 |
| An IDF C4I Corps soldier monitors for hacker activity |
A more connected world means more opportunities for individuals and
businesses to communicate and make connections – and more opportunities
for hackers to hijack computer resources for their own nefarious ends.
In 2014, say three top security experts, expect more and more
sophisticated attacks, as hackers take advantage of both smart home
technology, and the increased concern and desperation among those
seeking work.
As has been the case in recent years, say Andrei Dolkin, Yariv Lenczer,
and Avishag Danieli – among the top experts at Israeli security company CyberArk
– “social engineering” will remain a prime method for hackers to get
control of users’ computers. Sophisticated attacks are already de
rigueur for many users, as hackers send out links that look for all the
world like the “real thing,” with messages from banks, on-line stores,
“official” looking sites, or even friends and relatives.
Once clicked, though those links lead back to a
web location where, once a user connects, they download a piece of
malware that will give the hacker total and utter control over the
hapless victim’s computer or device. Once in charge, hackers can enroll a
victim computer – or, in most cases, their whole network – into a
botnet system, the combined processing power of which is used to conduct
hacking attacks against banks and government servers, to send out reams
of spam, to steal credit card or other financial data, and so on.
Social engineering, say the experts, has
proven to be one of the most important and useful arrows in the hackers’
quiver, because the victim “voluntarily” installs the malware onto a
device – thus saving the hacker the trouble of having to get past
anti-virus or other protective software. If some is good, more must be
better – so, say the experts, expect more and more sophisticated social
engineering attacks in the coming year.
One sad twist on the social engineering
phenomenon, say the experts, is the vulnerability of the masses who have
been out of work for months, or even longer. Following the advice of
“how to get a job” gurus, many are using business-oriented networking
sites like LinkedIn to connect with others, and spread the word that
they are seeking work. But using social engineering tactics, hackers
have already managed to infiltrate these groups and steal information,
logins, and other data – which they promptly used to rip off victims,
their families, and their LinkedIn connections.
In one case, say the experts, a hacker joined a
closed LinkedIn group and claimed to have a high-level security
clearance in a U.S. intelligence agency. Trusting the hacker, users in
the group unveiled information that they should have kept private – and
found that their credit cards and bank accounts had been compromised.
Other hackers target employees of specific companies, building a network
of LinkedIn of employees, and send out links to malware. In other
cases, hackers have joined groups of LinkedIn users seeking jobs, and
talked members into clicking on links that installed malware on their
devices.
In response to press articles about the phenomenon,
LinkedIn said that when it came to social engineering, there was little
they could do. “We recommend members connect only with people that they
know and trust,” a company spokesperson said. “All Internet users
should of course be aware of the fact that there are bad guys out there
who unfortunately resort to things like phishing attacks, and that
people should use common sense and tools available to them to ensure
that they don’t fall prey.”
A related social engineering trick hackers are
using against the unemployed, said the experts, was targeting workers
in industries and companies where cutbacks or layoffs have been
announced. Capitalizing on the panic of the newly-unemployed – or those
who fear they will be next – hackers distribute links to phony
networking groups, support sites, headhunter sites, and even legal
rights information sites. Needless to say, all those who fall for the
trick find that their devices are “owned” by the hacker.
Another major trend, said the experts, will be
the expansion of “cybercrime-as-a-service.” Similar to other one-stop
web services, CAAS entails a customer trying to break into sites or
databases of rivals – to gather information or for more destructive
purposes – logging onto a cybercrime portal where they will be able to
order the actions and activities they want. “Access to privileged
accounts, we believe, will be one of the ‘hottest’ hacker products in
the coming year,” said Dolkin. “We already saw this trend in 2013, in
the case of the hacker Andrew James Miller, who used privileged accounts to get into numerous U.S. government sites.”
As if preying on the unemployed wasn’t enough,
the CyberArk team said, homeowners who have set up “smart” devices” in
their homes need to be concerned that they are protected as well.
“Electricity meters, Smart TVs, smart air conditioners, and more are all
Internet-connected now,” said Dolkin. These devices use the same
connectivity technology as routers and modems – meaning that they have
built-in passwords and user-logins.
 |
| Andrey Dulkin |
Changing the password on a smart refrigerator
(already a hot item in the Far East, these fridges can tell you when you
are out of milk or have too many leftovers) is probably the last thing
anyone would think of – but a smart appliance owner’s neglect or apathy
is gold to a hacker. “It’s not just the refrigerator or an individual
smart appliance that is at risk,” Dolkin added. “The entire house is
networked, usually using the same router, so once a hacker is in, they
can access other components of the network.”
Along with these “new” threats, said the team,
the “same old” threats will still be with us – just more so. More small
business will be targeted by hackers (they are easier to “hit,” said
the team), more organized crime groups will get involved in the very
lucrative business of cybercrime, and more people and businesses will
fall victim to hack attacks. “Our best advice,” said Dolkin, “is to get
educated, and of course, never click on a link you’re not sure about.”
0 comments :
Post a Comment