Posts Tagged ‘symantec’

WANTED: Your Confidential & Sensitive Data

Friday, April 8th, 2011

Guess what? Your credit card number is less valuable to attackers today. Too bad they still want it, along with you Facebook credentials. We know this how? Recently Symantec released another security report. The security report said that the price of stolen credit cards dropped dramatically from previous years. The drop off is due to numerous factors, but one thing that seems to stand out is the amount of credit cards there are in circulation. Since there are so many credit cards avaliable, these sellers have to lower their prices if they want customers.

However, while credit cards have dropped in value, peoples social network credentials are becoming more valuable. During the past year, botnets were seen sweeping Facebook and other social networking sites for login credentials. Why are peoples social network credentials in demand? If attackers gain social network credentials, they can then use those platforms to launch malware attacks and spam campaigns. These attacks are often more successful. Why? Since many people divulge a lot of personal information on sites like these, an attacker can comb through a user’s profile and imitate them well enough to fool people into clicking on links that have malware embedded in them.

Since many of these malicious link are shortened, it is a challenge for social networks to determine which of the shortened links are trustworthy.  Remember that article I wrote on hacking toolkits? Well many of these toolkits are used to initiate these malware attacks, because many of them use Java. Since Java can run on almost any platform and browser, this means that these attacks cannot really be avoided by switching platforms or browsers. All of the toolkits have a high infection rate, which means that the infections can spread very fast and to a wide number of users if the toolkits are used. Social networks are also targeted because they enable attackers to get access to business information which can then be used to get sensitive data from those businesses attacked.

One platform that has not quite been hit by attacks is the mobile platform. Currently, very many people do not not use their mobile devices for online banking and other sensitive data transactions. Thus there is no real incentive for attackers to seriously target mobile devices. (They still do target them and the number of attacks is increasing, but there have not really been any widespread attacks.) However, as mobile devices become more sophisticated and as more users start using them for online banking and other sensitive data transactions, attackers will quickly start targeting mobile devices in rapid numbers.

What do you think of this?

Tweet This Post

Posts Tagged ‘symantec’

Crime, crime and more crime! The Symantec Report and the huge increase in fake websites

Tuesday, September 14th, 2010

“We’re baaaaak!”(cue creepy music) I thought I’d do something different by giving you the theme to the twilight zone instead of Psycho’s music.Who’s back…. cybercriminals! Yes, I know most of them didn’t go away, but according to Symantec’s latest cybercrime report, 65% percent of internet users worldwide have already been victim’s of cybercrimes(see Tech Crunch’s article). You should however, take this with a pinch of salt. Cybercrime is a threat, but Symantec’s report coincides with the release of it’s latest versions of it’s Norton software.However, the figure does seem close to the actual thing. According to the report, the US ranked third among nations whose internet users fall victim to cybercrimes. Speaking of Cybercriminals, did you know that cybercriminals are creating 57,000 fake sites per week(Security Week). (scream) Guess which ones are the top 10?(cue the quiz music!) Done? Great! The top 10 are

1. Ebay(I’ve never been on here)
2. Western Union
3. Visa
4. United Services Automobile Association(better known as USAA)
5. HSBC(it doesn’t seem to stand for anything)
6. Amazon
7. Bank of America
8. PayPal
9. Internal Revenue Service(I knew government sites were confusing, so maybe that makes them easier to duplicate?)
10. Bendigo bank(Anyone heard of this?)

Search engines are changing their algorithms to try and mitigate the situation. However, they can only do so much.  Here are some tips for spotting fake websites.

1. Go look at the URL. Not sure how to spell the name? If they gave you a business card, chances are they have the site URL on it, copy it exactly. Make sure the letters and numbers in the URL look right. A difference in a single letter or number can mean it’s a different site.
2. Make sure the links work. If you’re using chrome, you can right click and open the inspect element window and if you can read HTML scrutinize the page to your heart’s content.
3. If a site requires personal information and you’ve never heard of the business before, visit the Better Business Bureau and see if the company is accredited.
4. If you get an email from your bank, call them.

Anyone got any other tips?

Tweet This Post