Cyber criminals turning to social networks and cell phones

[Al-khiyal]

Cyber criminals turning to social networks and cell phones

April 5, 2011 -- Cyber criminals are turning their attention to social networks and cell phones, according to this year's Internet Security Report by Symantec. It makes perfect sense, if you think about it. Just like pickpockets on the street, internet criminals are going to do better if they hang out where most people are. A decade ago, that was in everybody's Outlook Express inboxes; but these days it's networks like Facebook and Twitter, and the cell phones we all carry in our pockets and handbags.

Symantec's report covers a lot of detail about a variety of security threats facing internet users today. Social networks are particularly vulnerable, it says, precisely because they're social. People have become accustomed to meeting strangers electronically, and if those strangers do a good enough job of pretending to be legitimate, they can make use of social engineering attacks to gain access to private data.

As for cell phones - the numbers have reached tipping point. Symantec's report says: "The installed base of smart phones and other mobile devices had grown to an attractive size. The devices ran sophisticated operating systems that come with the inevitable vulnerabilities — 163 in 2010. In addition, Trojans hiding in legitimate applications sold on app stores provided a simple and effective propagation method." In case you need reminding, a Trojan is malicious code that hides inside something else that looks innocent. Hiding one inside a popular free game would be the perfect way of gaining access to thousands of phones.

So what should you do? Stop using the internet? Of course not. Just as you'd normally keep a close eye on your personal belongings when walking through a busy street market in a strange town, you need to be careful on the internet. Don't necessarily trust everything you see, or everything you read. Be circumspect about the links you click on, and watch out for anything else that seems out of the ordinary. Sometimes, it pays to be skeptical.

[Al-khiyal]

Hackers hunt prey on smartphones, Facebook

SAN FRANCISCO, April 5, 2011 — Hackers are following prey onto smartphones and social networking hotspots, according to reports released Tuesday by a pair of computer security firms. Cyber criminals are also ramping up the sophistication and frequency of attacks on business and government networks, one of the companies, Symantec, said in the latest volume of its Internet Security Threat Report. Symantec depicted a "massive" volume of more than 286 new computer threats on the Internet last year, continued growth in attacks at online social networks and "a notable shift in focus" by hackers to mobile devices. "The major mobile platforms are finally becoming ubiquitous enough to garner the attention of attackers," Symantec said in its findings.

In March, smartphones running on Google-backed Android software were the target of the largest attack ever on the devices, noted a PandaLabs report focused on the first three months of this year. "This assault was launched from malicious applications on Android Market, the official app store for the operating system," PandaLabs said. Within a four-day span, seemingly legitimate Android smartphone applications rigged with malicious "Trojan" computer code were downloaded more than 50,000 times, according to PandaLabs. "The Trojan steals personal information from cellphones, and downloads and installs other apps without the user's knowledge," the computer security firm said. "Google managed to rid its store of all malicious apps, and several days later removed them from users' phones."

The Symantec report indicated that cyber crooks were also infiltrating news-feed capabilities at popular social networking services to "mass-distribute" attacks. Such tactics typically involve getting into one person's account at a social network and then sending others links to websites booby-trapped with malicious computer code. "Social network platforms continue to grow in popularity and this popularity has, not surprisingly, attracted a large volume of malware," Symantec said.

PandaLabs gave an example of a 23-year-old California man facing sentencing after pleading guilty to using information found on Facebook to hack email accounts to find compromising messages for blackmail. Even Facebook founder Mark Zuckerberg saw his fan page at the social networking website hacked this year, the security firm noted. PandaLabs researchers logged an average of 73,190 new snippets of malicious computer code daily during the first three months of this year in what was said to be a 26 percent jump from the same period in 2010. Hackers showed a strong predeliction for a kind of malicious code used to mine bank account data and, ultimately, get into people's accounts, the computer security firm indicated. China, Thailand and Taiwan had the highest rates of infection, with nearly 70 percent of the computers in those countries "riddled with malware," according to PandaLabs.

Many attacks on company or government computer networks involved hackers researching key employees and then duping them or colleagues into enabling access to protected networks, Symantec's report showed. Researchers warned that onslaughts by "hacktivists" such as the group "Anonymous" and others with seeming political goals could signal a dangerous cyber arms race. "Stuxnet and Hydraq, two of the most visible cyber-events of 2010, represented true incidents of cyberwarfare and have fundamentally changed the threat landscape," said Symantec Security Technology and Response senior vice president Stephen Trilling. "The nature of the threats has expanded from targeting individual bank accounts to targeting the information and physical infrastructure of nation states."