In case ending the work week on Friday the 13th wasn't enough of an ominous way to head into the weekend, consider this: for the first ever, the World Economic Forum (WEF) identified cyber attacks on governments and businesses as one of the top five global risks in terms of likelihood. In fact, it's the first time any kind of technology risk ranked in the top five.
The next time someone tells you antivirus software is a waste of time, money, and resources, keep this in mind. According to PandLabs, every day hackers put up another 57,000 fraudulent website designed to trick users into handing over thier personal information, such as bank login credentials and other tidbits you don't want falling into the wrong hands.
One way around this is to surf with common sense, but with or without antivirus software, you can ill afford to let your guard down.
"The problem is that when you visit a website through search engines, it can be difficult for users to know whether it is genuine or not," Panda says. "For this reason, and given the proliferation of this technique, it is advisable to go to banking sites or online stores by typing in the address in the browser rather than using search engines which, although they are making an effort to mitigate the situation by changing indexing algorithms, cannot fully evade the great avalanche of new Web addresses being created by hackers every day."
According to Panda, the 10 most targeted brands among all fake websites include:
eBay - 23.21 percent
Western Union - 21.15 percent
Visa - 9.51 percent
United Services Automobile Association - 6.85 percent
HSBC - 5.98 percent
Amazon - 2.42 percent
Bank of America - 2.29 percent
PayPal - 1.77 percent
Internal Revenue Service - 1.69 percent
Bendigo Bank - 1.38 percent
All told, bank and transaction companies account for around 65 percent of the fake sites.
Look around your office and spot two other people. According to a new study by Symantec, one of you has fallen victim to some type of cybercrime, including viruses, identity theft, online hacking, online harassment, online scams, phishing, and sexual predation.
The study, titled "Norton's Cybercrime Report: The Human Impact Reveals Global Cybercrime Epidemic and Our Hidden Hypocrisy," pegs the victim rate of U.S. based surfers at 73 percent, one of the highest victimized nations in the world behind Brazil and India (tied at 76 percent) and China (83 percent).
There's a new bill floating around Congress that's been introduced by a bipartisan group of Senators that includes Orrin Hatch (R-Utah) and Dirsten Gillibrand (D-New York). It's called the "International Cybercrime Reporting and Cooperation Act" and if passed, it would require the president to evaluate the state of a given country's efforts to crack down on cybercrime. Those countries not doing enough could fall into the category of "Countries of Cyber Concern."
The bill also requires that the executive branch come up with a plan of action for changing the situation for any country that lands on its concern list. If a country fails to follow through and clean up their online security environment, it could then be cut off from various forms of aid and preferential trade status.
No doubt driven at least in part by recent events, the bill's accompanying press release even mentions that "hackers in China launched a large, sophisticated attack on Google and other American businesses." And of course the bill has the support of U.S. companies now being hit by cyberfraud, including American Express, Mastercard, Vista, and eBay, as well as a handful of tech heavyweights like Facebook, Microsoft, Cisco, and Hewlett-Packard.
Cybercrime has never been more profitable, according to a new report by the Internet Crime Complaint Center (IC3). The annual report notes more than 336,000 complaints in 2009, a 22.3 percent increase from 2008. Businesses and individuals unwittingly forked over nearly $560 million to online fraudsters last year, more than double the amount in 2008.
"Law enforcement relies on the corporate sector and citizens to report when they encounter online suspicious activity so these schemes can be investigated and criminals can be arrested," stated Peter Trahon, section chief of the FBI's Cyber Division. "Computer users are encouraged to have up-to-date security protection on their devices and evaluate email solicitations they receive with a healthy skepticism -- if something seems too good to be true, it likely is."
Ranking high on the too-good-to-be-true list of scams were advanced fee scams that fraudulently used the FBI's name. This was followed by non-delivery of goods and/or payment as the second most reported offense, IC3 reports.
McAfee, maker of computer security software, has released a report detailing their take on the threats computer users will face in 2010. The bad news is not only will threats increase, they’ll be emphasizing different areas than in the past. The good news--McAfee expects that law enforcement efforts will be more effective against cybercrime than in the past.
Cybercriminals have a lot in common with the Periplaneta americana, the common household cockroach. They seek out the dark, poking and prodding for ways to get in where they are unwanted. In their case it isn’t food, but the misery of computer users they seek out. And, just like cockroaches, once you think you’ve got them blocked, they find a new way in.
Kaspersky Labs’ Cyberthreat Forecast for 2010 says that IT managers and users are becoming more savvy, making fake programs, gaming Trojans, or web sites less useful for cybercriminals. Instead, it looks like they’ll be focusing their attention on P2P networks, botnets, and mobile platforms.
P2P networks will be used to support malware attacks. According to Kaspersky: “This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.”
Mobile platforms, iPhone and Android, will also be more frequently targeted. Kaspersky suspects that iPhone users, without compromised handsets, will be okay, but that Android users might be in for some pain: “The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.”
As for botnets, Kaspersky sees them as offering profitable possibilities by manipulating Internet traffic: “In the future, we foresee the emergence of more "grey" schemes in the botnet services market. These so-called "partner programs" enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.”
Lastly, Kaspersky sees Google Wave as a potential target for 2010. It’s new. It’s untested. And therefore it’s vulnerable. Kaspersky says: “Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.”
Earlier this year, researchers for Finjan, a web security firm, said that stolen bank data had become "commoditized," with items like PIN codes and credit card information fetching only a fraction of what they used to pull in. Now Finjan warns of an impending "sharp rise [in cybercrime] in 2009 due to the current economic downturn, which makes financial gain from stealing data and selling online even more attractive."