Analysts Expect Explosion in Mobile Malware

As consumers have overwhelmingly flocked to purchase smartphones—149 million were shipping in Q4…a 37% increase over Q4 2010—mobile operating systems from the likes of Apple, Google, and Microsoft are becoming big targets.

Malware, which consists of virusesspyware, scareware, and other digital infections designed to steal data, is known to be a serious issue for PCs. And in response, there are complete security solutions that include antivirus, anti-spyware, anti-phishing protection, anti-spam and firewall protection. As smartphones gradually eclipse PCs in usage volume, criminals will direct their malware efforts toward mobile devices. But at present, the world of mobile security offers very few options.

According to McAfee Labs™, “nearly all the types of threats to desktop computers that we have seen in recent years are also possible on mobile devices (parasitic viruses may be a notable exception for modern mobile OS’s, more on this below). Moreover, we are bound to see threats readapted to mobile environments and, unfortunately, we are also likely to see new kinds of malware that target smartphone capabilities that are not available on desktops.”

Now would be a good time to install a mobile security product on your smartphone.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Data Back-Up Strategies for Your Business

Do you backup data? One would hope you do, and can’t imagine you don’t, but sad to say, many find data backup overwhelming and tedious so they nix it. One of the problems with getting a small businesses to secure data is they think they need to load up thumbdrives, DVDs or tape devices manually. This is in fact tedious and overwhelming.

I’ve got news for you, data backup is easy. With onsite software/hardware and offsite cloud based servers, business data backupis a complete no brainer.

There are many databackup options. New PCs often come bundled with backup options. Microsoft Windows 7 comes with “Windows Restore/Back Up” accessible via the Control Panel, and Macs offer a data protection option called Time Machine. You can buy an external hard drive to copy your files too, or invest in a remote backup service.

I suggest backing up twice on local drives and once in the cloud.

Cloud backup options include Mozy, and Carbonite among others.

Mozy online backup costs $6 per month to back up 50 gigabytes of data on one computer, or $110.00 a year for 125 gigabytes on up to three computers. Mozy offers an easy to use interface and quick, effortless backups of every file type, including files on external drives. If you have over 110 gigabytes, though, it gets pricey.

Carbonite online backup offers unlimited storage from one computer for under $5 per month. Carbonite is inexpensive with an easy-to-use interface that allows you to access your data via an iPhone app, which is very cool. Unfortunately, Carbonite won’t back up external drives, backing up certain media, like videos, is slow, and you have to manually check your folders to make sure everything has successfully been backed up. Also, certain files like software programs with a variety of unusual file extensions, have to be zipped beforehand, since Carbonite won’t back up the individual files with odd extensions.

Local drives: For many small businesses 1-2 TB is all the backup you need. Install a secondary 2TB drive and for $20 install Goodsync. Goodsync automatically backs up your data locally from an internal drive to many external drives.

Goodsync automatically syncs my internal E: drive and external F: drive every two hours. I do this because, while all my data is stored in the cloud, if my internal drive does crash, downloading it all would be a chore, plus, I’d need a drive to download it anyway.

The cloud is ideal for mitigating major data losscatastrophes, but not practical for accessing data on a daily basis.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

How will NFC change the mobile wallet?

NFC is an acronym for near field communication, a wireless technology that allows devices to talk to each other. In the case of a mobile wallet application, those devices would be a mobile phone and a point of sale device at a checkout counter.

USA Today reports that the number of NFC handsets is set to increase from about 34 million this year to about 80 million next year. Gartner estimates that growth in handsets will exceed 100 million in 2012, and that that 50% of smartphones will have NFC capability by 2015.

The short list of big players, which includes Google, Citibank, MasterCard, Gemalto, First Data, VeriFone, Samsung, Sprint, AT&T, T-Mobile, Verizon and  Isis, are all deploying some version of a mobile wallet. Isis’s website promises, “Mobile wallet will eliminate the need to carry cash, credit and debit cards, reward cards, coupons, tickets, and transit passes, fundamentally changing how you shop, pay, and save. All with your phone.” And all powered by NFC.

NFC can also be used to connect online gamers. Within social networking websites, NFC can facilitate the distribution of coupons that can be scanned at in-store terminals.

Soon, we will see online retailers embrace the potential benefits of NFC in order to create effective loyalty programs, supported by online advertising and social media campaigns

With full deployment, near field communication will make every day transactions incredibly convenient. If you think your cell phone is your everything today, wait until you see what’s coming next!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

5 Must Have Small Business Security Tools

Security Alarm System: No matter what kind of business you are in, there is something of value within your facility that a criminal will fence for drugs. Everything from products you sell, to warehouse items, maintenance tools, phone systems, office furniture, computers and the company safe.

Security Cameras: Whether you are protecting the perimeter of the property from vandals or thieves or protecting the inventory from theft, or even the cash register from sweethearting or robbery, security cameras are an essential component to any small business security system.

Business Continuity: Having a data backup locally is essential. Having a data backup in the cloud is fundamental. And having a backup for all your network operations either at a remote facility or accessible in the cloud is an insurance policy no small business should do without.

Secure Information Technology: A comprehensive information security plan that involves encrypting all sensitive data, ongoing critical security patches, antivirus protection, antispyware, firewalls (both software and hardware) and a secure Internet gateway are critical to preventing costly data breaches.

Secure Mobile Fleet: Managing digital devices such as mobile phones, tablets, thumbdrives and any other portable device that stores or communicates data can be the equivalent of herding cats if not done right. IT managers must have security policies in place to deal with and manage devices attached to the network in some way. Many security vendors provide comprehensive solutions to keep track of, lock down, and secure devices.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Underground Forums Selling Stolen Credit Cards



“Carders” are the people who buy, sell, and trade stolen credit card data online. This carding forum video provides an example of an online forum where stolen credit cards are bought and sold.

Hackers rely on a variety of techniques to obtain credit card data. One such data theft technique is wardriving, in which criminals hack into wireless networks and install spyware. Another is phishing, in which spoofed emails prompt the victim to enter account information. Phexting or smishing are similar to phishing, but with text messages instead of emails. Some hackers use keylogging software to spy on victims’ PCs. Others affix devices to the faces of ATMs and gas pumps in order to skim credit and debit card data.

NPR reports an FBI agent calling himself Master Splynter was assigned to the underground and had created an entire backstory for Master Splyntr to get the criminals on the underground sites to trust him.

In the course of his dealings with “carders” (criminal hackers dealing in stolen credit cards) he developed relationships with the leaders of a particular forum.  This relationship proved paramount as an attack came upon this forum jeopardizing its existence. Master Splynter convinced the forums leaders to move the forum off its current server and onto his own server that was “well hidden from law enforcement” and safe from other hackers.

Now the FBI had full control of all the traffic moving through the forum and was able to identify the credit card theft suspects, make some arrests and take down the forum.

While an accomplishment, it’s only a small one as carding forums pop up every day to take this one’s place. As long as credit cards as we know them are easy to compromise via skimming or hacking and anyone can make a card not present transaction over the web, credit card theft and underground forums like these will proliferate.

Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

Organized Crime Drives Increasing Auto Insurance Costs

All over the world, insurance fraud equates to a multi-billion dollar issue. The Guardian reports that in the United Kingdom, “insurance fraud [has] been on the rise since the recession began. Figures to be published by the Association of British Insurers (ABI) are expected to show that these are still on the rise. As it is, the ABI puts the total cost to the industry of undetected general insurance claims fraud at £2bn per year. This adds around £40 a year to the insurance premiums paid by all policyholders.”

Much of this increase is said to be due to the involvement of organized criminals. The most common fraud technique is known as a “crash for cash” scam, in which criminals slam on their brakes in order to cause an accident with the car behind them, leaving the victim’s insurance on the hook for the cost of damages.

One way of minimizing fraud is to stop organized criminals from transacting with a business over the Internet. Online insurance, retail, gaming, and even dating sites can weed out risky accounts based on devices’ reputations using iovation’s device identification service. When PCs, Macs, tablets, or smartphones collude, a pattern can be detected and fraud can be prevented.

By utilizing iovation’s fraud detection service, insurance companies can not only recognize high-risk devices responsible for creating fraudulent online policies, but also avoid paying for frequent “crash for cash” scams and help to reduce the rise in premiums for honest policyholders.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Spotlight on RSA: Latest Security Threats

2012’s RSA Conference kicks off February 27th. Executive Chairman, RSA, Security Division of EMC Arthur Coviello, Jr. will present a program focused on the fact that in the past 18 months, organizations throughout the world have been under attack by nation-states, “hacktivists,” and cyber criminals.

PBS NewsHour Senior Correspondent Jeffrey Brown will address “hacktivism”—the use of computers and computer networks to protest or promote a political agenda or ideology—which Brown will argue has reached a tipping point, requiring an adjustment in our approach toward enterprise security.

And Stuart McClure, Chief Technology Officer at McAfee, will discuss the rapid evolution of the threat environment, and how what was once considered theoretical has become reality.

No one is immune, whether you are a soccer mom, small business, major corporation, the federal government, or the president of Syria, whose email account (password: “12345”) was hacked by a collective known as Anonymous, who were able to access hundreds of private email messages. Anyone who attracts the attention of a criminal hacker is a target.

“Hacktivists” are activists who use computer hacking as a weapon against anyone they deem oppressive. There may be hundreds of thousands of hackers operating based on this justification for their hacking, with little to no oversight or guidelines beyond their individual impulses determining their next victim. In some cases, hackers are motivated simply by petty dislike or disagreement.

Protecting your networks starts with a few basics, including:

  • Total, “all-access” protection, including antivirus, anti-phishing, and anti-spyware
  • Full disk encryption
  • Firewall security appliances
  • WPA2 wireless security
  • Up-to-date operating system and software critical security patches

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Prevent Someone From Slipping You a Micky

Some call it a Mickey or a roofie but technically they are known as Rohypnoll, Ketamine or GHB. These are drugsdesigned in specific quantities that when taken can cause temporary loss of memory and in some cases cause a person to black out.

Most often the drugs are in pill form but can be ground into a powder that is tasteless and odorless however Rohypnoll has been redesigned to turn blue when in contact with fluids and GHB may be salty to the taste.

When the drugs are dropped in someone’s drink whether it be water or a cocktail they won’t taste it going down. They’re fast acting drugs that in the right quantity will send a person to another dimension within an hour.

The ease in which it is to drop a powder into a drink coupled with the control that a bad person can have over another is what makes this such an attractive crime to many evil doers.  I did a segment on the Tyra Banks show where we set up an actor in a bar who “hit” on 3 different woman we west up to go to a bar. Our actor approached all three of these woman who made it very easy for our actor to either slip them a roofie and or get them to his car where he had duct tape, ropes and other tools to restrain.

The most effective ways to prevent yourself from getting drugged include common sense tactics such as:

Get your own drink: Never let anyone get you a drink. Even if they insist.They can buy you a drink, but you need to get if from the bartender.

Cover your drink with your hand: This means never putting it down and walking away. It also means being somewhat obsessed with having your hand over the opening of the glass or the mouth of a bottle.

Invest in drink detection tools or devices that prevent a Mickey from being inserted here.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

Beware of Ghost Brokers

The insurance industry is thoroughly regulated, with numerous checks and balances. In the United Kingdom, however, scammers are able to pose as insurance brokers—or “Ghost Brokers”—offering significantly cheaper insurance than legitimate insurance firms.

The Telegraph reports, “The multi-million pound scam is operated by fraudsters who target drivers who are economising and looking for cheaper motor insurance deals. These motorists are likely to be vulnerable pensioners, young drivers struggling with soaring premiums and those living within communities where English is a second language.”

The scary part of this scam is that when unsuspecting victims purchase policies, they get certificates of insurance that are essentially worthless. In the event of an accident, they will not be covered.

In some cases, the ghosts will contact legitimate insurance brokers and broker deals for insurance policies that they then pay for using stolen credit cards. The victim gets a real certificate of insurance, but it’s been paid for with stolen money. When the fraud is discovered, the policy is cancelled.

These rogue brokers engage in guerilla marketing campaigns involving windshield flyers, classified ads, and professional-looking websites.

Major insurance companies would fare better if they could identify ghost brokers and stop them in their tracks. One anti-fraud service that’s been garnering attention for delivering fast and effective results is iovation’s ReputationManager 360. This SaaS-based fraud prevention solution incorporates device identification, device reputation, and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and abuse in real time by analyzing the computers, smartphones, and tablets being used to connect to websites. iovation’s service can recognize devices that have been involved in scams and help insurance companies stop fraudsters upfront.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

5 Tips To Secure Online Shopping This President’s Day

Making a purchase online around Presidents day? Keep in mind criminals are working hard to intercept your credit card numbers in various way.

#1 SCAM: Black-Hat SEO: Criminals create fake websites and then use the same techniques as legitimate online businesses regarding search engine optimization, marketing, and online advertising via Google AdWords. They use keywords to boost rankings on Internet searches, causing their spoofed websites to appear alongside legitimate websites. These same processes are also used to infect unsuspecting users with malware.

SOLUTION: Do business with known sites. Use the exiting e-tailers you’ve done business with. Otherwise install a “SiteAdvisor” that scans websites looking for malware.

#2 SCAM Phishing: emails offering high-end products for low prices. The same applies to any offers received through tweets, or messages sent within social media.

SOLUTION: Common sense says that whenever you receive an unsolicited email offer, you ought to automatically be suspicious. Delete.

# 3. SCAM: Domain squatting: When what looks like a trusted website sends you an email looking like a familiar domain, beware of cybersquatting and typosquatting, in which the address only resembles the legitimate domain, but is a trap.

SOLUTION: Make sure you’ve been taken to the correct URL for the retailer.

#4 SCAM: Unsecured sites. Scammers generally don’t take the time to create secure websites.

SOLUTION: When placing an order online, always look for “https://” in the address bar, signifying that a page is secure. Note that an image of a closed padlock also indicates that a website is secure.

5. SCAM: eBay email scammers. It’s difficult to tell a real eBay email offer from a fake one.

SOLUTION: If you are seeking deals on eBay, go directly to the site itself, and don’t bother responding to emails. If a deal in an email is legitimate, you can find it by searching eBay.

Robert Siciliano personal and home security specialist toHome Security Source discussing home security and identity theft on TBS Movie and a Makeover.