There are other significant internet security threats you, your fellow employees, and friends need to have on your radar
In last week’s blog, Cybercrime’s Exponential Growth in the Age of Big Data (Part I), we discussed the alarming rise in internet security breaches, including April’s Heartbleed bug, and last December’s hacking of Target customer credit card information.
Unfortunately, there are other significant internet security threats you, your fellow employees, and friends need to have on your radar.
Ransomware is simple in concept: a hacker crashes your website – or even locks up your computer data – and extorts payment to undo the damage and/or prevent further problems. This scam first appeared in 2012 and has grown by 500% through 2013. At first the attackers posed as law enforcement or government agencies who were demanding fake fines for bogus violations, but that kind of pretense has mostly been dropped.
Laws in the majority of states require that hacking be reported. However, research shows that at least 3% of companies pay the ransom because –
- it’s usually only a few hundred dollars (ranging from $100 to $500) – and, more importantly,
- companies want to avoid reporting such crimes to avoid potential adverse public perception, negative impact on stock prices, etc.
It’s easy to see how criminals behind such schemes do well with this ploy if they hit enough sites and aren’t caught along the way. The most common current version of this scam is Cryptolocker, which encrypts user files and demands a ransom for unencryption. The wide range of online payment methods is facilitating this method of extortion. Be aware that small businesses and consumers are the primary targets of Cryptolocker.
Mobile device social media scams and malware
The Internet is rapidly evolving into mobile device user dominance. In recent months Symantec has reported that 38% of mobile users to date had experienced mobile cybercrime. Though lost or stolen devices remain the biggest risk, many users fail to take even basic security measures to protect their personal and employers’ sensitive data.
A significant percentage of social media users report that someone has hacked into at least one of their social network accounts. This is especially concerning because about a quarter of us store work and personal information in the same online storage accounts, and about a fifth share logins and passwords with families. If you fall into either of these categories, we recommend that you take remedial action without delay!
Email spear phishing
If you haven’t yet received emails from hackers impersonating one of your friends or business associates, consider yourself lucky. One quick giveaway that their email account has been hacked is a subject line promoting a product or service (often well known and trusted), completely unlike anything they’ve forwarded to you in the past. Once you click on the link or attachment the hacker can then take over your digital device and steal personal and/or company data. Of course, even visiting a website can infect your computer with malware.
Attackers are turning to the Internet of Things (IoT)
With Internet connectivity to many new devices and appliances, more opportunities are emerging for scammers. Did you know that automobiles, security cameras, routers, smart televisions, and medical equipment were all hacked in 2013? A big concern is attacks against consumer routers by computer worms like Linux.Darlloz. With control of these devices, scammers can push victims to fake websites, with the general objective of stealing financial information.
Protective measures you need to take
We recommend that you stay informed of emerging threats before they hit the evening news!