Cyber Attacks – How Seriously Do We Treat Them?

I was reading an article in an On-line PC Magazine where certain companies stage Mock Phishing Attacks in order to monitor how their staff react. It appears that no matter how many security systems companies have in place such as  your PC and Mobile devices being securely locked down with a strong complex password when not in use, a  cross-device security tool in order to block unwanted traffic on both your PC and Mobile device as well as protecting your sensitive data.  There appears to be one weak link irrespective of how good all the security measures are, and unfortunately the Achilles Heel is YOU.

We go to great lengths to physically protect our home with security gates and burglar bars that are strong and sturdy which almost guaranteed once installed to keep burglars OUT and our property securely and safely protected. Some additional security can be included such as electronic beams and alarm systems which will be set off whenever an unwanted intruder try’s to enter our home without our approval.

In both situations the potential intruders will try different methods in order to gain your trust with the aim of obtaining your approval in order to gain access to either your property or your PC and Mobile systems. These criminals are continuously looking for different ways to illegally obtain your possessions, whether they are physical or personal. In both situations we need to be aware that this can and does happen and that we need to be more diligent in who and what we trust.

We need to remember that we are in general the weakest link when it comes to digital security.The tools that we and our companies have in place can guard against known threats and can even identify and block suspicious activity from many unknown threats. But if we click on a malicious link in a phishing scam email, then our security tools are more likely to view the activity as legitimate because we were the ones to initiated it. If you open an attachment from an email that claims to be from the Bank or any other trusted source, and fill in sensitive, personal information as requested, there is little these security tools can do to protect us.

 

Malware Threats on the Rise

The Juniper “2011 Mobile Threats Report” uncovered more than 28,000 pieces of Malware last year which equated to a rise of 155 percent from 2010. The most popular target for these Malware threats was the Android operating system. Juniper’s figures excluded any Malware samples for iOS (Apple). This is not to say that non exists but Apple does not release such data or allow access to this information.

Prior to 2011 most mobile Malware was targeted at Nokia’s Symbian and Java ME which runs on feature phones. Juniper has since noticed a huge shift towards Android. There was an increase of 3,325 percent in Malware aimed at Google Mobile Operating Systems from 400 in June 2011 to 13,000 by the end of 2011.. This is possibly due to Android’s leading market share and the lack of control over the apps found in Android app stores that have attracted more Malware writers.

Juniper uncovered a large number of malicious apps from third-party Android app stores which are not protected by Google’s new Bouncer service, a tool that can scan Android market for potentially malicious software without disrupting the user experience of Android market.

“Many device manufacturer’s build customised versions of the Android operating system and as a result, certain devices do not receive – or must wait months to receive security updates,” Juniper said. “This means that even patched security vulnerabilities and new security features may not get published to all devices, making them less secure and more vulnerable to Malware.”

Google was kept quite busy last year removing Malware from Android market and from mobile devices especially as the bad guys became more sophisticated last year. The company has tried to keep up by jettisoning the malicious apps as quickly possible. But the discovery process can sometimes take days Juniper noted,leaving more than enough time for the payload to infect smartphones and tablets.

Phishing – what does this mean?

Phishing! Do you know what Phishing is? Have you heard this term before?  Do you know how a “Phishing Attack” can affect you?

Phishing is commonly acknowledged as one of the greatest threats to PC and Internet security.

Phishing is an attempt to fraudulently obtain sensitive data such as login details, credit card details etc. by masquerading as a trusted entity. Typically, the phisher  entices the victim via email to enter their details at a malicious web site. The malicious web site masquerades as a legitimate known site.

One form of protecting against a Phishing Attack is to install PhishLock. The basic premise behind the success of PhishLock is that although humans find it difficult and almost impossible to identify a malicious phishing site, software is able to make extremely accurate identifications simply and quickly. This is particularly the case for PhishLock as it is focused on protecting a specific website and its users. When PhishLock identifies a phishing site, it automatically prevents the user from submitting data. In addition, the software also notifies the organization of the existence of the phishing site so that steps to close it down can commence immediately.

The Phishing Problem

What is phishing?

Phishing is an attempt to fraudulently obtain sensitive data such as login details, credit card details and so on by acting as a trusted entity. Typically, the phisher entices the victim via email, to enter their details at a malicious web site. The malicious web site masquerades as a legitimate, known web site.

How does phishing work?

Cyber criminals try to entice online shoppers into clicking on viral websites and or video links in order to obtain sensitive personal information that can be used for fraudulent purposes.

What to look out for

Cyber criminals use different techniques such as emails, false forms, messages and warnings. Legitimate companies never ask for personal information via email. Scammers might request you to fill information on a false form or to click on a link that redirects you to a false web site.

The most effective phishing techniques are the ones that you least expect to encounter.