HAKMAGEDON:
HACKER ATTACKS SPRINGING UP LIKE MUSHROOMS AFTER
RAIN
Written by, Lidiya Belcheva and Mihail Mihov, ICM3A
Written by, Lidiya Belcheva and Mihail Mihov, ICM3A
source: Phandroid.com
Who would have thought
that Sony may become the victim of a hacker attack, and affect about 100
million people? Or will ever have a virus for Apple? Such things happen in the
wonderful world of technology in which we live. If you are not impressed, let
me remind you - in the last two months groups like Anonymous and Lulz Security
managed to break the defenses of some of the most famous companies in the world
and to obtain data and information on many, many users (Press, 2012) .
And now, the last once are standing in nervous anticipation of what could be
the consequences of this fact. The answer is: not pretty.
According to official
data from the International Cyber
Security Protection Alliance (ICSPA), each year over 475,000
people become victims of cybercrime. In fact, the victims are much more, since
not all were registered complaints (About, 2012) .
How to prevent cybercrime
in today's hectic times is a matter that concerns all of us?
How do we know that
our personal information will fall into the wrong hands? Many questions and
answers are very difficult to answer.
Cybercrime
opportunities are almost limitless, as it is cyberspace. The cybercriminals are
actively using the tactic of "precision strikes", which is to
intentionally attack certain companies to steal confidential data and financial
information.
Cybercriminals
continue to inflict major blows, using new methods. Here are some of them:
The USB flash memory sticks have become bigger
and bigger “friend” with the hackers. You cannot be sure if the information you
own is going to be safe for long if you plug your FlashDrive inside a computer
that contains valuable information. Hackers use this type of devices as a
“bridge” between them and your information mainly because you feel comfortable
with it and you cannot suspect that it can contain any viruses and warms (Cluley, 2010) .
Typical
for that malware is that, it starts automatically when the flash memory is placed
in the USB port on your computer, while the AutoRun function of your operation
system is not disabled. According to the analysis of experts from the computer
security giant, McAfee in the first quarter of 2012 this type digital
infections are on third place for computer threat (Mostyn-Brown, 2012) .
You have
to bear in mind the two main ways that you can acquire insecure or infected
Flash drive:
1.
If you transfer infected fail from internet to your flash
drive;
2.
Recently the hackers founded really creative way to
distribute infected USBs via the employees of the large companies that they are
targeting. The way it works may be, by “accidently” dropping a USB stick on the
parking of the company. Then it being found by an unsuspected worker, he will
plug it in a computer that is connected to the corporate system… and that’s it.
The hackers have direct inside access to the files of your company (Manjoo, 2010) .
Tip: Always scan the USB flash drive via antivirus program
before to access it.
Do not
be naive and if you find a USB on the parking lot, just leave it on there. J
E-MAIL PHISHING… DON’T BE A DUMMY!
The
first thing that you have to know about the security of your email is that:
Free e-mail services are not designed for security! Hackers can crack most
email passwords in a minute via the illegal activity called”Phishing”.
E-mail phishing and fraudulent links. How does “phishing” look like?
Phishing
e-mails are used for steal your identity through the Internet - usernames,
passwords, bank accounts, addresses, emails, files, documents, information etc.
In most cases they want from you to enter your personal information or they
want you to access direct links to websites. If you do that, you are becoming a
victim of phishing.
Email phishing
have many different forms (Mills, 2010) :
·
They can look like e-mails sent from your bank or other
financial institution, from a company that you have regular business relations
with, your Internet service provider or even from the site of the social
network that you are using.
·
They can be disguised as letters from someone you know. This
is called "spear phishing". Those letters used to form a unified form
of mass messages from a company that the victim knows well, institutions or
sites like eBay and PayPal. The sender can be someone who is working in the organization
or generally a person whose job involves relations with customers or employees.
·
Phishing emails may contain the official logos or other
distinctive signs that are taken directly from legitimate websites! It can also
contain compelling information relating to you that the scammers found on
social networks (Mills, 2010) .
·
Another very significant feature of the phishing e-mail-it is
that it may contain references to fake websites. Those websites look like the
original once, but they differ in logo colors or misspelling of the name. For
instance, a shopper might accidentally land on the domain, wallmatt.com, as
opposed to the big-box retailer's actual walmart.com (Anglen, 2011) . After your first appearance there, they
immediately ask you to enter some personal information.
Tip: Don’t use your e-mail for confidential information carrier
and change your password regularly ones a month. Try to make it as difficult as
possible via using combinations of capital letters and numbers.
Don’t
download the attached files from suspicious emails and also don’t load the
links inside them.
ANTI-SOCIAL MEDIA
Security
in the social media channels. That sounds like an oxymoron. Big part of our lives
is happening in the social networks right now. We are communicating trough them
and sharing personal information freely. However, recently, the social
networking has become the tool for stealing personal information. Communicating
via such networks is fast and preferred method, but, of course, carries risks
that most of the people won’t even think of. The level of security inside the social
media networks is presented by aNewDomain.net, which is an info-graphics showing
the opinions, views and expectations of the users, regarding the safety of their
personal information (Smith, 2012) .
You
can no longer trust anyone (well, almost no one)
2/3 of people do not believe in campaigns that
are taking place on Facebook, even though they use the platform daily. The
reason for this is the fear of abuse and fraud that the users are undergoing. The
number of consumers that thinks they are victims of hacker attacks in those
platforms is gradually increasing.
A small
percentage of the people know how to protect themselves and their personal data
in the social networks.
The
users of Social networks are hungry for more control over their own shared information.
The social networks must take use of the advantage that they have and to enhance
their effectiveness. This can be done by allowing the users to have more
control over their own information. 61% of them are willing to give away more
info, if they can control who can see what they shared (Smith, 2012) .
Social
media is really useful and comfortable for the hackers. They can select from a
variety of scanning tools by which they can easily screen your keywords, and
mostly names of banks, mobile operators and other organizations close to their
“victim”. Trout social media, hackers provide themselves with the materials
that they need for designing their way into the organization that they are
targeting (Roos, 2012) .
Tip: Always consider the information that you are sharing on
your profile and don’t give away too much.
Be aware
of what terms and conditions you are accepting.
Wi-Fi
Another
widespread method of stealing personal details is the insecure collection of
data over wireless networks, particularly Wi-Fi. Currently, many cafes,
restaurants and other public places offer free Internet access, which is often
not password-protected or encrypted. This means that anyone can use the network
that you are using. At the same time capture and analysis the personal
information via such networks is a relatively easy task for the hackers.
"O
+ K Research" found that 46% of the Smartphone users and 48% of the tablet
owners use unsecured public wireless networks. 29% of the owners of portable
computers are also using free Wi-Fi access. Furthermore, nearly half of
respondents of the survey are using these networks daily or at least 2-3 times
a week (Kaspersky, 2012) .
This rather disturbing statistics validate clearly that consumers underestimate the dangers of the free Wi-Fi access. As for wireless networks, the threat of interception of data can be avoided very easily by using only protected areas with wireless internet access.
Personal
data protection requires not only standard anti-malware software but also an integrated
solution that combines protection of both, data exchange over the Internet and
encryption of financial transactions ( Market Moose, 2011) .
The
so-called hot-spot hackers prefer places with large concentration of business
people, mainly foreigners (e.g. airports, the cafes of the international
business centers). They prefer exactly those areas
because people there tend to connect to free hot-spot networks, in order to
avoid the high roaming tariffs. Hotspot hackers are more likely to “hunt” for credit
cards details, rather than corporate secrets (Garcia, 2012) .
Tips: It is always better to pay for a secure hotspot, rather
than joining the free one.
Never
ignore the warnings of the anti-virus system, regarding to your internet
connection.
NOT SO SMARTPHONE
As much
useful they are, the more dangerous Smartphones and tablets have become. The
latest trends among cybercriminals hacking have become exactly those high-tech gadgets.
The attacks on Smartphones and tablets, the devices through which we already do
everything - talking on the phone, send and receive emails, pay our bills -
have become the latest modern crimes in the currently online crime (Micro, 2012) . Phones are
attacked, by being installed with bugged software. It is only enough an
infected e-mail, to be sent and you not knowing what exactly is it, to activate
it. Another way is through a short message on Skype or Facebook. We know how
only weeks ago the media was booming with news about the thousands of stolen Facebook
profiles (Paganini, 2012) .
For the
past year, the number of malicious programs for mobile devices grew 10 times,
according to security company G Data Software. In the second half of 2011 new
threats to Smartphones and tablets have increased 2.5 times. Especially
interesting for cybercriminals devices are Android - their growth is 8 times (Micro, 2012) .
According
to “O+K Research”, 35% of tablet owners use these devices to store
correspondence related to work, 20% of respondents store data required for
remote access to the company LAN (Kapersky, 2012) .
Around
19% of Smartphone users store passwords of the official server for storing
email on their Smartphone’s memory. About 14% of the data stored on these
devices, include user names and passwords for remote access virtual private
network (VPN). In case of contamination, the loss or theft of these devices,
the information will be valuable prey in the hands of scammers and other
criminals (Kaspersky, 2012) .
For
companies it is important to control the use of personal devices for work
purposes only. This may require applying a single corporate security policy and
using appropriate security solutions. Consumers should also consider protecting
both personal and official data on their mobile phones.
Tip: Set up a PIN
number on your mobile.
Be
careful of what you download from the App Stores.
THE FENCED GARDEN OF APPLE
An
example is the considered to be an impenetrable Mac OS X from Apple. It
appeared Apple is one fenced garden, guarded only by his company founder, in
which case hackers can easily go over the hedge. The problem for users of the
platform's most successful IT Company in recent years is that they have no real
safeguards (James, 2012) . Moreover, bugs are spreading
really fast, i.e. writing viruses for Mac OS is already one profitable
business. Yes, business, and a very profitable one. Because cybercriminals act
like any normal company – they calculate whether it is worth working on a leak,
how much revenue can this bring them, and if it is worth, they ACT (Kosner, 2012) .
Obviously
they are successful, because the first Trojan for OS Apple Mac Defender managed
to infect more than 120 thousand computers, and the company was forced to
release a "patch" for the operating system with which to protect
consumers. They, themselves have bigger problems - after a lifetime being
admonished that there is nothing to worry about - no viruses for Mac, now this comes
as a shock for Apple (Palis, 2012) . There is no doubt
that there will be another similar malware against the platform. And while this
time are affected 120 thousand people (who have even provided information about
their credit card on the software), the following can be much more (Keizer, 2011) .
Tip: Download apps from recognized sources only, such as Apple's
App Store, Google's Android Market and Amazon's App Store…
THE BOTTOM LINE
The vast and fast
spreading of cybercrime during the ages has even lead countries to take
measures on dealing with this problem. Security agencies and companies in the
field of information security laid the foundations of the International Cyber
Security Protection Alliance (ICSPA) for protection from hacker attacks, in
London. This new structure aims is to fight cybercrime globally (About Section , 2012)
The organization
members are governments, international business associations and law
enforcement agencies, including Europol. Among the members of the alliance are
companies like McAfee and Trend Micro (About, 2012) .
British Prime
Minister David Cameron expressed his approval. He announced that the government
has already invested 650 million pounds to improve national infrastructure and
providing protection against cybercrime (Rutt, 2011) .
"Cybercrime is a
global problem and to deal with it, we need a strong partnership between the
public and private sectors." commented the British government.
Cameron does believe
that the nature of this type of crime requires international cooperation in
combating. Among the objectives of the structure is to improve national
legislation and the ability to fight "unprecedented threat". The
European Union and several foreign governments will fund the new body (Rutt, 2011) .
One of the main
activities of the new organization will be providing particular assistance to
countries that need it most - as China (Shea, 2012) .
And
finally, now talking about more serious measures against hackers- The EU wants at least five years in prison
for computer crimes and a proven unified
strategy for preventing such crimes on a European level. U.S. also pays more
attention to the problem, but the issue is that the weakest link remains the
user (Masnick, 2012) . By means, the one who does not know where to click,
what to look at and with what he will be infected. And as proved the case with
IMF - that's more than enough (Haris, 2011) .
CAUSE AND EFFECT
If I have to summarize all the threats, they
move into two directions. One of them is, of course, social networks, where
users are slightly more trusting than they should. At least those networks are
supposed to only for friends. Is this true- well nobody can guarantee this, but
still. Second leading trend are the mobile phones, which in most cases have
access to very sensitive both company and personal level of information. And
the attacks against them are really, really just in their beginning.
Bibliography:
Market Moose.
(2011, Nov 11). 3 Rules of Using Free Public Wi-Fi to Prevent Session
Hacking of Your Laptop or Other Device. Retrieved Dec 14, 2012, from
Market Moose :
http://marketmoose.com/2011/11/3-rules-of-using-free-public-wi-fi-to-prevent-session-hacking-of-your-laptop-or-other-device/
About. (2012). Who we are? Retrieved Dec 15, 2012,
from The International Cyber Security Protection Alliance:
https://www.icspa.org/
Anglen, R. (2011, Dec 26). Misspelled websites aim to
steal information. Retrieved dEC 14, 2012, from USA Today, Tech:
http://usatoday30.usatoday.com/tech/news/story/2011-12-26/typosquatting/52229886/1
Cluley, G. (2010, jan 5). Flash drive manufacturers
warn: Hackers can decrypt 'secure' USB sticks. Retrieved Dec 14, 2012,
from NakedSecurity :
http://erratasec.blogspot.com/2008/01/hacking-flash-memory.html
Garcia, A. (2012, Nov 18). Hacking Easy at Free Public
Wi-Fi Spots. Retrieved Dec 05, 2012, from NBC:
http://www.nbclosangeles.com/news/tech/Free-Public-Wi-Fi-Privacy-Hacking-133976113.html
Haris, M. (2011, June 12). Pirates of the document
e-mail hacking IMF. Retrieved Dec 14, 2012, from All voices:
http://www.allvoices.com/contributed-news/9370398-pirates-of-the-document-email-hacking-imf
James, C. (2012, Nov). Our beloved Macs and the hidden
costs of cybercrime. Retrieved Dec 14, 2012, from Cynthia James on
Cybercrime: http://cjonsecurity.com/cj-security/our-beloved-macs/
Kaspersky. (2012, May 22). Number of the week: 32% of
users have connected infected storage devices to their computers .
Retrieved Dec 10, 2012, from Kaspersky: http://www.kaspersky.com/about/news/virus/2012/Number_of_the_week_32_of_users_have_connected_infected_storage_devices_to_their_computers
Keizer, G. (2011, Sept 28). Cyber criminals hack Macs.
Retrieved Dec 14, 2012, from Computerworld UK:
http://www.computerworlduk.com/news/security/16806/cyber-criminals-hack-macs/
Kosner, A. W. (2012, Aug 08). New Trojan Backdoor
Malware Targets Mac OS X And Linux, Steals Passwords And Keystrokes.
Retrieved Dec 15, 2012, from
http://www.forbes.com/sites/anthonykosner/2012/08/31/new-trojan-backdoor-malware-targets-mac-os-x-and-linux-steals-passwords-and-keystrokes/
Kaspersky. (2012). Perception and knowledge of IT threats: the
consumer’s point of view. Retrieved Dec 15, 2012, from Kaperski:
http://www.kaspersky.com/downloads/pdf/kaspersky-lab_ok-consumer-survey-report_eng_final.pdf
Manjoo, F. (2010, Oct 5). Don't Stick It In!
Retrieved Dec 11, 2012, from Slate:
http://www.slate.com/articles/technology/technology/2010/10/dont_stick_it_in.html
Masnick, M. (2012, Apr 4). EU Cybercrime Bill Targets
Anonymous: Makes It A Criminal Offense To Conduct 'Cyber Attack'.
Retrieved Dec 14, 2012, from Tech Dirt:
http://www.techdirt.com/articles/20120403/02335718342/eu-cybercrime-bill-targets-anonymous-makes-it-criminal-offense-to-conduct-cyber-attack.shtml
Micro, T. (2012). Security in the Age . Tokyo: Trend
Micro, Incorporated.
Mills, E. (2010, Nov 17). How to recognize phishing
e-mails. Retrieved Dec 06, 2012, from CNet:
http://howto.cnet.com/8301-11310_39-10396786-285/how-to-recognize-phishing-e-mails/
Mostyn-Brown, M. (2012, May 29). McAfee Reports 2012
First-Quarter Malware Spike. Retrieved Dec 12, 2012, from Midsize
Insider:
http://midsizeinsider.com/en-us/article/mcafee-reports-2012-first-quarter-malwar
Paganini, P. (2012, Apr 26). Cyber threats in mobile
environment. Retrieved Dec 14, 2012, from Security Affairs:
http://securityaffairs.co/wordpress/4560/cyber-crime/cyber-threats-in-mobile-environment.html
Palis, C. (2012, June). Mac Flashback Trojan Affecting
Thousands: Apple Issues Fix (UPDATE). Retrieved Dec 15, 2012, from
Huffington Post :
http://www.huffingtonpost.com/2012/04/05/mac-flashback-trojan_n_1405766.html
Press, A. A. (2012, June 26). Cyberattacks expose
network weaknesses. Retrieved 12 16, 2012, from CIO:
http://www.cio.com.au/article/390361/cyberattacks_expose_network_weaknesses/
Roos, D. (2012, Aug 11). How Online Social Networks Work
. Retrieved Dec 08, 2012, from HowStuffWorks? :
http://computer.howstuffworks.com/internet/social-networking/information/how-online-social-networks-work2.htm
Rutt, E. (2011, Dec). The international Security Review
- Innovators go head to head in security challenge . Retrieved Dec 15,
2012, from Global Response Publishing:
http://www.arktis-detectors.com/fileadmin/downloads/media/2011-12_GlobalResponse_12_11.pdf
Schwab, K. (2012). Global Risks 2012. Geneva: World
Economic Forum.
Shea, D. C. (2012). 2012 REPORT TO CONGRESS OF THE
U.S.-CHINA ECONOMIC AND SECURITY REVIEW COMMISSION. Washington: U.S.
GOVERNMENT PRINTING OFFICE.
Smith, G. (2012, Feb 22). Social Media Privacy: Trust No
One (infographic). Retrieved Dec 10, 2012, from ANewDomain :
http://anewdomain.net/2012/02/22/the-sad-state-of-social-media-infographic/
