Beware of Malicious Shortened URLs
Attackers use the shortened links, which may or may not be legitimate, to lead unsuspecting users to malicious websites that are designed to attack any system using a vulnerable browser.
THE IntErnEt Is now A mInEfiElD oF mAlwArE. EvEry yEAr, HunDrEDs oF mIllIons oF nEw tHrEAts AppEAr AnD CyBEr CrImInAls ArE ConstAntly CHAnGInG tACtICs HopInG to CAtCH usErs oFF-GuArD. SHortEnED URLs HAvE BEComE populAr In rECEnt yEArs As A mEAns oF ConsErvInG spACE In CHArACtEr-lImItED tExt fiElDs, suCH As tHosE usED For mICro-BloGGInG. URL sHortEnInG sErvICEs Allow pEoplE to suBmIt A URL AnD rECEIvE A sEConD, spECIAlly CoDED sHortEnED URL tHAt rEDIrECts to tHE orIGInAl URL. AttACkErs ArE tAkInG ADvAntAGE oF tHIs typE oF sErvICE BECAusE It HElps to HIDE tHE ACtuAl DEstInAtIon URL.
SoCIAl nEtworks ArE A sECurIty ConCErn For orGAnIsAtIons BECAusE tHEy provIDE An EFFECtIvE plAtForm For AttACkErs to lAunCH tHIs typE oF AttACk. UsErs wHo sEE A lInk postED By A FrIEnD on A soCIAl nEtworkInG sItE mAy BE morE lIkEly to trust (AnD ClICk on) It, wItH lIttlE FEAr oF DAnGEr. CurrEntly, most mAlICIous URLs on soCIAl nEtworkInG sItEs lEAD to wEBsItEs tHAt ArE HostInG AttACk toolkIts.
UsInG mAlICIous sHortEnED URLs CAn BE A vEry suCCEssFul mEtHoD oF AttACk. As morE pEoplE JoIn AnD FrEtuEnt soCIAl nEtworkInG sItEs AnD tHE sopHIstICAtIon oF tHEsE sItEs Grows, It Is lIkEly tHAt morE ComplEx AttACks wIll BE pErpEtrAtED tHrouGH tHEm, InCluDInG tHE usE oF mAlICIous sHortEnED URLs.
SmAll BusInEssEs ArE nImBlE, AnD tHAt CAn provIDE tHEm wItH A CompEtItIvE EDGE In toDAy’s IntErnEt-BAsED mArkEt. AnD wItH morE AnD morE BusInEss BEInG ConDuCtED onlInE, kEEpInG your sEnsItIvE InFormAtIon sAFE Is morE CrItICAl tHAn EvEr.
HACkErs Do not CArE wHAt tHE sIzE oF your BusInEss Is. WHAt HACkErs Do lIkE ABout smAll BusInEssEs Is tHAt tHEy tEnD to HAvE morE monEy In tHE BAnk tHAn tHE typICAl EnD-usEr AnD FEwEr CyBEr DEFEnCEs CompArED to A lArGEr CompAny. UsInG EAsIly AvAIlABlE AttACk toolkIts, EvEn A rElAtIvE novICE CAn InFECt your ComputErs AnD ExtrACt All tHE InFormAtIon tHEy nEED to stEAl your BAnk ACCounts' loGIn AnD pAssworD DEtAIls, or stEAl A lIst oF your CustomEr’s CrEDIt CArD numBErs.
WE All usE soCIAl nEtworks AnD so Do CyBEr CrImInAls. THE vIrAl nAturE oF tHEsE soCIAl nEtworkInG sErvICEs mEAns tHAt tHE rIGHt mEssAGEs CAn BE sprEAD wItH lIttlE ExpEnsE. IF tHAt wAsn’t BAD EnouGH, CyBEr CrImInAls ArE prEpArInG to GEt you on your smArtpHonE AnD tABlEts. MAny BusInEssEs now HAvE EmployEEs usInG smArtpHonEs AnD tABlEts to ACCEss CorporAtE DAtA, But HAvE not yEt ImplEmEntED sECurIty polICIEs For tHEsE DEvICEs. A sHArp InCrEAsE In DEstruCtIvE soFtwArE DEvElopED spECIfiCAlly For tHEsE DEvICEs Is AntICIpAtED. HACkErs ArE AlrEADy tAkInG notE oF tHIs opportunIty to ExploIt A nEw mArkEt.
Everyone loves clicking on links!
THIs Just GoEs to sHow wHy soCIAl EnGInEErInG Is As EFFECtIvE In sprEADInG mAlwArE toDAy As It wAs ExACtly tEn yEArs AGo, wHEn tHE AnnA KournIkovA vIrus spED ACross tHE IntErnEt Almost As FAst As tHE tEnnIs stAr’s sErvE.
THE vIrus wAs so suCCEssFul BECAusE, wEll, lEt’s FACE It, EvEryonE wAntED to CHECk out tHE AtHlEtIC BEAuty’s lAtEst pICturE. In tHE EnD, tHouGH, All tHEy Got wAs A mAlwArE InFECtIon AnD A HArD lIFE lEsson: CurIosIty kIllED tHE CAt!
Building trust and securing the weakest links
Always on SSL: CompAnIEs lIkE FACEBook, GooGlE, PAyPAl AnD TwIttEr ArE oFFErInG usErs tHE optIon oF pErsIstEnt SSL EnCryptIon AnD AutHEntICAtIon ACross All tHE pAGEs oF tHEIr sErvICEs (not Just loGIn pAGEs). Not only DoEs tHIs mItIGAtE mAnIn-tHE-mIDDlE AttACks, But It Also oFFErs EnD-to-EnD sECurIty tHAt CAn HElp sECurE EvEry WEB pAGE tHAt vIsItors to tHE sItE usE, not Just tHE pAGEs usED For loGGInG-In AnD For finAnCIAl trAnsACtIons.
Extended valLdatLon SSL certLficates: EV SSL CErtIfiCAtEs oFFEr tHE HIGHEst lEvEl oF AutHEntICAtIon AnD trIGGEr BrowsErs to GIvE usErs A vEry vIsIBlE InDICAtor tHAt tHE usEr Is on A sECurED sItE By turnInG tHE ADDrEss BAr GrEEn. THIs Is vAluABlE protECtIon AGAInst A rAnGE oF onlInE AttACks.
You nEED to AvoID CompromIsInG your trustED rElAtIonsHIp wItH your CustomErs By sECurInG wEBsItEs AGAInst MITM AttACks AnD mAlwArE InFECtIon In tHE FollowInG wAys: ImplEmEntInG AlwAys-on SSL. SCAnnInG your wEBsItE DAIly For mAlwArE. REGulArly AssEssInG your wEBsItE For vulnErABIlItIEs. CHoosInG SSL CErtIfiCAtEs wItH ExtEnDED vAlIDAtIon to DIsplAy tHE GrEEn BrowsEr ADDrEss BAr to wEBsItE usErs. DIsplAyInG rECoGnIsED trust mArks In HIGHly vIsIBlE loCAtIons on your wEBsItE to InspIrE trust AnD sHow CustomErs your CommItmEnt to tHEIr sECurIty. GEttInG your DIGItAl CErtIfiCAtEs From An EstABlIsHED, trustwortHy CErtIfiCAtE AutHorIty wHo DEmonstrAtEs ExCEllEnt sECurIty prACtICEs, AnD By protECtInG your prIvAtE kEys.