Cyber-criminals are targeting phones and bank info
STORY HIGHLIGHTS
- Latest McAfee threats report sees huge spike in mobile malware
- There's also been an uptick in suspicious URLs and criminals targeting financial info
- Attacks on major companies, U.S. government have thrust security into spotlight
- These issues will affect everyone in the coming years, not just large companies
The latest threat report from
security firm McAfee highlights the need for vigilance on mobile
devices and a change in how people and companies approach security.
Smartphones and tablets
are increasingly hot targets for cyber-criminals, and the volume of
mobile threats is growing much faster than it did for PCs. The amount of
malware detected by McAfee on the devices in 2012 was 44 times what it
was the previous year.
The company estimates
that 95% of all mobile malware ever devised has been created in the past
year alone, and the vast majority of that is made for the Android
operating system.
But McAfee's worldwide
chief technology officer, Mike Fey, warns against looking at the the
number of threats targeting Android and assuming that other platforms
are safer. Criminals are targeting the operating system partially
because it is so open, and also because they tend to focus on the
platform they think will be around the longest.
What makes these portable
devices such juicy targets for criminals is that they are rife with
personal and financial information. For example, many phones have
banking features baked in, and criminals can use "Trojan horse" viruses
to milk them dry using SMS services that charge per text.
Malware isn't even the
biggest issue for mobile users at the moment, says Fey. Phone owners
should be more concerned about visiting a site that will do something
malicious on their behalf.
"A huge amount of mischief on the Internet happens without anything being downloaded," said Fey.
It's much easier to
execute these kinds of scams on smartphones than on desktop computers.
With small screens and pared-down mobile sites, cyber-criminals can
create a legitimate-looking banking site and trick the person into
entering personal information needed to access an account, such as an
account number, password and mother's maiden name.
Many intrusions begin in
this type of simple way, often with a bad link in an e-mail or on a
social network or a webpage that directs a person to a compromised or
malicious site.
"There's a reason why those old-school attacks keep getting used," said Fey. "They work."
The McAfee report found
that the volume of suspicious URLs jumped significantly in late 2012,
averaging 4.6 million a month. In addition to mimicking sites to phish
for information, the links can download malware onto a mobile device.
That software can send
private data like passwords back to the attackers, or it can add the
computer to a botnet -- a network of infected computers controlled by
cyber-criminals.
The software is
downloaded so quickly that most people won't even notice. It's no longer
the case that a computer will feel sluggish if there's malware
installed, points out Fey. Decent malware won't even be noticeable.
Apple and Facebook
traced their recent breaches to similar incidents. Employees visited
hacked sites for developers that installed malware on their machines.
These hacks, along with Twitter's January breach that resulted in
250,000 user accounts possibly being compromised, were the work of Eastern European gangs searching for intellectual property or other information to resell, according to Bloomberg.
A recent report from
security company Mandiant described what it believed to be a powerful
computer-hacking operation in Shanghai run by the Chinese military. This
alleged high-tech espionage targets U.S. companies in an attempt to
steal trade secrets. The issue is so serious that the U.S. government released an extensive report on Wednesday that includes instructions for corporations on how to improve their security.
Regular people will not
be immune to the problems plaguing corporations and governments,
according to Fey. Once these weapons, such as malware, are out in the
world, they spread. Attackers can steal the code written by one
government and use it to go after other targets.
While the origins of
recent attacks have been grabbing headlines, Fey warns against turning
all of our attention to the "bad guys" instead of the systemic security
issues on the companies' side.
"It's not about who's
attaching you, it's about the fact that you're vulnerable," said Fey. He
said putting a face on the cyber-criminals "makes it sound like you can
go negotiate with an entity to stop them. That's never been the case
with cyberattacks."
The current approach of
discovering threats, then fighting them, has to change, according to
Fey; he called it "a thousand percent unsustainable."
New threats are popping up constantly, creating a never-ending game of security whack-a-mole.
There are new highly
sophisticated attacks that insert themselves below the operating system
and can steal all a device's data before wiping it clean. Ransomware is
on the rise, in which a criminal steals data or takes control of a
computer or mobile device, only releasing their hold when they receive
payment. A new attack called Blitzkrieg uses phishing schemes to install
a Trojan, which monitors web traffic and scrapes banking information in
order to transfer money out of the victims' accounts.
In order to address all
these threats, Fey said, the industry needs to rethink security from the
ground up, designing more secure products from the start instead of
just constantly chasing threats.
"We have to take some of the most complex security issues and simplify them into easy-to-solve problems," he said.
end quote from:
Cyber-criminals are targeting phones and bank info
In my own life I decided that online banking was too risky under the present climate of cyber-criminals and cyber warfare against Europe, the U.S. and all richer countries. However, it might also be important to not have any financial info on your smartphones either, especially anything to do with bank account numbers or passwords of bank accounts.
One possible way to disconnect from online banking but still using it a little might be to make a small account that you keep very little money in as a checking account that you use only for internet purposes. Then separate any of your other accounts from it so none of them are ever connected with this account in any way. Then by keeping a low balance in this one "Internet" account, you could "Only" do online banking with this one account and mostly use this account for internet purchases from places like Amazon.com and others. By doing this maybe you could minimize any potential damage by keeping only one small atm online account that might be hit by the panoply of cyber-criminals and the cyber war being waged now on literally thousands of servers in Iran, Russia, and China especially against Europe, the U.S. and most wealthier western nations. It is important to know that there are thousands or more cyber criminals, terrorists, and state sponsored cyber, warriors targeting any money they can get. And now people are hit and losing everything when they are hit because they are hitting home and business computers, so banks are not liable for these kinds of losses because the criminals, terrorists, and state sponsored cyber warriors are acting to bring down the people of the nations they are politically opposed to. This is why I expect eventually for this to get so bad that there must be an alternative to the World Wide Internet in order to protect better the citizens of various countries around the world. So, slowly I think this will evolve into Nationalized Internets and away from a World Wide Internet just as a matter of financial survival of citizens of various countries around the world.
In my own life I decided that online banking was too risky under the present climate of cyber-criminals and cyber warfare against Europe, the U.S. and all richer countries. However, it might also be important to not have any financial info on your smartphones either, especially anything to do with bank account numbers or passwords of bank accounts.
One possible way to disconnect from online banking but still using it a little might be to make a small account that you keep very little money in as a checking account that you use only for internet purposes. Then separate any of your other accounts from it so none of them are ever connected with this account in any way. Then by keeping a low balance in this one "Internet" account, you could "Only" do online banking with this one account and mostly use this account for internet purchases from places like Amazon.com and others. By doing this maybe you could minimize any potential damage by keeping only one small atm online account that might be hit by the panoply of cyber-criminals and the cyber war being waged now on literally thousands of servers in Iran, Russia, and China especially against Europe, the U.S. and most wealthier western nations. It is important to know that there are thousands or more cyber criminals, terrorists, and state sponsored cyber, warriors targeting any money they can get. And now people are hit and losing everything when they are hit because they are hitting home and business computers, so banks are not liable for these kinds of losses because the criminals, terrorists, and state sponsored cyber warriors are acting to bring down the people of the nations they are politically opposed to. This is why I expect eventually for this to get so bad that there must be an alternative to the World Wide Internet in order to protect better the citizens of various countries around the world. So, slowly I think this will evolve into Nationalized Internets and away from a World Wide Internet just as a matter of financial survival of citizens of various countries around the world.
1 comment:
well, it's the outcome of the fast paced technology, viruses are not only for desktop or laptop pc but also for your smartphones specially for people that are fan of downloading free applications
Post a Comment