Welcome to 2013: A New Wave of Security Threats
With 2012 having come to a close and the world still spinning on its axis, 2013 has finally come upon us. And with it, a slew of new ways for hackers to insert malicious content onto not just your personal computer, but your surveillance cameras, tablet, smartphone, and other devices in unique new ways.
The absolute best way to fight a threat is to stay informed of it at all times and know what to look for so that the correct precautionary steps can be taken in time. As always, we wish the best to those foraying into the digital age of computers.
Hastened malware expansion
For 2013, it has been predicted that malicious malware will expand at an alarming rate.
2013 will bring additional malware exploitation, viral infection, distribution and monetary gains with the industrialization and further sophisticated development of malware attacks. This improvement will be in addition to the continuing launch of current malware technology. As we move forward in conquering new malware threats, we will not have the comfort of becoming letting our guards down or becoming oblivious to these viral attacks; i.e. a greater utilization of infected websites for ‘drive by infections’ does not insinuate that we can cease defense against the ‘auto infections’ with removable media.
Research has indicated that 2013 will see an increase in targeted attacks that will include stealing trading secrets that can be used by the cybercriminals to generate a competitive market for services and products.
Making it ‘to- the-market’ could potentially be achieved for a lessor price and be completed faster, if companies didn’t have to allot monies for testing products, surveying services or researching data.
Cheating ant taking the low road can be quite appealing when companies compare what their competitors are trying to achieve. Example: It the competition is spending $2.5 million dollars completing research on advertising, versus getting the ideas from the competitor for $1 million dollars, and the time of research is cut in half, many of us would consider being deceitful so we could get ‘to-market’ not only faster, but much cheaper.
How can we be assured that we can remain protected from those who choose to cheat?
It has been recommended that that you keep your guard on defense. Put couples of layers of security over your digital data. If you only allow one level of security, cybercriminals will have the advantage of hacking into your information causing problems. Private networks are encouraged to be used so that you can store and lock your information not making the internet accessible externally.
Before you take the steps of locking this information, you must first take into account not only the risk, but the mitigation of risk if you data is ever compromised or stolen. During this research, you must also review your financial status and make sure that if your information is stolen; you know the repercussions and analyze your next steps until the situation has been resolved.
Lack of security patches
You very likely heard of a Java issue late last year that kept the internet in a frenzy for some time. Java, a downloaded application which can run many different sites and other applications used from day to day by ordinary computer users, was exploited via a hack encouraged by the lack of a strong patch.
Hackers are always looking for ways to nose themselves into your computer’s system. Notice that, to gain access, the hackers did not need to hack any single computer. They simply exploited a security flaw in Java itself, which granted them access to anyone’s system that was running it at the time. It is always advised that you either keep your programs as up-to-date as possible (easily done by allowing them to update automatically every time a patch is rolled out) or by protecting yourself by simply not using them at all, or at least cutting down on the number of applications using them. This leaves fewer opportunities for hackers to access your system. Don’t expect hackers to stop now that they’ve started.
Most computer owners are running on the Windows operating system, and most would not know how to switch from it. Many may not know that they even have the option. It is becoming a trend for users to switch to Linux, Ubuntu or other alternative operating systems for several different reasons. One key reason for the switch, however, is the lack of viruses. Viruses are programmed to affect certain operating systems and, because most run on Windows, it only makes sense that a good majority of malicious viruses only affect those using windows.
Last year, however, the Linux/Hydra B code was released. The scary thing about this was that it could affect things normally not bothered by viruses such as surveillance cameras, smart phones, and tablets. Anywhere between 11,000 and 18,000 people were affected by this. To prove that they were not done harassing Linux users, hackers then released Linux/Chapro A through Apache, an open HTTP source. How exactly this code was released into the servers is unknown – the simple fact that hackers were able to access it is bad enough. Now that Linux systems are being affected and more Android viruses have been spotted, as well as Java exploits, it would be unwise to keep these systems unprotected. Compromising any of them could lead to the direct abuse of personal information. If you’ve ever typed your credit card number or any sort of password into your smartphone or tablet, you could easily be at risk in 2013.
The issue with SCADA and other infrastructures
It’s no secret that the digital attack on infrastructure is very much alive. The United States employed technical espionage using cyber-attacks during the war on terror (a worm called Stuxnet is believed to have spearheaded the attacks), and it has been all but confirmed that China has been doing the same to us recently. As of this writing, Apple is one of the latest victims to have lost millions of dollars due to attacks that were traced directly back to China.
SCADA is an infrastructure that can more or less be defined as a security check that ensures the safety of physical, real world items. For instance, a dam’s security system might be run and checked by SCADA. Were it to be hacked, the results could be catastrophic. With the cyber war with China picking up and hacker groups like Anonymous being able to bring down the Department of Justice website, it wouldn’t be beyond the realm of imagination to say that hackers could soon begin targeting infrastructures important to the stability of large networks or critical systems.
With things like cloud storage becoming more popular, the best thing that could be done would be to save physical copies of everything you own and limit online communication – this means pulling your computer from the internet when you don’t need to use it.
Windows 8 vulnerability
With Windows 8 having launched recently and presenting users with a new graphical interface, there comes one large problem: the lack of familiarity with the system’s inner workings and its graphical interface. How are new users supposed to know what messages are legitimate messages from Microsoft when browsing its store? Unfortunately the gold mine that is Windows 8 coding is still being mined by programmers and hackers alike, so it’s impossible to get a good grasp on what users should look for.
This makes maintaining security an issue for the operating system. The bottom line is, we won’t know exactly how secure the system is against viruses and other malicious software/code until it’s been tested by the user base at large, which could take some time and trial-and-error. Couple this with the fact that virus databases and anti-virus definitions are always a step behind the release of new viruses and it puts users at an automatic disadvantage. It is literally a race to see who will understand the operating system better and be able to have the first real say in what happens to its users: hackers or legitimate programmers?
Falsified domain registry emails
This is another prime example of scam emails that could entice users to give up more money than they have to. Anyone who has ever registered an online domain should read the following scam email:
We are [Domain Registration Service]. Here I have something to confirm with you. We formally received an application on [alleged date of application] that a company [whatever] to register [your company name, or a version of it] as their Net Brand and some domain names through our firm.
We found the name was similar to your company’s, so we need to check with you whether you authorized that company to register these names. If so, we would finish the registration at once. If you did not authorize, please let us know within 7 workdays, so that we could handle this issue better.
The general idea behind this is that the scammers want you to send them a nominal amount of money to register your domain with them and prevent anyone else from taking it. While the amount may not be anything obscene and you might just shrug it off, having millions of people believe this lie would easily make these people rich almost overnight. While large corporations likely won’t have issues with supposed “mix-ups”, smaller firms or private owners could easily fall into this trap.
This is perhaps one of the simplest threats of all, and one that will never truly fall out of trend. Having someone break into your house is the most direct, and sometimes most effective way, for them to compromise your security. Sometimes, however, the breach in physical security is actually the fault of the user. By doing something as simple as forgetting to close your laptop before leaving your office or by setting your credit card, phone, or tax return form in the wrong place and forgetting it you can allow someone to sneak in to your personal life.
Antiviruses are not perfect by any means. A list of issues with antiviruses that could still leave users at risk follows:
- Antiviruses no longer scan for static signatures. Signatures are made by compiling information about a particular virus type’s behavior, and by scanning for these the antivirus can pick up any virus with that signature and even find ones it may not recognize.
- Antiviruses rely too much on reading a program’s behavior to be considered 100% efficient. Some antiviruses will read cookies stored from other sites as viruses based solely on the way the cookie acts.
- Antiviruses rely on their databases to detect viruses. If it cannot recognize what the virus is, there’s a good chance it simply won’t pull it out or allow the user the chance to deal with it appropriately until the antivirus definitions are updated to include that particular code.
- Most PC users are not experts. We use simplified interfaces that we can understand without too much work, while antiviruses are more complex systems that, to suit us, use multiple layers of imperfect security. This leaves gaps in security and allows things to slip through.
The list may seem long, but there’s simply no tangible trade-off for not being in the know. While hackers will always attempt to steal what belongs to the people, programmers will be hard at work to make sure that this doesn’t happy. Remember to keep your programs updated and your antivirus software tended to.