The world is full of infinite security holes, but fortunately we continue to learn about backdoors and the ways attackers can get around security measures. In the last three months, 18 million malware samples were detected by PandaLabs, an average of 200,000 new threats detected every day.
Although malware continues to grow for individuals and businesses, with these new threats come new goals and opportunities in the world of cybersecurity.
Your Personal Information, Exposed
Imagine that someone could buy your personal information on the black market. Your address, Social Security number, medical history, bank account number…. You would probably pay to get that information back, and cybercriminals know that. Information theft and ransomware attacks are the two most lucrative and used attacks by Black Hats. This business costs billions of dollars every year.
In 2015, the United States Department of Justice publicized that the Internet Crime Complaint Center (IC3) received 2,500 complaints of ransomware attacks. A total ransom of 24 million dollars was paid by these ransomware victims. We need to be careful with advertising spaces on high traffic websites, like on the blog perezhilton.com, where visitors were infected by two malvertising attacks.
What would you do if your private information was shared on a virtual community? This happened to the website beautifulpeople.com. Their database containing 1,100,000 users was put up for sale on the black market.
What if the software you use daily turned against you? Well, in the case of TeamViewer, the people to blame were actually the users themselves, who used the same username-password information to log-in to multiple services. Once the attackers obtained access to one set of log-in credentials, they were able to access PayPal accounts and steal all the money they could find.
Resist the pressure. Cybercriminals will try to get in contact with you through a chat service to negotiate payments for your kidnapped information. Paying a ransom does not guarantee that their stolen data will be returned.
POS and Credit Cards: In the Line of Fire
Another widespread and popular theft tactic is through Point of Sale (PoS) terminals, as seen in the attack launched by PunkeyPos, a malware analyzed by PandaLabs that infected more than 200 restaurants in the United States.
Taking into account how easy it is to sell this stolen information on the “black market” and make a profit, it makes sense that this will continue to be an objective for cyber-criminals.
Cyber-criminals Really “Like” You
Social Media can’t escape the grips of cybercrime. 117 million LinkedIn users’ security was vulnerable after a list of email addresses and passwords was publicized. 32 million Twitter usernames and passwords were put up for sale for 10 Bitcoins, or some $6,000 dollars; they could have been stolen with phishing attacks or using Trojans. Mark Zuckerberg witnessed that accounts on Twitter, Pinterest and Instagram were hacked by some jokers that called themselves OurMine. Apparently, the password used on LinkedIn was the same for all of the accounts, which made it easy for OurMine to gain access to all of them.
Two important pieces of advice to follow while using Social Media: activate two-step verification and refrain from using the same passwords on different websites.
The Advancing Cyberwar
When we are discussing cyberwar in the majority of these occasions, we are talking about attacks that are probably sponsored by different countries, even though it is rare to find evidence that confirms who is responsible for the attack. However, the United States went on the offensive, and they acknowledged that they are launching cyberattacks against ISIS.
In June, South Korea’s police department publicized an attack from North Korea. It seems that the attack began over a year ago, focused on 140,000 computers belonging to organizations and government agencies, as well as defense contractors. This attack was not discovered until this February. According to police, more than 42,000 documents were stolen in which 95% of them were defense-related, for example the plans and specifications of the American F15 fighter plane’s wings.
Learn more about this past quarter and the IoT, mobile devices, targetted attacks, and much more in this PandaLabs report.
Download it here![button link=”https://www.pandasecurity.com/en-us/enterprise/downloads/register?Tipo=51&CodigoProducto=99&Idioma=2&TipoUsuario=99&Selected=1&Country=US&TipoLead=2&Ref=WW-EN-PANDALABSQ2EN ” color=”green1″ icon=”” size=”small”]Download[/button]