As the face and voice of McAfee’s 2010 Fake Anti-virus Scareware Initiative this year, I have learned a lot. Not only has the Fake AV Scareware happened to me in 2009, but it happened to a great number of friends and colleagues and made the computers unuseable for weeks in 2010.
What’s worse is that it re-visited my home and work when it hit 3 computers out of 5, in the space of 3 weeks which required my lap-top to do double duty for others who should have known better about this situation since it was all I talked about for months on end. These viral attacks and hackers have gotten gutsy and more active in what they do. One tried to breach the firewall of our network–virtually banging on the door of the firewall trying to take it down and to get the “virus” or attack to stop, they wanted a lot things like ip addresses and such. That particular issue– had we given that information– would have taken down every computer hooked into it (4) and compromised financials, client and personal information– not such a good thing– as well as destroyed 4 computers.
First thing was to shut down the computers.
Second thing was to call our tech guy (who isn’t local)
What we did was take the first computer to Staples because they have a free exam that they offer — they fixed that computer within 2 days and we were good to go. However it was not without some fall-out– a credit card was compromised. It was merely a few days later that we got the other virus attack on a desktop and a laptop concurrently and then we took those computers into the same store only to find that 16 computers had been submitted that same day for essentially the same thing. What we thought would be a 4 day turn-around wound up being 2 weeks plus and a new hard drive insertion, a wipe of a drive and reinstall of the OS. Not so much fun and a lot more down time required and then a scan of my laptop to see if it had been compromised.
When McAfee came back to me to talk about a potential project, I was all over it. While they only scanned my desktop –which was a concern given that the network had been beaten on so hard, I really wanted them to check my laptop because it had been in use by the two people who had computers compromised– and I wanted to be sure “nothing” was wrong with it. When I travel, it goes with me. I have sensitive data on there despite traveling with an external hard drive.
McAfee has a new system in place where your computer doesn’t have to leave your place of business or your home and for roughly $90, they can scan your computer remotely down to the root sectors and repair anything they find. They worked on my desktop and it came out totally clean. I was relieved because in the interim of those virus attacks on the 3 computers, I had been hit again by another fake AV attack and I did what was prudent: shut down the computer, reboot it and run my AV software –which I had upgraded. So the McAfee people were glad that the computer was clean but not good for their project. (I wish they had checked my laptop –because it had been discussed that they would scan it– because it had been in the hands of more people than my desktop. Wish they had delivered on the promise of providing me McAfee protection for all the computers too but I guess they decided not to even provide it for me.)
However the bottom line is that security and protection is key for both home and business computer operations. Home computers often have all your personal financial information and information of other people. The business computer (often laptops have overlapping information between personal and business) are particularly sensitive because of the work data is extremely valuable as well as financial and contact information of clients–which gives them MORE opportunities of people to hit. (Think of it as an invitation to someone else’s work and personal information.) So it’s mission critical for you to be aware of what McAfee says are the critical areas to be aware of for 2011.
You need to prepare to combat the upcoming cyber-crime issues that McAfee has spotted because it covers a much broader gamut of targets with a greater amount of damage. McAfee released it’s cybercrime security report for 2011 on Tuesday and here’s what it said — and the LA Times sums up the report nicely but I am going into more depth and maybe a bit more consumer friendly.
Here are the key areas or targets for cyber crime events:
Exploiting Social Media
With the integration of both consumer and businesses in greater numbers and particularly engagement in places like facebook and twitter, there’s where the likely problems will occur:
Short URL Service Abuse
McAfee Labs expects to see short URL abuse invade all other forms of Internet communications. They currently track and analyze— through multiple social media applications and all URL shortening services—more than 3,000 shortened URLs per minute. There is a rapidly growing number of these hacked shortened urls being used for spam, scamming, and other malicious purposes. This convenience and unawareness of users will have a tremendous impact on the success of cybercriminals and scammers as they leverage the immediacy of social media over email for even more damage (and thus success on their part). McAfee recently launched its own URL shortener, McAf.ee
Locative Service Abuse: One of the great things with all the apps for smartphones and related devices its that they are adding global positioning system (GPS) information to their social media updates so their friends and colleagues can see where they are. The bad thing is that cybercriminals can use that information to target you and your tweeting/4square/FB friends to find out where you are, what you are talking about and what platforms you are running to craft a srategy that puts a virtual target on your back within a specific area tailored to your chatter and GPS habits.
Mobile
With the advent of better and more smart phones, smarter cyber-criminals revel in their ability to target Androids, iPhones and other similar devices to take your not-so-smart phone hostage– virtually. While this has been a hot topic in the security sector, it never seemed to happen– until now. This year we saw many new,
but low-prevalence, threats to mobile devices: rootkits for the Android platform, remote “jailbreaking” exploits for the iPhone, and the arrival of Zeus (a well-known banking Trojan/botnet). The Zeus incident has them still racking up the $ costs but don’t think that you are safe. You need to get smart and be proactive. I would check with your antiv-virus program and I have no clue if McAfee or anyone else has a program for smartphones but insurance might be a good idea– if it covers hacker attacks.
Apple/MacintoshWhile Mac users think they are invincible against virus and hacker attacks, this was the year that proved them wrong. Excuse me Steve Jobs, but you might need to figure out that the Fake AV/Scareware initiative was equally applicable to MAC users as well as PC users. I spoke to a number of MAC users who found themselves on the wrong end of the scareware/fake AV situation and had major bucks to spend on fixing what they thought was virus-proof and invincible computers. Considering the popularity and relative affordability of iPads and iPhones compared to lap or desk top computers, expect more — not less- exposure to those nasty critters like scareware, bots and trojans in 2011. You can try saying “it ain’t so” but I already know of many who experienced issues with the computers this year regarding the fake AV and most did not even think about having anti-virus protection. Now’s the time to be pro-active on this one.
Applications
Would you think that an app could take down your iPad, your smartphone or your computer? Seems unlikely unless you are on the other side of the fence creating a free app that will take all your data, personal 411 and even your credit card just because you want cool little app presentation for your phone, tablet or computer. There really is no such thing as a free lunch.. hence those apps tell you what information they are taking from you about you. And you are giving them the keys to your personal kingdom.
Here’s what McAfee had to say about it
As home-, work-, and device-controlling apps become more popular, they will increasingly become targets. These tools have historically weak coding and security practices, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps. This assault will raise the effectiveness of botnets to a new level.. McAfee has already seen the move toward application-controlled botnets this year in Twitter and LinkedIn and expect this to become the norm in 2011 and beyond, as application deployment and use becomes more ubiquitous. Will this be the year of mobile botnets controlled via a downloaded
The question is how to solve this equation — and the cybercriminals are way ahead of us in planning for this.
Sophistication Mimics Legitimacy
Whether it’s social media networks or “signed malware” faking legitimate apps or files, there’s going to be some issues here that will take down devices and lay your device and personal (and could be business data) bare naked for the world to see. McAfee commented on “smart bomb” attacks where it’s only triggered by certain parameters but — holy mother– should you fall into that specifically targeted web, you are screwed.
McAfee stated
These threats require victims to follow the designated attack path—thwarting
honeypots, crawlers, and security researchers—while greatly impacting designated and vulnerable targets….Personalized attacks are about to get a whole lot more personal.
Botnet Survival
Botnets have done some damage in 2010 but the world-wide cyber “crime-fighters” seemed to have caught up with some of those bad guys and caused them to rethink their strategy. The key bit here is ‘data gathering” on the part of the criminals– personal, business, someone else’s information– they don’t care. The more they gather, the more they can hammer at someone till they get access to dollars, sense and intelligence– alll yours of course courtesy of various social media sites and networks (Xing, Bebo, Friendster and others) — and those uquitious games like foursquare. Don’t count yourself safe on any of those places.
spam.
Hacktivism
It’s not just wiki-leaks here that we are talking about but outright hacking to make a political or anti-political statement– and you might be the innocent bystander that gets caught in the crossfire. It’s about making a point.. and you are just collateral damage.
According to McAfee’s report,
…hacktivism is conducted by people claiming to be independent of any particular government or movement. Whether governments drive these manipulations and activities covertly is open to debate, but it is likely enough that states will adopt
a privateer model. Hacktivism as a diversion could be the first step in cyberwarfare. Everyone within information security—from journalists to researchers—will have to be vigilant to recognize the difference between hacktivism and the beginning of a cyberwar. Expect social media sites to be the playing field for these skirmishes and attacks– and no one is safe from those attacks. McAfee is expecting some of these hactivist attacks to spur real world riots and incidents.
Advanced Persistent Threats
APT’s are truly strategic manuevers that are planned with militaristic precision with primary, secondary and even tertiary teams and back up plans that will cause more havoc in realms that are more about business, consumer and global transactions. In other words, this affects more businesses but could go down as far as the lowest common denominator — a single person’s work computer they can burrow into and then hack into the network of that business that happens to have some national or global relationships. It’s truly a nasty piece of business and whle you might feel your business to be not worthy of their attention, don’t assume that to be the case because sometimes it’s not just who you do business with but friends of friends or contacts of contacts out to the third extension that gets them in the door. Your business could be that door. The trick is to have security for all business computers and not just big corporations and not just anti-virus soft-ware. This goes way beyond that.
Directly from McAfee’s report.
The generally accepted definition of an APT is one that describes a targeted cyberespionage or cybersabotage attack that is carried out under the sponsorship or direction of a nation-state for something other than a pure financial/criminal reason or political protest
Caveat– I am not saying the other brands of anti-virus software don’t offer the same protection as McAfee but they are going at this hard because the threat for personal and business computers is getting much greater in 2011. You need to seek out the various companies/brands of anti-virus and computer protection and see how they fit into your world.
Make this your new year’s resolution for 2011. Be protected. What happened to me, my business and my family could easily happen to you. In fact, I know it already has.
Stevie Wilson, LA-Story.com
Shop our end of the season sale at drugstore.com!
Limited Time Only – Get 80% off select Laura Geller products at Beauty.com!
Subscribe to RSS headline updates from:
Powered by FeedBurner
If you want to feature content from LA-Story.com, please remember to linkback to the specific page & please email the link to stevie@la-story.com
LA-Story.com, LA-Story Recessionista, Celebrity Stylescope, Celebrity Style Slam Trademark/Copyright: KBP Inc. 2007-10