All rise! Mind these digital crimes and arm yourself against them
Credit to Author: Malwarebytes Labs| Date: Wed, 01 Nov 2017 13:15:18 +0000
Have you noticed that, in this year alone, headlines are inundated with words that contain “cyber”?
Cybercrime. Cyberattack. Cybersecurity. Cyberwarfare. The cyber. (Okay, that was last year.)
Frankly, with so much going on, we hardly remember a time when the term “cyber” seemed quaint and a little retro.
Indeed, cybercrime as a whole has been steadily on the increase these past few years, and not one expert has predicted it ebbing anytime soon. This is daunting, but not exactly unexpected. As we progress in adopting new technologies—with more of the world’s population online now than not—more and more people are exposed to potential threats.
Are we then to embrace the inevitable? Not really. Assuming the worst is to come—and we think you should—it’s more important than ever to arm yourself against digital crimes. This means putting security measures in place that aim to prevent or mitigate specific threats, tinkering with some habits that are actually quite dangerous, and talking about security candidly with friends, family, and peers.
So, let’s prioritize. We’ve scoured through scores of reports and identified digital crimes that are on the rise. In the list below, we’ll explain them and what you can do to protect yourself against them.
(1) Card skimming. This is a type of electronic fraud where criminals use a device called a skimmer to steal card information from users. The skimmer is usually installed onto devices where one can swipe or feed their credit or debit card, such as ATMs, point-of-sale (POS) devices, and gas pumps. Brian Krebs of KrebsOnSecurity covered card skimming extensively in a fascinating and eye-opening series of blog posts that we suggest you read through here.
How to protect yourself: There are two rules of thumb:
Always check. KrebsOnSecurity has provided ways on how one could recognize tampered devices so users can protect their bank cards from getting skimmed. “If you see something that doesn’t look right—such as an odd protrusion or off-color component on an ATM—consider going to another machine,” wrote Krebs in one article. “Also, stay away from ATMs that are not located in publicly visible and well-lit areas.”
More sophisticated setups, on the other hand, show nominal to no signs of obvious tampering. This is true for gas stations, where threat actors generally plant their skimming device within the pump’s interior. We don’t advocate consumers to start dismantling gas pumps to check if they’re clean or not; however, we do advice users to keep a close eye on their bank statements for any expenditures they don’t remember paying for.
In September of this year, an Android app called Skimmer Scanner was made available on Google Play to download and use for free. This app is supposed to detect skimmer-tainted gas pumps, which use Bluetooth technology to steal user information. If you’re interested, the developer of the app wrote a technical post that you can read in this SparkFun page.
Never let your bank card out of your sight. If you’re in a restaurant or small shop where they use a handheld payment terminal, ask the waiter or cashier to swipe the card in front of you. A lot of businesses already do this, but it won’t hurt to ask if you see that the establishment you’re in needs to catch up on this practice.
It’s also important to make sure contact details are updated for each card you own and use so you can be easily reached if the bank spots potential fraudulent transactions.
(2) Android malware. Ever since mobile usage exceeded PC and laptop usage combined, we’ve been expecting that criminals would begin targeting the mobile market. And since Android is the dominant mobile OS worldwide, they are the most targeted mobile devices. This has been and continues to be the trend, year after year. Trojans lead the mobile malware infection count, followed by potentially unwanted programs (PUPs). Meanwhile, mobile ransomware is growing at a rapid rate.
How to protect yourself: If you haven’t already, begin practicing basic computing hygiene the same way you would when you’re on a desktop or laptop. This includes regular firmware and app updates, backing up phone data, locking the device when not in use, setting up remote wipe, installing apps that help protect you from threats when you browse the web, and playing it smart on public Wi-Fi networks.
It’s also essential that users regularly audit mobile devices for apps that they no longer use—these they can uninstall—and those that, for some reason, started doing things they’re not supposed to—these they must uninstall.
We pushed out several articles about mobile security on the Labs blog. Now would be a good time to go back and review them.
- Keeping secure in an Android world [1] [2]
- Top 10 ways to secure your mobile phone
- Securing your privacy on Android
- Solution Corner: Malwarebytes for Android
(3) Mac malware. Apple has gained favor in the eyes of threat actors, but this didn’t happen overnight. Its user base has been increasing steadily over the years, and we can surmise some reasons why. For one thing, its partnerships with other tech giants like IBM and Cisco have significantly expanded Apple’s reach in the enterprise world. Not only that, human behavior and logic play a factor, too: iPhone and iPad users are known to consider buying a Mac instead of a PC to complement their devices.
There wasn’t much Mac malware out there at first, but our recent telemetry data reveals that it is becoming noticeably problematic, along with adware and PUPs. We’d be remiss not to point out that Mac OS users may encounter various malvertising and scam campaigns, too.
How to protect yourself: Our recommendations to Mac users are not that different from what we advise Windows users. Again, following safe browsing habits is a constant best practice for any platform, operating system, or device. Don’t forget to back up files and, if you can, try to avoid downloading torrent files, which are sometimes bundled with programs you wouldn’t want to be installed on your system.
Below are some posts you may want to go back to and re-read about Mac safety:
- Is Mac malware on the rise?
- FAQs about Mac adware
- How to remove adware from Macs
- New Mac Malware-as-a-Service offerings
- How to tell if your Mac is infected
(4) Linux malware. Here’s another OS that was first deemed “immune” from digital crime but is now making headlines, thanks to the proliferation of electronic devices and appliances that use software based on the Linux kernel, such as Android phones and tablets, routers, and the Internet of Things (IoT). In the Internet Security Report Q1 [PDF] by our friends at WatchGuard, they noted the three current types of malware targeting Linux: exploits, downloaders, and flooders.
Anecdotal evidence points to a number of reasons why threat actors are now going after Linux-powered devices. First, vendors and developers didn’t take the time or effort to incorporate a patched kernel onto their products. Second, most of these devices and appliances have little to no security protections in place, and updating them over-the-air (OTA) is almost nonexistent. Last, consumers don’t use passwords—and if they do, they use poor ones—to protect such devices and appliances.
How to protect yourself:
Let’s start with passwords: Create one, now, or let a password manager do the creating for you. Make sure that the software and firmware on your IoT devices/appliances is updated.For those who have Linux servers, regularly update the OS. Implement firewall rules that block unsolicited inbound traffic and SSH access from the Internet and internal network. And finally, consider protecting devices with multiple security technologies, including anti-spam, URL filtering, anti-malware, and intrusion prevention, to name a few.
(5) Cyberbullying. The only Internet crime on this list that is aimed directly at actual people.
We’ve written about cyberbullying through the years, and we know that this act does not only involve kids and teens but also adults. And online bullying incidents are more prevalent now than ever. Why? While it’s true that the Internet has made it easier for anyone to talk to someone on the other side of the globe, let’s not remove from the equation people’s poor choices, misunderstood notions on anonymity, and the false assumption that real life is separate from digital life.
How to protect yourself: Prevention is always better than treatment, so how does one prevent cyberbullying? Consider limiting what you share online, or at least limit who sees what you share. Your social media feeds don’t have to be public, especially if you’re sharing something that is meant for close family and friends. Speaking of sharing, avoid sending intimate or private photos to anyone. This could not only lead to bullying but also revenge porn.
We have more preventive steps here, wherein we mostly touched on debunking myths surrounding cyberbullying.
Here’s more from our series during Anti-Bullying Week:
(6) Contactless card fraud. As we all know, a contactless card does not require one to enter their PIN, much less slotting it through a PoS terminal. All one has to do is wave it or keep it stationary in front of a contactless reader for a few seconds and you’re all set. Many users have opted to use contactless cards due to their ease of use. So easy, in fact, that one might correctly surmise that criminals can easily commit fraud as well.
Note that this particular digital crime is only relevant in regions of the world that use contactless cards, such as the UK and most European countries.
How to protect yourself:
Always handle your card yourself. Handing someone your card to be waved increases the risk of it getting skimmed. To keep track of spending when you use the contactless payment feature of your card, ask for a receipt. Compare these with your bank statements. Regularly check your statements for unusual transactions. And if you lose your card, report the loss to your bank immediately. Finally, considering using a digital wallet as an alternative to contactless cards.
While we focused on digital crimes that directly affect consumers here, in Part 2 of this series, we’ll be homing in on crimes that are after enterprises. See you then!
The post All rise! Mind these digital crimes and arm yourself against them appeared first on Malwarebytes Labs.