Battle Of Britain

image

According to the latest Symantec cyber security report the UK was the most popular destination for hackers in 2014. Almost five in six large companies were under some kind of a cyber-attack, this way or another. So, what is this supposed to mean? What should we think about this particular information?

Well, this is a painful increase of more than 40% compared to 2013. Yet again, you simply cannot avoid asking a simple question. How can this be? Who is to blame for this embarrassing negative result? Believe it or not, we are ourselves the worst cyber enemies in the entire virtual universe. How?

It is quite simple, actually. This may come as a huge surprise, but it turns out that the hackers themselves are extremely lazy and profit oriented cyber-creatures. That means they would rather allow their malicious automatized systems to do all the dirty work. They are counting on you, for real.

The absolute majority of all cyber attacks and successful phishing schemes came from the surprisingly naive malicious emails. Unfortunately, the average business UK users were even more naive. Before you know it the entire business structure was infected and compromised. Enough said, isn’t it?

Don’t Click!

image

As simple as that. And yet, you just cannot believe how successful a phishing season can be on Facebook. We are helplessly reckless and surprisingly impulsive. We tend to follow calls for help or action with no serious consideration. As a result, our passwords are being offered on a hacker’s plate.

So, how does this malicious system work in the real life? First, you get a heartbreaking message that you have to follow a certain link so your friend can do this or that. You say to yourself, how hard can it be? No harm in that. So, you hit a button, and the next thing you know you are on a phishing website.

It looks like a Facebook official page, but you can rest assured it certainly is not. And, you disclose your password with a hacker behind this entire operation just like that. We do not have to say to you what is going to happen next with your Facebook account, do we? So, did you get the message?

Before you click, you should blink, at least twice. Otherwise, there is no security system in the world, which can save you from the phishing net. Right? Before you accept someone’s friendship request or follow this link request, you should really give it a serious thought. How hard could it really be?

eBay Cross Site A Bitter Bite

image

Dear eBay, you should have known better. In this story eBay has not made only one, but actually two serious mistakes. The first one was nothing to do about the cross-site scripting (XSS) weakness. That was something used by the phishers in the worst case scenario for the eBay users themselves.

You were using eBay without a single thought that a current page has been hosted elsewhere. Your login data were given away voluntarily without any awareness about the phisher’s trap. So, what was the second mistake? As soon as this trouble was identified by an IT worker the eBay reacted.

This worker has reported this incident and eBay official response to the BBC. Then, instead of confronting the phishers responsible for this trouble eBay turned its anger on the BBC while desperately trying to cover up the whole thing. And, the rest of this story is a sad well-known story of how the things should not be done in the first place.

When someone with almost limitless resources, such as eBay, misses to apply some of the basic prevention measures, then there is simply no excuse or justification. We sure hope that other major IT league players, who are in a similar situation, will draw some useful conclusions out of this story.

Top Level Domains = Top Level Phishers

image

The Internet Corporation for Assigned Names and Numbers (ICANN) has decided to cheer us up with the fresh new extensions, such as .guru, .email and .support. The only trouble here is that the TLDs or top level domains are something irresistible for top phishers just like blood in the water for sharks.

How and what do we know about it? Well, it seems that the very first customers standing in line are the phishers themselves. Yes, busy little bees, they are. Do you remember when the .biz top level domain hit the Internet? The bad guys were the very first customers. Here is one more nice example.

Can you dare to guess what kinds of troubles and frauds you can cause with the skillful missus of the .pharmacy top level domain? The ICANN can focus its attention a little bit more on the security and protection, rather than only on the customer’s satisfaction. There has to be something we can do.

Anti-phishing measures should follow automatically each new release of the top level domain. On the other side, we need to make sure that only the people with justified causes and honest intentions acquire the new top level domains. How to achieve all these things? Well, that is a homework for all of us.

The Phishers Are On The Run

image

McAfee Labs Threats Report for August 2014 has some bad news. It seems that phishing definitely pays off for the hackers all over the globe. Unfortunately, that is only the beginning of our troubles. It may come as a surprise, but our beloved hackers are profit oriented mean machines. They are extremely careful when it comes to investing their time and resources.

If we are able to fix one weak IT security point, you can be rest assured they will look for the new one. On the other hand, if something works just fine for them, you can expect that they will stick to it including the inevitable improvements. This is exactly what happened to the phishing itself. This is the new El Dorado for hackers.

The trouble with the curve in this situation is that after a series of successful phishing activities the hackers will become even more patient. In addition, it is worth mentioning that they only need one good catch. No more. No less. One open door, and they can infiltrate the entire system before you even realize what happened.

Oh dear, what are we supposed to do? We have to remind you again that there is no successful phishing without your active participation. Therefore, better think twice before you follow certain link, open a suspicious email or visit a funny looking website. That is why it is so complex, because it is so simple. Right?

A Phishing Season is Open

image

It seems, that the guys at the Anti-Phishing Working Group (APWG) were busy little bees. They gave us some cold shower data for the first quarter of this year. The phishing activities have apparently reached the 10% increase in this period. Have not we thought something out of it?

The business is going well for the phishing industry. What do you know they have even decided to spread their activities. For some time, we thought that the phishing targets will only be major financial and bank related websites. Unfortunately, nowadays you can easily get caught on some grocery chain’s website.

There is one more intriguing fact in this story. More than one half of all phishing websites in the world are located in the USA. On the other hand, the absolute majority of all victims comes from the USA, as well. Do not get the wrong idea that the phishing is mainly the US domestic problem.

New problems definitely ask for new genuine solutions. We should do something about it, but what exactly? That is not quite sure for the moment. Here is a challenge worth accepting for the IT security industry. We need a hero, who will bring down the phishing threat to zero.