2012 Threats: Are You Ready?

/in /by

History is said to be a good indicator of what might come in the future. If you follow trends in how things are done and what tends to gain momentum then you can get a pretty good idea of what’s ahead.

McAfee Labs™ is made up of security professionals who spend all their waking hours observing and combating threats to our digital identifies. If anyone is in a position to give us a window into the future on information technology threats, it’s these guys and gals. Here’s what they are predicting we should watch out for in 2012:

–   Attacks on critical infrastructure and utilities— Attackers from all over the world have set their focus on critical life supporting utilities such as water and power to hold those utilities hostage for payment or to disable them to cause terror. This is the kind of industrial threat that many consumers fear. Unfortunately, many industrial and national infrastructure networks were not designed for modern connectivity, making them vulnerable.

–   Political hacktivism—Hactivism is the use of computers or computer networks to protest or promote political change. “Anonymous” is the group which was active last year doing high profile activities such as briefly taking down New York Stock Exchange’s website in support of the Occupy Wall Street protests.

–   Spam, spam, and more spam—Spam is getting easier and cheaper based on the U.S.’ CAN-SPAM Act. Shady, for profit, advertisers are making a mint selling lists to spammers, as advertisers are not required to receive consent before sending advertising.

–   Mobile malware—PCs are still the low hanging fruit. But as more mobiles are used for mobile commerce (mCommerce), virus makers are creating malware designed take over your phone or to deliver a variety of ads or even send expensive text messages from your phone.

–   Hacked cars, GPS and any wireless equipment—Cybercriminals are now targeting embedded operating systems or even hardware to gain control of everything from cars to global positioning system (GPS) trackers and medical equipment.

–   Cyberwar—Not trying to create fear here, just from observation, McAfee Labs has seen an increase in high-tech spying and other “cyber” techniques to gain intelligence.

As technology evolves and our use of the Internet and mobile devices becomes more complex, cybercriminals are also evolving and honing their skills with new types of attacks. But although some of the threats may seem scary, the reality is many offer new takes on old forms of attack and with a little bit of foresight and preparedness we can guard against them.

Robert Siciliano is a McAfee Online Security Evangelist. See him discussing attacks on our critical infrastructure on Fox News (Disclosures)

Securing New Digital Devices

/in /by

Laptops, desktops, Macs, mobiles, and tablets are on many people’s wish lists this holiday season. Once these shiny new devices are connected to the Internet, they will be under siege by malware created by criminals in order to steal identities.

According to a recent McAfee survey, 60% of consumers now own at least three digital devices, and 25% own at least five. Cybercriminals are taking advantage of these new opportunities by widening their nets to target a variety of devices and platforms. McAfee Labs is reporting an increase in Mac and mobile malware, while PC threats also continue to escalate.

Mobiles: Mobile malware is on the rise, and Android is now the most targeted platform.  Attacks aimed at the Android platform increased 76% from the first to second quarters of 2011. Malicious applications are a main threat area, so be careful of third party applications, and only download from a reputable app store. Read other users’ reviews and make sure you are aware of the access permissions being granted to each app.

Macs, iPads, and iPhones: Unfortunately, the popularity of Apple computers and devices has led to escalated threats. As of late 2010, there were 5,000 pieces of malware targeting the Mac platform, and they have been increasing at a rate of about 10% each month.

Since more threats are being aimed at this platform, consider installing security software for your Mac as a proactive measure. Check out Apple’s new iCloud service, which provides several tools for syncing, backing up, and securing data, and consider a product that offers remote locate, wipe, and restore features in case of loss.

Laptops and desktops: Your security software should include, at a minimum, antivirus software with cloud computing, a two-way firewall, anti-spyware, anti-phishing, and safe search capabilities. Additional levels of protection include anti-spam, parental controls, wireless network protection, and anti-theft protection to encrypt sensitive financial documents.

Gaming and entertainment devices: Remember that the Nintendo Wii and 3DS, PlayStation 3, and Xbox 360 are now Internet-connected, making them vulnerable to many of the same threats as PCs. To protect your investment, make reliable backup copies of your games. Take advantage of built-in parental controls that can help shield kids from violent games or limit when the device can be used.

Some multiplayer games allow kids to play with strangers over the Internet, so if you are a parent, consider employing monitoring tools. Connect your device to secure Wi-Fi networks only, and don’t store personal information on your device.

Removable storage devices: Flash drives and portable hard drives require technologies to protect your data. Consider using a secure, encrypted USB stick, which scrambles your information to make it unreadable if your device is lost or stolen. Install security software that protects portable hard drives, and set a password.  Since removable storage devices are small and easily stolen, you should not leave them unattended.

Learn more tips from McAfee here: http://blogs.mcafee.com/consumer/securing-new-devices

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Social Security Number: All-Purpose Identifier

/in /by

Your Social Security number was never meant to serve the various functions it is used for today. Over the past 70 years, the Social Security number has become our de facto national ID. The numbers were originally issued in the 1930s, to track income for Social Security benefits. But “functionality creep,” which occurs when an item, process, or procedure ends up serving a purpose it was never intended to perform, soon took effect.

Banks, motor vehicle registries, doctors’ offices, insurance companies, and even utilities often require a Social Security number to do business. Why do they need it? Sometimes it’s because your Social Security number is attached to government records like taxes or criminal records, but most often it’s because the number is attached to your credit file.

The IRS adopted our Social Security numbers as identifiers for our tax files about 50 years or so ago. Around the same time, banks began using Social Security numbers to report interest payments, and so on.

All the while, Social Security numbers were required for all workers, so their Social Security benefits could be paid. Most people were assigned a number when they applied, sometime around the age of 16. This was until the 1980s, when the IRS began issuing Social Security numbers to track children and babies who were claimed as dependents. By the late ‘90s, it was standard for most hospitals to provide Social Security number application to new moms.

A federal law enacted in 1996 determined that Social Security numbers should be used for “any applicant for a professional license, driver’s license, occupational license, recreational license or marriage license.” The number can be used and recorded by creditors, the Department of Motor Vehicles, whenever a cash transaction exceeds $10,000, and in military matters.

All this leads up to the unfortunate realization that your Social Security number is out there in hundreds, or even thousands of places. It is most definitely not private, nor can it be adequately protected. It’s just like a credit card number. You give it out, you hope the person or company is responsible with it, you hope it’s not breached, but all you can do is monitor your identity’s health and, if your identity is ever stolen, take the appropriate steps in response.

Be sure you have active, comprehensive protection for all of your devices.  McAfee All Access is the only product that lets individuals and families protect a wide variety of Internet-enabled devices, including PCs, Macs, smartphones, tablets, and netbooks, for one low price.

Robert Siciliano is an Online Security Evangelist for McAfee.   See him discuss the use of Social Security numbers as national identification on Fox News. (Disclosures)

Approaching Holidays Bring “12 Scams of Christmas”

/in /by

Whether you like it or not, whether you’re ready or not, the Christmas machine has arrived—well before Thanksgiving—at least as far as stores and advertisers are concerned. And there’s no question that scammers, identity thieves, and criminal hackers have already begun setting traps for holiday shoppers.

So whether they’re using PCs, Macs, or mobile devices, consumers should be looking out for “The 12 Scams of Christmas”: the dozen most dangerous online scams this holiday season, as revealed by McAfee.

1. Mobile Malware: McAfee cites a 76% increase in malware targeting Android devices in the second quarter of 2011 over the first, making it the most targeted smartphone platform. New malware has recently been found that targets QR codes, digital barcodes that consumers might scan with their smartphones to find good deals on Black Friday and Cyber Monday.

2. Malicious Mobile Applications: These are mobile apps designed to steal information from smartphones, or to send out expensive text messages without a user’s consent. Dangerous applications are usually offered for free, masquerading as games.

3. Phony Facebook Promotions and Contests: Cyber scammers know that contests and free offers are attractive lures, and they have sprinkled Facebook with phony promotions and contests aimed at gathering personal information.

4. Scareware: This fake antivirus software tricks recipients into believing their computers are at risk, or have already been infected, so that they will agree to download and pay for phony software. An estimated one million victims fall for this scam every day.

5. Holiday Screensavers: A Santa screensaver that promises to let you “fly with Santa in 3D” is malicious. Holiday-themed ringtones and e-cards have been known to be malicious, too.

6. Mac Malware: Cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee Labs, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10% from month to month.

7. Holiday Phishing Scams: Cyber scammers know that most people are busy around the holidays, so they tailor their emails and social messages with holiday themes in the hopes of tricking recipients into revealing personal information.

8. Online Coupon Scams: When consumers accept an offer for an online coupon code, they are asked to provide personal information, including credit card details, passwords, and other financial data

9. Mystery Shopper Scams: Mystery shoppers are hired to shop in a particular store and report back on their customers. Sadly, scammers are now using this appealing job to lure people into revealing personal and financial information.

10. Hotel “Wrong Transaction” Malware Emails: Scammers have designed travel-related scams in order to tempt us to click on dangerous emails. Once opened, an attachment downloads malware onto the victim’s machine.

11. “It Gift” Scams: When a gift is hot, not only do sellers mark up the price, but scammers will also start advertising these gifts on rogue websites and social networks, even if they don’t actually have the popular items.

12. “Away From Home” Status Updates: Posting information about your vacation on a social networking website could actually be dangerous. Thieves may see your post and decide that it sounds like a good time to rob you.

Be sure you have active, comprehensive protection for all of your devices. McAfee All Access is the only product that lets individuals and families protect a wide variety of Internet-enabled devices, including PCs, Macs, smartphones, tablets, and netbooks, for one low price.

Robert Siciliano is an Online Security Evangelist for McAfee. See him discuss identity theft on YouTube. (Disclosures)

Introducing: 99 Things You Wish You Knew Before Your Identity Was Stolen

/in /by

Yes, it’s a glorious day with the birth of my new book. I’ve spent 15 years in the trenches, reporting on all issues of personal security. Now I’ve taken what I know about protecting your identity and avoiding fraud and packed it all into 99 tips, a quick read of less than 35,000 words. Now you can also become an expert on how to protect yourself from these horrible crimes.

But I didn’t do it by myself. McAfee, the largest and most trusted name in digital security, helped me. Their teams of threat experts are constantly fighting off the bad guys, and I drew upon their vast experience and research.

In 99 Things You Wish You Knew Before Your Identity Was Stolen, I proactively demystify identity theft and computer fraud by presenting the relevant information surrounding these issues in the form of simple, bite-sized chunks, In order to make consumers, families, employees, and small businesses safer and more secure. Readers will learn the difference between scareware, ransomware and spyware. They’ll learn about the types of cybercriminals, such as black hats, crackers, script kiddies, and hacktivists. And most importantly, readers will learn how to protect their identities, both online and in the physical world.

As millions of consumers begin searching and shopping online during the holiday season, McAfee understands the necessity of spreading awareness of cybercriminals’ tactics and methods for protecting oneself from identity theft and online fraud.

So, from November 9th through the 15th, McAfee will be offering a complimentary PDF copy of my just-released book through Facebook. To get your free copy, click “like” on McAfee’s page.

After November 15th99 Things You Wish You Knew Before Your Identity Was Stolen will be available in print, ePub, and PDF, and can be found on Amazon, the Amazon Kindle, the Sony eBook Store, and 99-Series.com from $5.99-$14.97.

Robert Siciliano is an Online Security Evangelist for McAfee. See him discuss identity theft on YouTube. (Disclosures)

Human Security Weaker Than IT Security

/in /by

Information technologies have evolved to a level at which the developers, programmers, and security specialists all know what they’re doing, and are able to produce products and services that work and are reasonably secure. Of course, there’s always room for improvement.

Despite the amount of criminal hacking that goes on, users who effectively implement the appropriate measures and refrain from risky behaviors enjoy relative security.

The Wall Street Journal reported on a study by Dartmouth’s Tuck School of Business, quoting professor Eric Johnson:

“Criminal hackers are increasingly turning to digital versions of old-fashioned con games, literally gaining the confidence of employees through innocuous-seeming phone calls purporting to be from fellow workers, or even through regular mail, in order to entice them into downloading malicious code or revealing a password. The threat of data leakage is thus highest where a human is put in a position to decide whether to click on a link or divulge important information. The [phishing] techniques have become more hybrid.”

If you are reading this, chances are you do a pretty good job with information security to prevent identity theft, at least on the consumer level. But you also need to start thinking about avoiding Jedi mind tricks. Within the security world, these cons are known as “social engineering.”

Whether you receive a phone call, an email, or a visitor at your home or office, always question those who present themselves in positions of authority.

You should never automatically place your trust in a stranger.

Within your own home or business, set clear guidelines regarding what information should or should not be shared.

Keep in mind that when you lock a door it can be unlocked, either with a key, or with words that convince you to unlock it yourself. Always view every interaction, whether virtual or face-to-face, with a cynical eye for a potential agenda.

In the end, if a bad guy has pulled the wool over your eyes, they often will want to infect your Mac or PC. Keep your computers operating systems critical security patches up to date and install a total protection product.

Robert Siciliano is an Online Security and Safety Evangelist to McAfee and Identity Theft Expert. (Disclosures)

Searching for Hotties Leads to Hacked PCs

/in /by

Five or ten years ago, it was relatively easy for scammers to trick people into opening email attachments that would launch malicious programs on victims’ PCs. Nowadays, most email providers won’t permit .exe attachments, so viruses may be saved as compressed files, or hidden behind links that appear to lead to PDFs or word documents.

Scammers have been very productive in creating spoofed or infected websites, which are designed to infect your web browser with viruses. More than three million of these websites were born in 2010 alone.

The bait that lures victims to these infected websites may be the latest Twitter trend, a breaking news story, significant world event, ringtone downloads, pornography, or celebrity pictures.

Cybercriminals often use the names of popular celebrities to tempt viewers to visit websites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of the trendy content they were expecting.Hot stuff model/television host/Seal’s wife Heidi Klum is this year’s “Most Dangerous Celebrity.” Heidi herself may be sweet as pie, but the allure of her looks has captured scammers’ attention, leading them to exploit her fame to draw in victims.

McAfee found that searching for the latest Heidi Klum pictures and downloads yields more than a 9% chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses, and other malware.

McAfee security experts urge consumers to surf safely by using McAfee Total Protection security software, a security suite that offers consumers antivirus, anti-spyware, identity, and firewall protection, plus a feature called SiteAdvisor, which displays red, yellow, or green web safety ratings within Internet search results pages. It also blocks risky websites, adds anti-phishing protection, and helps users surf, shop, and bank more safely.

Robert Siciliano is an Online Security and Safety Evangelist to McAfee and Identity Theft Expert.(Disclosures)

 

Consumers Need to Rethink IT Security and Safety

/in /by

Hackers and crackers and data breaches! Oh my! Confused? Overwhelmed? Don’t care? You should, and there’s help.

Few people are head first into gadgets, technology, the cloud and security as I. I have my devices, my wife’s, my kids, there’s Apple products, Microsoft Windows, smart phones, feature phones and tablets. It’s maddening.

Now instead of one PC per household, consumers are purchasing multiple devices . And with consumers able to access the digital world as easily from their smartphones and tablets as from their personal computer, PCs are no longer the main method of connecting to the Internet.

This wave of new devices and their ease of connectivity also means that consumers are now starting to think differently about their digital security.

Mobile Device Users

The threat of lost or stolen devices and the possibility of their personal information being used for fraudulent means a significant concern. In the United States 113 mobile phones are lost every minute  and more than half of smartphone users do not use any password protection to prevent unauthorized device access.

Mac UsersMac OS is not safe from viruses. As of late last year there were 5,000 malware versions targeting the Mac, a number that is growing by ten percent per month.

Child and Teen Users
Are your kids they being exposed to pornography? Will they be contacted by strangers through their social networking profiles?  Are they downloading age-appropriate music and movies? Having protection on the household PC is no longer enough. Parents need to know that their children are safe on all the devices they use, wherever they connect.

Solutions
It is here and called McAfee All Access. Before consumers had to look for and download a hodge podge of security software from numerous vendors with multiple “keys” to activate. What McAfee knew consumers wanted was an “all in one” solution that for once and for all provides a dashboard to manage all your devices from one place regardless of if it is a PC, smartphones, tablets, netbooks, or Mac.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube. (Disclosures)

 

 

What Are Your Digital Assets Worth?

/in /by

Digital assets include: entertainment files (e.g. music downloads), personal memories (e.g. photographs), personal communications (e.g. emails), personal records (e.g. health, financial, insurance), and career information (e.g. resumes, portfolios, cover letters, contacts), as well as any creative projects or hobbies involving digital files.

If your PC crashes or is hacked and your data is not properly backed up, how devastated will you be? Whether for personal use or for business, chances are you have a collection of documents, music, and photos that, if compromised, would almost feel as if your house and all your belongings had been burned up in a fire.

A recent survey found that 60% of respondents own at least three digital devices per household, while 25% own at least five. (Digital devices are mainly desktop or laptop computers, tablets, and smartphones.) As many as 41% of those surveyed spend more than 20 hours per week using a digital device for personal use. Admittedly, I’m online for at least 16 hours a day.

Photographs and similar memorabilia are the main digital asset that most people (73%) consider irreplaceable, should they be lost without having been backed up. Respondents valued personal memories at an average of $18,919, compared to $6,956 for personal records, $3,798 for career information, $2,848 for hobbies and projects, $2,825 for personal communications, and $2,092 for entertainment files.

Consumers estimate the total value of all their digital assets on multiple devices at an average of $37,438, yet more than a third lack protection for those devices.

According to Consumer Reports, malware destroyed 1.3 personal computers and cost consumers $2.3 billion in the last year. Not only have hackers continued to target PCs, with the increased popularity of tablets, smartphones, and Macs, threats are becoming both more common and more complex for non-PC devices. For example, according to McAfee Labs, malware targeted at Android devices has jumped 76% in the last three months.

Many people protect their PCs and digital assets from malware by installing antivirus software. When it comes to smartphones, tablets, and Macs, however, they leave the doors open to criminals. Bad guys are now targeting these devices, as they have become the path of least resistance. Now more than ever, a multi-device security strategy is necessary.

McAfee understood this and solved the complexity and cost pain points by developing a product called McAfee All Access (www.mcafee.com/allaccess) This is the first full security offering for Internet connected devices — from smartphones and tablets to PCs and netbooks. Basically you can get a single license for a great price to secure all of the devices you own!

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

Think You’re Protected? Think Again!

/in /by

In 1990, when only the government and a number of universities were using the Internet, there were 357 unique pieces of malware. The need for security began with desktop computing when the only means of compromising data was by inserting a contaminated floppy disk into a PC or opening an infected email attachment. That was the anti-virus era.

The need for security evolved with the Internet as more companies developed internal and external networks. That was the network security era.

Now as companies leverage the power of the web, information security has evolved yet again: We are in the application security era. And as big companies get better at locking down their software and protecting their data, criminals are targeting the little guy. Ordinary citizens’ every day digital lives are at risk via infected web pages, instant messaging, phishing, Smartphone viruses, text message scams and now hackers are targeting Macs in a big way.

In the past 20 years, e-commerce and social media have taken over. The numbers behind the explosive growth of cybercrime are astounding. In a little over two decades, we’ve gone from less than 500 pieces of malware to over 55 million annually. Cybercrime has evolved from nothing to a multibillion-dollar industry.

In 1995, 8069 unique pieces of malware were detected. One out of 20 emails were spam, and the Melissa virus infected hundreds of thousands.

In 2000, 56,342 unique pieces of malware were detected, mostly on PCs, but some began spreading to Macs. Then smartphones got the Cabir virus. The “I Love You” worm slithered its way onto millions of PCs, and the MyDoom worm slowed down the entire Internet by 10%, resulting in loses totaling 38 billion dollars.

In 2005, 164,000 unique pieces of malware were detected, including the first virus for Mac OS X and another 83 mobile viruses. 57 million U.S. adults fell for phishing scams via 17,877 different spoof websites. 80% of all email was spam. The Conficker worm, Zeus Trojan, Koobface, Applescript.THT, Storm botnet, and Ikee iPhone virus all made their debuts this year.

By 2010, 54 million unique pieces of malware were spreading to tablets, too. More than 90% of all email was spam. 27% of teens infected their families’ PCs with viruses in 2010. Almost 420,000 phishing sites were discovered. OpinionSpy, Boonana, and MacDefender infected Macs. Hackers commandeered Skype’s instant messaging service to deliver malware. The Gemini and Zitmo Trojans gathered location data and stole financial transaction information.

But if that’s not enough. In 2010, more than three million malicious websites were created, any one of which could infect your computer.

The question is are you protected? Are you using some free download by an unknown company to protect yourself? Or do you have a comprehensive multi layer approach to digital security protecting all your devices?

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

 

Check out this video to learn more about: The History of Malware