Posts Tagged ‘Credit Cards’
WANTED: Your Confidential & Sensitive Data
Friday, April 8th, 2011Guess what? Your credit card number is less valuable to attackers today. Too bad they still want it, along with you Facebook credentials. We know this how? Recently Symantec released another security report. The security report said that the price of stolen credit cards dropped dramatically from previous years. The drop off is due to numerous factors, but one thing that seems to stand out is the amount of credit cards there are in circulation. Since there are so many credit cards avaliable, these sellers have to lower their prices if they want customers.
However, while credit cards have dropped in value, peoples social network credentials are becoming more valuable. During the past year, botnets were seen sweeping Facebook and other social networking sites for login credentials. Why are peoples social network credentials in demand? If attackers gain social network credentials, they can then use those platforms to launch malware attacks and spam campaigns. These attacks are often more successful. Why? Since many people divulge a lot of personal information on sites like these, an attacker can comb through a user’s profile and imitate them well enough to fool people into clicking on links that have malware embedded in them.
Since many of these malicious link are shortened, it is a challenge for social networks to determine which of the shortened links are trustworthy. Remember that article I wrote on hacking toolkits? Well many of these toolkits are used to initiate these malware attacks, because many of them use Java. Since Java can run on almost any platform and browser, this means that these attacks cannot really be avoided by switching platforms or browsers. All of the toolkits have a high infection rate, which means that the infections can spread very fast and to a wide number of users if the toolkits are used. Social networks are also targeted because they enable attackers to get access to business information which can then be used to get sensitive data from those businesses attacked.
One platform that has not quite been hit by attacks is the mobile platform. Currently, very many people do not not use their mobile devices for online banking and other sensitive data transactions. Thus there is no real incentive for attackers to seriously target mobile devices. (They still do target them and the number of attacks is increasing, but there have not really been any widespread attacks.) However, as mobile devices become more sophisticated and as more users start using them for online banking and other sensitive data transactions, attackers will quickly start targeting mobile devices in rapid numbers.
What do you think of this?
