Sorin Mustaca has been working in the IT security industry since 2000, and is presently a product manager at Avira.
In this article, he describes what he feels are three of the significant security threats users were exposed to during 2013, and how they can best be protected against.
1. Security breaches and hacks
2013 was the year that major security breaches and hacks really took hold.
Whenever data breaches like this occur, targeted attacks against the users of such wesbites can quickly follow.
The targeted attacks usually consist of URLs to phishing websites or malware delivered to users’ email inboxes, so it’s imperative that end-users and corporate IT teams keep a close look out for what might be attempting to attack.
Having the username and same password for all online accounts introduces significant security risks, of course. Login credentials used to access social media websites such as Facebook, could also be used to spread malware on behalf of the owner via their email address.
If a website you have an account with has suffered a security breach, change your password immediately. But it’s essential that you ensure that you’re not using the same single password for all of your online accounts.
Make sure you use a different passwords for different accounts. You can find some tips here on how to create better passwords and remember them whilst ensuring they are unique to each service.
2. Security vulnerabilities exploited
2013 saw a huge security breach at Adobe, who had their source code stolen, alongside millions of user credentials.
Unfortunately, when Adobe lost the source code, they also lost their major advantage in delaying and patching applications: obscurity.
Now, the cybercriminals are in possession of source code which they could analyse, and perhaps find vulnerabilities which they can exploit.
As a result, Adobe users could be in the firing line.
Nobody can foresee what the specific consequences will be, but my advice is to invest more in patching applications (especially those of Adobe) and harden operating systems.
One other learning from this story was the fact that many users create incredibly dumb passwords, such as 123456 and the like.
Other applications that are continually in the news due to their known security vulnerabilities are:
- Web browsers (Microsoft Internet Explorer, Google Chrome, Apple Safari, Mozilla Firefox and others).
- Plug-ins for browsers (Adobe Flash Player, Oracle Java, Microsoft Silverlight).
- Adobe Reader and Adobe Acrobat.
- The Windows operating system itself.
Speaking of Windows, some Microsoft users are facing a significant security issue, since Windows XP will be no longer maintained from April 8th 2014.
This means that there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates from Microsoft for XP users.
Cybercriminals, however, won’t be resting on their laurels. Instead, they will do a very thorough analysis of the Windows XP code with the purpose of finding previously unknown vulnerabilities.
If you haven’t migrated from Windows XP already, now is the time to work out your plan – before it is too late. Many security vendors have already announced they will maintain their products on Windows XP beyond the life of the operating system, and although that will help provide some layer of defence for those computers which remain on XP – it isn’t going to be a situation you try to maintain for too long.
The year 2013 was also the year of the ransomware. We have seen many methods that this malware used to scare the victims: using children pornography, encrypting files, using P2P networks.
Probably the most famous of all ransomware is CryptoLocker – a new variant of this type of malware that encrypts various files on user’s computer and demands the owner of the computer to pay the malware authors in order to decrypt the files.
The affected files are documents, images, databases and many others.
The CryptoLocker malware is mostly spread through fraudulent emails designed to impersonate the look of legitimate businesses and through fake FedEx and UPS tracking notices. In addition, there have been reports that some victims saw the malware appear, after having their computers jijacked into one of several botnets frequently leveraged by the cybercriminal underground.
Online criminals claim to keep the only copy of the decryption key on their server(s), meaning that it is not saved on your computer. So you cannot decrypt your files without their help – which can costs 300 EUR/USD or 2 Bitcoins.
The malware searches for all hard drives, network drives, USB drives and even cloud storage folders to identify files that it can encrypt.
The good news is that Cryptolocker is not a virus (self-replicating malware). It is a Trojan horse, meaning it cannot spread throughout your network under its own steam.
Its purpose is to encrypt files and demand payment for the decryption. Each user has to receive and activate the malware individually.
The bad news is that it performs its malicious actions silently (encrypting your files) and only communicates afterwards that it is present on the affected machine.
Below are some mitigation techniques:
- Always keep your antivirus software active and up to date.
- Unfortunately, it is not possible to decrypt files that the malware encrypted so make sure you keep backups. If you have real-time backup software then make sure that you clean your computer first and then restore the unencrypted version of the files.
- Do not open suspicious or unsolicited web links.
- Be suspicious of unsolicited emails.
- Do not execute attachments from emails, even if the emails appear to come from people you know.
One last thing which I keep repeating: never, ever pay the ransom. You would just be encouraging other criminals to do the same.