Weekly Security Roundup #52: Cautionary Tales
Wise men learn from the mistakes that others make
It seems like we can’t have enough cautionary tales to help Internet users grasp the importance of being safe online.
People don’t react to motivation by fear anymore simply because they’ve heard it too many times. It’s the same with big data breach announcements too! They simply turn a blind eye and go about their business. If it doesn’t hurt them, it’s not necessarily relevant.
That’s why we need more real life examples of how cyber crime impacts the world and every one of us.
For example, here’s how cyber criminals infiltrated search results in Google to list malware infected websites. One click on a seemingly legitimate website (in spite of their strange name), and boom!, your system gets infected.
Another example is the way attackers leverage spam emails to spread malware. We analyzed their motives and methods and uncovered why this attack vector still work, even though spam has been around for ages.
It can really happen to the best of us, because malware creators got really good at disguising their intentions. Moreover, there are still plenty of vulnerable users who don’t even imagine the consequences of opening a spam email and clicking a link or downloading an attachment.
So don’t disregard the resources you can use to learn how keep your system safe. You may believe that you have your basics covered, but, as it turns out, few of us really do.
We’re sometimes surprised as well, especially when coming across a particularly surprising attack method. And the weekly security roundup doesn’t lack mind-boggling examples. Let’s see what they are:
Security articles of the week
I’ll admit it: this story made me shudder. It’s downright scary to see what lengths malicious actors can go to in order to carry on their evil objectives. And it’s not just about online impact, but about offline consequences as well.
Read and decide for yourself if you could do better to protect your family and private information.
UK TalkTalk users may have been compromised in a recent cyber attack on the company, which is among UK’s largest broadband and phone providers. Details such as names, addresses, dates of birth, email addresses, telephone numbers, TalkTalk account information and credit card or bank details may have fallen into the wrong hands and could be used against the victims in future cyber attacks. The story is still developing.
Cyber criminals buy stolen data all the time on the dark web to fuel their malware campaigns, but I bet you never imagined how cheap it can be. McAfee Labs recently published a report showing the prices for various types of data, from credit cards to stolen identities.
For as little as $5, you can buy a US software-generated payment card for almost untraceable purchases.
Remember all those warnings about the lack of proper security measures for the Internet of Things devices? Here’s what will happen in the near future: IoT gadgets will not only be compromised, but will also be used as attack vectors for spread malicious code. This is not the future we’re talking about, it’s the present.
Speaking of creative ways to disguise an infection, here’s a malware strain who is bold enough to completely uninstall your Chrome browser and replace it with an emulated version. Of course, that’s the start of a nasty malware infection. If you find something suspicious about your browser, run an anti-malware scan immediately.
6. The CIA Director was hacked and his data exposed on Wikileaks
A high school student has breached the personal email account that belongs to CIA’s Director, John Brennan, and stole sensitive data. He also told Wired how he did it and now the stolen data was published on Wikileaks.
This interview and story reveal how cyber criminals can use instant messaging apps to deliver spam and carry on complex scams, like the one targeting stock market investors. While looking for the easiest way to achieve their objectives, Internet users may easily fall prey to well executed scams. Make sure you know enough so as not to fall for one yourself.
Maintaining a humble attitude towards knowledge of all kind is a general good strategy to follow in life. And it’s true for cyber security as well! It turns out that tech-savvy users are the most prone to overestimating their preparedness in terms of online defenses.
Maybe it’s something to consider while evaluating your corporate risks or something to ponder on for your personal online safety.
But the good news is that Internet users are starting to adopt personal security measures on a larger scale!
The high amount of data about cyber crime has divulged its malicious patterns, and knowing them mean you can become able to spot a problem before it escalated into a cyber attack. It’s bad enough that 12 malware strains are discovered every minute – you shouldn’t be idle in the face of uncertainty.
10. Car hacking – a heated debate
While peeking under the hood of a connected car, hackers have managed to silently disable the airbags on a a Volkswagen (they just can’t catch a break). This is a subject that’s brought about a heated debate which is not likely to fall out of the audience’s attention, so we’ll keep an eye on it for you.
The ability to learn and adapt will take you far not only in your career, but also in your efforts to protect what you’ve built (on a personal and professional level). Think about this when you choose your next password, when you share your email address or when you buy online next time. Each step you take, cyber criminals will be watching.