Posts

Ransomware Attacks Small Businesses

The rate of malware (ransomware) attacks on small businesses climbs at an alarming rate. The security firm McAfee warns that soon, attacks that come through social platforms will be “ubiquitous.” Small businesses are typically not able to subsidize the internal security placements to fend off these attacks, which mostly come from abroad.

6DRansomware blocks your access to data, and the DoS (denial of service) attack threatens to crash your website unless you pay an extortion fee. It’s more organized, it’s more efficient, it’s more automated, it’s more stealthy.

While some businesses give in to DoS extortion demands, others won’t have it. Attacks usually start with relatively small demands, such as $300, to see who’s game. The demands will get pumped up into the thousands quickly once a businessperson pays the initial demand: Pay once, and it’s never over.

If you get a DoS, roll with it; have the extortionist think you need time to prepare payment. Then collect all relevant e-mails and other information for your defense—but not for the police (who lack tech savvy) or the FBI (unless the loss exceeds $5,000), but for your website hosting provider.

The hosting company can collect traffic logs and often can activate DoS defenses or link you to a provider of advanced DoS resolution.

A virus, however, is a different story. Once the virus gets in there and attacks your information, it’s pretty much game over.

Bottom line: Don’t pay the ransom unless you want escalating demands or the strong possibility the extortionist won’t unlock your data after taking your money. A DoS attack will render your site down for days and can permanently lose data and upset visitors.

To avoid a DoS, go anti: virus, spyware, phishing, and use a firewall and run backups. Train your employees well. You have to be conscious of where you’re going and what you’re clicking on.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Twitter Crime on the Rise

Twitter is now beginning to see a substantial rise in active users. A recent report found that the percentage of Twitter users who have tweeted ten or more times, have more than ten followers, and follow more than ten people rose from 21% to 29% in the first half of 2010.

Spammers, scammers, and thieves are paying attention.

In the physical world, when communities become larger and more densely populated, crime rises. This also applies to online communities, like Twitter and Facebook.

Twitter’s “direct messages” and “mention” functions are laden with spam, often prompting users to click various links. Why anyone would want me to “Take a Good Look at Hypnotherapy” is beyond me, but someone must be buying because the spam keeps coming.

Common Twitter scams include:

Hijacked Accounts: Numerous Twitter (and Facebook) accounts, including those of President Obama, Britney Spears, Fox News and others have been taken over and used to ridicule, harass, or commit fraud.

Social Media Identity Theft: Hundreds of imposter accounts are set up every day. Sarah Palin, St. Louis Cardinals Coach Tony LaRussa, Kanye West, The Huffington Post, and many others have been impersonated by fake Twitter accounts opened in their names.

Worms: Twitter is sometimes plagued by worms, which spread messages encouraging users to click malicious links. When one user clicks, his account is infected and used to further spread the message. Soon his followers and then their followers are all infected.

DOS Attack: A denial-of-service attack left Twitter dark for more than three hours. The attack seems to have been coordinated by Russian hackers targeting a blogger in the Eastern European country of Georgia.

Botnet Controller: One Twitter account produced links pointed to commands to download code that would make users’ computers part of a botnet.

Phishing: Hacked Twitter accounts are used to send phishing messages, which instruct users to click links that point to spoofed sites, where users will be prompted to enter login credentials, putting themselves at risk of identity theft.

Twitter Porn: Please, “Misty Buttons,” stop sending me invites to chat or to check out your pictures.

Twitter Spam: The use of shortened URLs has made Twitter’s 140 character limit the perfect launch pad for spam, shilling diet pills, Viagra and whatever else you don’t need.

To prevent social media identity theft, take ownership of your name or personal brand on Twitter. Protecting yourself from other scams requires some savvy and an unwillingness to click mysterious links. In other cases, you’ll need to keep your web browser and operating system updated in order to remain safe. Make sure to keep your antivirus software updated with the latest definitions, as well.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hacking wireless networks on Fox Boston. (Disclosures)