Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: According to research by ACI Worldwide, online fraud rates are likely to rise during the holiday shopping season. The British government announced it will spend $250 million to fund cybersecurity startups, and double its spending on efforts to fight cybercrime. Symantec found attackers have been targeting servers running on vBulletin forums with vulnerable installations. Finally, according to the IT Security Risks Survey, conducted by Kaspersky Lab and B2B International, nearly 75% of companies have suffered a cyberattack stemming from an internal attacker.
As retailers and consumers prepare for the holiday shopping season, attempts by criminals to steal payment card information to commit fraud online are likely to rise, according to new research by ACI Worldwide. The move by U.S. merchants and card issuers to switch to more secure chip cards for in-store purchases this year is likely to increase fraudulent attempts on transactions online. The ACI research showed fraud rates by volume for transactions that don’t involve physically swiping a card have increased in 2015, with one out of every 86 transactions a fraudulent attempt compared with one out of 114 transactions in 2014.
The British government has announced a bold series of new programs to boost its cyber security defenses, including a new, £165 million ($250 million) fund that will see the government buy or invest in cyber security startups. Britain will also double its public spending on fighting cybercrime to £1.9 billion a year by 2020. The extra money will be spent on protecting the British public’s online assets as well as public infrastructure like hospitals and electricity grids, Chancellor George Osborne said in a speech at GCHQ, Britain’s main intelligence service focused on cyber crime.
Malicious actors have been targeting servers running vulnerable installations of the vBulletin forum software via a security hole patched by the developer earlier this month, Symantec warned on Monday. According to the security firm, as many as 2,500 daily hack attempts have been observed since November 5. It appears the attackers have been trying to compromise servers by exploiting a serious vulnerability patched by vBulletin on November 2. The flaw, which can be exploited for remote code execution, affects vBulletin 5 Connect, versions 5.1.4 through 5.1.9.
Costly cyberattacks are now almost routine for businesses, but while many organizations are focusing on external attackers, companies may want to know that the largest single cause of confidential data loss is due to employees (42%). Nearly three out of four companies have suffered an insider threat event. According to the IT Security Risks Survey conducted by Kaspersky Lab and B2B International, 73% of companies have been affected by both intentional and unintentional internal information security incidents. Out of those, a fifth (21%) of companies also lost valuable data that subsequently had an effect on their business.