Hacking, Security & Privacy News - Page 46

The Internet of Things (IoT) offers great connectivity for consumers, but is becoming a soft target for cyberattacks, according to the Nexusguard "2015 Internet Security Trend" report. Of note, distributed denial of service (DDoS) attacks greatly concern cybersecurity researchers, with criminals hoping to interrupt access to connected technology.

The current IoT infrastructure largely relies on shared libraries and a fast development cycle, with security sometimes included as an afterthought. To make matters worse, cybercriminals can hijack poorly secured "Things" and help use them in botnet attacks against other targets.

"With the Internet of Things, people are posting personal or commercially sensitive information," said Terrence Gareau, Chief Scientist of Nexusguard. "It's a very complex question how people are going to secure that data, especially with increasingly sophisticated attacks. Furthermore, hackers may be incentivized to infect IoT devices and use them as an army for botnet attacks. Additionally, the smokescreen of DDoS attacks used for covering up data exfiltration, market manipulation and extortion, are ever more present."

Credit card company Visa plans to release a new location-based feature that will give cardholders the chance to update their location via smartphone. Banks will include the Visa software in their smartphone apps starting in April, and cardholders will have a chance to opt into the program.

When the cardholder's smartphone enters a new city or country, the app updates Visa so they are aware if credit card transactions take place in the new geographic location. This will prevent charges from being declined - and members won't have to call to confirm their whereabouts.

"We will be able to compare the merchant's location to the most recent cellphone location to show it's a less risky transaction," said Mark Nelsen, executive at Visa, in a statement published by the AP.

Apple has today announced a two-step verification process for iMessage and FaceTime applications, announced in the wake of the massive celebrity leak uncovered late last year.

This new system means that users will be asked to supply their username and password alongside a verification code that Apple will send to a device with granted access to these services. This process has been recommended by computer security experts, with them stating the obvious - a hacker gaining control to your username and password is much easier than doing the former and stealing your phone.

The username and password issues most commonly seen are due to people using the same email and password combination for numerous accounts. This means that if a hacker has access to your iCloud, they likely have access to your Facebook, email, Twitter and more.

Cybercriminals have their pick of vulnerable targets to compromise, and want to focus more on conducting identity theft over just stealing payment information.

After a data breach, especially if a debit or credit card information has been stolen, compromised users ask their banks to cancel cards. However, a data breach in which names, addresses, Social Security numbers and other personal data are stolen give criminals the ability to take their time to launch future attacks.

"We're clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number," said Tsion Gonen, VP of strategy for identity and data protection of Gemalto. "Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes."

Antivirus products missed almost 70 percent of malware infections within the first hour of submission, according to Damballa's "Q4 2014 State of Infections Report." In addition, only 66 percent of malware signatures were accurately identified when rescanned within 24 hours of infection - with that number going up to 72 percent within seven days.

Antivirus security companies share malicious file findings with one another, but it takes time for new discoveries to be integrated into their own programs.

"What's clear from these figures is that we have to turn the table on infection 'dwell' time," said Brian Foster, CTO of Damballa. "In much that same way that a flu vaccine hinges on making 'best-guess' decisions about the most prevalent virus strains - AV is only effective for some of the people some of the time. Viruses morph and mutate and new ones can appear in the time it takes to address the most commonly found malware."

Anthem's recent data breach should be a startling wakeup call to other insurance carriers and companies operating in the medical world.

Up to 80 million of the company's members could be at risk of identity theft, with hackers able to make off with client names, physical mailing addresses, birth dates, email addresses, Social Security numbers and medical ID data.

The cost of the breach could top $100 million, as Anthem's cyberinsurance policy will likely be exhausted following this incident.

Automakers want to embrace connected technology in new vehicles, but have failed to ensure proper cybersecurity protocols are available, according to Sen. Edward Markey (D - Mass.). The Senator believes almost all connected vehicles are vulnerable to some type of security risk, according to Markey's staff.

Following a number of security-related incidents showed connected cars are vulnerable, Markey wants to know what safeguards are being put in place to keep car owners secure. The report indicated "there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information."

"Drivers have come to rely on these new technologies, but unfortunately the automakers haven't done their part to protect us from cyberattacks or privacy invasions," Sen. Markey said in a statement.

The recent breach of Anthem was a brutal wakeup call that cybercriminals want personal records, and healthcare data is near the top of their list. UnitedHealth Group, Aetna and other groups have issued cybercrime-related warnings since 2011, but it didn't seem like a major concern among members until recently.

"A name, address, social and a medical identity... that's incredibly easy to monetize fairly quickly," said Bob Gregg, CEO of ID Experts, in a statement published by Reuters. Cybersecurity experts have warned that health-related data tends to be extremely lucrative on the black market.

Organized groups will try to target healthcare providers in an effort to compromise insurance companies, hospitals, doctor's offices, and medical equipment makers - with companies urged to improve their cybersecurity protocols.

More than 60 percent of popular dating mobile apps pose significant cybersecurity risks, with personal user information and corporate data at risk.

Twenty six of 41 dating apps available for Google Android had medium or high severity vulnerabilities, according to the IBM Security researchers. In addition, dating apps are being used to download malware, along with credit card data stolen and GPS information used to track movements.

"Many consumers use and trust their mobile phones for a variety of applications," said Caleb Barlow, VP of IBM Security. "It is this trust that gives hackers the opportunity to exploit vulnerabilities like the ones we found in these dating apps. Consumers need to be careful not to reveal too much personal information on these sites as they look to build a relationship."

The introduction of smartphone kill switches by manufacturers and wireless carriers helped reduce the number of device thefts in New York City, San Francisco, and London, supporters say. Apple iPhone theft in San Francisco dropped 40 percent, reported incidents slid 25 percent in New York, and thefts in London were cut in half.

The software kill switch allows phone owners to lock lost or stolen devices, along with bricking devices so they cannot be used or sold on the black market.

"The huge drops in smartphone theft have occurred since the kill switch has been on the market are evidence that our strategy is making people safer in our cities, and across the world," said Eric Schneiderman, New York State Attorney General, in a statement.