In 2012, security challenges we faced were often the ribbon cuttings and business plans that startup criminal organizations launched. In 2013, those criminal enterprise business plans will come together—and we need to be ready.
Social media is high on criminal hackers radar. Criminals scan social media looking for people who they can scam. One such scam seeks out entire families and usually targets a grandparent. Criminals will pose as the grandchild and call granny asking for money to be wired. They are also looking at your page to crack password resets. Only friend those you know like and trust and lock down your privacy settings.
With Windows 8 out, criminals have set their sights on this new operating system and are seeking out its vulnerabilities. Old Win XP machines will be as vulnerable as ever. Macs are higher on hackers’ radars, too. Protecting your devices with essential security such as antivirus protection and keeping the OS updated are critical.
Mobile also is high on the hackers’ radar. McAfee predicts that as mobile malware grows, we can expect to see malicious apps that can buy additional apps from an app store without your permission. Buying apps developed by malware authors puts money into their pockets. We also expect to see attacks that can happen without you having to install an app, so no interaction on your part is needed to spread the malicious app.
Mobile ransomware quickly is moving from the PC to mobile devices. Criminals hijack your ability to access data on your phone or even use your phone, so you are faced with losing your contacts, calls, photos, etc. or paying a ransom—and even when you pay the ransom, you don’t always get your data back.
Protect yourself by refraining from clicking links in text messages, emails or unfamiliar web pages displayed on your phone’s browser. Set your mobile phone to lock automatically, and unlock it only when you enter a PIN. Consider investing a service that locates a lost phone, locks it and wipes the data if necessary, as well as restoring that data on a new phone. Keep your phone’s operating system updated with the latest patches, and invest in antivirus protection for your phone.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- What Can We Expect in 2013?
The cybercrime landscape is always growing and changing as hackers look for new ways to make money from us. And 2012 was no different as McAfee Labs™ found huge growth in malicious software and activities. As the year closes, McAfee Labs looks ahead to see what is on the horizon for 2013. Here’s the areas they
- No Surprise—Ransomware On the Rise
McAfee’s latest Threats Report shows a 1.5 million increase in malware since last quarter. 2012 is in fact, far and away the busiest year ever for malware with an estimated total of 100 million malware samples worldwide by Q3 2012. With the malware growth rate up nearly 100,000 per day, McAfee has identified these key variations
- What You Should be Aware of When Using Your Android Device
As we all migrate towards using smartphones and tablets, we need to be aware of the risks associated with them. Most of us know that we need to protect our computers with security software, but we don’t always take that precaution with our mobile devices. In fact nearly 75% of Americans do not use mobile
- Mobile Phone Operating System Insecurity
As more online retailers introduce mobile ecommerce applications, criminal hackers are taking notice. Existing mobile operating systems are under attack and, like standard PC operating systems, they sometimes fail to provide the necessary security to support a payment application. Current research is primarily geared towards securing mobile payments, but there is a lack of coordination between
- Mobile Malware is Here: Beware!
iPhones, Androids and other smartphones are much more than just a way to call our friends and family and store their phone numbers. Today’s smartphones have become our most personal computer and contain much more than pictures and contacts. They now allow us to access financial data, bank accounts, and medical information from anywhere at
One Response to “What Security Challenges to Focus on in the New Year”
Redefining fraud prevention is the key word for me.In 2012, we have seen an increasing number of sophisticated attacks made on a range of organisations in an attempt to capture consumer information. In 2013 we should not only expect such attacks to escalate in terms of frequency and significance, but for traditional defence technologies to provide little resistance
Against this background, the solution lies in preventing the hackers from being able to use or take advantage of such stolen data. That way, increasingly deadly techniques that we have seen grow into successful global problems in the last year, can be prevented. At the moment I believe there is an over-reliance on PINs and the like, as well as the use of SMS as an Out-of-Band means of authorising a transaction; this makes it all too easy for sophisticated fraud techniques to take their toll. A good example of this is SIM Swap fraud, whereby fraudsters can maliciously redirect One-Time-Passcodes delivered via SMS in order to defeat authentication systems and verify transactions that they have carried out using stolen account information. We have also recently read about the European losses attributed to the Eurograbber virus, yet another mobile-based SMS redirection Trojan that has been around for some time.
In Australia, the Mobile Network Operators have released a statement warning banks not to use SMS for transmitting One-time-passcodes; a common technique in that country. It is these very attacks that are the reason for such warnings. I believe that in the UK we will see an increase in losses attributable to hijacked SMS messages if banks continue to use the medium as a supposedly secure transport mechanism without the appropriate defence mechanisms in place.
Using the customer’s mobile phone as an authentication and transaction verification device is entirely sound, but what’s needed is a layered approach based on voice rather than SMS,and combining visible and invisible security checks such as Call-forward and SIM Swap detection. I believe the message is getting out there but 2013 will still see increased losses due to SMS vulnerability.
Leave a Comment
You must be logged in to post a comment.