Hardly a day goes by without news of another data breach. It's safe to say that we live and work in risky times. But there's a growing recognition that cybercriminals aren't the only threat—or even the primary threat to an enterprise. "There's a far greater need to educate and train employees about security issues and put controls and monitoring in place to increase the odds of compliance," says John Hunt, a principal in information security at consulting firm PwC.
It's a task that's easier said than done, particularly in an era of BYOD, consumer technology and personal clouds. According to Jonathan Gossels, president and CEO of security firm SystemsExperts, it's critical to construct policies and security protections around two basic areas: malicious insiders and those who inadvertently breach security. "The best security program in the world can be undermined by ill-advised behavior," Gossels explains.
Construct effective policies. Surveys indicate that many workers are not adhering to existing policies. In some cases, they simply disregard them. "The thing that you have to keep in mind," notes Hunt, "is that policies must be clear, understandable and not interfere with the ability of people to get their work done." If an organization is struggling with non-compliance and shadow IT, then it may be time to reexamine policies, as well as the underlying systems and tools the enterprise has in place. "Many organizations have older policies that don't take into account today's tech tools, such as iPads and other portable devices," says Hunt. The policies should also extend to contract workers and freelancers, he notes.
Traditional advice is to use the official app stores to avoid mobile malware – but a Spanish security firm has discovered four apps available via Google Play that scam their users into covertly subscribing to premium SMS services and stealing money through their phone bills.
Luis Corrons, technical Director of Panda Security's PandaLabs research arm, blogged about the discovery yesterday. His team had found four particular apps (on dieting, baking, exercise and hairstyling) that all use a similar process to scam their users. The basic methodology is to trick the user into accepting terms and conditions well beyond those expected.
Using the diet app as an example, Corrons shows that users are presented with an invitation to view one of the diets. Clicking 'Enter' pops up a small window that asks the user to accept the app's terms of service – but those terms are separated from the pop-up, greyed out, and in tiny, unreadable text. They actually grant the app permission to subscribe the device to an external service.
Of course, it's not as simple as that. Firstly, the app 'steals' the user's phone number from WhatsApp (a popular app that requires the user's number and is statistically quite likely to be installed). It then covertly subscribes the user to a premium SMS service, waits for the confirmatory request from the service, intercepts it and responds in the affirmative – all without any notification to the user. The user eventually gets presented with a bill 'hidden' in the mobile phone charge for a service he didn't know he was using.
This type of scam is a growing problem. "I know that lots of people only ever give their bill a cursory glance or don’t even bother looking if it stays under a certain amount. I manage all the bills in our house after I discovered my missus had being paying insurance and tech support on a phone she hadn’t used for 5 years," a PandaLabs spokesperson told Infosecurity.
"Whether the cyber criminals choose to use the app as often as possible to rack-up their income knowing they will get caught quickly or the under-the-radar method [small amounts from a lot of victims] where they will try to go unnoticed depends the criminal’s choice," Corrons told Infosecurity.
He did some quick arithmetic on a projected volume of anything up to 1.2 million downloads of the four apps. "They charge a lot of money for premium SMS services, if we make a conservative estimate of $20 charged by terminal, we are talking of a huge scam that could be somewhere between 6 and 24 million dollars!" And this, of course, is just for the four apps that he found.
These particular apps were found in the Spanish Google Play. They contravene Google's new terms and conditions for Play, which insist on a single purpose and clear terms. How Google intends to enforce those terms remains to be seen; but Corrons confirmed to Infosecurity that these four have now been removed from Play.
We would like to introduce ourselves as a Manufacturer of Duoblock type Industrial OIL / GAS Burners, their spares & accessories. The Proprietor, Mr. B. H. Panchal is having vide experience in Erection, Commissioning & Servicing of M/S OERTLI & KLOCKNER type OIL / GAS Burners with M/S. IAEC INDIA LTD; BHANDUP, MUMBAI. We manufacture Oil / Gas Burners, their Spares, Accessories & Controllers like Positioner controllers, Electronic Low Water probe relay etc.
We also manufacture replacement spares for the Boilers manufactured by M/S. IAEC INDIA LTD., MUMBAI and any other Make & Brands of The Boilers & Burners. We Design & Manufacture Impo+rt substitute for special purpose Burners & their accessories. We also Sale & Service LANDIS & GYR, SATRONIC, PETERCEM & other Make & Brands of Sequence controllers for Oil & Gas Burners. We also undertake Guaranteed repairs of all types of the Burners & Boilers components, Controllers & their accessories.
Address : #84-89, New Modella Industrial Estate, Wagle Estate, Thane - 400604, Maharashtra, INDIA.
Tel. No. : (022) 25827433 / 25800651 / 9920190503
Fax No. : (022) 25800651
Email : firstname.lastname@example.org
ADDRESS (Factory) : Unit No.7, Ferrodie Indl.Co-Op Society Ltd.
Road No.22, Wagle Estate, Thane - 400 604, Maharashtra, INDIA
Critical Infrastructure Protection
Essential infrastructures produce vital benefits and services, upon which various sectors of our society depend. Our professional and experienced groups comprehend the risks to these infrastructures arising from natural and man-made calamities. While the Department of Homeland Security has identified 18 critical infrastructures resources that must be safeguarded, most of these assets are owned by the private sector.
It is critical that you have a security expert to assess your risk and create risk-reduction measures for your company. Your clients rely on this important infrastructure; therefore, it is necessary to undertake procedures to avert and properly adapt to any hazard that may adversely impact your vital resources.
According to your expectations from our company, we will undertake some or all of the steps below in order to safeguard your crucial infrastructure.
- Evaluation: Determine the risk connected with the vital infrastructure and what is extremely significant to attaining goals and final success.