TweakTown NewsRefine News by Category:
The 2014 Christmas shopping season will see a 4.1 percent increase in sales, up to $616.9 billion, and cybercriminals will be busy trying to find new ways to target retailers and shoppers. Since many smartphone and tablet owners don't bother anti-malware software, while some don't even password-protect their devices, there is an effort to hijack mobile technologies.
"Cybercriminals follow the flow of money, and this Thanksgiving, a very high number of transactions will take place through mobile channels," said Alisdair Faulkner, ThreatMetrix chief products officer. "Unfortunately, it can be difficult for retailers to use IP geo-location data to ensure mobile transactions are authentic. Instead, retailers should try to leverage trust intelligence networks to recognize customers with good mobile purchasing history, and complement this with finer grained authentication intelligence available with a native mobile application."
However, a more realistic approach will involve cybercriminals compromising retailers - especially as more consumers keep debit and credit card data stored with their favorite stores - as network security is still often overlooked.
The sophisticated Regin stealth malware, which has been in operation since at least 2008, was likely created by the US and UK governments to spy on other governments and businesses. Specifically, the NSA and GCHQ most likely spearheaded the project, with the malware's first target against the European Union (EU).
"Having analyzed this malware and look at the [previously published] Snowden documents," said Ronald Prins, security expert. "I'm convinced Regin is used by British and American intelligence services."
Russia was the most heavily infected nation, racking up 28 percent of Regin's wrath, while 24 percent was in Saudi Arabia, Ireland (9 percent), Belgium (5 percent), and Austria (5 percent) rounded out the list of most infected nations.
At a time when cybercrime has been pushed into mainstream media due to a large number of data breaches in 2014, victims of identity theft suffer from a financial and emotional toll that is potentially devastating. When a significant data breach occurs, consumers need to be increasingly vigilant of their bank accounts and personal information, to ensure they don't become a potential identity theft or fraud victim.
"When something is an ever-present part of your life, it can lead to feelings of depression," said Eva Velasquez, President and CEO of the Identity Theft Resource Center (ITRC). "You feel that there's no way out and no end to it. We've heard from victims who actually compare this to having a disease where they feel that their identity theft issues are in remission, but they're never fully cured."
Identity theft victims suffer from emotional and behavioral effects, according to a recent ITRC survey, with 70 percent of victims saying they are worried about personal financial security. Around 50 percent felt helplessness and betrayal, while 65 percent were angry.
Smartphone and tablet owners are facing an increased security threat, as criminals target their devices, with one in six global smartphone owners suffering a cyberattack. Even with the increased number of threats faced, many devices still don't have any type of anti-virus and anti-malware software installed. A tremendous amount of data is now being kept on mobile devices, especially as users log into mobile banking and email accounts, and malware is being designed to target this data.
"The rapid rise in demand for online banking and retail combined with very little security on devices has created a massive opportunity for cybercriminals leaving many people and businesses extremely vulnerable," said Ori Eisen, 41st Parameter founder.
At the very least, consumers should install some form of anti-malware protection on their smartphone or tablet. Ensuring these products are also password-protected is an important step to help keep out some criminals, along with being careful on clicking suspicious links and downloading apps from unknown sources.
As companies and governments struggle to reduce the threat of cybercrime, it seems the criminals behind these attacks are only becoming even more organized. The threats have evolved from 1990s and 2000s, while groups realized the revenue they would be able to generate from their activities. Trying to identify and arrest criminals launching attacks over the Internet remains extremely difficult, with multiple governments potentially involved in a single investigation, cybersecurity researchers warn.
"One of the biggest challenges is to figure out who has jurisdiction," said Larry Bridwell, a global security specialist, in a recent interview with ConsumerAffairs. "A US consumer might have their credit card stolen from a server in Canada, controlled by a hacker in Eastern Europe."
The Chinese and Russian governments are largely blamed for funding state-sponsored groups, but the actual criminals involved can be found around the world - the United States, Eastern Europe, South America and Asia are popular locations for large amounts of cybercriminals.
Numerous data breaches throughout 2014 forced American consumers to be more vigilant and proactive of their own personal accounts. As shoppers head online and into local stores to purchase Christmas gifts, more security experts are providing a friendly reminder to look after their own financial safety.
A recent survey found 55 percent of shoppers will head to a local store or mall to purchase items, while 36 percent will be searching for and purchasing gifts online. Specifically, 55 percent of consumers will use their credit cards, and 24 percent will use debit cards, checks, mobile payments, and other forms of payments to make purchases.
"Unfortunately, the threat of fraud is a reality, but it doesn't mean you're helpless," said Phil Hatfield, Capital One Vice President of Fraud. "Ensuring that you're monitoring your accounts and getting alerts to make you aware of unauthorized activity are simple steps and things you should do year-round and especially during the hectic holiday shopping season."
The Regin stealth malware is one of the most sophisticated pieces of attack code written, and was likely created by a government for corporate espionage, according to the Symantec security firm. Regin was used for the past six years and has the ability to take screenshots, recover deleted files, and steal usernames and passwords from infected machines.
It is believed that machines from Ireland, Russia and Saudi Arabia have been most infected, with an effort to attack end users, companies, and government organizations. The Regin creators were diligent to cover their tracks, and it could have taken months to develop the software.
"We believe Regin is used primarily for espionage," said Liam O'Murchu, Symantec security researcher. "We see both companies and individuals targeted. The ultimate goal is to listen in on phone calls or something like that. [Regin's operators] target individuals and spread the attack to find whatever it is they're looking for. All of these things together make us think that a government wrote it."
Mobile attacks accounted for around one-third of attack activity on ThreatMetrix networks, and while mobile attacks are still lower than desktop threats, cybercriminals are increasingly interested in expanding their mobile cybercrime strategies.
"As iPhone, Android and tablet usage continues to increase among consumers, mobile will represent an equal opportunity chancel for cybercrime activity," said Alisdair Faulkner, ThreatMetrix CEO, in a statement. "Cybercriminals always go where the money is and as more transactions turn to mobile, they will create new, sophisticated strategies to target this channel."
Google Android controls a higher market and browser share than rivals - and Apple iOS has amounts for almost twice the amount of payments, logins and authentications combined - both mobile operating systems are under threat. ThreatMetrix said 48 percent of mobile attacks were targeted against iOS smartphones and tablets.
Sony doesn't believe its PlayStation Network was hacked, despite a recent report from a hacker group that they "released a log of customer logins" of usernames and passwords for PSN, Windows Live and Origin. It's possible the user logins were repurposed from previous security breaches, so it would appear gamer PSN accounts are still secure.
"We have investigated the claims that our network was breached and have found no evidence that there was any intrusion into our network," Sony said in a statement. "Unfortunately, Internet fraud including phishing and password matching are realities that consumers and online networks face on a regular basis. We take these reports very seriously and will continue to monitor our network closely."
Even though data breaches are something consumers are increasingly more aware of, there also has been an increase in the amount of fake reported attacks.
It was an atrocious year for private companies and consumers when discussing cybersecurity, with 20 major retailers breached in 2014. Between the medical/healthcare, financial, educational, business and government/military verticals, a total of 679 breaches occurred, according to the Identity Theft Resource Center, and it has been extremely difficult to try to defend against these increasingly sophisticated cyberattacks.
"The markets react to a market opportunity," said David Burg, PwC Global and US advisory cybersecurity head. "One of the problem is it's hard to secure the enterprise absolutely. So one of the reasons there is a flood of venture capital money into the space is because investors see an opportunity for innovation to solve some of these hard problems that exist out there."
However, investors and private companies are finding a lucrative opportunity to create next-generation security software, as cybersecurity spending is increasing. The industry is expected to see a 7.9 percent increase in 2014, up to $71.1 billion, with eight percent year-over-year growth estimated through 2016, the Gartner research group says.