Most people are not aware of the steadily rising security threat of malware, online account hijacking, data breaches and identity theft that are being perpetrated by cyber criminals lurking on the internet today. Attackers are developing new software and methods to hack in to consumers’ computers everyday while consumers don’t understand how vulnerable they really are. In the real world, the threat from criminals is typically geographically based. In the cyber world, there are no borders, so the threat can come from anywhere at anytime. The internet is a much less safe environment than it used to be.

HISTORY OF MALWARE & VIRUSES

Malicious software, or “malware” refers to software programs designed to infiltrate and disrupt computers, gather sensitive information or display unwanted advertising without the user’s consent. Before Yisrael Radai coined the word “malware” in 1990, these malicious programs were collectively called viruses. In the early 1980’s, most viruses were created by young programmers to annoy users and to see how far it could spread, but by the late 1990’s, hackers began to create malware for economic exploitation of companies and individuals. 

TYPES OF MALWARE

There are several types of malware. The first type consists of viruses and worms that are defined by their behavior, which is designed to contagiously spread without the user’s knowledge and may or may not contain malicious code designed to damage computers. Trojan Horses are malignant pieces of software that pretend to be legitimate software while they infect computers with malware. Rootkits, which help to conceal malware from anti-virus software, do not contain malware themselves. Spyware and keyloggers, used for identity theft, phishing and social engineering threats are designed to extort money from banks, companies and individual users.

BEWARE OF POPUPS

Unexpected popups or unsolicited web pages appearing in your browser alleging the detection of viruses, Trojans (not from USC), attacks and other threats may appear to be authentic, but beware, they are intricately crafted scams that prey upon naive, trusting users. Other techniques designed to extort money from you include drive-by downloads (secretly installed through malicious web advertising), link-baiting (teasers that generate interest in another related subject), media player downloads (video websites that suggest installing software or plugins), email attachments (links to fake malicious websites), phishing emails (suggests clicking on a link) and peer-to-peer file sharing websites (including malware disguised as music or video files).

PHISHING & SHAREWARE

The most serious and most common threat to your data security is phishing, because it involves you being tricked into divulging personal information that enables hackers to access your email and financial accounts. 

It is important to understand that these messages are not caused by a virus or any other kind of malware. Most people’s first reaction to a popup message like this is to download anti-malware software. This is the wrong response, as there is no malware involved, and thus the anti-malware software will not solve the problem.

As usual, the best defense against phishing attacks is to stay vigilant and ignore or delete any messages that look even slightly suspicious. If you’re still in doubt, contact the actual company directly to verify whether there’s any real problems or not.Sometimes a web page appears that accuses you of engaging in illicit or illegal activity and looks legitimate with official law enforcement logos or banners. Please be aware that these warnings are not real, and whatever the message asks you to do, it should be completely and utterly disregarded. No matter how real or legitimate the message appears to be, it is completely fraudulent. It did not come form Apple, the FBI, the IRS or from your Facebook BFF. This kind of scareware is easily perpetrated and can affect Macs, PCs and even smartphones via any web browser.

A recent phishing scam attempts to trick users into handing over their Apple ID passwords and other personal information. People hit by the scam usually receive an unsolicited message which claims to come from Apple, urging them to immediately change their Apple ID password before it expires. Victims are then directed to an unofficial but legitimate-looking website, where they are asked to input their username and password. After that, they are told their account has been locked for “security reasons,” and are directed to enter other personal information like address and credit card details, in order to “unlock” the account. This is all part of an elaborate phishing attack, designed to get users to hand over information which can then be used to hack their account. Apple’s phishing support page advises users to “never send credit card information, account passwords, or extensive personal information” to someone, unless they’ve fully verified the senders are who they say they are.

Another scam involves iTunes gift cards and the IRS.The federal government warned consumers in late April that scammers are singing a new tune when they’re pretending to be from the Internal Revenue Service or U.S. Treasury. Now, some are demanding that you pay your back taxes via an iTunes gift card. Any call requesting that taxpayers place funds on an iTunes Gift Card or other prepaid cards to pay taxes and fees is an indicator of fraudulent activity according to a bulletin from the Treasury Inspector General for Tax Administration (TIGTA). The bulletin also warns that “no legitimate U.S. Treasury or IRS official will demand that payments via Western Union, MoneyGram, bank wire transfers or bank deposits be made into another person’s account for any debt to the IRS or Treasury”.

The IRS has previously confirmed that they will not call to demand immediate payment over the phone, call or email you to verify your identity, demand that you pay taxes without questions or appeals, require you to use a specific payment method, ask for a credit or debit card number via phone or email,  or threaten to immediately bring in local police or law enforcement to have you arrested for non-payment.

ANTI-MALWARE – MAC VS. PC

When compared to Mac users (50% use anti-malware software), Windows users (75.7% use anti-malware software) are much more likely to have at least one antivirus product installed on their device.This discrepancy could stem from the fact that many Mac users are not aware of the increased existence of Mac-specific malware. While Mac devices may have been safe from malware in the past, that is no longer the case. Kaspersky Lab discovered 1,800 malware samples for OS X in 2014 alone, up from 1,700 samples the previous year, showing that Mac-specific malware is indeed growing. 

MALWAREBYTES

Traditionally, Mac users have been viewed as safe from malware, even as new threats have been publicized. According to a June 2015 OPSWAT report, only half of Mac users have antivirus protection, and that protection does not typically detect adware. In the last two years, there has been a proliferation of new adware—including Genieo, Conduit, and VSearch—that inject ads and pop-up hyperlinks in web pages, change the user’s homepage and search engine, and insert unwanted toolbars into the browser. The only software that we recommend to combat the proliferation of these software threats is Malwarebytes (https://www.malwarebytes.org/mac-download). This anti-malware and anti-exploit software is designed to protect businesses and consumers against zero-day threats by removing malware, adware and PUPs (potentially unwanted programs) that consistently escape detection by traditional anti-virus solutions. 

DATABASE BREACHES

According to Benny Czarny, CEO of OPSWAT in San Francisco, the goal with most retail breaches is stealing credit card numbers so that criminals can use them to buy anything online or transfer money or steal directly from the banks. The gain is obvious, and the way that many have been accomplished was through malware. The goal of financial, government and medical breaches is to obtain personal information or to encrypt company files and then demand a ransom fee to unencrypt the data after payment of the ransom.

2015 has been a year plagued with huge data breaches with limited to massive exposure ranges. Social security accounts, drivers licenses, usernames and passwords have been compromised in record numbers. Here are the top breaches listed by the size of breach.

American Registered Voter Information (191 million)

Mexican Voter Information Database (93.4 million)

Anthem Health Records (80 million)

Prisoner Phone Calls (70 million)

Ashley Madison Customer Records (37 million)

Federal Government Workers (21 million)

T-Mobile Customer Records (15 million)

MacKeeper Customer Records (13 million)

Premiere Health Records (11 million)

VTech Customer Info (11 million)

Excellus Health Records (10 million)

Hello Kitty (3.3 million)

RANSOMWARE

Ransomware, one of the newest and fastest-growing types of cyber threats, encrypts data on a victim’s hard drive, then offers to unlock the system in exchange for payment. Ransomware is secretly installed on the victim’s computer then gathers and encrypts data over a short period of time. Victims are then required to pay ransoms in hard-to-trace digital currencies like BitCoin to unlock their encrypted files. The quickest and most efficient means of restoring their computer files was to pay the ransom to obtain the decryption key. 

According to CEO Allen Stefanek of the Hollywood Presbyterian Medical Center, they were victims of a ransomware extortion plot in which hackers seized control of their electronic medical records system and demanded a $17,000 ransom to be paid in BitCoin currency. They were given back access only after the ransomware was paid. The FBI and local authorities were not able to assist in the recovery efforts, nor able to track down the culprits.

On a personal computer, ransomware doesn’t need root access, because it’s not trying to take over your computer; rather, it’s looking for the kinds of files that you care about most, such as photos, spreadsheets, pdfs and word documents, so it can then attempt to sell them back to you. Once installed, ransomware lays dormant for several days, then starts to encrypt documents and files on your system. Specifically, it looks for 300 different extensions, ranging from .doc to .mp3 to .jpg to .txt. Currently, the most popular types of consumer targeted ransomware are Cryptolocker, Cryptowall and TeslaCrypt.

WHAT CAN YOU DO TO MINIMIZE THE THREAT?

According to David Kennedy, CEO of TrustedSec, the top three security suggestions for small businesses are:

1. Make sure everyone is aware of what phishing schemes look like and train them to avoid them.

2. Practice good security around passwords. Don’t use the same password from one system to another.

3. Make sure someone on staff has a good understanding of the latest security threats and defenses.

WHAT YOU SHOULD NEVER DO

1. Don’t call any phone number that appears on your computer screen for technical support.

2. Don’t click on any warnings or buttons.

3. Don’t allow anyone to remotely take control of your computer. 

4. Don’t give anyone your credit card number, checking account information, 

5. Don’t give out your passwords or personal information.

6. Don’t open email attachments or links that you don’t recognize. 

7. Don’t install Java, Flash or browser extensions unless you understand their purpose and know their sources.

8. Don’t rely on Google or Bing to obtain technical support phone numbers.

9. Don’t install software that claims to clean up, speed up, optimize, boost or accelerate your computer.

10. Don’t assume that anti-virus or anti-malware software will protect you from threats.