The computing landscape has become more complex and hazardous than ever. Hackers don’t just want to compromise your PC; they want your phone and tablet, too. Here’s a look at five big security trends that today’s tech users need to watch for – along with tips on how to prevent these attacks from being successful.
By all accounts, mobile malware, particularly on the Android platform, is getting more prevalent and more dangerous. This summer, Google itself revealed that malware may now impact some 5 million Android users, and that doesn’t include the Kindle or the entirety of China. Google continues to fight fake and virus-ridden apps from the back end, but Android users are advised to take extreme caution when installing new apps, and to protect themselves with an anti-malware tool like Bitdefender Antivirus Free for Android.
SMS phishing, or “smishing,” has become a hotbed of hacker activity because it has become so easy to send out these types of attacks en masse. An SMS-based attack, much like a standard email-based phishing attack, is designed to trick the recipient into visiting a compromised website or giving out their personal information. These simple messages typically look like confirmations for services the recipient never ordered: “Visit here to cancel your $20/month subscription,” or “Click here now if you did not place this order.” By scaring the receiver into believing they are being charged for something imminently, the attack is more effective. User training is the best defense here – banks and legitimate merchants never confirm transactions via text message – but services that help to halt Smishing attacks are being developed.
One of the most nefarious types of Windows-based attacks today involves what’s known as ransomware. It has only one goal: To get you to pay the malware creator/owner to have it removed. Ransomware often ironically conceals itself as an anti-malware app (“Click here to protect your PC!”). The good news: Standard anti-malware software like Bitdefender Total Security will protect against ransomware.
Instant Messaging/Telephone-Based Phishing Scams
As computer defenses get more sophisticated, some attackers are resorting to old-school methods to compromise PCs. One new attack involves a hacker sending an instant message or initiating a phone call to a user. The attacker claims to be from Microsoft or a computer security company and tells the user they have “detected problems” on their PC. (The method for this detection is never explained.) The attacker then attempts to walk the user through actually installing malware on their computer by hand, thus bypassing any security measures on the PC. Since it’s a direct hands-on approach, this is a high-risk and high-cost attack for the hacker, and its only defense is common sense and good user training. These “remote problem detection” services don’t exist, and users should never follow the instructions of a stranger over the phone.
Man-in-the-Middle (or Man-in-the-Browser) Exploits
Increasingly popular on both mobile and PC platforms is the man-in-the-middle attack, often known as the man-in-the-browser attack, because it frequently plays out via website. While the attack has many forms, the most common involves rogue or compromised hotspots, in which an attacker sets up or hijacks an unencrypted Wi-Fi access point, then delivers phony versions of websites to users who are connecting to the web through that access point. These sites look just like the real thing, so a user contacting his bank, webmail provider, or shopping site is none the wiser that an attack is even taking place. Defenses are tricky, but anti-malware software can protect against these attacks.
This story, "Securing your computing ecosystem from smartphone to PC" was originally published by BrandPost.