In 2012, security challenges we faced were often the ribbon cuttings and business plans that startup criminal organizations launched. In 2013, those criminal enterprise business plans will come together—and we need to be ready.
Social media is high on criminal hackers radar. Criminals scan social media looking for people who they can scam. One such scam seeks out entire families and usually targets a grandparent. Criminals will pose as the grandchild and call granny asking for money to be wired. They are also looking at your page to crack password resets. Only friend those you know like and trust and lock down your privacy settings.
With Windows 8 out, criminals have set their sights on this new operating system and are seeking out its vulnerabilities. Old Win XP machines will be as vulnerable as ever. Macs are higher on hackers’ radars, too. Protecting your devices with essential security such as antivirus protection and keeping the OS updated are critical.
Mobile also is high on the hackers’ radar. McAfee predicts that as mobile malware grows, we can expect to see malicious apps that can buy additional apps from an app store without your permission. Buying apps developed by malware authors puts money into their pockets. We also expect to see attacks that can happen without you having to install an app, so no interaction on your part is needed to spread the malicious app.
Mobile ransomware quickly is moving from the PC to mobile devices. Criminals hijack your ability to access data on your phone or even use your phone, so you are faced with losing your contacts, calls, photos, etc. or paying a ransom—and even when you pay the ransom, you don’t always get your data back.
Protect yourself by refraining from clicking links in text messages, emails or unfamiliar web pages displayed on your phone’s browser. Set your mobile phone to lock automatically, and unlock it only when you enter a PIN. Consider investing a service that locates a lost phone, locks it and wipes the data if necessary, as well as restoring that data on a new phone. Keep your phone’s operating system updated with the latest patches, and invest in antivirus protection for your phone.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures
Redefining fraud prevention is the key word for me.In 2012, we have seen an increasing number of sophisticated attacks made on a range of organisations in an attempt to capture consumer information. In 2013 we should not only expect such attacks to escalate in terms of frequency and significance, but for traditional defence technologies to provide little resistance
Against this background, the solution lies in preventing the hackers from being able to use or take advantage of such stolen data. That way, increasingly deadly techniques that we have seen grow into successful global problems in the last year, can be prevented. At the moment I believe there is an over-reliance on PINs and the like, as well as the use of SMS as an Out-of-Band means of authorising a transaction; this makes it all too easy for sophisticated fraud techniques to take their toll. A good example of this is SIM Swap fraud, whereby fraudsters can maliciously redirect One-Time-Passcodes delivered via SMS in order to defeat authentication systems and verify transactions that they have carried out using stolen account information. We have also recently read about the European losses attributed to the Eurograbber virus, yet another mobile-based SMS redirection Trojan that has been around for some time.
In Australia, the Mobile Network Operators have released a statement warning banks not to use SMS for transmitting One-time-passcodes; a common technique in that country. It is these very attacks that are the reason for such warnings. I believe that in the UK we will see an increase in losses attributable to hijacked SMS messages if banks continue to use the medium as a supposedly secure transport mechanism without the appropriate defence mechanisms in place.
Using the customer’s mobile phone as an authentication and transaction verification device is entirely sound, but what’s needed is a layered approach based on voice rather than SMS,and combining visible and invisible security checks such as Call-forward and SIM Swap detection. I believe the message is getting out there but 2013 will still see increased losses due to SMS vulnerability.
You must be logged in to post a comment.