Bangkok--26 Mar--Penner-madison
1. What threats should consumers be aware of in 2013?
Madware adds to the insanity; As users shift to mobile and cloud, so will attackers
The need for increased mobile security is underscored by Norton’s predictions for the 2013 security landscape. Of these predictions, three of them are directly related to mobile threats. As users shift to mobile and cloud, so will attackers and cybercriminals — we predict that mobile platforms and cloud services will be likely targets for attacks and breaches in 2013. This is something we’ve seen with the dramatic doubling of mobile malware from 2010 to 2011, as well as the rapid rise of Android malware in 2012.
Additionally, as unmanaged mobile devices continue to enter and exit corporate networks and pick up data that later tends to become stored in other clouds, there is increased risk of breaches and targeted attacks on mobile device data. As users add applications to their phones they will pick up malware.
With mobile payments on the increase, we will likely see criminals use malware to hijack payment information from people in retail environments. Some payment systems are widely used by technical novices and may have vulnerabilities that allow information to be stolen.
At the same time, we predict the growth of Mobile adware, or “madware”: a nuisance that disrupts the user experience and can potentially expose location details, contact information, and device identifiers to cybercriminals. Madware — which sneaks onto a user device when they download an app — often sends pop-up alerts to the notification bar adds icons, changes browser settings, and gathers personal information.
In just the past nine months, the number of apps including the most aggressive forms of madware has increased by 210 percent. Because location and device information can be legitimately collected by advertising networks—as it helps them target users with appropriate advertising—we expect increased use in madware as more companies seek to drive revenue growth through mobile ads. This includes a more aggressive and potentially malicious approach towards the monetization of “free” mobile apps.
Monetization of social networks introduces new dangers
Additionally, we believe that the growing monetization of social media platforms will provide cybercriminals with new ways to lay the groundwork for attack.
As consumers, we place a high level of trust in social media—from the sharing of personal details, to spending money on game credits, to gifting items to friends. As these networks start to find new ways to monetize their platforms by allowing members to buy and send real gifts, the growing social spending trend also provides cybercriminals with new ways to lay the groundwork for attack. Symantec anticipates an increase in malware attacks that steal payment credentials in social networks and trick users into providing payment details, and other personal and potentially valuable information, to fake social networks. This may include fake gift notifications and email messages requesting home addresses and other personal information.
A good example of this is the Starbucks Gift Card scam, where scammers pretended to represent the brand and lured social media users to give up their personal information, such as emails, address and shipping information, in order to get a gift card with a certain value. These scammers are also using new tricks to evade detection — such as the creation of fake branded accounts — and lure consumers into thinking that they are having a conversation with their favourite brands.
Ransomware is the new scareware
Also keep a lookout for the growth of ransomware — where Cybercriminals will use online payment methods to steal from their targets.
Ransomware is a type of malicious software that disables the functionality of a computer in some way and demands a ransom in order to restore the computer to its original state. Recent variants use law enforcement imagery to add legitimacy to the warning messages. The malware uses geo-location services to determine the location of the computer it is running on and then, after locking the computer displays a message appropriate to that country.
Ramsomware goes beyond attempting to fool its victims; it attempts to intimidate and bully them. While this “business model” has been tried before, it suffered from the same limitations of real life kidnapping: there was never a good way to collect the money. Cybercriminals have now discovered a solution to this problem: using online payment methods. They can now use force instead of flimflam to steal from their targets. As it is no longer necessary to con people into handing over their money, we can expect the extortion methods to get harsher and more destructive.
Over the past two years, Symantec has identified at least 16 different ransomware variants. That is, 16 different families of malware, the majority of which are developed independently by competing criminal gangs. To be clear, each variant is not merely version 2.0, or 3.0 of the same malware, but completely separate, developed by different people and using different messages. The variants all operate in a similar manner, locking a computer screen and displaying a message purporting to be from a law enforcement agency.
FREE ANTIVIRUS QUESTIONS — WHAT WE CAN SAY
1. What are the risk factors that lead to higher rates of cybercrime?
There are a number of risk factors that lead to higher rates of cybercrime. In many emerging markets where we see more victims of cybercrime, we know that more people are also using free antivirus software, which doesn’t offer full protection against today’s threats the way that a paid security suite does.
2. How do you know that more people are using free AV software in these countries?
Norton has a local presence across the world. We rely on local market intelligence and research to grow our business and inform us on the local security landscape and competitive issues.
3. Why would free antivirus software usage contribute to cybercrime?
In today’s threat landscape, it’s clear that the protection consumers need is more comprehensive than what free solutions offer. Protection needs to go beyond signature-based antivirus and encompass a full security suite that combines reputation, file, behavior and network based protection, in addition to identity protection, family safety and more. With more than 286 million new threats found last year, never before seen threats emerge on a regular basis and too quickly for a basic security solution to react and protect against.
GENERAL TIPS/BEST PRACTICES:
- Use a comprehensive security software suite and keep it up to date to avoid letting cybercriminals onto your system in the first place.
- Create complex passwords that are hard to guess. Include a combination of upper and lowercase letters, numbers and symbols, and change your passwords regularly.
- Use different usernames and passwords for each online account so if one account is compromised, cybercriminals won't be able to gain access to other online accounts with the same username and password. Consider using a free password manager like Norton Identity Safe, to eliminate the hassle of remembering multiple passwords while keeping your personal information secure.
- Check credit card and bank statements regularly for fraudulent transactions.
- Change online accounts’ usernames and passwords if you suspect that your personal or financial information might have been accessed by a cybercriminal. Inform your bank and/or credit card company immediately.
- Don’t blindly click on links within your social network and avoid clicking on any dubious content you may see with sensational, attractive titles.