Weekly Security Roundup #62: Let These True Stories Inspire You to Act
Before it’s too late (we might add)
The first month of January already flew by, and security vendors shared plenty of statistics to helps CISOs and users everywhere be safer online (and offline).
We analyzed the exploit kits-as-a-service trend to identify why this is happening and how end users are affected. There are some revealing aspects in there that you may find interesting. Cyber crime operates more like an usual business than you’d be inclined to think.
Cristina also touched upon the important of using 2-factor authentication and put together a great guide that literally anyone can use.
Also, we’ve published details about a very recent CryptoWall 4.0 campaign targeting businesses in Europe, which, considering the timeline, can bring us closer to the advent of CryptoWall 5.0.
And there’s a lot more going on in the security field, as well as in the tech field in general that affects every Internet user out there. The Weekly Security Roundup is here! Read on:
Security articles of the week
This is a true story that shows how cyber criminals can manipulate those around them to get what they want. Upon reading this, you’ll think: “but how can this happen?” The reality is that it can happen and it will probably happen again, no matter how well trained support staff is.
When it comes to online security, there are some aspects you simply can’t control. That’s why it’s so important to train yourself to know how to react in situations like these and be ready to mitigate the risks.
An issue that’s often disregarded in companies of all sizes is patching. Everyone knows that keeping software up to date is important, but not many regard this practice as a preventive security measure, when, in fact, it definitely is. Patching can help prevent 85% of targeted attacks, according to US-CERT, so it’s a pity that more companies don’t choose automated solutions for this process.
You may have heard about DDoS attacks more often in the past few months, but maybe you have no idea what they are or how they work. This infographic will help you understand the mechanics of the attack and this article will help you find out why they happen. Spoiler alert: it’s almost always about the money. Proof: HSBC bank had just fallen victim to such an attack.
Not only are ransomware attacks more frequent, but the cyber criminals behind them are also looking to make more money, faster. Private and public institutions are targeted constantly. But they’re not the only ones to get hurt:
The 7ev3n ransomware has gone a different direction. So far only one victim has been seen and the demand is a payoff of 13 Bitcoin, or about $5,000.
If you’ve never done it, a data backup is in order.
We always advise that users check if a website begins with “https” when browsing and especially when purchasing things online. Google is stepping in to help warn users about unencrypted websites, so they’ll know not to enter any sensitive data.
If a website doesn’t use a security certificate, attackers can sniff and collect the data you’re transmitting over the website, which can then lead to compromise.
Facebook scams are quite common, but this one goes straight for your payment card details. You should be very wary of such scams, because they come up quite often and some can be very convincing. Train yourself to detect them and warn others who may not have your abilities and knowledge.
Especially if you’re sharing passwords from your workplace! A whopping 37% are likely to share work passwords with family and friends, which is a serious security risk considering that 1/3 of employees log into work accounts from personal devices. And this last statistic is likely to increase.
So having strong passwords won’t count for much if the intended recipient can’t keep them to himself/herself.
Windows-based computers are the prime market for cyber attacks and it’s no secret. That’s why this study sheds a light on how attackers pick vulnerabilities and how they infiltrate Windows PCs to infect them with malicious code. For example, drive-by attacks were the main attack vector against Internet Explorer, while backdoors were also employed to gain control of systems.
The statistic basically speaks for itself, but you’ll really get a sense of its magnitude when you’ll find out that an astounding 230,000 new malware samples are released every single day!
Trojans continued to account for the main bulk of malware, at 51.45 percent, followed by viruses at 22.79 percent, worms at 13.22 percent, potentially unwanted programs such as adware at 10.71 percent and cases of spyware at 1.83 percent.
New attacks aiming to spread the notorious financial malware are underway. Companies and individual users alike should do their best to protect their financial assets the best they can.
If you feel freaked out reading this, know you’re not the only one. Technology and, consequently, security become more complex by the day – fact. Another fact is that you can filter information, act on the one that you find relevant and useful, and deal with this complexity the right way. If you keep your digital inventory in order, you’ll be able to handle it and protect it much more effectively.