Cyberattacks on the Rise

Cybersecurity information from the Ascentive team

New cybercrime statistics published by HP reveal that the cost of cyber attacks has risen more than 50%* since last year, and IT security expert Stu Sjouwerman cautions that number is likely to grow. As the founder and CEO of Internet Security Awareness Training (ISAT) firm KnowBe4, Sjouwerman (pronounced “shower-man”) has made it his mission to learn the increasingly sophisticated tactics used by the latest generation of cybercriminals – and to educate small and medium enterprises (SMEs) on how to recognize and avoid them.

According to the Second Annual Cost of Cyber Crime Study, which was sponsored by ArcSight (an HP company) and conducted by the Ponemon Institute, survey respondents reported losses between $1.5 million and $36.5 million per year due to cyber attacks. Collectively, their median annualized cost was $5.9 million – a 56% increase over the $3.8 million figure reported in the July 2010 study. Other key findings announced by HP: the frequency of cyber attacks has increased nearly 45%, and the time and cost to resolve them has risen. The study’s findings indicate that a single attack now takes an average of 18 days and $416,000 to correct.

As many executives and entrepreneurs have learned the hard way, today’s cybercriminals are stepping up their efforts with stealthy tactics and sophisticated technology. This latest study shows that cyber attacks and their related costs are rapidly growing, so business need to be proactive in combating cybercrime if they want to avoid financial loss,” cautioned Sjouwerman.

To educate SMEs on the evolution of cybercrime – and help them better understand what they’re up against today – KnowBe4 provides an overview of the “Five Generations of Cybercrime” on its website. “While the first generation of hackers were more interested in notoriety than financial gain, today’s cybercriminals – Generation Five – are more likely to be operating within organized crime syndicates and profiting handsomely from their schemes,” Sjouwerman explained. “Coding skills are no longer required. Tools and malware are readily available through a thriving underground market, so even a relative novice could quickly get in on the action.”

Among the alarming developments Sjouwerman and his KnowBe4 colleagues are seeing today are:

• · Licensed malware complete with technical support
• · Cybercrime social networks with escrow services
• · “Pay-for-play” malware infection services
• · Botnet rentals for cybercrime sprees

Sjouwerman believes that the reason so many companies are falling victim to cybercrime is because they’re not taking proactive measures to prevent it. He attributes the growth of the criminal enterprise to a false sense of security among executives at SMEs and a lack of training among their employees. “Many people assume antivirus software and an IT team are sufficient protection against cyber attacks. But the fact is that cybercriminals can bypass corporate security measures simply by tricking one employee into clicking a link. With one click, malware can be instantly downloaded to a computer and quickly spread across an entire network. And in most cases, the employee is completely unaware he or she has just given cybercriminals open access to company systems.”

Photo Credit

Advertisement

What are Cookies?

Internet privacy info from the Ascentive team

If you surf the Internet, you’ve come across cookies in one form or another. A cookie is a type of message that is communicated to a web browser by a web server.  The two main purposes of a cookie are to identify users and possibly prepare customized Web pages, or to save site login information. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain websites.

Cookies are created when a user’s web browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website’s server. Computer Cookies are created not just by the website the user is browsing but also by other websites that run ads, widgets, or other elements on the page being loaded. These types of cookies regulate how the ads appear or how the widgets and other elements function on the page.

Session Cookies are a type of cookie used by a server to store information about user page activities so users can easily pick up where they left off on the server’s pages. By default, web pages really don’t have any ‘memory’. Cookies tell the server what pages to show the user so the user doesn’t have to remember or start navigating the site all over again. Cookies act as a sort of “bookmark” within the site. Similarly, cookies can store ordering information needed to make shopping carts work instead of forcing the user to remember all the items the user put in the shopping cart.

Persistent Cookies are employed to store user preferences. Many websites allow the user to customize how information is presented through site layouts or themes. These changes make the site easier to navigate and/or lets user leave a part of the user’s “personality” at the site.

Cookie security and privacy issues

It’s important to note that cookies are not viruses. Cookies use a plain text format, and they are not compiled pieces of code so they cannot be executed nor are they self-executing. They also cannot make copies of themselves and spread to other networks to execute and replicate. However, Cookies can be used for malicious purposes. Since they store information about a user’s browsing preferences and history, both on a specific site and browsing among several sites, cookies can be used to act as a form of spyware.

Responsible web developers deal with privacy issues caused by cookie tracking by clearly describing how cookies are used on their sites. These privacy policies should explain what kind of information is collected and how the information is used.

Reputation Creators launches Student Guard to combat CyberBullying

Internet security tips from the Ascentive team

The Internet has changed the world in more ways than we can ever imagine. Of course the Internet helps us immensely, the power and reach of the online world can also have devastating consequences. One problem both children and parents face daily is the spread of CyberBullying.

A cyberbully uses the Internet, cell phone, or other device to send or post text or images to try to hurt or embarrass other people. Whether it’s creating a fake Facebook or MySpace page to impersonate a fellow student, repeatedly sending hurtful text messages and images, or posting cruel comments on the Internet, Cyberbullying can have seriously harmful effects on children. Nasty comments, lies, embarrassing photos and videos, and snide polls can be spread widely through texting, and by posts on social networking sites like Facebook.

According to estimates, the average kid in the US now spends as much as seven hours on the Internet every day. That’s a lot of time spent online, and with a lot of bullies out there, anyone and everyone is open to threats and abuse. And it seems that the presence of countless social networking websites today has made the problem even worse. Websites such as Facebook, Twitter, MySpace, and YouTube have made it easy for people to interact with each other online. Although these websites have plenty of positive aspects, they have given an impetus to CyberBullying.  The problem is that private information, embarrassing photos and slanderous comments can be easily posted on these sites and all of this definitely creates a negative impact. Unfortunately, CyberBullying can lead to depression, poor grades, anxiety, fighting, and, in some cases, suicide

Experts say that Cyberbullying has reached immense proportions. Although CyberBullying is illegal in many states in the US, parents still need to be particularly careful about what their children are doing online, and this is precisely where Tim Niedel can help.

Tim Niedel is the CEO of Reputation Creators Corp, a company that has emerged as the frontrunner in the campaign to stop the menace of Cyberbullying. The company has come out with a breakthrough product known as “Student Guard” which allows parents to keep tabs on what their kids are doing online.

Reputation Creator Corp’s Student Guard actually allows parents to access private and secured web portals at any time of the day to look at the videos, photos and text messages posted on these portals. This allows parents to monitor what their kid is doing at Facebook, Twitter, MySpace and the other social networking websites. Student Guard allows parents to protect their child, and can take preventive action if the child is trying to bully someone else.

Senator Schumer Wants to protect Free Wifi Networks

From the FinallyFast Help Desk

Senator Charles E. Schumer of NY today called on providers of major websites in the United States, like Twitter, Yahoo, and Amazon, to switch default web addresses from the standard HTTP protocol to the secure HTTPS protocol after reports that hackers are granted easy access to users’ private information through common wireless networks found at coffee houses and book stores throughout New York and the country. Schumer pointed out that the proliferation of easy-to-use hacking programs allow identity thieves easy access to private information, like passwords, user names, credit card information, and browsing history that is stored in cookies of users of the same wireless network.

“The number of people who use WiFi to access the Internet in coffee shops, bookstores and beyond is growing by leaps and bounds, but these users are unaware that they are easy prey for hackers and identity thieves. It is scary how easy it is. Free WiFi networks provide hackers, identity thieves and spammers alike with a smorgasbord of opportunities to steal private user information like passwords, usernames, and credit card information,” said Schumer. “The quickest and easiest way to shut down this one-stop shop for identity theft is for major websites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol, which has become a welcome mat for would be hackers.”

Schumer noted that easy-to-use programs, like Firesheep have made tapping into someone else’s computer, which at one time was a much more complicated and sophisticated process, easy for individuals who have little-to-no programming experience, opening the door to a greater population of would-be identity thieves. Through the unsecure HTTP extension, hackers are able to obtain access to the user’s web browsing history and perform functions on websites as if they were the individuals who were hacked. This ability to invade someone else’s online identity allows the hacker to operate on each website as the victim, potentially allowing the hacker to make purchases with user information, access the users Facebook page, send a Tweet from someone’s Twitter account, and gain access to private information stored on various websites. While some websites at their initial interface with the user encrypt the user provided information, and some allow users to manually opt-in to the HTTPS protocol, none of the websites Schumer wrote to today use HTTPS as the default for all use and browsing.

The growth and popularity of free WiFi access at coffee houses, bookstores and other establishments allow for greater exploitation of the security flaws in HTTP extensions. Users in establishments with WiFi networks that patrons are able to access are all simultaneously operating on the same Internet network, which provides the technological path to access someone else’s computer. While programs like Firesheep that provide access could be targeted by law enforcement officials for restriction, others will swiftly take its place as long as HTTP remains the default protocol for popular websites. It would be next to impossible to shut down each and every program that emerges and that allows access to a user’s cookies. The most significant and direct way to protect users and combat online identity theft would be to change Internet protocols that would create a firewall for access.

According the digital think tank Digital Society, dozens upon dozens of popular websites operate with unsecured web addresses using the HTTP protocol. Despite the fact that this security flaw has been well known since at least 2007, major US websites have been slow in addressing this significant security flaw. Schumer’s letter to the companies asks that they address this vulnerability immediately in order to protect users’ private information and help protect Americans from identity theft.

“This security problem has been known for quite some time and hackers are getting better at creating programs that allow even the most inexperienced users the ability to hack into someone else’s computer,” said Schumer. “With the privilege of serving millions of U.S. citizens, providers of major websites have a responsibility to protect individuals who use their sites and submit private information. It’s my hope that the major sites will immediately put in place secure HTTPS web addresses.”

Clutterfreepc news: British Royal Navy Attacked!

Direct from clutterfreepc:

The British Royal Navy has been successfully attacked – by malware.

The Royal Navy’s website was recently shut down temporarily while military officials repaired the vulnerability. In addition to the website’s motto, which ironically reads “Modern and Relevant,” users saw a message telling them why they couldn’t access any information on the website during repairs.

“Unfortunately the Royal Navy website is currently undergoing essential maintenance. Please visit again soon,” the website read.

Meanwhile, in true cyber criminal fashion, the hackers responsible for the attack celebrated and boasted on anonymous blogs throughout the web. A cyber criminal known only by the moniker TinKode took credit and received praise for the attack.

“TinKode doesn’t need sophisticated weapons to disarm an army. He just need a PC,” an anonymous post on TinKode’s blog read.

Another hacker gave him a pat on the back. “Nice dude, really nice. Good job,” a hacker name Sirarcane added.

Cyber security authorities across the globe have discussed the implications that may come as a result of the attack on the British Royal Navy’s website. Graham Cluley, senior technology consultant for security firm Sophos, said the event is “embarrassing” for the British military’s cyber security, and said the country is fortunate TinKode didn’t use the hack for more malicious purposes.

“We can all be thankful that Tinkode’s activities appear to be have been more mischievous than dangerous,” Cluley wrote in a recent NakedSecurity blog post. “If someone with more malice in mind had hacked the site they could have used it to post malicious links on the Navy’s JackSpeak blog, or embedded a Trojan horse into the site’s main page.”

In fact, TinKode, who is believed to live in Romania, has a history of pointing out glaring web security flaws within networks that many users may have previously considered secure. According to Clulely, “TinKode has revealed security holes in NASA’s website, and published information about SQL injection vulnerabilities in sites belonging to the U.S. Army.”

Just as government cyber security has rebounded from these past attacks, Cluley hopes the British Royal Navy can limit the damage from TinKode’s attack and use it to prevent future issues.

“Hopefully efforts are in place now to secure any vulnerabilities and reduce the chances of such a serious security breach happening again in the future,” Cluley wrote. “It is to be hoped that the ultimate impact of this attack will be egg on the face of the Ministry of Defense – and better security practices in the future – rather than a more significant assault on a website presenting the public face of an important part of the armed forces.”

A number of other recent attacks have highlighted the importance of anti-malware software in government networks, including the Stuxnet virus’ successful infiltration of Iran’s energy infrastructure.

If the British Royal Navy can be attacked, anyone can!  To protect your PC, please visit ClutterFreePC at www.clutterfreepc.com.