Story image

Businesses beware as malicious URLs in NZ pass 60,000 mark…

13 Aug 14

Over 3.3 million malicious URLs were clicked in New Zealand in the second quarter of 2014, up from 2.3 million in Q1, according to Trend Micro’s Q2 security roundup report.

The report, titled “Turning the tables on cybercrime: responding to evolving cybercrime tactics,” showed malware continued its prevalence in Q2, with the number of malware detections hitting more than 1.3 million in New Zealand, rising from 1.2 million in Q1.

Trend Micro threat researchers also found more than 63,000 malicious URLs were hosted in New Zealand throughout Q2 while the average number of spam-sending Internet Protocols (IPs) per month reduced to less than 1 million this quarter across the country.

At its highest however, there were 1.3 million spam-sending IPs in New Zealand in a month.

“The increase in malicious links being clicked on by New Zealanders in Q2 shows a clear need for continued consumer education on personal security to ensure people remain protected against these ever-evolving threats,” says Tim Falinski, Director, Consumer ANZ, Trend Micro.

“Consumers need to be aware of not just what they’re clicking on, but also what’s happening with their own personal data.

“For example, what retailers and businesses are doing with it. This often means asking more questions and reading the fine print, which requires a change in mindset for many people.”

Falinski claims cyber threats, data breaches and high-risk vulnerabilities continued to dominate the first half of 2014 with the severity of these attacks intensifying against banks and financial and banking institutions as well as retailers outlets.

Total attacks have exposed more than 10 million personal records around the world as of July 2014 and strongly indicate the need for organisations to adopt a more strategic approach to safeguarding digital information.

The incident attacks in the second quarter affecting consumers personal information included theft of data such as customer names, passwords, email addresses, home addresses, phone numbers, and dates of birth.

These types of personal privacy breaches have affected retail sales and business earnings while leaving customers unable to access personal accounts and dealing with service disruption.

As of July 15, 2014, more than 400 data breach incidents have been reported globally, creating the need for organisations to identify and understand their core data in order to protect and build an effective defence strategy to keep them and their customers secure.

As a first step, Falinski believes organisations need to determine which information they regard as “core data” before devising a plan on how to protect it.

Notable findings of the report include:

• Critical vulnerabilities created havoc among information security professionals and the public: High-risk vulnerabilities affected various components of Internet browsing and Web services, including server-side libraries, operating systems, mobile apps and browsers.

• Escalation in the severity and volume of attacks: The severity of attacks against organisations highlighted the importance of incident response planning and organisation-wide security awareness.

• Cybercriminals counter online banking and mobile platform developments: Deployment of mobile ransomware and two-factor authentication-breaking malware has emerged in response to technological developments in the online banking and mobile platforms.

• Digital Life and Internet of Everything (IOE) improved way of life with emerging vulnerabilities: The 2014 FIFA World Cup held in Brazil was one of the most popular sporting events in recent history, based on online engagement and activity. As such, users faced various threats related to the event, making it one of the most widely used social engineering hooks this quarter.

“The findings from the latest results point to several online vulnerabilities within our daily lives, especially with cyber criminals leveraging popular global events to lure and exploit people,” Falinski adds.

“This provides further evidence that people need to be more aware of how to avoid such online dangers and protect themselves from cyber threats like malicious links, phishing schemes and malware.”

Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
Preparing for the future of work – growing big ideas from small spaces
We’ve all seen it: our offices are changing from the traditional four walls - to no walls. A need to reduce real estate costs is a key driver, as is enabling a more diverse and agile workforce.
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”