Sure, social networking is fun, catching up with old school friends, flashing through their photos, seeing how their lives have developed, it's a really neat way to keep in contact with people. But it's also a great way to provide fraudsters with a wealth of information that can then be used to access your existing bank accounts, or even create new ones.
The Symantec Internet Security Threat Report reviews known vulnerabilities, analyses network-based attacks, and tracks the occurrence of malicious code based on intelligence data gathered from two million decoy email accounts in 30 different countries, as well as 40,000 sensors spread over 180 countries. To create the report Symantec also draws malicious code reports from over 120 million client, server, and gateway systems that have deployed its antivirus product.
And our latest findings were concerning for Internet users placing personal information on trusted websites such as on social networking sites.
Yep, that's you and me and the 200,000 other Australians who log onto social networking sites everyday.
One of the key findings from the report is that web sites are the focus of a large portion of malicious activity and attackers are seeking information, not computers or devices containing the data. In addition, once attackers steal information, they are buying, selling and trading it through a mature, consolidated underground economy.
And business is booming in this underground Internet economy.
Some of the most active malicious code samples we came across in the last six months in Australia include Vundo and Infostealer. Gampass, created to detect and gather personal information which is then being consolidated, and sold on international markets. The underground economy has adopted mature market dynamics in order to capture and on-sell your personal information. They sell package deals of highly granular personal data, maiden names, and birth dates. And we're the ones giving them the information in the first place by not being careful what we say to whom.
So long as they have enough identifiers they can recreate your identity, and this is where the risk lies on a personal level.
Generally what we're seeing is malicious programmers move away from traditional methods such as IRC and botnets, and beginning to use stealthier methods like http and peer-to-peer programming to get access to private data.
The other area of growth is the shear number of threats, viruses, Trojans, spyware and generally malicious code lurking on the Internet. We're at the point where the volume of malicious code actually exceeds the volume of legitimate applications, which in itself will lead to the creation of whitelists of ‘good' applications which your computer can accept and run, rather than blacklists of threats.
And the third is data leakage through portable devices. This is like the corporate equivalent of trusted websites, in-so-far as these devices are trusted and ubiquitous, and we really have no idea how much information is ending up in unsecured locations. How many corporate customer data bases are being carried around in suit pockets? How many income streams are walking in and out the door in high-level phones? The fact is that we really don't know.
But don't despair.
Protection comes back to prevention, and prevention to pragmatism. There are simple techniques individuals and companies can adopt to protect themselves from harm. The most important protective measure is to employ defense-in-depth, which emphasises multiple overlapping and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. For consumers, this means using an Internet security solution that combines antivirus, firewall, and intrusion detection.
And as always, knowledge is power, so take some time to think about the way you interact with technology, and how you can respond to the dangers lurking online.
The full report can be viewed at www.symantec.com/threatreport
Vicepresident for technology security company Symantec Asia Pacific Craig Scroggie is also a graduate and fellow of the Australian Institute of Company Directors, a fellow of the Australian Sales & Marketing Institute serving on their National Advisory Committee, a trustee for the Committee for Economic Development of Australia, and is a non-executive director and board member of the Storage Networking Industry Association (SNIA).
Printer friendly version
The more fundamental problem is that...
...we give our bank details and credit card numbers 'in the real world' to people every day and online fraud, using such card details without the theft of the card, is growing all the time. Businesses increasingly insist on customers giving additional personal details when they buy goods, for marketing or security purposes, but this information itself can be used to buttress attempts to use card details in fraud.
Anti virus software is powerless to prevent such 'merchant' fraud and there's no guarantee that someone isn't using your card to top up their mobile phone regardless of what software you've bought for your PC. There's a lot to be said for cold hard cash sometimes, as Ford Prefect said in the Hitch-Hikers Guide to the Galaxy "if you can't scratch a window with it, I don't accept it."
symantec
Why would anyone take any notice of Symantec?
I once, not being a very smart chappie, had a PC full of vital information - articles, research, invoices, receipts, the works - but not any more thanks to Symantec. My PC retailer attached Norton Antivirus as part of the deal, over the last couple of years I've been paying for it every six months in cold hard.
But last month I paid the real price. On trying to run a Norton update, the whole computer crashed and everything I had worked hard on, for years, has been lost.
Repeated calls to Symantec's laughingly-titled helpdesk brought one denial of responsibility after another. The closest thing to actually helping was the suggestion to phone my ISP and ask them to do an automatic recover. On pursuing this "lead" I was informed it could well save the programs but not the information. Thanks for nothing.
On repeating my hard luck story to colleagues and acquaintances, okay grizzling, I was surprised by the number who had also lost valuable information to Norton updates.
And, while I can't be bothered reading the article, it's not, I hope, about how dangerous the cyber world is and how we all should be paying to tool up for protection. That would be a bit like allowing the vandals to run Neighbourhood Watch.