While cybercrime is on the rise, it is no longer subtle and behind the scenes. It has become a business with organized crime taking it under its wing and using it in ways not unlike the organized crime of days gone by. It’s also being embraced by nation-states in the form of spying, placing malware on networks to create backdoor access, and releasing information that those it’s stolen from would rather keep private.
At the center of today’s cybercrime is malware. While there seems to be a decline in the well-known banking Trojans such as Zeus and Citadel, it has only become new and improved with Dridex and Dyre, GameoverZeus, and Confiker. These are all designed to take your money more stealthily. In addition, there is a rise Remote Access Trojans (RAT) which use user-requested programs (games, apps, attachments in email) to create backdoor administrator access to systems.
E-commerce is creating a new way to commit payment fraud for cybercriminals. Fraudulent payment card crimes using a copy of a card have decreased over the years, particularly with the transition to the EMV chip cards. However, the continued data breaches into merchant systems has allowed card-not-present (CNP) crime to increase as criminals use the data gained in those to continue committing payment fraud.
Phishing, spearphishing, and vishing remain at the top of the list of ways cybercriminals get malware disseminated. People are still the number one vulnerability for thwarting security measures. This is an attack that uses very specific information about the target to gain access to confidential information. Business email compromise (BEC) or email account compromise (EAC) are on the rise and the FBI continues to issue warnings to all industries on the current targets.
Individuals do have some recourse:
-Be diligent at monitoring payment card charges. If anything looks unfamiliar or suspicious, report it to the card-issuing organization without delay.
-Monitor credit reports annually and report anything that doesn’t belong on them to the credit bureaus.
-Use unique login credentials for each online account and change passwords at least quarterly.
-Create secure and complex passwords and phrases and vary where you put those special characters.
-Don’t open attachments or click links in email messages unless you are expecting them and are 100% certain they are safe.
-Keep computers and all internet-connected devices including smart TVs and game systems updated with the latest patches and software versions. Remember to immediately check for updates when installing new hardware on your network. Often, these devices sit on store shelves for a long time and most likely at least one update is available once you get it set up.
-Install and update anti-virus and anti-malware software on all devices used on the internet and turn on automatic updates to be sure you don’t miss one.
Fortunately, law enforcement activities have had some success over the years. The FBI along with several multinational organizations have managed to take down some of the biggest malware threats, such as GameOver Zeus and CryptoLocker, if only temporarily. Don’t expect that to stop the cybercriminals though. It’s merely a delay.
© Copyright 2017 Stickley on Security