How wrong can "they" get I.T.? Recently, there has been a spate of newsworthy I.T. fails that should concern all businesses, and individuals, and remind us to keep on top of our systems, devices, networks, software, upgrades, as well as being cautious when we click.
Facebook and Google have finally fessed up to being conned out of at least $100million in a scam which is becoming far more commonplace for businesses - fake billing using phishing. The Lithuanian conman posed as an Asian contractor for the two companies and persuaded these companies to wire huge sums of money halfway across the world for services not rendered and goods not supplied.
The moral of this story is: check all of your invoices and make sure everyone in your accounts department double checks who exactly your business is paying.
Yesterday, Whatsapp suffered an outage for several hours, globally. Whatsapp is owned these days by Facebook and has around 1.2billion users. There were the usual howls of frustration from those who rely on the app for their social messaging, which includes businesses who have adopted Whatsapp as a communications tool, simply because it has so many users. The Twitter account used to update users about Whatsapp and its status was last updated in 2014, which caused further brand damage.
The moral of this story is: use more than one method to contact customers to ensure resilience if one system fails, and keep your social media up to date, especially when any event of note occurs which affects your customers. Even for a "free" product.
Then, Google got hit with a phishing scam that seems to have affected millions of Gmail users worldwide in a mere matter of minutes. The fact that the scammers named the con as Google Docs, which many Google account holders use, and spoofed the emails to appear to come from a known contact, means that this phish swam around the globe extremely fast. The permission given to the fake Google Docs app allows full access into the entirety of the victim´s Google account, including all emails, contacts, account details, Google Wallet etc.
The moral of this story is: educate all of your staff to recognise phishing attacks and be cynical and cautious before clicking. And keep changing your passwords for everything. Regularly.
For those who think governments are capable of running online ID databases for payments, taxes, health, education and so on, there is a salutory tale from India where the government has leaked 130 MILLION payment card details. (Just as a reminder, that is DOUBLE the UK population.) Other nations are in no way exempt from this fail and there have been stories from around the globe of similar monumental hacks - USA 2015, 22.1million government employee details and so on.
The moral of this story is: be extremely cynical if a government claims that anything is protected with "nation grade security". The implication is that because it has had the full weight of the government´s purse thrown at it, that therefore it is secure. NOTHING is 100% secure and government projects are renowned for being about as secure as lettuce.
The mobile networks are not immune either, and now, finally, crackers are exploiting the SS7 vulnerability on mobile networks that has been warned about for years. The TL:DR is that it is now pretty easy to spoof where calls have come from and stand in the middle of 2FA (two factor authentication) between, for instance, you and your bank. The chilling line in this article is this:
....The telcos have been glacial at getting to grips with the problem.
This is OUR industry and we will be the first to admit that the telcos have been glacial at solving far, far too many problems, but that is the subject for another post.
The moral of this story is: NOTHING. IS. 100%. SECURE. NOTHING. Every time you read a story such as the above, contact your suppliers, your banks, your governments and ask precisely what is being done to protect your business, your country from this horrendous display of I.T. incompetence and just who is taking responsibility for this failure to prevent cybercrime. Meanwhile, protect your own business to the full extent of your capabilities.
Let´s stay safe out there.