Weekly Security Roundup #36: Never Let Your Guard Down
We all need to stop feeding the malware economy.
It turns out, it’s not just cyber criminals that are spreading their tentacles and doing all sorts of damage. It’s us as well.
We often leave our software unpatched, we sometimes ignore security alerts, and we’d rather spend time reading some celebrity gossip than applying some security advice. It’s human nature and there’s nothing wrong with it.
But we can’t expect to have privacy and data security if we don’t act in that direction.
That’s why we recommend the Weekly Security Roundup, a summary of information security news that are worth reading through.
Security articles of the week
1. Adobe Flash can’t shake off Zero Day vulnerabilities
It’s only been 3 days since Adobe release an emergency patch for Flash, but the media is still roaring about it. Since the beginning of 2015, Flash has had 95 vulnerabilities. Adobe, we really hope you’re looking into that.
2. Cyscon launches PhishKiller [update: July 25, 2016: the project is no longer active] – anti-phishing initiative
Our friends from Cyscon announced earlier this week that they’re launching an anti-Phishing initiative in collaboration with Opera Software.
Via PhishKiller, private users are also invited to report malicious pages and to download other tools that will keep them safe online.
We’re delighted to be part of this initiative and recommend you read about and reap its benefits!
3. Facebook emphasizes data security with new collaboration
Facebook may not be great at privacy, but it’s trying to get better at information security.
The biggest social network in the world announced yesterday that it’s been working with Kaspersky Lab, ESET, F-Secure and Trend Micro to implement a new security tool to help detect and remove malicious software for its 1 billion+ users.
4. Cybercrime and take-downs – the palpable reality
Cybercrime is really not what it used to be. If you’re expecting a hopeful statement to follow, this is not it.
A recent article on CSO Online emphasizes the continuous development of cyber crime rings, coupled with the evolution in scope and methods.
Most experts agree that it is a bigger player than it used to be – that the trend in cybercrime is that it is increasingly more organized, in many cases operating much like legitimate businesses, complete with organizational charts, C-level executives and even human resources departments.
But the good guys are not giving up either. The latest famous cyber criminal to go to jail is Alex Yucel from Sweden, the creator of Blackshades, a remote access tool that was widely employed by cyber criminals to steal data from a half-million computers, causing hundreds of thousands of dollars in damage.
Another interesting read on the subject is the challenge of protecting innocents during a cyber criminal take-down.
5. The financial sector is still the Holy Grail for cyber criminals
You’d think that banks are an outdated target for cyber attacks by now, but not at all!
The top three malware threats that financial institutions faced during the first five months of the year were Rerdom, Vawtrack, and Geodo.
Moreover, the financial sectors get targeted with 4 times more cyber attacks than any other industry.
Here are some examples:
this week, the Magento e-commerce platform was targeted by credit card scrapers
infections with Dyreza malware are still a very severe threat
and there are at least other 10 types of malware than can empty your bank account.
But there are also solutions to keeping your data and money protected.
The latest forms of ransomware pose an especially big challenge to traditional cyber security products, such as antivirus: they’re very difficult to detect.
Ransomware creators make their malware remain dormant or they constantly morph it so it can go undetected about its business.
And the costs are worrisome:
Between April 2014 and June 2015, the CryptoWall ransomware cost Americans over $18 million, according to the FBI’s Internet Crime Complaint Center (IC3).
And most of that money goes to cyber criminals, which get a huge return on investment:
While costly for victims, ransomware is easy money for criminals. TrustWave researchers estimate that ransomware operators can earn a 1,425 percent return on investment from their activities, even if they only charge a $300 ransom and only 0.5 percent of their victims pay it.
Thankfully, there’s something you can do about keeping safe from these types of attacks.
7. Travelers beware! One click and your vacation can be ruined
I bet you’re excited for your travel plans this summer! But don’t get carried away, because you might just fall for an online scam.
A phishing campaign targeting Expedia customers and another one aimed at Hotel.com users are warning enough to get you to really protect your data before, while and after traveling to foreign destinations.
Our 16-step guide might be just what you need.
8. Hacking planes – a new factor to cause fear of flying?
I’m afraid it will be hard to argue against my friends who are afraid of flying after this one:
Today afternoon LOT encountered IT attack, that affected our ground operation systems. As a result we’re not able to create flight plans and outbound flights from Warsaw are not able to depart. We’d like to underline, that it has no influence on plane systems. Aircrafts, that are already airborne will continue their flights. Planes with flight plans already filed will return to Warsaw normally.
This type of attack is rather new and worrisome to say the least. And lately there have been one too many incidents involving airlines, so we can’t help but wonder when a more serious discussion on cyber security matters will being in the airline industry.
9. Learning about the First Crypto War to prepare for the second
Bruce Schneier wrote an interesting post this week, sending a reminder about the First Crypto War between governments.
As we’re all gearing up to fight the Second Crypto War over governments’ demands to be able to back-door any cryptographic system, it pays for us to remember the history of the First Crypto War. The Open Technology Institute has written the story of those years in the mid-1990s.
After all, “those who cannot remember the past are condemned to repeat it”, as George Santayana put it.
10. Who’s standing between you and your system update?
Samsung this week acknowledged that it has switched the settings on some of its PCs to disable automatic Windows software updates.
Why? Because it messed up with their drivers, which wouldn’t work as well.
That’s not only a poor strategy, but also can become a security problem. We strongly encourage you to keep your software update at all times, so, if you own a Samsung laptop, make sure you install all the Windows updates necessary!
Thrilling, scary, challenging, fascinating – whatever you want to call it, the cyber security industry is becoming an ever more important part of our lives.
It sometimes may be too complex to understand if you don’t work in the field, but it’s going to become a subject you need to become a literate in.
If you want a head start, the Cyber Security for Beginners course we put together is free and open for applications!