McAfee Labs 2014 Predictions

As we wind down the year, it’s a time to reflect, but also to look forward. Some of us may be thinking about resolutions and what we need to do in the upcoming year—exercise more, eat better, have better work/life balance, etc. Others of us will be thinking about how we’re going to ring in the New Year.

This time of year the McAfee Labs™ team is busy looking at what the new threats are going to be and what are new trends they expect to see. Today they released their 2014 Threat Predictions, and here’s what they believe will be in store for us:

Mobile Malware

While this is not new, this category of malware is growing like wildfire and McAfee Labs sees no slow down on this in 2014. And besides continued growth in this category (mostly on the Android platform), they believe that some  types of mobile attacks will become prevalent.

One of these growing attacks is ransomware targeting mobile devices. Once the cybercriminal has control of your device, they will hold your data “hostage” until you pay money (whether that’s conventional or virtual, like Bitcoin) to the perpetrator. But as with traditional ransomware, there’s no guarantee that you really will get your data back.

Other mobile tactics that will increase include exploiting the use of the Near Field Communications (NFC) feature (this lets consumers simply “tap and pay,” or make purchases using close-range wireless communications), now on many Android devices, to corrupt valid apps and steal data without being detected.

Virtual Currencies

While the growth of Bitcoin and other virtual currencies is helping promote economic activity, it also provides cybercriminals using ransomware attacks with a perfect system to collect money from their victims. Historically, payments made from ransomware have been subject to law enforcement actions via the payment processors, but since virtual currency is not regulated and anonymous, this makes it much easier for the hackers to get away with their attacks.

Attacks via Social Networking Sites

We’ve already seen the use of social networks to spread malware and phishing attacks. With the large number of users on Facebook, Twitter, Instagram and the likes, the use of these sites to deliver attacks will continue to grow.

In 2014, McAfee Labs also expects to see attacks that leverage specific features of these social networking sites, like Facebook’s open graph. These features will be exploited to find out more information about your friends, location or personal info and then be used for phishing or real-world crimes.

The other form of social attacks in 2014 will be what McAfee Labs calls “false flag” attacks. These attacks trick consumers by using an “urgent” request to reset one’s password. If you fall for this, your username and password will be stolen, paving the way for collection of your personal information and friend information by the hacker.

2014ThreatPredictions

Here’s some security resolutions to help you stay safe online in 2014:

  • Strengthen your passwords: If you’re still using easy to remember passwords that include your home address and pet’s name, it’s time to get serious about creating strong passwords that are at least eight characters long, and a combination of numbers, letters and symbols. Don’t include any personal information that can be guessed by hackers.
  • Don’t open or click on suspicious emails, text or links: By simply opening an email with a piece of ransomware within it you could be leaving your devices vulnerable to hijacking.
  • Be aware when downloading apps: Since apps are the main way mobile malware is spread today, make sure to do your research before downloading any app and only download from reputable app stores.
  • Limit your use of NFC, Wi-Fi and Bluetooth: If your phone has NFC capabilities, you may be unaware of default settings. Turning this feature off, as well as turning off Bluetooth and Wi-Fi connections, will not only help you save battery life on your devices, but prevent attacks from hackers looking to exploit your wireless connections.
  • Check your bank statements and mobile charges regularly: This way, you can discover and report any suspicious charges
  • Install comprehensive security on all your devices: With the growing amount of threats that we’re seeing, you want to make sure that your all your devices (not just your PC) are protected. Consider installing security software such as McAfee LiveSafe™ service that protects your data, identity and all your devices (PCs, Macs, smartphones and tablets).

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Online Shopping Warnings and Advice

Shopping online can be just as dangerous to your security as leaving your car unlocked in the mall parking lot.

2CConsumer Reports notes the following:

Don’t judge a website by its cover. A malicious website can look legitimate, even though it aims to nab your personal data, even identity, or sell counterfeit products.

Others aim to lure you in “with low prices they honor only if you buy extra items, or quietly adding unexpected charges based on fine-print disclosures they know you won’t read.”

  • Look up any unfamiliar online store on bbb.org (Better Business Bureau). Check the rating, any adverse reviews and confirm its address. Search it out with keywords like “complaints.”
  • Carefully read the seller’s fine print.
  • Don’t use a debit card; use a credit card, so that the dispute process is easier.

Defective products. Read the fine print; it may say that all goods “are sold as is.” This means you won’t have the right to receive a replacement for bad merchandise.

You may be able to get a refund within 30 days of purchase, but beyond that, many sites say you must deal directly with the product’s manufacturer (you’ll need to pay for return shipping). Another problem is when the website is not an authorized dealer for the product you bought.

  • Make sure the site is an authorized dealer. Contact the manufacturer if necessary. Read the terms and conditions.
  • Be suspicious of sites that you know or believe will send you tons of spam after your purchase.
  • Understand the site’s privacy policy before giving personal data. “Many retailers let you elect to receive offers or have your info shared.” Others will automatically spam you or share your information unless you uncheck the pre-checked option boxes. “And limit the info you provide to what’s critical for completing the purchase.”

Infected computer, or your payments are disrupted.

  • Never give out credit card information unless the Internet connection is secured.
  • Don’t peruse the Web unless the computer (or smartphone) is protected.
  • Make sure the retailer’s URL begins with a “https” (the “s” is necessary) preceded by a padlock icon.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Protecting Yourself from Debit Card Fraud

A thief got ahold of woman’s debit card information and raided her bank account. This true story is described in a recent St. Louis Post-Dispatch article.

9DThieves can wire money over the Internet and get the cash by showing a false ID, says the article. This kind of fraud is more common than people think. In the woman’s case, Visa detected the theft quickly and she got her money back. Many victims, though, learn they were robbed only after a check bounces.

You can’t 100 percent prevent card fraud because thieves hack into computers at banks and retailers to get card information. A clerk, even, can run your card through electronic skimmers to duplicate it. Skimmers are then swiped through ATM machines or gas pumps, ripping you off. However, there are ways you can reduce the fraud.

Don’t be phishing bait. An e-mail comes to you claiming you must make a payment and includes a link where to do this. These scam e-mails make gullible people think they’re from banks, retailers, even what seems like the IRS. The link to a phony website entices victims into typing in their bank account or credit card numbers: a done deal for the thieves.

Review bank and credit card statements promptly. Reporting something suspicious within two days means minimal liability with bank accounts. Wait too long and you may never recover your loss.

Never lose sight of your debit card. Always watch clerks swipe it. Don’t hand it to anyone else at the store.

Consider ditching the debit/credit card. Use an ATM card and a separate credit card rather than the combo.

Never give your card to anyone. This means a caregiver, nanny, dog sitter, relative—you never know what they may do.

Never give your card or account information to someone who phones you.

Never leave your checkbook around where someone can get at it. The St. Louis Post-Dispatch article reports the case of a man whose girlfriend’s heroin-addict son found his checkbook and wrote checks totaling $40,000 before he realized he’d been robbed.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

7 Essentials for a Survival Kit

If you were out in the middle of nowhere for three days or stuck at home due to man made or natural disaster, what would you need to survive? Here are numerous items that are essential for survival. Keep in mind this is a basic list that might be proactively packed in a “go bag” or in a big plastic tub to keep at work or in your home or car. Each category and item can be significantly expanded upon and researched by Googling the key word.

1MClean water and/or iodine tablets and water access

Your body is mostly water; water is the No. 1. tool for survival. For three days you’d need three liters. To expand your water supply, have with you iodine tablets to purify river or groundwater. Consider an investment on a 55 gallon barrel water storage system.

Food

“Energy” bars are high in sugars and pack nicely. So-called backpack meals are also useful. Canned tuna is high in protein. Costco offers months to years’ worth of survival food.

Clothes

  • Sturdy shoes (hiking footwear is even better)
  • Hooded rain resistant jacket
  • Two shirts and long pants (not cotton; cotton retains moisture)
  • Two pairs of socks (wool if you anticipate cold)
  • Long underwear (polypropylene will keep you warm)
  • Wide brimmed hat
  • Bandana
  • Sunglasses
  • Gloves (not necessarily for cold protection, but what if you have to handle earth and rocks?)
  • Plastic bags (to wear over your socks to keep wetness away)
  • Rubberbands (to secure the plastic bags to your ankles)

Shelter

  • Tent (or tarp and a way to set it up)
  • Ground tarp (or sleeping pad) to insulate against ground wetness
  • Sleeping bag

Medical

It’s best to create a first aid kit rather than purchase one. This way, you’ll know exactly what’s in it and how to use the tools. Make sure it contains:

  • Ankle brace (for sprained ankle)
  • Ace bandage
  • Chemical cold pack
  • Bandages, gauze and an anti-bacterial for lacerations
  • Tourniquet
  • Cotton balls
  • Sunblock
  • Tweezers (for de-ticking)
  • Hand mirror (can also be used to reflect the sun to search-and-rescue aircraft!)
  • Sawyer extractor (for snake bites)
  • Vaseline
  • Anything else that might be needed, or that’s specific to your health needs

Tools for survival

  • At least three different fire starting/building devices.
  • A travel chainsaw
  • Backpacking stove and fuel including propane; and a small pot for boiling water.
  • Two flashlights and backup batteries
  • “Survival” knife
  • Map and compass (first learn how to use these!)
  • Topographical map
  • Cell phone with battery backup
  • Solar powered chargers
  • Survival GPS app

Weapons/safety

  • A firearm of choice. A shotgun with various types of shot is most versatile.
  • Pepper spray (the big cans called “bear spray” are best)
  • Air horn
  • Whistle
  • Blunt instruments such as a baseball bat or golf club.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Lessons learned from a Password Attack

It’s easy for millions of passwords to be stolen via hacking into Facebook, Twitter and Gmail accounts: It recently happened because malware was unknowingly downloaded into computers worldwide that extracted log-in information. The data was then directed to the hackers’ server, which was tracked to the Netherlands.

5DA password is never 100 percent secure, but instead, more or less secure than others. Passwords can be cracked in many ways:

Cracking security questions. It seems that most people use easily-traceable names for their secret question when registering a password, such as names of family members and schools they attended. This information is often on their social media profiles and, with a bit of legwork, can be figured out. Often, passwords include these names as well.

Simple passwords. The passwords of 123456, abc123, 11111, etc., are easy to type out and are also among the most common, and thus easily figured out. “Princess” and “querty” are also commonly used words.

Using the same passwords for different sites. One-third of data-breach victims in a recent attack had been reusing passwords. Password reuse for social media, banking and e-mail opens the gate to identity theft.

Dictionary attacks. Software exists that will run any word that’s found in a dictionary (or commonly misspelled words) into the password field. If you use these words, the software will eventually score a hit.

Social engineering. This is when a thief tricks a user into revealing a password (often by sending an “urgent” e-mail informing the user to visit a site where he “must” type in his password).

There is still hope that one day a way to design a 100 percent secure password will be developed, perhaps through a fusion of biometrics, multi-factor authentication and image-based access.

What can you do in the meantime?

  • Use non-traceable words for passwords and answers to secret questions.
  • Avoid using passwords that flow easily off your fingertips like 67890, asdfg, etc.
  • Never reuse passwords. Passwords for all accounts should be very different from each other.
  • Invent names for your passwords that can’t be found anywhere. Avoid phonetic variations of common words or proper names. Don’t use backwards-spelled words.
  • Make sure nobody can see you enter your password.
  • Always log off if other people are nearby no matter how briefly you’ll be away.
  • Use up-to-date comprehensive security software.
  • Never use your password on a public computer.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Protection For Your Shiny New Devices

After Santa heads back to the North Pole, there will be many new devices in the hands of good girls and boys that will be targeted by criminals. With the enjoyment of these cool devices should come top-notch protection for them, as they can be vulnerable to a number of malicious threats.

5WLaptop or PC

What should your security software include?

  • A two-way firewall: monitors the activity on your devices making sure nothing bad is coming in (like unauthorized access) and nothing good is leaving (like your data).
  • Anti-virus software: protects your devices from malicious keyloggers and other badware.
  • Anti-phishing software: watches your browser and email for suspicious inbox activity.
  • Anti-spyware software: keep your PC spyware free.
  • Safe search capacities: McAfees SiteAdvisor plugs into your browser and tells you what websites are good and which are suspicious.

Go further with wireless network protection, anti-spam, anti-theft protection and parental controls.

Free software is not recommended, as it provides only basic protection and you’ll likely end up purchasing more anyways.

Make sure you have a subscription to software that’s automatically renewed every year so that you don’t forget. This is after you figure out whether or not your new device’s protection software is on a trial basis.

Smartphone or tablet

  • Be leery of third-party apps you install on your mobile phone, since malicious apps are the main threat.
    • Download apps only from reputable app stores.
    • Read reviews and make sure you know what information the app requests prior to download.
  • Use mobile security software that includes:
    • Anti-virus and malware protection
    • Anti-theft
    • App protection
    • Web protection
    • Call and text filtering
  • Turn off automatic connections to Bluetooth and Wi-Fi unless you’re using them.
  • Apply app and operating system updates.
  • Never store account numbers, passwords, etc., on your phone or tablet
    • Do not have your apps set to automatically.
  • Apple products are at highest threat; install security software that’s been designed just for the Mac.
  • Never leave your phone or tablet unattended.

Gaming or entertainment device

These devices are vulnerable to many of the same attacks that PCs are, since they’re connected to the Internet.

  • Create backups of your games.
  • Make sure you understand the built-in parental controls.
  • Never store personal information on this device.
  • Connect it only to a secure Wi-Fi network.
  • Use a secure, encrypted USB drive that will muddle up your information to make it unreadable to thieves.
  • Purchase security software to protect the portable hard drive; and set a password.
  • Employ technologies for protecting your information.
  • Never leave the USB drive unattended.

The most important thing to remember is “don’t worry about it” but definitely do something about it. Once you invest in your devices security go play, have fun and be smart about what you do online.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

False Alarms are costly

Unfortunately, cheaper, older security motion detectors can’t distinguish between a 150 pound man and a squirrel or even some papers blowing around. This causes police and firefighters to respond to false alarms. False alarms caused by the elements or animals are common (in the millions each year) and occur with business as well as residential systems.

3HOn average, a police officer uses 20-40 minutes to respond to an alarm. Multiply that out by millions of false alarms. This problem drains resources.

The Drain

In the U.S., 94-95 percent of police responses to burglar alarms are false. The cost comes to $30-$95 per incident–$1.8 billion total in the year 2000, says the Center for Competitive Government at Temple University. Some of this money goes towards preventing and remedying wear and tear on first responders’ vehicular equipment.

Wind, papers and animals aren’t the only problem; prank or ridiculous 9-1-1 calls also factor in, and so do carelessness, mistakes and even frightened but aggressive homeowners who mistake first responders for intruders.

Whopping Fines

The moment someone realizes an alarm was tripped accidentally, they should notify the police and their alarm company to cancel the response. Residents and business owners can be fined for false alarms—three and a row can cost over $300 in some areas. Fees vary by location; a first time violation may cost $50. Good hard fines will sink in deeper and motivate system owners to take measures to reduce false triggers.

Solutions

  • A system that triggers a call to the homeowner or business owner’s mobile phone first. If there’s no answer it goes to the home phone. If there’s no answer it goes to the police.
  • Having a home security system with security cameras allows the homeowner to quickly check on the home via their mobile to see if there is an actual problem.
  • The alarm system should be thoroughly re-evaluated by the company to make sure that a glitch isn’t responsible for at least some of the false triggers.
  • Homeowners should determine if there is enough time when entering or exiting the home when alarms are often triggered.
  • Proactively plan when another person is entering the home such as guests, contractors, cleaners etc. Those “inexperienced” with your alarm are often the culprits.
  • Homeowners must ingrain into themselves the habit of checking to see if the alarm is on before opening the door to check the thermometer outside, retrieve the newspaper or let the dog out in the middle of the night.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Why Should You Shop on Sites with Trustmarks?

With the holiday season in full swing, this is a busy time for a lot of us with parties, gift buying and possibly even figuring out travel arrangements. With all there is to do, many of us will turn to online shopping to help beat the crowds, find deals and not have to worry about what time we shop.

mcaWhile online shopping may be convenient, we also need to exercise some caution. After all, there are websites that are set up to sell fake or pirated digital downloads that can carry viruses or malware along with the product you thought you purchased legally. But there are also a lot of honest people who run legitimate e-commerce sites and care about the privacy and security of their customers.

So, how can you tell if a site is safe and protects your personal information? Well, one indicator of a safe site is one that displays a trustmark. A trustmark is a seal, logo, insignia or other icon that is usually placed on the site (often on the checkout/cart page) to show that the merchant is making an effort to protect you from cybercriminals and online fraudsters who might be out to distribute malware or collect your personal and financial data for the purposes of identity theft. There are a wide variety of trustmarks that indicate various levels of protection.

To better understand trustmarks, and how to use them, follow these simple tips:

  • Don’t just trust it; verify it! Trustmark providers usually provide a live link with their trust seal or icon that allows you to verify the trustmark and whether it is up to date. Don’t just look at the icon and assume that it is legitimate—click to make sure
  • Not all protection is the same. It’s best to conduct your own research on a trustmark to find out what it really means.  Look for regular audits, recent updates and other indications that it provides protection and security for your personal data.
  • Universal protection doesn’t exist. No single trustmark can guarantee protection against anything and everything. Be skeptical and do additional research if you encounter this claim.
  •  Details, details, details. Read the fine print on both the merchant’s and the trustmark provider’s sites. Prominent placement of a privacy policy might look secure, but what level of security and privacy does that policy really offer you?

Legitimate trustmarks can be helpful tools that let you connect with confidence when shopping online. Just remember to take the time to learn a little about the trustmarks you come across so you can make informed decisions about which sites to do business with in the future. For more tips on safe shopping this holiday season, read this blog or download McAfee’s eguide.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.