Cyber-Threat Trends of 2013
Welcome to another day in my life. Today is Tuesday and I hope you are having a beary safe and great week so far. It is another busy week for Dab the AIDS Bear and me.
With 2013 upon us, scammers are busy thinking up new ways to bilk us in the coming 12 months. They'll use increasingly sophisticated methods, experts predict, and update some old ones to try to take control of our computers and cellphones to get our identities and money.
One thing that won't change is that you can stay safe by showing basic vigilance: Keep your security software updated and run it regularly. Click only on links from trusted sources; the same goes for buying cellphone apps. Be smart about where and how you navigate in cyberspace.
Five areas where scammers are likely to expend extra energy:
Ransomware. It begins when you open a malicious attachment, click on a link in a scammer's email or instant message, or visit scammer websites that promise such things as enticing videos or free prizes. Ransomware locks your computer, usually displaying a screen message that appears to be from a law enforcement agency. Pay us, you're told, and you'll get back control of your computer.
Once considered a niche scam, ransomware attacks exploded in 2012, hitting some 70,000 computers per month. About 3 percent of victims pay the ransom fee — thanks, in part, to cyber-criminals increasingly using online payment methods to collect, says cyber-security firm Symantec, which recently published a detailed report on this ruse. "In 2013, attackers will use more professional ransom screens, up the emotional stakes to motivate their victims, and use methods that make it harder to recover once compromised," predicts Symantec's Kevin Haley.
Cloud-based botnets. For years, spammers have been distributing about 150 billion junk email messages per day with the covert help of the computers of everyday users — maybe even yours. To entice folks to watch videos on social networking websites, open email greeting cards and the like, spammers infect random computers with botnet malware that makes the machines secretly send out spam.
Run into a scam not mentioned here? Have additional tips other readers could use? Speak out on our Scams & Fraud message board.
In 2013, predict Georgia Tech researchers, scammers will also turn their botnet schemes to what's known as "the cloud," the global network of Internet-connected computers that store huge amounts of data, shuttle it around and offer data services. If you share your family photos online, for instance, you're using the cloud. As more and more companies put customer data and computing power on the cloud, there's an ever-growing collection of prized targets. "One possible example is for attackers to use stolen credit card information to purchase cloud computing resources and create dangerous clusters of temporary virtual attack systems," say Georgia Tech researchers.
Madware. Short for "mobile adware," you may know them as pop-up ads or texts on your cellphone. At best, they're irritating; at worst, they give scammers sensitive data such as your location and stored contacts. After seeing the most aggressive forms increase by 210 percent since mid-2012, Symantec expects more madware problems as companies try to make money off free mobile apps by selling collected info to advertisers.
Social network payment sources. Social networks are offering more pay services, such as opportunities to send gifts or promote status updates. So expect cyber-crooks to follow that money trail.
"Symantec anticipates an increase in malware attacks that steal payment credentials in social networks and trick users into providing payment details and other personal and potentially valuable information," notes Haley.
Search history poisoning. First, malware-spreading scammers created their own fly-by-night websites. Next, they upped the ante — and believability — with "search engine poisoning" — manipulating search engines such as Bing, Google and Yahoo to display search results that lead you to dangerous destinations. And while these efforts will continue, the latest threat is "search history poisoning." This involves exploiting the record that's kept of websites that you've visited. When stored as part of an online profile, a search history lets hackers extend their scamming potential.
"If you compromise a computer, the victim can always switch to a clean machine and your attack is over," notes Georgia Tech's Wenke Lee. "If you compromise a user's search history and hence his online profile, the victim gets the malicious search results no matter where he logs in from." You can help foil this one by clearing your browser's search history frequently, or turning it off altogether.
Hope you have a beary safe and great Tuesday!
Until we meet again; here's wishing you health, hope, happiness and just enough.
big bear hug,