Top trends in cyber crimes you need to watch out for!

Here’s part two of my conversation with Gaurav Kanwal, Country Sales Manager – India, Consumer Products & Solutions, Symantec. Here, we discussed trends in cyber crimes, how users can protect themselves against malware, phishing and other attacks, and some India based statistics.

Top trends in cyber crimes
What are the trends that Symantec has been seeing in cyber crimes today? Are any new trends appearing?

According to Kanwal, today’s online thieves will stop at nothing to steal anything you’ve got: your money, your identity, even your good name. Their methods are getting more devious and sophisticated every day. Cyber criminals then sell the information on the online black market. Some trends that Symantec has recently witnessed include:

Explosion of malware variants: Significant changes in the threat landscape over the last few years have dramatically altered the distribution profile for new malware. Today, instead of a single malware strain infecting millions of machines, it is much more common to see many millions of malware strains, each targeting a handful of machines.

Advanced Web Threats: Threats are becoming increasingly sneaky and complex. New scams, such as drive-by downloads, or exploits that come from seemingly legitimate sites, can be almost impossible for the average user to detect. Before the user knows it, malicious content has been downloaded onto their computer.

Social Networks: Online social networking continues to rise in popularity due to the numerous opportunities it provides. Social networking also provides phishers with a lot more bait than they used to have. Threats can come from all sorts of avenues within a networking site. Games, links and notifications are easy starting points for phishers. As society picks up one end of the social networking stick, it inevitably picks up the security problems on the other end.

Rising Spam Levels: We may not want it, but it still keeps coming. In October 2009, about 90 percent of all email messages were spam. The overall amount does fluctuate, but on average, the levels of spam have primarily risen rather than fallen. Big headlines almost always lead to more spam, and major headlines from 2009, such as the death of Michael Jackson, the H1N1 flu outbreak and the Diwali festival are examples of this. Furthermore, according to a recent Symantec report, spam and phishing information was the 2nd most requested item on the cyber mafia’s underground economy.

Malvertisements and scareware: Cybercriminals have figured out how to deceive people by presenting counterfeit messages. Examples of this include malicious advertisements or “malvertisments,” which redirect people to malicious sites, or “scareware,” which parade as antivirus scanners and scare people into thinking that their computer is infected when that’s not the case.

To encourage users to install rogue software, cybercriminals place website ads that prey on users’ fears of security threats. These ads typically include false claims such as “If this ad is flashing, your computer may be at risk or infected,” urging the user to follow a link to scan their computer or get software to remove the threat.

According to a recent Symantec study, 93 percent of software installations for the top 50 rogue security software scams were intentionally downloaded by the user.

As of June 2009, Symantec has detected more than 250 distinct rogue security software programs. To make matters worse, some rogue software installs malicious code that puts users at risk of attack from additional threats.

Protect yourself against malware, phishing and other threats
How better can users be protected against malware, phishing and other threats?

While the threat landscape becomes increasingly dangerous, users can take several simple measures to protect themselves. Norton recommends 10 top security strategies that users should employ:

Beware of suspicious email. Scan emails before you open them. Do not launch unfamiliar executable (.exe) files or any attachments from unknown senders.

Watch your network. If you discover an infected computer on your network, disconnect all computers from your network, scan them and clean any infected computers immediately.

Patch. Upgrade. Repeat. Protect yourself by getting the latest operating system and security software updates and patches right away. Also upgrade your browsers to the latest versions as soon as they become available.

Encrypt. If you keep sensitive data on your PC—and most people do—encrypt it. The Norton IdentitySafe feature in Norton Internet Security provides easy-access storage for encrypted data.

Layer your security. Just like wearing layers better protects you from the cold, layers of security better protects your PC from the evildoers of cyberspace. Use Norton™ Internet Security 2010 and update all security programs. Also, enable browser security settings and disable file sharing.

Back it up. If you’ve got important data, back it up. There are too many ways to lose information; human error, hardware failure, accidents…the list goes on.

Shore up your weaknesses. Use a strong firewall. Update your software. Find your weaknesses and fix them. Fast!

Use strong passwords. Passwords should have at least eight characters and should combine alphanumeric and special characters ($, *, &, etc.). You should also change your passwords every 45-60 days.

Avoid spam. When it comes to malware, spam is usually where it begins. Spam not only gobbles up your valuable time, it also hogs bandwidth and storage space. Report spam if you can, use antispam software whenever possible, and create separate accounts for friends and family, and additional accounts for other online activities.

Be cautious. Do not give yourself a false sense of security by using free security software (freeware) as some of them carry malware which is designed to bait users and then up-sell them later under the promise of more robust protection – at a higher price than a paid-for solution.

Unless you have a high level of technical competency, where you are able to build your own security solution with different point products, avoid reliance on freeware to protect your online environment.

What else can be done to improve safe browsing?
In addition to the measures listed above, Be Smart. If a “friend” emails and asks for a password or other information, call or email (in a separate email) that friend to verify that they were really who contacted you. The same goes for banks and businesses.

First of all, they won’t email you asking for passwords or account numbers. If you think it might be real, call the bank or business and ask. Or visit their website. Most have an address to which you can forward suspicious emails for verification. And always remember, don’t reveal too much personal information online, because you never know who might use it against you and how.

India specific relevant stats
The Norton Online Living Report (NOLR) 2009:

* Adults in India rank the highest when it comes to not having the basic security measures; 33 percent of adults in India do not have security software.

* About one in four (24 percent) online adults sometimes shares a secret or something personal with someone online. Those in India (36 percent) are most likely to do so.

* At 63 percent, India ranks highest in the number of parents who feel it is hard for them to make rules about the Internet because it wasn’t around when they were kids.

* Due to a rapidly growing Internet infrastructure, a burgeoning broadband population and rampant software piracy, India is expected to witness increased malicious activities.

Symantec’s Internet Security Threat Report (XIV)
* India had the fifth highest number of broadband subscribers in the APJ region in 2008 and the third highest volume of malicious activity, with 10 percent of the regional total.

* In the APJ region, India ranked first on worms and viruses attacks prevalence chart. Nine of the top 10 malcodes found in India consisted of worms (55 percent) and viruses (15 percent) that disabled security related processes, downloaded additional threats and stole confidential information.

* According to the report, India had an average of 836 bots per day during 2008 and there were 103,812 distinct bot-infected computers observed in the country during the period. This was a staggering increase of nearly 250 percent from the previous Internet Security Threat Report.

* Among the cities in India with the highest number of bot-infected computers, Mumbai figured at the top with 37 percent followed by Chennai at 24 percent and Delhi at 7 percent. Cities like Bangalore, Hyderabad, Calcutta, Surat, Ahmedabad, Cochin and Pune too had a sizeable share of bot-infected computers.