could affect your business or home printer. Back in August, for example, it was discovered that hundreds of HP inkjet printer models were in desperate need of firmware patches, and this latest stunt may help to prompt enough questions from printer owners to motivate printer manufacturers to take another look at their firmware, and for printer owners to seek out patches that may already be in existence.

Smart Botnet Detection Needed

For businesses to maintain an effective cyber defence, the ability to prevent, detect and stop smart botnets in real-time is now an important consideration.

What Is A Botnet?

A botnet is a term for multiple malicious mini-programs working together to take over large numbers of computers and digital devices for different purposes e.g. stealing data and / or launching attacks, or in the case of DDoS attacks, shutting down servers (and the websites on them) by bombarding them with requests (a flood).  Botnets also sap electricity and computing power as they work.

How Big Is The Problem?

According to DDoS protection provider Link11, DDoS attacks (launched using botnets) on e-commerce providers showed an increase of more than 70% on Black Friday compared with other days in November this year, and Cyber Monday attacks showed a massive increase of 109% compared with the November average. Botnets have also shown a move towards the Internet of Things (IoT).

Last year saw a huge growth in the use of botnets.  For example, Spamhaus figures showed that the number of command and control (C&C) servers used for managing IoT botnets more than doubled, going from 393 in 2016 to 943 in 2017.

The increase in the use of botnets has been driven by factors such as the availability to cyber criminals of very cheap and easy to operate rent-a-botnet services booter or stresser botnet services, and the proliferation of IoT device with sub-standard security that can be used in attacks. Cyber criminals also use various amplification techniques to increase the impact of their attacks.

Characteristics Of Botnets

The characteristics of botnets and how they are made can provide the key to detecting them and preventing them. For example:

  • Some have a long ‘dwell time’ (the time the malicious program sits on a device before it’s activated), and they need to communicate to work. Communication often involves the use of command and control servers. Disconnecting communications between bots and their botnet command and control servers has, therefore, been a way of stopping them.  New smart bots, which create peer-to-peer networks, can be more difficult to stop.
  • Botnets use processing power.  If suspicious processes that take up a lot of memory are spotted, and / or if devices appear to slow down, this can be an indicator that the device has been compromised and a botnet is awake and active.

Turned To Crypto-Mining

A recent security bulletin from Kaspersky Labs states that botnets are now increasingly being used to distribute illicit crypto-mining software, and that the number of unique users attacked by crypto-miners grew significantly in the first three months of 2018. The malware used for mining is designed to secretly reallocate an infected machine’s processing power to mine cryptocurrencies, with all the proceeds going to the attacker.

What Does This Mean For Your Business?

With cyber-crime, prevention is better than cure, and being able to detect signs of attacks early is vitally important. Security commentators suggest a focus on security measures that prevent initial infection and lock-down unnecessary trust permissions. Businesses may also benefit from using security technologies that can detect, alert or block botnet activity in real-time, and by continually analysing network traffic and local system logs.

Inspecting devices and checking for any suspicious processes that appear to be taking up taking up a lot of memory may also be a way to detect botnets that have already slipped through the net and are active.