MALAYSIANS are complacent when it comes to their online security. About 60 per cent of Malaysians were found to have inadequate protection, such as software older than two years, relying purely on freeware or no protection of any sort.
It is worrying, considering the trends noted in the recently released Internet Security Threat Report Volume XV by Symantec (see sidebar).
BE SAFE: Freer advises caution on information put up online — Pic: ASHRAF SHAMSUL AZLAN
He added that the number of attacks detected by Symantec for 2009 was more than the number of attacks dealt by the company in the last 19 years combined.
Freer stressed that updating security software is critical because of the advancements and changes in the way cybercrime is conducted. Software released even a year ago cannot combat the latest manifestations of malicious code.
Of the trends highlighted, attacks targeted at websites and social networking sites saw the biggest jump. Drive-by downloads, in which normal sites are infected with malicious software are popular, along with dummy sites which prey on unsuspecting users' curiosity on issues such as Michael Jackson's death or the 2010 World Cup.
Social engineering plays a big part in cybercrime, with social marketing concepts and targeted approaches to drive traffic to malicious sites. The increase in attacks on social networking play on users' trust when operating on such platforms.
"Five years ago, people would say 'don't click on emails from people you don't know', and it's the same thing here. Be wary of accepting what your friends post on your wall because it might not be from them. The problem is that these networking sites are a huge trust environment," said Freer.
So what do these cybercriminals do once they get access?
"If you're an individual, the cybercriminals are looking for bank account details, login information, email accounts, credit card details or websites that you frequent," said Freer adding that contrary to popular belief, cybercriminals pay the most for email accounts and not credit card details.
"Where do you reset all your passwords to? Whenever you change your banking details, you do it via email or get it sent it to your email. So your email account is valued more than your credit card details," explained Freer.
After the cybercriminals get the cash, they then turn to a new trend -- the use of cybermules to launder the money.
Job ads which advertise the benefits of working from home is one method of recruitment. Unsuspecting people are asked to either transfer money via their accounts and get paid or asked to accept online purchases and forward them on.
"You're seeing a lot of real world methodologies being incorporated into crime online. There's a lot of money being made and there's almost no risk as it is very hard to get caught. They never target the country they are based in and play the jurisdiction game well," said Freer.
Internet Security Threat Report volume XV Highlights
The report, which highlights key trends in cybercrime from Jan1, 2009 to Dec 31, 2009 noted the following:
- The easy availability of attack toolkits make cybercrime easier than ever. As stated in the Symantec Report on Underground Economy released last year, the highest-priced attack tool, on average, was botnets, which sold for an average of US$225.
- An increase in the number of targeted threats focused on enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to make socially engineered attacks on key individuals within targeted companies. Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.
- Web-based attacks continued to grow unabated. Today's attackers leverage social engineering techniques to lure unsuspecting users to malicious websites. These websites then attack the victim's Web browser and vulnerable plug-ins normally used to view video or document files. In particular, 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 per cent of observed Web-based attacks. This is a sizeable increase from the 11 per cent reported in 2008.
- Malicious activity takes root in emerging countries. The report saw firm signs that malicious activity is now taking root in countries with an emerging broadband infrastructure, such as Brazil, India, Poland, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and target of malicious activity by cybercriminals. The findings from the report suggest that government crackdowns in developed countries have led cybercriminals to launch their attacks from the developing world, where they are less likely to be prosecuted.
How much is your information worth?
Here's a quick breakdown of the value of items sold in the underground economy in US dollars (US$1 = RM3.2):
- E-MAIL ACCOUNTS: $15
- FULL IDENTITIES: $10
- CREDIT CARDS: $0.98
Four tips for a safer online experience
1. Think twice before you put anything up on the Internet. Act as though that information is public knowledge because that is where it can potentially end up.
2. Be very careful who you accept as a "friend" on social networking sites.
3. Be very wary of Scareware - malware parading as a security software. If it is not from a reputable company, do not download or accept it.
4. Ensure that you have a comprehensive and pro-active security suite installed on your computer.
- To learn more about the dangers of webcams, go to http://www.mmail.com.my/content/36081-dangers-webcams
Source & Credit : http://www.mmail.com.my
No comments:
Post a Comment