Yearly Archives: 2013

Of note – this is an article that was published internally to a corporate website.  I thought it was more informative than what I had in store to write and loved the list of what you can do at the bottom.  So, it is my hope you enjoy this post on looking at threats that will be prevalent this year.

Danger AheadDuring 2012, cyber security incidents included theft of public and private intellectual property, hacktivism, ransomware, malware targeting mobile devices, and an increase in the use of malicious software including the Black Hole Rootkit and Zero Access Trojan.  What will we see in 2013?  Below is a brief roundup, listed in no particular order, of several threats and trends we can expect during the next 12 months.

Mobile Devices in the Enterprise

As the use of mobile devices grew in 2012, so too has the volume of attacks targeted to them.  Every new smartphone, tablet or other mobile device provides another opportunity for a potential cyber attack.  Risks include access to corporate email and files, as well as the ability for the mobile device apps to download malware, such as keyloggers or programs that eavesdrop on phone calls and text messages.

New capabilities, such as near field communication (NFC), will be on the rise in 2013 and will increase the opportunities for cyber criminals to exploit weaknesses.  NFC allows smartphones to communicate with each other by simply touching another smartphone, or being in close proximity to another smartphone with NFC capabilities or an NFC device.  This technology is being used for credit card purchases and advertisements in airports and magazines, and will most likely be incorporated into other uses in 2013.  Risks with using NFC include eavesdropping—through which the cyber criminal can intercept data transmission, such as credit card numbers—and transferring viruses or other malware from one NFC-enabled device to another.

Ransomware

Ransomware is a type of malware that is used for extortion.  The attacker distributes malware that will take over a system by encrypting the contents or locking the system; the attacker then demands money from the victim in exchange for releasing the data and/or unlocking the system.  Once payment is delivered, the attacker may or may not provide the data or access to the system.  Even if access is restored, the integrity of the data is still in question.  This type of malware and delivery mechanism will become more sophisticated in 2013.

Social Media

Use of social media sites has grown beyond just sharing personal information, such as vacation photos and messaging.  These sites are being used increasingly for advertising, purchasing and gaming.  For 2013, attackers will look to exploit this volume and variety of data being shared to credentials or other personally identifiable information (PII), such as Social Security numbers.

Hactivism

Attacks carried out as cyber protests for politically or socially motivated purposes, or “just because they can” have increased, and are expected to continue in 2013.  Common strategies used by hactivist groups include denial-of-service attacks and Web-based attacks, such as SQL injections.  Once a system is compromised, the attacker will harvest data, such as user credentials, to gain access to additional data, emails, credentials, credit card data and other sensitive information.

Advanced Persistent Threat

Advanced persistent threat (APT) refers to a long-term pattern of targeted hacking attacks using subversive and stealthy means to gain continual, persistent exfiltration of data.  The entry point for these types of espionage activities is often the unsuspecting end user or weak perimeter security.  Whether focused on exploiting vulnerable networks or unsuspecting end users, APT will remain a consistent threat to networks in 2013.

Spear Phishing Attacks

Spear phishing is a deceptive communication, such as email, text or tweet, targeting a specific individual, seeking to obtain unauthorized access to personal or sensitive data.  Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators seeking financial gain, trade secrets or sensitive information.  Spear phishing is often the nexus to cyber espionage/APT and will continue to increase this year.

What Can You Do?

By using sound cyber security practices, users and organizations can strengthen readiness and response to help defend against the myriad of challenges and mitigate potential impacts of incidents:

  •  Enable encryption and password features on your smartphones and other mobile devices.
  • Use strong passwords that combine upper and lower case letters, numbers, and special characters, and do not share them with anyone.  Use a separate password for every account.  In particular, do not use the same password for your work account on any other system.
  • Disable wireless, Bluetooth and NFC when not in use.
  • Properly configure and patch operating systems, browsers and other software programs.  This should be done not only on workstations and servers, but mobile devices as well.
  • Use and regularly update firewalls, anti-virus and anti-spyware programs.
  • Be cautious regarding all communications; think before you click.  Use common sense when communicating with users you do and do NOT know.  Do not open email or related attachments from untrusted sources.
  • Don’t reveal too much information about yourself online.  Depending on the information you reveal, you could become the target of identity or property theft.
  • Be careful with whom you communicate or provide information on social media sites.  Those ‘friends’ or games might be looking to steal your information.
  • Protect your access credentials – never share or tell others your credentials (user name, password).
  • If you have a device that is used for work purposes, do not share that device with friends or family.


 

To Click or Not to ClickWhile I know the internet is something that was a ‘life changer’ for all of us, one of the largest problems with the internet is not something we can totally solve with programs and access levels. One of the big things that we need to understand better – and provide more control over – is human. To be more clear (even though I have written about this before) – we need to change our behavior.

I’m going to let you know that I agree with our current Secretary of Homeland Security (Janet Napolitano) to a certain extent (more than likely on this one issue, but … who knows). Please note, I in no way want to legislate the internet or how people use it (that is a huge difference between Ms. Napolitano / current administration positions with various legislative attempts to do just that). However, she did let something out of the bag with the quote in this story – “Every individual on the net is vulner – is a potential, uh, opening.”

Our behavior is a key element in our experiences. Too often I get machines to fix with badware on it. Why is it there? Because of choices the owners or users of the machines made. Some have no virus protection (and even Mac users need that, contrary to their popular misconceptions). Some have no other protections installed against adware, malware, rootkits, you name it. But the common denominator – in my experience – is someone clicked on something, then things quickly spiraled downhill.

You don’t have to be surfing bad sites to have the opportunity to catch bad things. It could be something that seems as innocent as most anything (like an email from your mom). That email may be spoofed and the link you are clicking on could be just what a cybercrook needs to have a file installed in your computer so they can do many less than noble things with that equipment. It could be looking at a picture you have been tagged in on Facebook, and once you click on that image things start to go downhill.

The point of this post? We need to understand that there is opportunity to have bad things happen just because we are on the internet. Because we will get on the internet, it would be beneficial for all of us to have a stance of health skepticism. Just because something looks like a duck and quacks like a duck, on the internet is still may not be the duck you think it is! Protect yourself and your information by being less trusting than you would be if you were interfacing with someone face to face. It is just too easy to pretend to be someone else and send a spoofed tweet with a link asking to (no, really compelling you, for no good reason many times…) to click on it. A link in an email that promises you a happy or funny story, a video you just have to see, or a chance to get something for nothing. An too often we click on it and pay the price.

The day I wrote this article, I received a call from a customer.  They had also received a call – ostensibly letting them know they had infected computers and this individual could assist them right then by removing the infections.  They wanted to log in – through their network (over the web) and assist.  I’m thankful for their healthy dose of skepticism (and the phone call to me).  This was just another attempt at social engineering – leveraging most folks need to help others.  Imagine the damage that could have been leveled at this set of computers (about a dozen for a local business).  They just said no – excellent!

Since 2013 is still young, take a look at how you are interfacing with strangers and strange sites on the web. Are you enabling all those games and apps that communicate with information on your computer / smartphone so your contact list can be ransacked for data? Are you entering contests with lots of required information? Are you laissez faire about the links you click on? Why not make some good changes today – be skeptical! Thanks for reading.


 

Multi-Touch Family Size TabletTook a bit of time off from posting on the blog for the month of December – time well spent with my family and friends. Of course, it seems I never get away from technology, and technology never waits for my approval to move forward.

Take tablets as a recent entry in the market. These are coming up in many shapes and sizes. I’ve written before that our family has multiple ereaders and tablets, from the Nook 1st Edition, the Kindle (they call their 1st edition the Kindle Keyboard), the Kindle Fire, a Dell Streak, and a Samsung Galaxy Tab 2. Depending on the application, we love them all – and each has strengths and weaknesses.

But what if you wanted a tablet for the family? Like, to use all at the same time? Gives new meaning to ‘family night’ doesn’t it… well even that is being developed – see Lenovo to release giant 27-inch tablet PC; stands up as a regular PC, lies flat as tablet. Reading the article you will find that this is not the first attempt at filling this market space (Microsoft did this way back in 2008), but with tablets being adopted by the public and business, the chance for having an actual market space that makes money is now ripe for manufacturers.

Over the Christmas time I was able to fit in a technology upgrade for a family business that I have worked with for a number of years. It was time to do an almost wholesale upgrade of computers. They went from a couple of Windows 2000 machines to a Windows 7 and a Windows 8 set of computers. With this, they also are starting to use a tablet on job sites with a Verizon hotspot to connect it (and any other devices they add in the future) to the web.

Why do I bring this up? There comes a time we must move forward with our hardware and software. Either the software we depend on becomes obsolete (or no longer is supported) and upgrades require new specifications that our old goodies just can’t match up to, or it becomes more cost effective to replace hardware that has exceeded its life expectancy.

Software and hardware does not wait around for your approval or mine. Things move forward. Some are quickly adopted, others take years to mature and gain acceptance in the real world. Currently Windows 8 is what Microsoft sells and vendors include on all new Windows based computers. It is a change from the Windows 2000 / Windows XP / Windows Vista / Windows 7 world that is not a bad change – it is just a change that enables them to power computers / tablets / phones with a unified look and feel. It was not totally alien to me, but things are in different places and other things are accessed a different way.

It was interesting to see the business owners take to the tablet. That is even more shocking of a change as you use gestures and different ways to navigate, install and run software and apps. Currently it is a nifty new toy to them, I can see this becoming an integral part of their work space and a valuable tool for decision making in their business.

Moral of this post? Keep an eye out for what is taking place with new devices in the world. There will come a time that you need to move forward to better enable the work / things you do via technology that is constantly moving forward. Examine your need(s) and make the switch when you see the benefit! Technology should make what we do quicker, easier, better – not hold us back from doing the things that are really important (like spending time with our families). Have a great New Year!