Today almost every user browsing Internet is at risk. The increase in threats related to social networking sites, banking security, botnets, and attacks targeting users, businesses, and even applications made Internet a risky landscape. Many industry consultants and analysts refer Internet as ‘Wild West’ because of its huge insecurity, where nobody or no website can be trusted. Every year, cyber crime costs billions of dollars to repair systems hit by attacks and loss in productivity because of disruptions. According to the Federal Bureau of Investigation (FBI), consumers and businesses lost $5.8 billion in 2009 due to cyber crime.

Risks increased exponentially
Today, any user can get affected by cyber threats through browsing, searching or merely visiting legitimate sites than ever before in the Internet history. Malicious web links are sprouting at a rapid pace. According to CA Internet Security Business Unit (ISBU), 78% of threats came from online interaction during the first six months of 2009. IBM’s ‘X-Force 2009 Mid-Year Trend and Risk Report’, states that there was more than 500% increase in new malicious web links in the first six months of 2009. The vulnerability towards the threats seems to have reached the peak point. In the first half of the year 2009 alone, nearly 3,240 new vulnerabilities were discovered.

New threats
With the evolution of web based communities and explosion of Internet services, users are spending more time online and engaging in social networking activities on the Internet than ever before. This is resulting in new threats that exploit these services and communities. When a reputed website hosts third-party content, users often let down their guard while following hyperlinks in the third-party content or installing applications offered by them. Malware authors follow social networking buzz and the most popular activities online to attack the users. They are always ready to exploit significant and popular news stories to trap the netizens. Thus many people become victims of cyber traps.

The attackers are constantly upgrading their tools to attack the unwary users. This criminal activity is scaling new peaks constantly. According to IBM, the SQL injection attacks almost doubled from first quarter to second quarter of 2009. Through SQL attacks, malicious code is injected into genuine web sites to infect the visitors.

For the past few years, Botnets are the primary tools for many cyber criminals. They are always a challenge to the cyber security professionals as it is very difficult to track them down. Botnets can launch almost every type of cyber attack including data exfiltration, sophisticated espionage, and spam.

Targeted attacks
Although targeted attacks were rare earlier, they are seen often these days. Apart from the common people, top management of companies, governments, industries and even journalists are being targeted for private information. Emails with Malware attachments is the popular and preferred method for targeted attacks. According to CA (ISBU), 17% of the infections are distributed through E-mail. There is also an increase in attacks targeting client software using Adobe products including Flash and Acrobat Reader.

Criminals are adapting more effective methods to target online banking system. Trojans are the result of new tactics that go beyond the simple key logging-with-screenshots efforts, which prevailed earlier. CA (ISBU) reported that Trojans were the most common threats representing 71% of the total infections in the first half of 2009. When it comes to Phishing, IBM says that 66% of the phishing attacks targeted financial industry and 31% targeted online payment in the first half of 2009.

Over the years, Internet security issues have been growing. Initially, virus was the only problem. Later with the explosion of Internet, many newer threats have evolved increasing the security vulnerability such as malicious domains or untrusted web sites, presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, mainstream news sites and online magazines. Today you are in a high-risk zone as soon as you are online. It is always advisable to be alert while you are browsing.

There are many service providers who offer online back up services. Some of them are Mozy, BackupandShare.com, Citadel Remote Backup, SafeCopy Backup, Iron Mountains, ElephantDrive, Xdrive, Genie Online Backup, AT&T Online Vault, Carbonite, eSureIT, iBackup. These are only a few to name.

Remote back up service are mostly suitable for individuals and small businesses. However, any of them trying these services without a good broadband connectivity as well as a high performing system – will for-sure visit the hell on earth.

In fact many people and many companies have been relying on some of the services mentioned above. The security of backing up data online is also questioned when services of even bog companies like Google and Twitter are being hacked.

Many of Remote backup services, for example – Mozy, encrypts the files that are to be backed up, in your PC itself so that they are not easily accessible even when steals them in mid of the back up process. In addition, some services even scramble the encrypted data through a SSL connection. This is the same mechanism that is used by online merchants to move credit card information.

What if the data is accessed at the data centers by their employees? Well, there are some services that offer remedy for this too. When they are encrypting the data on your PC, the encryption key will be given by yourself so that decrypting and encrypting can be done by none other than you.

However, there are certain precautions that are required to be taken up before opting for a service.

• Ensure that the service providers are firm at their policies.
• Use strong passwords or encryption keys for files that carry vital or sensitive data.
• Try to add an extra protection like password protecting your documents or using some third party applications to pre-encrypt your data.

As Scareware threats are on rise, millions of Internet users are falling prey to the Scareware scams.

Scareware adopts bogus sales tactics that are designed to scare a user into believing that his or her computer contains critical errors or viruses that have to be fixed immediately. Scareware ads offer an instant solution to the so-called problems on the computer and come for a price. In some cases, this software is harmless – while in others – it is actually a malware or another spyware. The ad might pop up anytime when surfing the web. The ad may open a pop-up window leading people to believe that the message is triggered by their own Operating System. The message claims that the consumer’s computer is infected with a virus and may require a “fix” and that clicking on “OK” would take the user to the download site from where the user could purchase the “fix”. By luring the victims to buy the software, the perpetrators may even steal sensitive information such as credit card details of the victim and these details may be sold to black market forums.

As of June 2009, over 250 rogue programs had been detected by Symantec in a study, which spanned over June 2008-09. Bogus security software could be freely available, may cost up to US$100 or come in a trial version. They may be installed manually by the user or when he opens an attachment or while surfing through a malicious website. Scareware can also be unknowingly advertised on legitimate websites such as social-network sites, forums, blogs, and appear in search engine results that are sponsored by cyber criminals. These crooks also hire sales representatives to sell their products who earn an average of US$23,000 a week. They are paid for every installation they make and even get bonuses like electronic gadgets and luxury cars.

Another tactic of Scareware is scaring users with unanticipated images, sounds or video. This is known as Prank software. An example of this kind of software is “NightMare”, which when executed lies dormant for some amount of time, finally changing the entire screen of the computer to an image of a skull while a horrifying shriek is played on the audio channels.

Many cases have been filed against the perpetrators of such sites and they have been asked to pay for the damages caused by them. In 2005, Microsoft and Washington State successfully sued Secure Computers for US$1million over charges of using scareware pop-ups. Various regulatory bodies like the US Federal Trade Commission are taking an active part in trying to put an end to this menace.

However, it is your responsibility to be aware of these things and avoid being trapped.

As we are aware of the recent issue with a few thousands of emails, lets see how some of these scammers have used the emails they hacked into.

The following email was sent to a small business support’s email id for financial gain from a@gmail.com – an email id belonging to their client.

“I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now, i’m stuck in New York City with family right now, we came down here on vacation , we were robbed, worse of it is that bags, cash and cards and my cell phone was stolen at GUN POINT, it’s such and crazy here in london , i need help flying back home, the authorities are not being 100% supportive but the good thing is we still have our passport but dont have enough money to get on flight ticket back home, please i need you to loan me some money till im back home to pay back , i will refund you as soon as i’m back home, i promise , all we need is $800”

The issue looked genuine. The only odd thing was that it was sent as ‘BCC’ (undisclosed recipients). However, the email was from the client’s id.

The following reply was sent to the email id of the client.

“Not a problem. Please let us know what we need to do.”

Then this person got suspicious and sent this message immediately.

Is there a number we can reach you?

Within 10 minutes there was a reply from the email id as follows…

“Well I’ll can’t access any cell right here , all i need is $800 more to complete my ticket fee right now , I can get it back to you as soon as im back home , You can wire me the money via western union , You only need my name and the country name here , I still have my passport ID to pick up the money here

Name : First Lastname
Country Name : New York, United State of America

Thats all you need , You got it right ?”

This is a tricky situation as you don’t want to be seen as unsupportive when a client is in genuine trouble. Thus, the business was willing to send the money. However, they called the client’s mobile in the U.S and he answered – making it clear that the email was not sent by him. If it wasn’t answered they were all set to send the money, since, they were not aware of anyone being fooled in this way before. The business wanted to widely circulate this to prevent people from being fooled this way.

India, as the world leader of BPO – has a negative distinction too. According to a recent report from Brighton University, call centre cybercrime is becoming popular here.

This report focuses exclusively on financial cybercrime, specifically credit card fraud and identity theft. Financial cybercrime has increased dramatically in recent years and looks set to increase further as the proliferation of communications technology proceeds apace and reaches regions of the world with many underemployed poor people with information technology skills who can take advantage of cybercrime opportunities.

India stands in 14th place among world hosting phishing websites for 2008. Though the cybercriminal activity in India is very low compared to many other major and emerging economies, the report says that there has been a leap in cybercrime in past few years.

According to the report, “The country’s top ten BPO firms hire up to 25,000 new employees per year, and financial services are one of the fastest growing segments. However, low salaries and fast turnover in the industry might provide an incentive to make extra money through cybercrime.”

However, SMBs in India are turning towards adoption of efficient security measures to check the issue of data security. According to a report from AMI Partners Inc, Indian Small and medium businesses (SMBs, or companies with up to 999 employees) are realizing that data security is not just adopting security solutions but that formulating structured policies is also a critical factor. SMBs in India are on track to spend US$291 million on security-related investments in 2009.

For more information click here.

Courtesy: Search-Marketing.In

There are many Small and Medium businesses in India that operate on critical information from their clients in outside countries as a part of outsourcing. The main reason is of course the availability of highly proficient people at lower wages.

However SMBs are the most vulnerable segment in terms of data security. Data explosion, electronic threats and increased usage of web-based solutions are some of the important factors that increase the risks of SMBs being vulnerable in data security.

This is not confined to just India but is spread across even all the major economic countries. In fact, U.S is the most targeted country in terms of phishing attacks. A recent report from Brighton University says that US gets a significant 53% of total world’s phishing attacks followed by UK, Italy, Spain and Canada.

However, being the world leader of BPO I agree that it is not feasible for India to succumb to phishing attacks and be vulnerable in data security. A recent study from AMI partners Inc., SMBs in India are realizing that data security is not just adopting security solutions but that formulating structured policies is also a critical factor.

The report says that Small and medium businesses (SMBs, or companies with up to 999 employees) in India are on track to spend US$291 million on security-related investments in 2009. Security software accounts for three fourths of the total SMB security expenditure. Managed security services (MSS) is one of the key trends in the SMB security space, which is expected to grow at approximately 21% this year.

Courtesy: Search-Marketing.in