Guest post by Jeff Barto, Trust Strategist, Evangelist & Website Security Advocate for Symantec
In 1994, the first online purchase crossed the World Wide Web: a large pepperoni pizza with mushrooms and extra cheese from Pizza Hut. Over the next 20 years, e-commerce has exploded into a bustling economy, exceeding $1.2 trillion in sales in 2013.
This growth in online purchases rests upon a foundation of trust. People trust that the websites they use to track finances and make online purchases are secure and legitimate largely because of Secure Socket Layer (SSL) certificates- otherwi...
In a sense, a man-in-the-middle attack (MITM) is like eavesdropping. Data is sent from point A (computer) to point B (server/website), and an attacker can get in-between these transmissions. They then set up tools programmed to “listen in” on transmissions, intercept data that is specifically targeted as valuable, and capture the data. Sometimes this data can be modified in the process of transmission to try to trick the end user to divulge sensitive information, such as log in credentials. Once the user has fallen for the bait, the data is collected from the target, and the original data...
It may seem like stories of massive data breaches are popping up in the news on a weekly basis these days. Unfortunately, this is not surprising. As technology progresses, all of our information moves to the digital world, and, as a result, cyber attacks are becoming the new wave of crime. Corporations and even small businesses are extremely attractive targets to cybercriminals, simply due to the large payday of data that can be nabbed in one fell swoop.
What is a data breach and how and why do they happen?
The main reason that cybercriminals are stealing personal information is for us...
Spyware, ransomware, and bots, oh my! A lot of these terms are prevalent on the Internet, but it may seem impossible to know what all these terms mean, and how they actually affect your devices and personal information.
The term, “virus” has been the commonplace word for all malicious software programs for years now; however, a virus is just one type of malicious threat. A virus is classified as a self-replicating piece of malicious code that travels by inserting itself into files or programs. The threats on the cyber landscape have evolved into more than just viruses, and can cause mu...
Our favorite holiday IT elf is back with some more holiday shopping tips! This week he reviews "paper or plastic," and we're not talking about grocery bags.
Malvertising is a shortened term for malicious advertising, and is defined as using online advertising to spread malware. Malvertising requires placing malware-laden advertisements on legitimate web pages and through authentic online advertising networks in order to infect a web browser and device. Often, it’s very difficult to distinguish between legitimate and malicious online ads.
Thanksgiving not only marks the start of the fantastic holiday season—it’s also a time to reflect on what you’re thankful for. One of the many things to be thankful for this holiday is cybersecurity, which has gotten more and more advanced as of late.
The holidays are just around the corner, and that means many of us will be making purchases online to avoid large crowds and busy mall traffic, especially during Black Friday and Cyber Monday.
Encryption is the process of protecting personal data, often with a form of “secret code,” so that it cannot be read by anyone who doesn’t have the code key. Today, huge amounts of personal information are managed online, via computer applications, and stored in the cloud, or servers with an ongoing connection to the Web.
A “denial of service” or DOS attack is used to tie up a website’s resources so that users who need to access the site cannot do so. Many major companies, have been the focus of DOS attacks in recent years. Because a DOS attack can be easily engineered from nearly any location, finding those responsible can be next to impossible.
Most people are unaware of the fact that you don’t have to intentionally download a malicious attachment in order to compromise your computer’s security. Malicious websites and drive-by downloads are just two ways that your security can become compromised by doing nothing more than visiting a website.
We’ve previously explained the different types of malware that are prevalent on the threat landscape, which begs the question: How does malware get onto my computer?
Bundled Free Software Programs
Free is never usually 100% free when it comes to software and apps- there is always some trade-off. Frequently, free software companies will partner with other companies and bundle additional software within the download. Mostly, these programs are bundled with toolbar add-ons, however, hidden within these add-ons can be spyware, ad libraries, and even browser hijackers. While this is not ma...
Ransomware is a form of malware that will lock files on a computer using encryption. Encryption converts files into another format, like a secret code and can only be decoded by a specific decryption key.
Types of Ransomware
Ransomware can present itself in two forms.
Locker ransomware will encrypt the whole hard drive of the computer, essentially locking the user out of the entire system.
Crypto ransomware will only encrypt specific, seemingly important files on the computer, such as word documents, PDFs and image files.
Once the ransomware installs itself, ...
According to the credit reporting firm Experian, the average Internet user has about 19 different online accounts, for which they only have seven different passwords. In addition, one in ten users never change their online passwords, and one in 20 uses the same passwords for all of their online accounts.
Those statistics definitely show that the password system is broken. When passwords were invented in the 60's, they were rather simplistic, as there was not a wide scale need for them. Today we have passwords for an exponential amount of web services. Couple that with the fact that we no...
When you think of espionage, characters like James Bond might come to mind- having to travel halfway around the world, pretending to be someone they’re not, infiltrating organizations and stealing secrets. Even though James Bond is just a fictional character, old school spies like that do exist. However, with the advancement of all of our data becoming digitized, we’re quickly becoming introduced to the new school version of spies- cyber spies.
New school espionage simplifies the spying process extremely. Companies and institutions store almost an overabundance of data in their systems. I...
Not all hackers are inherently bad. When used in mainstream media, the word, “hacker,” is usually used in relation to cyber criminals, but a hacker can actually be anyone, regardless of their intentions, who utilizes their knowledge of computer software and hardware to break down and bypass security measures on a computer, device or network. Hacking itself is not an illegal activity unless the hacker is compromising a system without the owner’s permission. Many companies and government agencies actually employ hackers to help them secure their systems.
Today’s gaming consoles are independent computers, but they are not yet at the stage where they are susceptible to malware in the same way PCs and other devices are. Even though the consoles are resistant to malware for the time being, there are still ways that cybercriminals will try to gain access to your valuable gaming accounts.
In addition to phishing attempts on gaming accounts, online gameplay can be affected by hackers via Distributed Denial of Service (DDoS) attacks. These attacks do not involve the users’ consoles directly; rather hackers intentionally flood the gaming company...
In other posts, we’ve explained the different types of malware on the threat landscape, and some of the less complicated ways your computer can become infected with malware. In this article we’ll talk about the more complicated types of attacks that cybercriminals use to try to get your information.
Exploit kits are malicious toolkits that attackers use to search for software vulnerabilities on a target’s computer. The kits come with prewritten code that will search for the vulnerabilities, and once it is found, the kit can then inject malware into the computer through tha...
We talk about software vulnerabilities a lot, and the human versions of those are our emotions. When people are faced with frightening scenarios, their first impulse is to act first and think later. This is the exact “vulnerability” that social engineers depend upon for a successful attack.
Types of Social Engineering Attacks
Social engineering is a way that cybercriminals use human-to-human interaction in order get the user to divulge sensitive information. Since social engineering is based on human nature and emotional reactions, there are many ways that at...
In busy towns and congested cities, ridesharing apps are quickly becoming all the rage. They’re a new and interesting marriage of technology and commuting that helps us keep up with this “always on” lifestyle. However, they’re also kicking up quite the controversy over how companies handle our real-time location data and overall privacy.
What is ridesharing?
Uncommonly referred to as “real-time ridesharing,” these new mobile apps are taking the local markets by storm. They allow a user to request an almost instant ride to wherever they need to go with just the push of a button. In a...
You may have heard in the news recently that an Internet crime group, Carbanak, stole up to one billion USD by targeting the institutions themselves rather than individual customers. They transferred funds to controlled accounts and hacked ATMs via SMS messaging over the last two years. Cyber security experts at Symantec have been tracking Carbanak for some time now.
What can cybercriminals do with my data in the event of a banking or financial institution breach?
Cybercriminals are attracted to stealing data that they can make money from, such as credit and debit card numbers, bank a...
This month, American singles will flock to the multitude of dating services that are available online. Online dating has lost the stigma it once had, as a study conducted by Pew Research found that one in ten Americans have used an online dating website or mobile app in 2013. With the negative stigma of online dating nearly abolished, the popularity of these services is on the rise, which has caught the attention of scammers.
What are the risks?
As with anything you post online, it’s out there for everyone to see, so you will want to be careful with what identifiable information you u...
Stories of massive corporate data breaches in the media are becoming all too common today. So common that the FBI now considers cyber attacks on US companies one of its top law enforcement priorities. Unfortunately, as technology progresses and all of our information becomes more and more digitized, cyber attacks will continue to be an unfortunate part of our lives in the future. Corporations and even smaller businesses are an extremely attractive target to cybercriminals, simply due to the large payday of data that can be stolen.
What Can Cybercriminals Do With My Stolen Data?