Cyber-crime on the rise, according to survey

ciberataquesAn annual survey on cyber-crime tendencies found that computer hackers dedicated to accessing computers, stealing information and causing problems are more technologically advanced than those in charge of stopping them. The survey was sponsored by the consultancy firm PwC of San Jose California, the Secret Service, Carnegie Mellon University’s Program Engineering Institute and the specialized magazine CSO.

The survey of 500 business executives, police forces and US government agencies revealed that 75% of respondents had detected a security breach during the previous year, and each organization suffered an average of 135 intrusions. “Despite significant investments in cyber-safety technologies, cyber-criminals keep finding ways to bypass these technologies to obtain profit-generating susceptible information,” said Ed Lowery, chief of the Secret Services’ criminal investigation division.

Lowery said companies and the government should adopt “a radically different approach on cyber-safety,” one that transcends antivirus programs, employee training, close collaboration with contractors and the installation of more strict processes.

The five most frequent attack methods, according to the survey, are “phishing,” or mass email with fake senders to steal information and passwords, malware, network interruption, espionage software and service denial attacks. 28% of respondents said hackers were members of the organization, whether contractors, providers, employees or former employees.

Source: AP

Over 50 million smartphones are vulnerable to hacker attacks

Heartbleed bugAbout 50 million smartphones with the operating system Android have been left vulnerable to hacker attacks due to the “heartbleed” security bug, discovered mid-April this year.

The devices affected are those running under Android version 4.1.1, or “Jelly Bean”, according to a study carried out by the analytics firm Chitika, said British newspaper The Guardian. Apparently, the bug has been there for two years, but it only became public when the patch to counteract it was launched.

Devices running under that version of Google’s operating system will be vulnerable to an action described as “reverse Heartbleed,” by which a malware server could use the bug of the encryption system OpenSSL -the most popular online encryption system- to steal information from devices’ browsers.

 “Reverse Heartbleed” could expose passwords and user activity. In theory, devices with previous versions of Android, those that aren’t being updated anymore, would also be vulnerable, but at Google they assured that less than 10% of the world’s active devices could have been affected by this bug.

Source: BlackBerry Vzla

Tips to create a safe password (and II)

contraseña seguraA password can encompass all of the criteria indicated in our previous publication and still be unsafe. For instance, “Hello2U!” meets all of the criteria mentioned for a safe password, but is unsafe because it has a full word. “H3ll0 2 U!” is a safer alternative because it replaces some letters in the full word with numbers and includes spaces.

You can apply the following recommendations to build a safe password:

Create an acronym with information that will be easy to remember. For example, choose a phrase that has a meaning to you, such as “My son was born on December 2004”. Using that phrase as guide, you can use “MswboDec/12,4” as a password.

Use numbers, symbols and orthography errors to replace letters or words in an easy-to-remember phrase. For instance, “My son was born on December 2004” could become “M’sn wb@rn 12124” (you can use spaces in a password).

Relate your password to a hobby or favorite sport. For example, “I love badminton” can become “I’lvB@dm1nt()n”.

If you think you need to write the password down in order to remember it, remember not to write that it is your password, and keep it in a safe place.

Source: Microsoft

Tips to create a safe password (I)

contraseña seguraPasswords are our first line of defense against unauthorized access to our devices. The safer a password, the more protected your device will be against hackers and malware. You should always keep safe passwords for all of your accounts. If you use a corporate network, the administrator might ask you to use a safe password.

What makes a password safe (or unsafe)?

A safe password:

  1. Has at least eight characters.
  2. Does not contain the username, real name or company name.
  3. Does not contain a full word.
  4. Is significantly different from previous passwords.

Is formed by characters of each one of the following categories:

Character category

Examples

Capital Letters A, B, C
Lowercase Letters a, b, c
Numbers 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Keyboard symbols (all characters in a keyboard that are not defined as letters or numbers) and spaces ` ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ | : ; ” ‘ < > , . ? /

Source: Microsoft

New WhatsApp bug allows attackers to assume the sender’s identity

identidad suplantadaWhatsApp is once again in the spotlight due to a new vulnerability found by two Spanish hackers that allows attackers to assume the sender’s identity. However, it’s a complicated bug and it’s not within reach for the average user.

This bug lets an attacker modify the sender of any WhatsApp message to pretend being someone else, such as a friend, and thus tricking them into visiting a link containing malware.

The vulnerability has been informed to the App’s representatives as their goal is to solve these problems to prevent their use by hackers with worse intentions. However, it’s a weakness that can be easily exploited by unscrupulous hackers.

Although it’s hard to use, the dangerous potential will force WhatsApp to take measures to solve this issue.

Source: BlackBerryVzla

Learn the dangers of using public Wi-Fi networks

internet_security“Hotspots” (public internet access spots) are typical in bars, public buildings and even parks and squares. Some of them request a password and others don’t, but most are susceptible to hacker attacks. Hackers take advantage of people’s need to stay connected and develop strategies to check everything we do in public networks.

Through these attacks, hackers access the information entered by people as they connect to their bank accounts, shop online or access social media.

What to do?

Although no precaution is 100% safe, being more aware of our behavior when connected to a public Wi-Fi network can help us avoid unwanted attacks. Here are a few tips:

  • Avoid making transactions or accessing your bank while on a public network. It’s best to wait until you get home or access a known network.
  • If you’re telephone has internet connection (3G or 4G), don’t use the Wi-Fi network, use your service provider’s network instead, it might be slower, but it’s safer because it uses data encryption.
  • In your mobile phone or computer’s settings, disable the “auto-connect to Wi-Fi” option. This way, you’ll keep your phone from getting connected without you noticing.

To summarize, it’s best to get home to enter personal data on the web.

Source: Correo del Orinoco

Criminals rob ATMs by sending them an SMS

symantec_atm_hacking_en

Symantec

A group of cybercriminals developed a system to rob ATMs by sending them an SMS that activates a malware inside them so they spit bills out, reported the firm Symantec.

The attack is based on the malware Ploutus, which was detected in ATMs in Mexico. This malware takes advantage of a vulnerability of Windows XP, which is in 95% of ATMs in the world.

To load Ploutus in an ATM they need to access the CD-ROM unit or a USB port, something attackers have previously done by breaking the locks or simply drilling holes in the box to get to the computer and then covering them.

In this modified version, it is necessary to connect a mobile telephone to the ATM using tethering USB, which allows the machine to share internet with the mobile device, and also keeps it charged. Then, the criminals send commands via SMS to the phone connected to the ATM, activating the malware Ploutus. With this activation, the ATM instantly spits out the amount of money previously setup in the virus.

Criminals operate this way with several people that go withdraw the money they ordered via SMS, with no need to learn numerical codes or anything special. This type of robbery does not involve card cloning or accessing people’s accounts, but it will affect the banks0 funds.

Symantec has indicated several measures to stop this type of attack, although the most efficient one would be to update the operating system.

Source: FayerWayer