The Online Threats of 2019

How you can stop them from happening.

Like a biological virus mutates – as technology advances, so does the complexity of phishing and identity theft schemes. With major services adopting cloud technologies and storing private data online, anyone is vulnerable to hacking.

To make matters worse, hackers continue to come up with some pretty creative ways to profit from stolen information.

Without wasting time, these are the things you should already be doing to avoid being exposed to hackers in the first place:

In order to keep these cybercriminals out of your lives and computers, let’s take a look at some of the actual schemes to watch out for in 2019.

Hacking

We all know what hacking is by now – the term has almost become synonymous with internet security. So a question is: do you love watching movies on Netflix or jamming out to your summer playlist on Spotify? If the answer is yes, then you’re at a pretty high risk of getting hacked.

DynaRisk, a UK cybersecurity firm, recently found that cybercriminals most commonly target these brands, along with adult-oriented sites (you know what we mean) and then, online gaming services.

Identity Theft

A few weeks ago, authorities caught a New York-based gang who had used identity theft to steal over $19 million worth of iPhones. Quartz reported that this operation ran for seven years.

So-called “Top Dogs,” the ring leaders, would organize lower level members of their organization to steal identities and create clone credit and identity cards. Then, affiliates fanned across the nation, signing up for mobile phone plans to acquire iPhones, which were later sold for a profit by the Top Dogs.

Because phone payment plans take the shape of nominal fees over the course of several years, victims often wouldn’t notice the fraud until it was too late. Learn how another scheme dubbed sim port attack works in the diagram below:

Ransomware

Hacking can happen to anyone – including our favorite bands. In early June, a hacker managed to steal the minidisk archive of Thom Yorke, the lead singer of Radiohead. This included previously unreleased demos and audio material from around the time of “OK Computer,” the band’s 1997 worldwide hit album. The hacker then demanded $150,000 on the threat of releasing it.

Holding files for ransom is so common nowadays that it even has its own name: “Ransomware.” Either pay over the ransom or lose your files—or, even worse, have them released onto the unforgiving Internet.

In response, Radiohead released all 18 hours of material on Bandcamp themselves, winning against these ransom hackers.

Most security experts recommend the same route as Radiohead—never pay the ransom, because there’s no guarantee you’ll recover files or prevent their release.

Sextortion

If you think ransomware is bad, there’s an entire subgroup of it aimed to profit off sexual shame. Cheekily named “Sextortion,” some hackers creatively upgraded the classic email phishing scam to scare victims into handing over Bitcoin.

According to Fortune, hackers have already racked up over $900,000 with sextortion. In these phishing emails, the sender claims to have spied on you while you watched porn—and has webcam footage of the salacious deeds. The message then demands a Bitcoin ransom, or else face the social and professional consequences of this lewd video getting sent to all your contacts.

To make the threat even more believable, the sender references a previous password tied to the user’s email account. According to Krebson Security, a sextortion phishing message might look a little like what’s written in the sidebox.

In rare cases, the threats are real—and hackers get their hands on some sexually explicit photos. Recently, American actress Bella Thorne fell victim to sextortion. Last Saturday, she took a similar, albeit more risqué, route as Radiohead, opting to release her nude photographs on Twitter in order to take the power away from her hacker.

Last thoughts..

So, what’s the best way to avoid your personal, or, business from costing thousands in virtual currency? Since most of these emails are fake, you can just avoid them with a spam filter. And you should probably buy a webcam cover…just to be safe. When it comes to general browsing- we suggest using a VPN.

Read more about VPNs here

There are now more secure anti-hacking tools that use the Blockchain and offer great protection especially against identity theft. Have a look at our feature on Tokenisation.

Most online services now like mobile banks, offer App-based 2-factor authentication. This should now be regarded as the minimum security for ANY online account or App.

To avoid hacking or phishing scams in general, optimizing your cybersecurity and using online common sense will save you loads of time, trouble and money.

Cybersecurity by Acunetix
Advertisements

Open Banking – too exposed?

As a human race, we are constantly striving for easier ways of doing things: simpler, faster and more practical. Thanks to better tech, you can now interact with people globally and instantly with the click of a few buttons.

Likewise, you can also physically move quickly due to advances in transportation technology. When it comes to the age-old practice banking – the same is now happening.

Provided you have the necessities, a passport, residential address and a mobile phone, you can now open a bank account within minutes. This is brought about by a Fintech offering better known as Open Banking.

Open banking is the use of open APIs that enable third-party developers to build applications and services around the financial institution.

Wikipedia

It is ultimately about giving you a better, secure and flawless service experience with the opportunity to gain access to excellent financial products.

Online security expert and Chairwoman of Zortrex, Susan Brown reflects on the advent of the new offering:

“Just over a year ago when Open Banking came into the limelight for the Fintech world. CMA9 (the nine largest banks within the UK), were effectively mandated to make their banking platform accessible for third party companies.”

A comprehensive global report commissioned by Accenture emphatically highlighted growth and talking points about the emerging industry in 2017.

N26 Bank
N26 Bank

This is all wonderful, innovative, and promotes transparency within the financial services market – but there is only one drawback Brown cites:

“Consumers really do not know what Open Banking means, there has been a lot published about the benefits that is to be had from Open Banking. At the same time consumers have become very aware of the negative aspects around sharing their data.”

Online scourge of hacks & breaches

Daily, you hear more and more about hacks, and data compromises. With the UK’s Lloyds Bank breach last year; the trust by its consumers to share their financial and personal information, some would say, is completely gone.

In addition, you go onto a site look review products and before you know it, you are bombarded with adverts on the products that you have been looking at elsewhere. This has led some consumers to abandon shopping carts and refrain from using online retailers.

If not adequately protected, the newly established Fintech system might suffer a similar data breaches.

Visa and Mastercard for one, are among the established firms threatened by Open (and Mobile) Banking. And so, they should be according to Brown.

“As consumers knowledge grows about their data and the security around their financial data has not been secure as shown with the Marriott hack.”

Naturally, these new systems pose a huge threat for banks as they become the digital gateway channel connection to the financial sector. This eliminates the direct relationship between consumers and banks.

This is not a bad thing as banks are overwhelmed and cannot always keep in touch with every client.

Added layer of protection

The solution for failing global acceptance would be for a new Fintech company to gain the trust of its new customers. They would naturally also be able to chip away at the market share of other expensive financial institutions.

What you as a consumer know and want is privacy and security. Currently, only banks can make this happen – but at a high cost.

With a new digital tokenisation system like Zortrex vault, you can concurrently let your consumers reap the awards on their transactions.

They can as a result, gain redeemable tokens for patronising your services. This can occur while both you and your partners offer them products globally.

“Don’t be a gateway for the challenger banks be in control of your omni channel for your consumers,” Brown advises

Read more about Zortrex’s solution to privacy here.

This blogpost contains excerpts from Susan Brown about Open Banking initially published on her LinkedIn page.  




Anonymous Surfing

You don’t have to be an online arsonist, hacker or international cyber-terrorist to hide your online identity. Likewise, concealing your PC’s web address or (better known as) your Internet Protocol address (IP address), making it unknown to the public, does not necessarily mean you are up to no good online.

Debunqed.com will, therefore,  build a case for why it is important at times to conceal your private online location with the use of VPNs (Virtual Private Networks).

A VPN is a connection method used to add security and privacy to private and public networks, like Wi-Fi Hotspots and the Internet. They are most often used by corporations to protect sensitive data but now also by the man on the street for the very same necessity.

Getting back to the importance of your IP address: it is probably something you rarely think about but is very crucial to your online lifestyle even as an individual. How so? You might still ask.

Well, without an IP address, you wouldn’t be able to get the current weather, check the latest news or view at videos (streaming) online for instance.

VPN-Protect-you

Click here or on the image to view a quick video

The uses of VPNs

Your IP is also used for basically every online service you partake in including very private things such as your internet/mobile banking or online trading activity.  Think of it as your physical address and how important it is when getting things delivered by post or using it when you need to make applications for loans, jobs etc.

“Without a public IP address, online service providers like Netflix, BBC or Amazon wouldn’t know where to send the information you asked for. They wouldn’t be able to get it to your computer.”

One can now imagine how naked you must feel if you have nothing to protect this address from the advent of a hack without adequate data encryption.  Also the just the haggling by overzealous online marketers, spam, malware, and even 419 scammers!

Now the argument for whether using VPNs is illegal is highly debatable for some of the valid reasons highlighted above. It should, however, be a given right  to be able to use it. And even though it is commonly used by cyber-thugs to mask their clandestine and often dark activities, it should not be outlawed altogether.

The case for VPN

The legitimacy of VPNs debate therefore, carries on into a grey area.

avg-secure-vpn-featuredWe will, however, investigate a few VPN providers that are ‘paid for services’ and even offered by established companies such as AVG (which primarily offers Antivirus protection).

The directive is to help the everyday consumer surf the web without ‘virtual’ salespeople bombarding them with offers based on personal information gathered in an ‘unsolicited’ manner.

Policies like the European-based GDPR law were put in place to protect consumers from the non-consensus use of their data. Even your Internet Service Providers (ISPs) can track your online activities via your IP and sell your browsing habits.

Some forward-thinking people and companies, however, have long been shielding themselves manually using VPNs.

One direct benefit for you as a consumer is the ability to access content (information, products, and services) from different servers. A good VPN service can enable you to obtain access to other geo-locational content despite being on a different continent.

Take the example of Netflix: if you use a VPN in Europe it enables you to have international access to content from the US by using a US-based server for access.

It is perfectly legal provided you are paying for the service. The burden falls on the provider of the service and not the end user if it came down to a legal “scrap”.

If you need to do these tasks frequently, you need a VPN:

  • To hide your IP address (to enable anonymity from marketers and hackers)
  • Change your IP address (to avoid identity theft)
  • Encrypt data transfers (private and financial data)
  • Mask your location (to access other services)
  • Access blocked websites

250x250A word of caution for the last reason, i.e when navigating websites blocked by governments with a VPN: Unless you are a high-profile journalist working on a case and backed by good legal aid – it’s not a wise thing to do.

Do some research if you are not sure because accessing such sites (and not necessarily just government sites) could land you in some hot water. Rather use a known privacy service like Tor to ensure full anonymity to gain access to restricted sites if you really must.


Top Virtual Private Network Protocols

VPN protocols and available security features are numerous. The most common (best) protocols are:

ExpressVPNthe acclaimed best offshore VPN for privacy and unblocking.

IPVanish great for P2P and Torrenting.

VyprVPNthe best choice for those looking for security.

NordVPNsecurity is its middle name.

TunnelBeardubbed the easiest VPN to use.

Windscribea VPN which gives you unlimited connections.

Hotspot Shieldan awesome solution for online browsing.

KeepSolid VPN Unlimitedthe jack of all trades of VPNs.

CyberGhostrich clients and ease of reconfiguring.

ZenMateuser-friendly VPN that caters to the newbies to VPN.

PureVPNtake advantage of easy to use apps and access to many servers.

Source: www.itproportal.com, PureVpn

Picking a VPN service can be a daunting task as there are now literally hundreds of them to choose from. Landing the right one means striking the right balance between services, ease of use and pricing.

Some providers offer free VPN services while some like AVG charges for their VPN service. Paid VPN providers, however, are preferred to the free service providers as they offer robust gateways, proven security, additional free software, and unmatched speed.

The key is to find the best VPN that meets your immediate needs while matching your budget.

Cloud (Storage) Wars!

The term “storage wars” has taken on a new meaning. It has shifted literally from the ability to keep one’s belongings in physical containers to having one’s data stored and managed in the digital realm.

A question often asked is whether the (Internet) cloud is infinite. The answer is both a yes and no.

The top four cloud tech companies are endlessly engaged in a silent market share war. It is a tough choice as they all offer millions of gigabytes in storage. It is therefore fair to interrogate to what extent is there an abundance of storage after which storage space will run out.

The “Cloud” as explained in our previous blog, is a series of backed up servers scattered across the globe.

Consequently,  in terms of availability of storage, it is just a matter of where a datacenter can be run on super-servers and at what maintenance costs.

The answer to how infinite is the cloud, therefore, boils down to primarily a cost, rather than a capacity issue for the respective cloud-storage providers (CSPs).

The main providers/participants vying for a market share in the paid cloud storage subscriptions are namely Google, Microsoft (Azure), Amazon and IBM.

There are also smaller yet significant players such as Box, Dropbox, Tresorit, and Barracuda.  A quick online search will reveal what is on offer by these individual players.

Similarly, the pages of any one of the smaller companies will give some comparisons on individual cloud storage offers.

We will, however, look at the top for major players and summarize their offerings based on a focus on both individuals and small to large enterprises.

What to look out for

Some of the key features to look for when storing data in the cloud   include: Encryption at rest and in transit, as well as end-to-end encryption; 2-Step Verification, HIPAA Compliance.

Other factors to consider is the actual server location, ability to sync any folders and perform selective Synchronization.

There are also key offerings such as offering the ability to edit files on mobile devices. For businesses, the ability to remotely wipe mobile devices, perform file-versioning, and other useful features for data management.

stacking-up-cloud-vendors-2018-right-scale-2

As a business, if the above-mentioned features are not  in your cloud solution, you better look into switching away.

While you can technically run your own cloud, it would require a full-on IT team. That or a very good support system to assist in its maintenance and administration.

It is for this very reason that a SaaS(and Hybrid)-approach  to storage is preferred by many medium to large enterprises.

Here are 4 of the most popular CSPs 


google2.0.0

Weaponry: 

A standard (personal) GoogleDrive starts from 15 GB in size and comes when you open a Google email account. This is a standard with most Android-powered mobile phones which require a Gmail account to register the phone. It is a convenient way to store and access your pics, videos, and files across multiple devices or back them up in case of a hard drive crash.

If you do not mind the inconvenience of having several logins, you could get away with multiple drives giving you 15 GBs each.

There is, however, a drawback as there is no such a thing as a free lunch – the level of security and compliance features naturally are little to almost none.  Additional storage can also be purchased with different upgrade plans, which may come with more  add=ons such as extra file encryption.

When it comes to their business offering, their Team Drive is available with the G-Suite bundle. One can upload 750 GB of data per day and up to a total 5 TB in size.  Team Drive can contain a maximum of 100,000 files and folders, however, this limit can be increased upon request.

The basic package including the more advanced security costs $5 per user per month and gives you 30 GB for storage and collaboration.

A full comparison of available storage plans 
Tactical strengths:

The ease of accessing and using the drives via strategic partnerships such as the one with Android provides them with growing market share.   As it is cloud-based and not linked to physical devices,  you can access your GoogleDrive using a Mac computer as well.

There are growing talks of incorporating Artificial Intelligence <AI> into the data management systems and currently building a full AI Center in Accra, Ghana. This will help bigger companies manage, access and organize their stored information faster and with more purpose.

They have recently launched a set of new cloud storage tiers under the branding Google One.

This comes with revised pricing and storage options: 15 GB: remains Free; 100 GB costs $1.99/month; 200 GB $2.99/month  and 2 TB $9.99/month.

Potential weakness/es:

Google is a latecomer when it comes to offering business solutions and still battles with the stigma of being a free service and thus associated with inferior quality.

The integration with Office applications is still something they struggle to get right. Not many are fans of their free word processing software included in Googlesheets.

Most non-Microsoft platforms will have this compatibility problem.

They also run into a few data syncing problems ever so often, especially with the free storage. They offer full 24/7 customer and technical support with their products. More aggressive advertising and pricing of their business offerings now serves to hopefully alleviate this issue for them.

How Google bounces back from a hefty  EUR 4,34 billion fine for the mentioned collusion with Android will determine if they survive the storage war. This especially if they will be now forced to allow other CSPs to offer services on mobile devices.


AmazonWeaponry:

One of the first cloud solution provider to offer eCommerce and Business-to-Business (B2B) offerings. Amazon and its Amazon Web Services (AWS) has come a long and calculated way from just offering/selling books online.

They are actually seen as a formal threat and direct (more superior) competitor to Microsoft’s cloud (equivalent) offering –  which we touch on next.

Most of this comes from a robust and apparently the world’s largest global cloud infrastructure.

Based on this, its cloud storage, dubbed Amazon S3, works on a “pay as you use” basis while its free tier starts you off on 5GB of storage. Thereafter you pay in increments based on the storage class you fall under.

So the first 50 TB will cost  $0.023 per GB per month and then the next 450 TB will cost $0.022 per GB per month and so on.

This is practical for businesses that do not have a limit to storage space but scale up and down very quickly based on their operations.

Tactical strengths:

Amazon’s storage platform gives users and businesses alike the ability to geographically store and move data with the highest levels of encryption. In addition, one can use data analytics on your data without moving the data into a separate analytics system.

Amazon Athena additionally provides anyone who knows SQL on-demand query access to vast amounts of unstructured data. As with Google, AI incorporation along with Alexa would facilitate this even further.

Other notable benefits offered include open workflows, Hybrid-cloud storage capability, powerful APIs and easy and reliable access to many Third-Party vendors & Partners.

Naturally, you get access to its AWS Marketplaces. It also has a strong compliance adherence including HIPAA/HITECH, EU Data Protection Directive, and FISMA.

Comparison of the various storage classes available.

Potential weakness/es:

Its primary offering of consumer goods and online delivery will make it prone to any bad press received if that arm of operations does not work well.

Further expansion into areas like streaming TV with Amazon Prime and cashless stores might result in a jack of all trades expert in none phenomenon. They are, nevertheless, handling all well so far.


mslogoWeaponry:

The “go-to” tech company for word-processing software as well as operating systems. This software giant like Amazon, is branching into many products.

They now offer games, server hosting software, applications, an online store for all its devices, software and services and of course, storage.

Its Azure platform powers certain parts of Nasa and utility giant Schneider Electric to mention a few. It purchase works similarly to Amazon via ‘pay-as-you use’ terms.

Storage users need to have a .Net Framework and SQL installed to use the storage. For those looking for quick storing solutions without building heavy infrastructure, they can adopt the cloud completely.

With the launch of its online services (Microsoft 365,), it has had to repackage a portion of its Azure platform to cater for small to mid-sized businesses.

These include functional/specific bundles such as OneDrive (personal), OneDrive for Business and Sharepoint (a powerful storage and content management tool).

The online version of the Sharepoint starts at $5.00 per user per month for a rather limited 1 TB per organization. Thereafter, users can purchase more in 1 GB increments of 12 to 16 (US) cents depending on the total (storage space) size ordered.

Tactical strengths

Also early adopters of AI (Machine Learning) and recently, the Blockchain (Blockchain Workbench), Microsoft is providing its developers with more and better reasons to use its storage space for practicality.

Like their online storage offers on Office 365, Azure storage packages are also quite structured and well categorised.

There are specific functions such as a database server-data management system. Then there is one for application running services, and others to handle rest-based object storage (Blob Storage).

Lastly, they offer storage to help perform computations and process events (Functions).

These bundles are all provided free for the first 12 months and then range from $0.002 per GB to about US 0.20c per million executions.

They have a good Partner system to help distinguish and provide support for the best storage package based on one’s immediate needs.

To bolster their growing Marketplace, they recently also purchased the business that deals with OpenSource (GitHub).  This enables more freedom for developers to manipulate software on its platform.

For a comparison of the storage types via Azure and pricing for each, click here.

Potential weakness/es:

People have found its pricing a little to steep on the storage side and so keeping market share will be tough.  Many new smaller CSPs offering cheaper per GB rates.

They can only counter this by offering more products that require their storage (compatibility-wise).

Some other cumbersome restrictions like users being only able to upload 20 000 files at once or the actual file-size limit might not bode too well with heavy cloud data users.

They also don’t have as many APIs as Google or Amazon does, but these are growing by the day.


ibm_logo_300x200px_bearb

Weaponry:

Probably the first of the CSP batch that provided cloud computing. It therefore has had the experience of honing ways of storing and retrieving data for larger businesses. International Business Machines (or IBM) can be considered as the grandfather of data storage.

As with the other CSPs, there is a free offering called the “Lite plan” consisting of a single IBM Cloud service instance with storage up to 25 GB/month.

Paid storage is staggered, per consumption and based on complex costing tiers based on location, storage class, and resiliency choice.

Storage charges start from $0.09 for up to 50 GB down to $0.014 for 500+ TB on what they call the Cross Region Flex plan.

For more insight into the complex costing table, visit the IBM storage pricing page here.

Tactical strengths:

Their security is their biggest pride and strength and makes them a firm favourite for large companies and potentially governmental institutions.

The fact that they do not actively advertise as much as Google or Microsoft is telling. They clearly need to provide high secrecy and protection for their existing clients.

One such feature unique to the way data is stored on their cloud servers is using Information Dispersal Algorithms (IDAs). This helps to separate data in unrecognizable “slices” that are distributed across datacenters.

So basically the complete copy of the data resides in any single storage node, and only a subset of nodes are available in order to fully retrieve the data on the network. This is similar to how peer-to-peer sharing or data encryption works.

And speak of heavy encryption, they have allegedly recently also started on the Blockchain and are experimenting with a particular Cryptocurrency to enable ease of payments. This in the light of IBM with its Watson platform looking to become more of a cloud-based data operating system.

Potential weakness/es:

IBM relies too much on its reputation as a forerunner for tech and cloud-based computing. It has earned that title for several decades before the likes of Google and Amazon barged in.

They might lose out on market share once the newer CSPs start to offer more robust products and compliance services like theirs.

Their high security and complex system come at a premium so designed for or rather restricted to wealthy companies essentially. The hosting option (main server locations) looks limited and restricted to geographical areas primarily within the US and EU.


250x250Be wary of clandestine terminology such as ‘unlimited archiving/storage’ even with a paid subscription. This usually refers to storing data at rest and not the ability to constantly and unlimitedly sync files.

Another salient factor to compare would be the number of files that you can upload or sync at the same time.

This will be relevant for larger companies that need to upload large files and by large, we mean 10 GB files (2 and a half HD DVDs’ worth of content) and upwards.

Making a choice

At the end of the day, your decision to take on a faction in the storage war should be based on your priorities. You simply match it to what each of the companies is offering taking your budget into consideration of course.

You may need to consider running a combination of two or more of them.

Some larger companies offer storage as a “must have” with  hosted email or along with something as basic as purchasing a new smartphone.

You will, however, have to ask yourself a few more pressing questions around functionality, data security and compliance before taking it up.

Or you can simply not accept the offer or disable it in cases where it is presented as a freebie!