Cyber Criminals Leverage Olympics for Phishing

As the 2012 London Olympic Games are underway, headlines are going to flood the media with each passing second. The Olympics will most certainly take center stage as the most talked about, tweeted, and shared event over the next couple of weeks, and millions of people will follow the Games online. It is an exciting time for sports enthusiasts, and though it may come as a surprise, probably even more delightful to cyber criminals. It's not because of the athletic events and the excitement they bring, but because of the sheer number of people the Games themselves bring into their world. Sure, for all we know, the king fish of all cyber criminals may just be the biggest Michael Phelps fan there is. But what he really cares about is how many times he can use the name Michael Phelps and convert the people searching for him into another infected machine. For the convicts of the digital world, the Olympics just equates to more people to victimize, for greater phishing opportunities. Their jobs just got a lot easier, at least for the next week and a half.

It goes without saying: cyber criminals would not be half as successful if we were not so gullible. At least partly, their success is directly proportionate to how cautious the rest of us are. Cyber criminals are not as much innovators as they are crafty, situational, and "trend" shaping. They take advantage of our nosiness, so to speak-our basic human need for information. They manipulate the effect that sensational news has on us. They prey on our unyielding desire to be cognizant of all of the major events that matter to us and the people we like to keep up with-unfortunately for us, the Olympics contain a lot of both. They exploit the fact that the web has overwhelmingly become our mechanism for everything social-social engineering, in fact, is the term for it-and they are leaping at the chance to engineer whatever it takes to get a hold of your intellectual property.

Phishing is one of the oldest tricks in the book. In the simplest of explanations, it usually involves cyber criminals leveraging "trending topics," either by borrowing upon factual current events (i.e. presidential elections, government scandals, sporting events, holidays, celebrity gossip) or totally making them up (hence the term social engineering). They frame it as if it is a news headline and create a hyperlink to what is actually a disguised malicious website that when accessed, initiates a drive-by download and infects visitors' computers with malware. Cyber criminals blast these phishing emails, trying to hook you with their bait. They generate websites on certain topics as they go, and insert executable code within them. This may be done in many forms with several different types of exploits. And just when we thought we knew what they were up to with these generalized, random emails, they got smarter. Another form of phishing, appropriately termed "spear phishing," is when the message is personalized to you. The bad guys research information about you and then tailor the email to suit your interests and there you have it: a trending-topic attack, made specially just for you. They use topics that are relevant and probably seem important. We have seen cyber criminals take advantage of a celebrity death, a scandal, or even Black Friday to send these phishing emails. They also use what is called "black-hat SEO," the dark version of SEO. Cyber criminals will SEO their malicious sites so that they outwit search engines and climb the page ranks as if they were normal sites, avoiding the hassle and inefficiencies associated with emails. They'll even purchase keywords to ascend to the top of search results quicker, increasing the chances of your Google search for Jamaica's Usain Bolt ending with a virus.

Why do people click on these links? Why haven't we got smarter? And what are they after? People click on these links because we're naturally anxious to see the breaking news or capitalize on the great specials, discounts, or shocking pictures that they promise. Cyber criminals are always using the freshest news to lure us in, wherein lies the strength of this tactic. We have a natural tendency that makes us want to engage and be impressed, or at the very least informed, so we have something to talk about. Cyber criminals are after information, in hopes that it leads to more information, which leads to money. Maybe they can hack and infect your business computer and come away with all of your R&D documents, so they can build off of your work and make something better to commercialize. Or maybe you have your online banking credentials stored on your computer somewhere that they can penetrate and steal. They either get to your bank accounts themselves or sell your information on black markets for someone else to do it. Think about it: they wouldn't go through so much hard work if they weren't smart, if it did not work, or somehow make them richer in the end. Think of the whole process as a fishing analogy. Once you click on the link, you are a fish that just got hooked, and once the malware is in, they start reeling in their rods, picking up on all the extras as they reel in your information.

Suffice it to say, while we are dazzled by the athletic feats of our favorite athletes competing for the pride of our countries, cyber criminals are hard at work, competing for your information, probably with the use of these trending topics that the Olympics will constantly provide, in order to socially engineer an attack. While search engines ramp up their defenses and algorithms to weed out these fake sites, it's important that we as users protect ourselves as well, especially now that we are aware. There's anti phishing software out there that makes safe web browsing easy. It's difficult to know whether you have clicked a malicious link until it's too late, but there are tools that can warn you ahead of time. Enjoy London 2012 and access legitimate sites for updates on medal counts, scores, and highlights... not the ones that come through your email. Don't bite the bait!

Fortunately, there are companies out there committed to preventing the spread of phishing, like KaspAV, a division of Guardian Network Solutions and authorized Kaspersky reseller. KaspAV specializes in providing the ultimate anti-phishing solutions in order to prevent harmful types of malware from lodging itself into your system and facilitate safe web browsing.

Reprint Terms: You're welcome to reprint these articles on your website and in your e-newsletters free of charge, provided that you do not change the article in any way and you include the byline, phishing.

In doing so you agree to indemnify Guardian Network Solutions and its directors, officers, employees, and agents from and against all losses, claims, damages, and liabilities that arise out of their use.

View the original article here

Improving Your Cyber Security - A Beginner's Guide

A recent Eurobarometer poll revealed some relatively alarming statistics. Firstly, that around 10% of all European internet users had experienced online fraud and/or identity theft in some form, and that 74% of those quizzed believed cyber-crime to be an 'increasing risk'. Secondly, that only just over 50% had some form of anti-virus software installed on their computers, and that 57% would open emails from addresses they did not recognize.

McAffe, in a separate study, has recently published a list of what it considers to be the foremost online threats in the coming year. Amongst the risks, it mentions employees of companies being targeted as 'doorways' past security and more advanced viruses designed to steal banking information. This, coupled with the findings of the Eurbarometer poll, presents a worrying risk to European citizens. If those quizzed were aware of the inherent risks posed by the internet, and yet did not take moves to protect themselves, then there are only a small number of possible reasons why. Firstly, that they did not feel threatened by cyber-crime, however, given the 10% that had been victims of said crimes, it is unlikely that this is a universal principle. The second possibility is that there is a widespread lack of awareness when it comes to protection. The study found that even the most basic of security protocols were being ignored, so we shall therefore examine some security tips for the beginner.

Antivirus software - While your operating system of choice may have built-in software for dealing with certain threats, without a full, dedicated antivirus program installed, it can be hard to get frequently-updated protection against the ever-changing world of viruses. Many such programs can be bought cheaply, and charge an annual fee, but if you cannot afford them, then there are plenty of reliable providers with a free version of their product. Any protection is better than no protection.

Common sense - As a general rule-of-thumb, do not open emails that you either were not expecting, or that are from addresses that you do not recognise. However, be cautious using email, regardless of source. Some viruses are able to access your friends' email accounts, and use them to forward virus-riddled spam messages to everyone in that address' directory. If you receive a message out-of-the-blue from a friend, perhaps just quickly check that it is a genuine one.

Caution in security - Many websites and online services require users to register an account and provide a password, which is a good thing: they are being protective of your details (and whatever else you keep there). However be cautious about having one 'universal' password. If a hacker were to get hold of it, then they would have access to everything, and could even use it to change your details, and lock you out of your accounts. Repairing such damage would be very time-consuming.

Be wary of 'Cloud Storage' - Cloud Storage is a form of data-storage conducted solely online. It offers users either free or cheap use of its servers, and many people use it to 'file' documents and the like. It is an innovative and useful service. However, be wary of storing anything containing personal or confidential information in 'The Cloud', as it has gained a reputation for not being totally secure.

For more online security tips, as well as technology and search engine news, visit http://www.searchengineoptimisationcompany.co/. Their dedicated team of writers is always updating the site with the latest news and advice.

View the original article here

New Cyber Security Measures Threaten Small Enterprises

When you download something online, you need to give up some personal information. When you try a free antivirus, for example, you may need to fill out an online form that requires your name and email. That company now has a bit of your personal data. A breach sometimes happens and all of the data collected by the company can be compromised. Lawmakers are now creating measures to try and protect the security of people online. Online regulation in this country is now taking a different direction. That is quite alarming. New measures on cyber security are under deliberation in the U.S. Congress. While many can admire what these lawmakers are trying to do, many more simply know that these measures do not really go after the root of the problem. These can instead punish those small start-ups and enterprises that do not have the resources to comply with these kind of measures.

Some put forth the idea that bigger businesses are supporting certain bills and proposals in the Congress. Lawmakers now want companies to be fully responsible when there is security breach and when data are compromised. Companies do try to protect data at all costs. Bigger companies have no problem with this since they have the funds to access the latest technology. Smaller companies, however, may not be able to keep up. Going back to our earlier example, a company that previously offers a free antivirus may end up putting a price on their product and that is one free product less for users.

All software do have a certain amount of vulnerability. Hackers can take advantage of even the tiniest vulnerability in software. Some conspiracy theorists believe that even though software developers want to plug these holes they are limited to do by the government because they want some form of access, too.

If small companies are punished for not being able to protect data then they may decide not to collect data at all just to avoid prosecution. If they are limited to collect data, they may be further limited in doing business online. This may in turn put their business itself in danger. In the earlier years, the internet provided a tool for small companies to be able to catch up to larger competitors. Now small entrepreneurs may not be able to take advantage of the internet anymore.

The social networking industry has been taking personal information and selling them to third party companies. This practice has been done without any qualms and consideration for the privacy of individual users. The problem is a lot of people now rely on online companies to keep some of their files and personal data safe. Online companies do remind its users to be more responsible. But users have the notion that all responsibility lies on these companies.

The problem with these politicians and lawmakers is that they are so keen at looking at the end and have a complete disregard for the means to achieve such an end. If a boutique employs more than enough security measures and a robber still manages to get into the store and ends up endangering a customer, does the boutique owner get punished for the incident?

This country has more than enough and even more important problems that should concern our leaders and lawmakers. It is quite easy for them to look for likely scapegoats when what they should do is analyze the problem and look for a real solution to threats against cyber security. Whether it's a free antivirus, a place in the cloud to store your backup files, or a shop online, small companies provide consumers with choices on different products. They have to be protected, too, if we are to keep a healthy economy.

View the original article here

Cyber Lies and Russian Spies - Cyberspace Is Alive, Time to Revisit a Virtual Cold War?

By some estimates there are 1800 to 3000 Russian Spies in the US today, but if you asked the average citizen about this, they wouldn't have a clue. Now don't get me wrong there are plenty of spies from other nations too, scurrying about, making important friends in high places and combing our universities and corporations for scientific information and trade secrets. The combined intellectual property theft is completely staggering in every regard.

Worse is the reality that there are even more spies siphoning secrets who are not even in the US, rather they use cyber intrusion and hacking techniques coming in from multiple foreign servers online hiding their tracks. Yes, things have changed, and the stakes are much higher than you might imagine. Okay so, let's discuss this shall we?

The Wall Street Journal had an interesting article published on April 21, 2012 titled; "Russian Spies Haven't Gone Away," by Michelle Van Cleave (former head of US Counterintelligence under President Bush II) which stated; "Even when presented with extensive evidence, the Obama White House looks the other way."

The article noted another fact; today there are just as many Russian spies in the US as there were during the cold war, and the ten spies caught and traded back to Russia were not tried as spies in 2010, they were merely called "illegal aliens" and deported in trade in a "spy-swap" deal. Trust me you don't have to read any spy novels, or Bill Gertz's books to realize what's going on, as there are stories in the mainstream media nearly every day.

If you think the cyber threat is merely the computer industry industrial complex trying to sell more computers, software, and consulting to the government, yes, there is some of that too, but make no mistake we are being ripped off blind, so if you are somehow under the impression that the Cold War is over and the Russians are no longer engaged in espionage or spying, then you are clearly misinformed.

In fact, now with Putin back in power, he's made no bones about the importance of his intelligence teams, and there is a new sense of vigor and nationalism in a decent segment of their nation which is ready to sign up for surveillance service, so now Russia will be picking from the cream of the crop, and they have lots to choose from. These new agents won't be flunkies like the last group detected. Please consider all this and think on it.

Lance Winslow has launched a new provocative series of eBooks on Future Internet Security. Lance Winslow is a retired Founder of a Nationwide Franchise Chain, and now runs the Online Think Tank; http://www.worldthinktank.net/

View the original article here

Do We Need a Cyber Warfare Geneva Convention Type Treaty?

Well, it appears that all the first world nations now have cyber attack teams as part of their military. If you aren't worried about that, perhaps you should be because it could affect you as a citizen. For instance if a foreign nation wants to start a covert war with the United States, they may start attacking our energy infrastructure, our communication, or even our water supply. Oh, so now I have your attention, you can see how serious this really is. Okay good, and I'd like to talk to you about this for a moment if I might.

There was an interesting article on the CBS email alerts about a segment on CBS's 60 Minutes recently titled; "Former CIA head calls Stuxnet virus "good idea," that appeared on March 1, 2012 which stated; "Could the Stuxnet virus that sabotaged the Iranian nuclear program be used against the U.S. infrastructure or other high profile targets? A retired American general who was the head of the Central Intelligence Agency when Stuxnet would have been created calls the cyber weapon a "good idea," but warns it is out there now for others to exploit."

Okay so, back to the title of this article and my basic premise here; "Do We Need a Cyber Warfare Geneva Convention-like Treaty?"

Well, here are my thoughts on all of this. First, I'd say that the answer is; well, we could get a treaty going but no one would follow it and there would always be plausible deniability, and thus, we are stuck with such attacks well into the future, and the helpless citizens have no chance in guaranteeing their infrastructure will not be disrupted and as per Murphy's Law, probably at the worst possible time, for instance if you live where it's really hot, your power will go out on the hottest day of summer.

Still, you might be asking yourself why do we need a Geneva Convention treaty for Cyber warfare? Would anyone really ever follow it? After all we have Russia now with Putin back in charge (former KGB), and he seems to think is the Cold War all over again. There are covert operations going on between the Chinese and the Americans, between the Iranians and the Americans, and there are more spies in more countries than ever before in the history of humankind. All of it is plausibly deniable.

Now then, you don't have to read all the top authors who write all those really great spy novels to know this is the reality. Our own Intelligence Industrial Complex has an enormous budget. The Chinese cyber warfare division, and the US cyber warfare command also are well-funded. So the question is have we already let the genie out of the bottle, just as we did with the first nuclear weapon?

I mean, soon every nation will have a team of hackers harassing their neighbors, and then there will be the criminal element, and who's to say who is who, who we should would retaliate against, or which attacks are really false flags? Indeed I hope you will please consider all this and think on it.

Lance Winslow has launched a new provocative series of eBooks on Future Internet Concepts. Lance Winslow is a retired Founder of a Nationwide Franchise Chain, and now runs the Online Think Tank; http://www.worldthinktank.net/

View the original article here

Social Engineering and Hackers - Mobile Apps and Cyber Attacks

As any computer security consultant will tell you that one of the biggest challenges are insiders being duped by social engineering tactics, and once the hackers get in, well, then it's very difficult to prevent them from doing real damage or infiltrating data, or collecting boatloads of proprietary information. The other day, I was discussing all this with an acquaintance, after I explained why I could not open a file which was sent to me.

At first, he thought I was a bit paranoid, although I just consider it to be disciplined, as it only takes one mistake and that's easy to do. Eventually he saw my point, and I stated; yes, well, I guess we can't be too careful, the hackers are just as smart as we are, and "social engineering" is pretty easy to do, especially living in such a great country and free society.

He also asked why we didn't have web forms on our website. Well, we removed the web-forms after the massive bot attacks by hackers, mostly Russian and Eastern Europe, then the spam bots, it became almost impossible to deal with, 100s per day at one point, and we added "captcha" and still had folks entering by hand I am guessing, amazing the trouble they went to, including attempts at denial of service trying to overload us.

So, what's the answer, do we cut off or curtail communication to the point where we limit ourselves, do we take more risks, less risks, give up, or just stop communication? Well, perhaps, it is similar to the security settings on your web browser, you have many choices, many of which totally limit your ability to adequately surf online. Meanwhile, perhaps the biggest recent problem is all these apps available now for mobile communication, and all the tracking software to deliver appropriate advertising and marketing.

Too many of these apps, allow tracking too far deep into the users activities, meanwhile if the user is interfacing with secure websites, using temporary secure access certificates the app allows it to ride along and infiltrate, causing massive chaos considering how many apps there are and how many users are using so many various mobile devices out there these days. Combine that with careless users with ridiculously easy passwords and social engineering, and what you have is a recipe for disaster to the hackers delight.

Maybe it's time you became better educated on computer safety online, and with your own software programs so that you understand your vulnerabilities out there. Please consider all this and think on it.

Lance Winslow has launched a new provocative series of eBooks on Future Internet Concepts. Lance Winslow is a retired Founder of a Nationwide Franchise Chain, and now runs the Online Think Tank; http://www.worldthinktank.net/

View the original article here