ICYMI: Cyber skills gap, TalkTalk breach and hacking trading algorithms

News by SC Staff

The latest ICYMI columns looks at the top five stories on SC this week, from our exclusive on the cyber-security skills gap to the TalkTalk breach affecting four million customers.

SC Exclusive: Cyber-security fails to make the grade at university

The cyber-security skills gap is likely to continue, if not get worse, according to SC Magazine's analysis of the numbers of people studying the subject at degree level.

Looking at this year's UCAS undergraduate course acceptances, we found that the skills shortage will continue with the numbers – and thus interest – in security courses considerably lower than in recent years.

The majority of computer security courses are categorised in the UCAS numbers under ‘Information Systems', and a review of these courses reveal that they include ethical hacking, computer security and forensics, computer and information security, data science and cyber-security.

In 2014, 1,905 men and 460 women (2,365 in total) enrolled in these courses but this represented a fall of 11 percent year-on-year (2,670), 18.7 percent compared to 2012 (2,910) and 34.5 percent compared to 2011 (3,610). The enrollment number was almost half as much (41 percent) as the 4,010 people that enrolled on Information Systems courses back in 2010, and is the worst since UCAS starting tracking course applicants in this way back in 2007.

TalkTalk blames supplier for breach affecting 4m customers

UK telephone and broadband provider TalkTalk blamed an unidentified third-party for a data breach late last year, which saw hackers steal account numbers, addresses, phone numbers - and money - from up to four million customers.

The breach was reportedly discovered late last year (between October and December, although some also saw occurrences from August) after TalkTalk saw complaints spike on calls from spammers, pretending to be from the company's support team. The firm is now taking action against this third-party, which The Guardian says is an Indian call centre.

The initial point of access also remains unknown at this time, although it appears the third-party contractor – which had access to customer accounts – was compromised allowing fraudsters to access client information and use this knowledge to call and convince customers that they were from the customer service division

Hackers target hedge funds to manipulate trading algorithms

It's not just Ed Milliband that has hedge funds in his sights, there are others looking for rich pickings too.

The financial institutions are under attack from a new generation of cyber-criminals, ones that are looking to exploit weaknesses in the algorithms used to conduct automatic trades. Algorithms are widely used within financial institutions to generate mass trades – at one venture capital company, an algorithm has been appointed to the board of directors

EJ Hilbert, head of cyber-investigations at Kroll, said that algorithms were a tempting target for cyber-criminals, although he couldn't say how common a problem it was as he could only comment on cases where Kroll was brought into investigate. 

Hilbert, a former FBI cyber-crime investigator said the really interesting question is what the criminals would do with the compromised source code, whether it would be used to sell it back to the companies that it had been stolen from or whether the criminals would use it themselves.  

Banking Trojan 'Vawtrak' spotted in the wild

The banking Trojan 'Vawtrak' has been spotted in the wild, and it's 'much improved' compared to a year ago.

In 2014 TrendLabs discovered cyber-criminals employing the Windows PowerShell command shell to deploy the Rovnix agent via malicious macro downloaders – a practice which in 2015 has morphed into a brand new threat in the form of the new banking malware agent labelled ‘Vawtrak which is now in the wild, and in use leveraging macros in Microsoft Word to spread this new banking malware.

Are digital loss prevention and signature-based anti-virus living on borrowed time?

Should fingerprint-based data leakage protection be declared dead, asks Peter Tyrrell, suggesting it just doesn't scale for the hyper-connected world.

Fingerprint-based Data Loss Prevention (DLP) and Signature-based Antivirus (AV) have long been security industry mainstays, but with the speed of the business environment outpacing the technology they rely on, are their fates already sealed?

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews