OCA October 2014: Threat vectors

United Kingdom

This article was produced by Olswang LLP, which joined with CMS on 1 May 2017.

A small selection of the cyber threats and statistics that have made recent headlines.

  • Sources including censorship watch dog GreatFire have alleged that the Chinese authorities are staging a "man-in-the-middle" attack on Apple's iCloud, just days after the iPhone went on sale in China. The attack is designed to intercept user's iCloud account usernames and passwords, using a fake login site that looks exactly like the Apple iCloud login site. Read more from The WHIR and ITProPortal.
  • A new bug, which could be affecting hundreds of millions of computers, servers and devices using Linux and Apple's Mac operating system, has been discovered. System administrators have been urged to apply patches to combat the bug, which has been dubbed "Shellshock". Read more from the BBC .
  • US companies Home Depot, Supervalu and JPMorgan Chase & Co have all been hit by high profile cyber attacks.
  • Mark Boleat, head of policy for the City of London, has echoed comments made by New York's financial regulator Benjamin Lawsky that an "Armageddon style" cyber attack will trigger the next global financial crisis by making a major bank "disappear". Mr Boleat also said that the City of London police had uncovered a "huge underground economy, and a huge underground network" capable of conducting movie-style cyber attacks. Read more from The Telegraph.
  • As has been widely reported, there has been an extremely targeted hack against celebrities, resulting in numerous nude photographs being temporarily floated in the public domain. In the fallout, cyber-thieves reportedly sent out fake notification messages to iCloud users to trick people into handing over their login details.
  • Similarly, 13 GB worth of photos from popular mobile phone app Snapchat have been dumped online. The attack has been dubbed "The Snappening" and was carried out by the use of insecure third-party software designed to let users store "disappearing" snaps. Many are blaming Snapchat for the breach. Read more from The Independent.
  • Security firm Hold Security has announced the "largest data breach known to date", after a Russian gang dubbed "CyberVor" stole over 2 billion credentials. More details here and here.
  • As ZDNet reports, new research published by FireEye claims that 68% of the most popular free Android apps could become a pathway for cybercriminals to lift sensitive data.
  • An interesting blog by CBR highlights six cyber security trends to watch out for during the rest of 2014, which includes more focus being placed on cyber education and an increase in infrastructure targeting by hackers.
  • The "very alarming" level of cyber threats organisations face is unlikely to fall for at least 10 years, says Suleyman Anil, head of cyber defence at the emerging security challenges division of NATO. Mr Anil asserted there are three prime reasons for this; cyber crime is low risk with the promise of high profits, there has been an increase in opportunity to attack systems and most worryingly, there is growth in state-sponsored cyber attacks. Read more here.