The latest news from the world of cyber skulduggery from LinkedIn passwords for sale, the re-emergence of ATM malware, fears in the US about banking and shopping online and even real live pirates swinging from the rigging to descend on precious cargo identified by hacking a shipping company’s systems. You can also learn how to simply set a password that takes hundreds of years to crack. There’s a bit more too.
Smartphones set to become main targets for hackers
Smartphones are set to become the number one target for cyber criminals within five years, says Sky News in a recent story.
The claim comes from two sources; the police who say they have registered an uptick in fraud that has been carried out via smartphones and cyber-security company F5 Networks which has been monitoring the targeting of mobile devices by hackers.
It’s a credible claim and one that isn’t too surprising. The Sky story quotes City of London Police Commander Chris Greany, who heads up cyber protection, as saying; “People who carry a mobile phone are actually carrying a mobile computer.”
This may be obvious to some and not so obvious to others, but the fact is that smartphones are powerful pocket computers that pack far more computing punch than what was used to launch an Apollo mission into outer space.
Within the hacking realms it’s a logical step to target these devices because so many everyday tasks are now carried out on smartphones, whether it’s online banking or a sales person accessing a customer database, and of course online shopping.
With this in mind and the fact that there are something like 2 billion smartphones in use around the world, they inevitably present a juicy target for cyber villains.
The Sky story illustrates this by turning to F5 Networks which in turn cites an advert on a website. The advert carries a hidden key stroke logger and when clicked the logger begins its dastardly work by recording every key stroke, even when a user accesses their bank account.
A key stroke logger is a standard piece of malware that is usually aimed at desktop computers but the fact that it is now targeting smartphone operating systems, to put it bluntly, was only a question of time.
Malware aimed at smartphones including infected apps in Android stores, and malware aimed specifically at Apple devices, has steadily been increasing and it’s only going to become even more commonplace.
That’s why if your smartphone runs Android you should at least consider mobile specific protection such as BullGuard Mobile Security. This powerful protection is designed to identify and stop mobile malware such as that cited by F5 Networks and what’s more it will be available soon as free download.
You can’t say better than that.
The US is scared – but fear not
Well not the entire nation, but an interesting US survey indicates that a 29 percent of households have not carried out financial transactions online and 26 percent have not shopped online because of fears around privacy and security.
The survey is based on a US 2015 census of 41,000 internet connected homes, which is large population sample, and based on data from the National Telecommunications and Information Administration.
It’s a lot of people, just short of one in three. The survey also revealed that 19 million households had been affected by some type of online security breach in the past year.
Sixty-three percent of homes expressed concerns about identity theft, followed by 45 percent who expressed concern about banking fraud.
It would be interesting to note what drives these concerns beyond those who have already suffered a breach. The survey hints at some potential answers with between 18 percent and 23 percent of people highlighting concerns about data collection by online companies, loss of personal control over personal data and data collection by the government.
Since the Edward Snowden revelations about the extent of US government snooping there has been a gathering citizen movement against privacy intrusion and this to some extent legitimately informs resistance about carrying out online financial fraud.
But that said identity fraud in the US is a crime wave in its own rights which surely influences perceptions. Though a little old, an identity fraud study in 2105 claimed that $16 billion was stolen from 12.7 million U.S. consumers in 2014.
This compared with $18 billion and 13.1 million victims a year earlier. Strikingly there was a new identity fraud victim every two seconds in 2014.
BullGuard provides a couple of products that precisely protect against identity theft and allay understandable concerns about data theft: BullGuard Premium Protection and BullGuard Identity Protection.
Both products offer different features around the core identity protection which is pretty much a powerful and unrivalled tool.
You input all the personal details you want to protect whether this is credit and debit card numbers, usernames, email and postal addresses, phone numbers, and more.
Using a specially developed algorithm BullGuard then scours the web 24/7 for your information. If it should appear somewhere, for instance perhaps your email address and password are plundered in a hack and put up for sale online, you receive immediate notification via email and SMS as well as advice on what to do next. This also applies to card and banking information.
It’s certainly a great way of allowing you to breathe when shopping and banking online because if fraudsters and cyber miscreants do get hold of your data you get a heads up and can act before any damage is done.
Given that a wide range of organisations from government to retail, banks to healthcare and beyond seem prone to hacking and could be holding your data, BullGuard identity protection is a great way to protect yourself.
Pirates plunder the cyber seas
Everybody loves pirates and tale of yore. There’s an interesting history for those with the inclination but if you thought pirates were a thing of the past, think again.
Of course, we’re familiar with pirates casting off from the Somalian coast line and possibly the seizure of the Ukrainian vessel ‘Faina”’ with its cargo of tanks, guns, explosives and ammunition. But there’s a thriving piracy trade in South East Asia too.
And now pirates have segued into the cyber world as well. Security experts at Verizon found that pirates had been hacking into a shipping company’s management system and inserting code into the system so that they could extract data about future shipments and routes.
This allowed the pirates to track the vessels that were carrying the most valuable cargo and where to take it from. The shipping company said that the pirates had known where the most valuable items were on several occasions over the course of months.
Unfortunately for the pirates, their commands to the database were sent in plain text instead of being encrypted, enabling their patterns to be found out and for the security team to identify and disable the breach.
The business of cyber-crime – it’s a market driven economy
Those of you familiar with HP may be aware of its relatively recent board room dramas that read like a soap opera with members spying, bad mouthing and essentially undermining each other along with claims of suspect accounting.
Well a bit closer to the ground the company is still doing its thing despite predictions of its demise and a recent Hewlett Packard Enterprise’s (HPE) study offers a detailed look into the inner workings of cybercriminal organisations, business functions, motivations and so on.
The study ‘The Business of Hacking,’ examines the underground cybercrime economy and concludes that hacking groups operate like legitimate technology enterprises, and attackers have become almost corporate in their behaviour.
HP describes its report as a SWOT analysis of hacking that uncovers strengths and weaknesses which businesses can use to disrupt hackers and their business. It points out that cybercrime organizations have markets and supply chains, they consider ‘employee’ expertise when preparing for a major endeavour and they also consider margins when selling their information.
In terms of the way the cyber crooks make money their money HPE identifies ten major hacking approaches. It’s interesting to note that ad fraud has usurped credit card as the most popular attack methods.
That said, ad fraud, or setting up ads to drive fake website traffic, is one of the easiest forms of cybercrime and it has the highest pay out potential. Extortion and IP theft are at the bottom of the list and while they are equally profitable as ad fraud they are difficult to execute.
- Ad fraud
- Credit card fraud
- Payment system fraud/Bitcoin mining
- Bank fraud
- Medical records fraud
- Identity theft
- Credential harvesting
- Bug bounty
- IP theft
117 million LinkedIn email addresses and passwords for sale
In 2012 LinkedIn reset users’ passwords after hackers broke into the network, stole a database of password hashes, and posted some 6.5 million account credentials on a Russian password forum.
LinkedIn admitted that its poor password protection made it easy for fraudsters to crack the passwords.
As reported by Motherboard almost four years later a hacker is offering for sale the database of 167 million accounts, including the emails and passwords of 117 million users, some of which have apparently been cracked.
If you use LinkedIn it’s clearly time to change your password.
Set a password that will take centuries to crack
Hackers generally use brute force tools that are often free to crack passwords. There is a science and logic to this approach. If you set an eight character password consisting of upper and lower case letters, symbols and numbers it would take a typical brute force tool over two centuries to crack.
If you really want to go for it try a password with ten mixed upper and lower case letters, symbols and numbers:
One of these would take about 1,800 years to crack using a free brute force password cracking tool.
ATM malware resurfaces
A trojan that allows hackers to make cash withdrawals from ATMs using ‘magic’ cards has been detected according to PC World.
The Trojan can also skim card data from users without the need for external hardware.
Apparently it is based on Skimer malware which was doing the rounds over five years ago.
Put simply it allows cyber-criminals to make cash withdrawals from ATM machines.
The malware was first discovered in 2009, but has now made a comeback as hackers have updated and used the code in live attacks as late as this month.
Banks and financial organisations have been notified that Skimer is out there.
Hopefully they are battening down the hatches with antivirus scans, using whitelisting technologies and isolating the ATM network from internal bank networks among the many steps they can take to protect against Skimer.