March 2025 Newsletter

Posted By: Mark Thursday 17th April 2025 Tags: , , , , , , , , , , , ,

This month: Password alternatives, ransomware group ‘dirty dozen’, humans are the weakest link in data breaches, and Google Maps glitch wipes user timelines.

Newsletter image: Password Alternatives for Online Authentication

Password Alternatives for Online Authentication

In today’s digital world, the reliance on passwords for online authentication has become an enduring source of frustration and vulnerability. From the endless password resets to high-profile data breaches exploiting weak or reused passwords, this traditional security method is increasingly viewed as outdated. As technology evolves, there are alternatives emerging that may redefine the way we authenticate ourselves online. Here, we explore some of the most promising alternatives to passwords that could shape the future of online security.

Biometric & Behavioural Authentication

Biometric authentication relies on the unique physical or behavioural characteristics of an individual to verify their identity. This method has already gained traction through technologies like fingerprint scanning and facial recognition in smartphones and other devices.

Biometerics

Facial Recognition

With the advent of sophisticated facial recognition algorithms, this method is becoming increasingly popular. By analysing unique facial features, users can gain access to their accounts without needing to remember a password.

Iris Scanning

Iris scanners take security a step further by analysing the intricate patterns of a user’s eye. This technique is currently incredibly difficult to replicate, making it one of the most secure options at time of writing.

Voice Recognition

Voice authentication captures the distinct vocal patterns of an individual. It’s a promising solution for hands-free devices and virtual assistants, enhancing both security and user convenience.

While biometrics offer unparalleled convenience, their adoption comes with privacy concerns regarding the storage of this sensitive personal data.

Behavioural Authentication

Behavioural authentication is a cutting-edge approach that assesses the unique way a user interacts with their devices or applications. This includes analysing patterns such as typing speed, mouse movements, touchscreen gestures, or even how a smartphone is held. Machine learning algorithms analyse these behaviours to determine whether the user is legitimate.

The primary advantage of behavioural authentication is its seamless and passive nature. Users don’t need to perform additional steps or remember anything. However, its effectiveness depends on continuous monitoring and accurate algorithms.

Multi-Factor Authentication Without Passwords

Multi-factor authentication (MFA) has long been championed as a security enhancement, but the future could see password-less MFA becoming the norm. In such systems, users might rely on combinations of:

Physical Security Keys

Devices like USB tokens or NFC-enabled cards serve as physical identifiers. These keys generate a unique authentication code when plugged in or tapped on a device, eliminating the need for passwords entirely

One-Time Passwords

Delivered via SMS or an authentication app, One-Time passwords (OTPs) are valid for a limited period and provide an additional layer of security, reducing the reliance on permanent passwords.

Push Notifications

Users approve login attempts through push notifications sent to their mobile devices. This method is increasingly popular for online banking and email services.

By combining multiple authentication factors, MFA ensures robust security while streamlining the user experience.

Cryptographic Authentication

Public key cryptography is a system where users rely on cryptographic keys—pairs of a public and private key—to authenticate their identity. Services like FIDO (Fast Identity Online) Alliance are at the forefront of this technology with their WebAuthn standard.

Hardware-Based Key Pairing

Users can use devices like smartphones or USB tokens to store private keys, ensuring secure and password-less logins.

Decentralised Authentication

Blockchain technology, most commonly associated with cryptocurrency, could enable individuals to have more control over their identity without relying on centralised databases susceptible to breaches.

Cryptographic authentication offers a high level of security, but its complexity and reliance on hardware adoption could pose challenges for widespread use.

Continuous Authentication

Continuous authentication moves away from one-time verification at login to ongoing identity validation throughout a session. By utilising biometrics, behavioural analytics, and contextual data (such as location or device information), this approach ensures that the person who initially logged in is the same person remaining active in the session.

This dynamic method not only enhances security but also reduces disruptions for users, as reauthentication is done in the background.

Will passwords go away?

As we look to the future, the shift away from passwords is probably an inevitable necessity to combat evolving cyber threats. For consumers, these changes should mean greater convenience and fewer forgotten passwords. For businesses, adopting password-less authentication systems may lead to reduced security risks and improved user satisfaction.

The journey to a password-less future is already underway, however, implementation costs, privacy concerns, and technological accessibility will be a part of the equation for making the transition. A lot of these alternative techniques have been around for some time, yet, passwords are still popular through basic familiarity and understanding of the concept.

While no single alternative will replace passwords universally, a combination of technologies tailored to specific use cases may offer the best solution.

Newsletter image: LaneSystems Team Anniversary & Charity News

LaneSystems News

March Team News

Happy 6th Anniversary Matthew

It’s a happy anniversary to security technician, Matthew Paley. Matthew has come through the ranks, keeping our clients happy and cyber secure for six years. Thanks for all your hard work!

Charity News

Some very worthy recipients of some useful hardware recently. In February, we donated an access point and labour to St Teresa’s Hospice, to improve WIFI connection at their HR office, valued at £300. In March, we are donating a large screen and stand worth £500 to Citizens Advice Newcastle.

TeesExpo

On March 27th, Michel and Claire worked our stand at Wynyard Hall for the Spring 2025 Teesside Expo. We met a lot of people old and new, and chatted IT, cyber security and a whole lot more! Thanks to everyone who stopped by to meet us and maybe we’ll see you again in the autumn.

Newsletter Image: The 'Dirty Dozen' of Ransomware

The ‘Dirty Dozen’ of Ransomware

Ransomware, a malicious software designed to encrypt data and demand payment for its release, continues to be a growing cybersecurity threat. With attackers employing techniques like double extortion and leveraging advanced technology, ransomware operations have evolved into highly organised enterprises.

The groups involved range from professional cybercriminals and state-sponsored actors to hacktivist groups and opportunistic individuals, motivated by any combination of financial gain, disruption, or political agendas.

John Leyden, at CSO Online, has collated 12 ransomware groups actively reshaping the threat landscape, highlighting their tactics and impact.

  • Akira: A ransomware-as-a-service (RaaS) operation targeting small to midsize businesses, exploiting vulnerabilities in VPNs and RDP clients.

  • Black Basta: Known for social engineering tactics and targeting over 500 organisations globally.

  • BlackCat (ALPHV): A group with ties to the defunct Darkside group, infamous for its Colonial Pipeline attack.

  • LockBit: A dominant player in the ransomware landscape, known for its aggressive tactics.

  • Hive: Focused on healthcare and critical infrastructure, using double extortion methods.

  • Conti: Although officially disbanded, remnants of this group continue to influence the ransomware ecosystem.

  • REvil (Sodinokibi): A re-emerging group known for high-profile attacks on corporations.

  • Clop: Specialises in exploiting vulnerabilities in file transfer software.

  • Vice Society: Targets educational institutions and healthcare providers.

  • Ragnar Locker: Known for its unique approach of running ransomware in a virtual machine.

  • Cuba: A group targeting financial institutions and critical infrastructure.

  • Play: Focuses on exploiting supply chain vulnerabilities.

The UK’s National Cyber Security Centre (NCSC) has emphasised ransomware as one of the most acute cyber threats facing businesses and organisations. They maintain a strict stance against using public funds to pay ransom demands, want the government to expand bans on ransomware payments for public sector bodies and critical national infrastructure, while establishing mandatory reporting of all ransomware incidents. This policy of non-payment and reporting is also recommended for private enterprise, where they emphasise the need for critical services to be well tested for cyber resilience and swift operational recovery should any attack occur.

Read more details about these threats at: https://www.csoonline.com/article/3838121/the-dirty-dozen-12-worst-ransomware-groups-active-today.html

Newsletter Image: Human Error: The Leading Cause of Data Breaches

Human Error: The Leading Cause of Data Breaches

Mimecast’s latest report, “The State of Human Risk 2025” sheds light on the alarming role human error plays in cybersecurity breaches. According to the report, a staggering 94% of data breaches are attributed to mistakes made by individuals rather than technological flaws. This highlights the pressing need for organisations to adopt a human-centric approach to managing cyber risks.

The report says that while advancements in technology have fortified defences, the human element remains the weakest link. Common errors include misaddressed emails, failure to follow security protocols, and lapses in vigilance due to employee fatigue.

Other concerns centre around AI, Collaboration Tools and Budgets. AI in particular, is seen as both a boon and a worry for companies. While 95% of organisations use AI to bolster cybersecurity, concerns about AI-driven threats, including sensitive data leaks, are rising. Many businesses admit they are not fully prepared to handle these challenges.

Mimecast advocates for regular employee training, tailored cybersecurity strategies, and the integration of AI-driven tools to mitigate these risks.

As organisations grapple with increasingly sophisticated threats, the findings underscore the importance of addressing human vulnerabilities to safeguard sensitive data and maintain operational integrity.

Newsletter Image: Google Technical Glitch Wipes User Timelines

Google Technical Glitch Wipes User Timelines

Google Maps Timeline, a feature cherished by users for its ability to track travel history and locations visited, recently faced a significant technical issue. Recently, Google acknowledged that a glitch caused the deletion of Timeline data for some users, leading to frustration and concern among affected individuals.

The Timeline feature, previously known as Location History, allows users to revisit past trips and routes, serving as a valuable tool for personal and professional purposes. However, the recent incident highlighted vulnerabilities in the system. Google revealed that the issue stemmed from a technical error during the transition from cloud-based storage to on-device storage, a move aimed at enhancing user privacy. While this change was intended to secure data from external access, it inadvertently led to the loss of years’ worth of travel history for some users.

Google has since reached out to affected individuals via email, offering guidance on recovering lost data. Users with encrypted backups enabled can restore their Timeline data through the Google Maps app. Unfortunately, those without backups are unable to recover their lost information, underscoring the importance of enabling backup features for critical data.

A Reminder To Backup Your Important Data

The incident has sparked discussions about the reliability of cloud services and the challenges of balancing privacy with functionality. While Google has assured users that steps are being taken to improve its systems and prevent similar issues in the future, the event serves as a reminder of the potential risks associated with digital data storage.

For users relying on Google Maps Timeline, this incident highlights the need to regularly review backup settings and ensure data is securely stored. As technology continues to evolve, maintaining a proactive approach to data management is essential to avoid unexpected losses.

Need Cyber Security?

If you’re a business in the North East of England and looking for professional and reliable cyber security services, IT consultation, and general IT services to keep your company cyber secure, get in touch. Cybersecurity is a continuous process, and staying proactive is key to safeguarding digital assets.

Recent Posts