It may be the New Year, traditionally a time for new resolutions and goals, but we at Kaspersky Lab are continuing our dedication to standing by our promise to bring you the latest news in software security. Before we jump into another year of cybersecurity, be sure you’ve caught up on some of the top posts from last year!
The U.S. Federal Aviation Administration and European Union have cleared the use of computers and mobile devices from takeoff to landing, with the exception of using onboard Wi-Fi and sending and receiving text messages, calls, and emails during takeoff and landing. However, since this relaxation of rules is likely to encourage more people to connect to networks than currently do, we focus on how safe in-air Wi-Fi is in the first place. Since passengers have been allowed to use onboard Wi-Fi for years, we encourage you to concern yourself with preventing malware infections and other attacks while flying. As Kaspersky Lab’s principal security researcher, Kurt Baumgartner, said “simply connecting to Wi-Fi in the air can expose your communications to badly motivated passengers that are situated close to you.” So stay alert and keep yourself protected.
2013 will be remembered by security professionals and everyday people alike for the large number of events that took place within the world of information security. Kaspersky Lab’s key findings from the past year included now infamous moments like Edward Snowden’s declassification of NSA documents to The Guardian and The New York Times, and the IceFog targeted attack, which was detected by Kaspersky Lab. There was also a steady rise in mobile threats, cyber-blackmailing and crypto-currencies, and in 2013, malware mobile applications capable of attacking banking services without involving ‘big brother’ became more widespread as well. Even if you think you didn’t encounter any cyber-attacks in 2013, you most likely did and just didn’t notice them because of antivirus protection. The statistics we looked at confirmed that the chances of avoiding this misfortune were low, with over 5 billion cyber-attacks registered throughout the year, and a daily average of 315,000 new malware samples.
In early November, a Hull-based developer realised that his LG Smart TV was actually gathering quite a bit of information about him after discovering a corporate video in which LG allegedly advertised its tracking capabilities to any potential advertisers willing to pay for such services. The problem here has to do with a feature in the LG Smart TV menu that lets users turn off the tracking mechanism. This may not seem like a problem, until you realise that the tracking is turned on by default and – much more problematically – the TV quite cleverly continues to collect user information even if a user has ‘opted-out’ so-to-speak. Furthermore, the opt-out option is somewhat hidden and there is no help bubble for the option to disable tracking. So, every time a user changes the channel on his or her LG Smart TV, the TV sends a packet of information containing “analyses of users favourite programs, online behaviour, search keywords and other information to offer relevant ads to target audiences”. The TV relays this information in plain, unencrypted text and relays filename information of USB sticks plugged into the TV as well. So what can you do about it? Not a whole lot, but you can begin by blocking access to the following Internet domains: ad.lgappstv.com, yumenetworks.com, smartclip.net, smartclip.com, smartshare.lgtvsdp.com, and ibis.lgappstv.com. Users must access the administrative interface of their routers in order to block domains.
Social engineering, sometimes called the science and art of human hacking, has become quite popular in recent years given the exponential growth of social networks, email and other forms of electronic communication. In the information security field, this term is widely used to reference an array of techniques used by criminals who obtain sensitive information or to convince targets to perform actions that could compromise their systems. Most cybercriminals wouldn’t spend much time trying complex technological hacks when they know it’s much easier to use social engineering for their purposes. Moreover, there are even websites that exist containing information about how to implement these types of techniques and why they are so successful. Today, methods include phishing and “virtual kidnapping,” as we see a growing evolution in malware. To stay guarded against an attack online, a complete security suite is mandatory, along with keeping up to date with the latest threats and social engineering tricks. This will give you the edge you need to avoid becoming a victim in these attacks.
Any of your passwords, be it for email, social networks or online banking, hold value for cybercriminals because almost any stolen account can be used in fraud schemes. That’s why it is no wonder password theft is so widespread nowadays. In a recent hack, criminals gathered passwords from the following major services: Facebook, Yahoo, Gmail, Twitter, Linkedin and Russian-specific social networks Odnoklassniki and Vkontakte. How did this happen? In order to have your Gmail or Facebook account stolen, it’s not necessary to become a target for a malware attack. Maybe you’ve just checked your inbox using your friend’s PC or a public terminal in a hotel or an airport. If this PC was infected, one of your passwords is in the possession of a hacker now, and the problem becomes even worse if you have a habit of re-using the same password for multiple online services. If you were one of the many victims of this scheme, change your old passwords, making sure that each online account is protected with its own, unique password. If you have a hard time remembering multiple passwords, you can use special software like password manager, which is able to store your passwords in an encrypted form.