Devices being used for work and play create new security risks
ACCORDING to David Leigh Ribeiro, Norton’s regional director for Middle East and Africa, “Today’s cybercriminals are using more sophisticated attacks, such as ransomware and spear-phishing that yield them more money per attack than ever before.”
“The findings from the Norton Report that 49 percent of consumers use their personal mobile device for both work and play creates entirely new security risks for enterprises as cybercriminals have the potential to access even more valuable information,” says Ribeiro.
The Norton Report (formerly the Norton Cybercrime Report) is one of the world’s largest consumer cybercrime studies, based on self-reported experiences of more than 13 000 adults across 24 countries, aimed at understanding how cybercrime affects consumers, and how the adoption and evolution of new technologies impacts consumers’ security.
The report also found that despite the fact that nearly half of all smartphone users care enough about their devices to sleep with them, they are not protecting them. Forty-eight percent of smartphone and tablet users do not take even the basic precautions such as using passwords, having security software or backing up files from their mobile devices. This carelessness places them, and their digital identities, at risk.
“If this was a test, mobile consumers would be failing,” said Marian Merritt, Internet safety advocate at Symantec.
“While consumers are protecting their comput- ers, there is a general lack of awareness to safeguard their smartphones and tablets. It’s as if they have alarm systems for their homes, but they’re leaving their cars unlocked with the windows wide open.”
Notable findings from the Norton Report for South Africa include:
70 percent of South Africans have been victim of cybercrime and risky behavior compared to 50 percent globally.
47 percent of South African smart phone users have experienced mobile cybercrime in the past 12 months compared to 38 percent globally.
Only 37 percent of South African smartphone users have basic free security software compared to 33 percent globally.
Ribeiro says according to the report South Africa ranks eighth among Middle Eastern and African (MEA) countries in terms of cybercrime “pollution” such as levels of spam, phishing, botnets, malware, web attacks and network attacks emitted from a country in 2014.
Furthermore, South Africa ranks thirtieth on a global level in terms of malware “emissions”, sixth in the MEA region in terms of ransomware attacks, and fourth in the region in terms of social media scams
“Cybercriminals continued to favor more lucrative and aggressive attack methods like ransomware, which increased 113 percent. This rise was driven largely by a more than 4 000 percent increase in cryptoransomware attacks,” says Ribeiro.
He explains that ransomware is a type of malware that can lock a device or files saved on the device, rendering it unusable. An attacker will demand a ransom payment in exchange for having the restriction removed. Ransomware can often appear as if it is coming from law enforcement, in an attempt to scare users into complying with the demand. Paying them does not guarantee the victims will regain access to their device.
Crypto-ransomware is a more vicious type of ransomware that holds a victim’s files, photos and other digital media hostage without masking the attacker’s intention.
Ribeiro says victims of ransomware are typically asked to pay $300-$500 to have their files freed, and with nearly eight million ransomware attacks in 2014, it’s possible this could become a multi-billion dollar industry for cybercriminals.
He informs that the growing use of apps and social media is also increasing the threat of cybercrime.
“Seventeen percent of all Android apps (nearly one million total) were found to be malware in disguise and greyware apps accounted for 36 percent of all mobile apps; these apps aren’t malicious by design but are annoying and can do inadvertently harmful things like track user behavior,” says Ribeiro.
“Seventy percent of social media scams in 2014 were manually shared, as attackers took advantage of people’s willingness to trust content shared by their friends,” he adds.
Ribeiro says while email remains a significant attack vector for cybercriminals, they continue to experiment with new attack methods across mobile devices and social networks to reach more people, with less effort.
“In fact, the first piece of crypto-ransomware was discovered on Android. However, PCs remain such a lucrative attack vector that many attackers have been slower to shift to mobile,” says Ribeiro.
He informs that as attackers persist and evolve, there are many steps consumers can take to protect themselves. As a starting point, Ribeiro recommends the following best practices:
Use strong passwords – this cannot be emphasized enough. Use strong and unique passwords for your accounts and devices, and update them on a regular basis—ideally every three months. Never use the same password for multiple accounts.
Be cautious on social media – don’t click links in unsolicited email or social media messages, particularly from unknown sources. Scammers know people are more likely to click on links from their friends, so they compromise accounts to send malicious links to the account owner’s contacts.
Know what you’re sharing – when installing a network-connected device, such as a home router or thermostat, or downloading a new app, review the permissions to see what data you’re sharing.