Cybercriminals. They are around every corner on the internet. Now is good time to remind your family and co-workers how they work and how to practice safe browsing.

History/Why?: The plan for these criminals, and they are, is stealing your data for profit, stealing your identification. They use malware, worms and viruses. Every piece of malware actually has hundreds of versions and they now have to ability to shut down your protection. If you don’t regularly scan your systems, you probably have something on your system for days, months and in some situations, years.

Antivirus programs are constantly being hammered on new variants of virus/Trojans, malware and worms. It is very easy for virus writers to create new variants weekly. The AV industry is seeing about 40k NEW pieces of malware created weekly. To give some perspective, one antivirus vendor wrote a couple dozen new virus signatures per week two years ago. Today that vendor is generating 15,000 to 20,000 signatures every single day, reaching 2.5 million as of this month

Here is what to keep an eye out for:

Threats have now shifted from email to Web-based, end users(co-workers/family) need to know that their surfing/browsing patters  are being closely watched by cybercriminals/hackers. Check this out:

Cybercrimals, via Google searching, can determine what the top 10 search topics are, and hack those resulted sites, and infect them with malware. Injecting well-known, legitimate Web sites with malware infections: schools, retailers, small business are being targeted. These sites can be easy targets, because they don’t usually have a full a strong IT company watching for criminal activities.

Here are other method to look out for:

Social engineering attacks. These hide in files the user is accessing, and aim to entice the user into downloading and installing the threat. Popular social- networking sites such as Facebook and Twitter are targets because they provide potential access to the largest audiences.

Email download games/application. These are examples of what his happening with FACEBOOK games and groups. This also is coming from other popular social media sites. These apps look innocent and you think they can be trusted. You cannot. Never download anything you don’t know what exactly  it is.

Website redirection / Email link redirections: . They will send you bank or financial looking monthly statements, asking you to login. If you look at the actual URL it will redirect you to a malware fake website.

Graphic and media content: File sharing websites, pictures attached to emails, streaming media and Instant Messaging services.

Sadly, desktop antivirus programs don’t always catch zero-day (not yet detected) malware and viruses, so the best defense against emerging threats is to practice safe Internet habits.

Additionally users should look at Email hygiene applications and additional hardware Spam/malware protection solutions that watch everything you do on the internet and can help protect you.

It amazes me that for whatever reason people tend to overlook this problem time and time again. With the expansion of the Internet comes more threats. There are people in this world that want to cause harm to your computer, just because they can. You may not know when or where these attacks will occur, but it can happen to you at a moments notice.

When you are online you are sharing a vast network with millions of other users from all over the planet. Some of these user like to abuse the Internet by sending you spam emails or even worst, these people can be hackers and those who create viruses meant to harm your system.

You may have received an email from an unknown sender with an attach link or file with the sole propose to cause havoc to recipient. This file could be an Trojan, keylogger, adware, spyware or a number of the thousands of harmful viruses that can damage your computer, and the time and hard work you spend to customize your system can be wipe clean.

Some of the more well known viruses have been the:

Anna Kournikova virus

This arrives as an email attachment. Opening this attachment infects your machine. Once infected, the virus mails itself to all recipients found in the Windows Address Book.

Lovsan Worm virus also known as “Blaster” or “MSBlaster”

Has quickly infected computers throughout the Internet. The worm takes advantage of a flaw in Windows operating systems to drop a malicious program on your computer. Unlike typical computer viruses, which usually arrive as email attachments, Internet worms attack communication ports on vulnerable computers, often without the user’s knowledge. By taking advantage of a vulnerability in Windows, the worm is able to spread without requiring any action on the part of the user.

Nimda

Infects web servers and local files. Its main goal is simply to spread over the Internet and Intranet, infecting as many users as possible and creating so much traffic that networks are virtually unusable.

The “I Love You” Virus

This virus is pernicious, using Microsoft Outlook and Outlook Express to send itself to everyone on a Contact List from these programs, and destructively replacing files. The subject line of the infectious email reads “ILOVEYOU”, and the message of the email reads “Kindly check the attached LOVELETTER coming from me.”

The attachment, which has the destructive Visual Basic script, is named “LOVE-LETTER-FOR-YOU.TXT.vbs” If you receive this email attachment, DON”T OPEN IT!!! Your computer will not become infected unless you open the attachment on purpose. Reading the email won’t infect your computer.

You should also be careful when using File sharing, Peer-to-Peer (P2P) software. This platform is great place for people to spread viruses to other people by simply creating or modifying an virus and renamed this program to a popular file name. Then once the file have completed downloading, the unsuspected user opens the file, and the destruction begins.

It can be a simply problem that hoping your anti virus will detect and alert you of a potential danger, or the virus may just completely wipe you hard drive in seconds. For those of you can use popular p2p programs like kazaa, limewire, shareaza, emule and others, please do not download any file that may look suspicious with a weird a file extension. This file may look like “britney spears.jpg.exe” or “norton antivirus.exe” with a smaller file size then usually.

If you have an antivirus software, you can simply, “right click” a file on your system and scan for viruses, before your open the file itself. This method can help you, but is not foolproof.

Don’t be the next victim. Take these steps to help keep the odds in your favor of being protected:

Antivirus Software

An premium antivirus software like Panda Platinum Internet Security (which includes an antivirus, firewall, spam blocker, and anti-spyware), BitDefender, or The Shield Pro is the most critical element of your Internet safety. If you don’t have up-to-date antivirus software on your PC you’re asking for trouble. A good antivirus software will find viruses that haven’t yet infected your computer and remove the ones that have.

Firewall Software

Windows XP comes built-in with a firewall, and if you are running Service Pack 2, it is turned on by default. Although Windows XP’s firewall is certainly better than nothing, you should strongly consider acquiring another firewall to work on top of, or replace (recommended!) the firewall that comes with Windows XP.

Firewall software watches these ports to make sure that only safe communication is happening between your computer and other computers online. If it sees something dangerous happening it blocks that port on your computer to make sure your computer stays safe from the person who is trying to hack into your system.

Some of the better firewalls are Zone Alarm Pro, Norton Personal Firewall, Panda Platinum Internet Security, and The Shield Pro.

Spyware Removal

There is a good chance that if you are actively online with your computer system that in some way spyware will get installed. All it takes is just clicking on the wrong site or by signing up for some web programs. Another issue with spyware is the danger of invasion of privacy. Remember that these programs can collect all types of data from you computer system and then send back to its creator. Spyware usually collects information that can be used for advertising, marketing to see what websites you visit on a frequent bases.

There are several spyware tools available, but many provide insufficient protection. Some of the better spyware removers are; Webroot Spy Sweeper, XoftSpySE, and AdwareAlert.

Cyber Warfare

Recent media reports suggest that there has been an increase in Cyber warfare or electronic assaults from hostile governments as well as drug lords. The reality is that many developing nations are vulnerable and cannot protect themselves and their infrastructures such as stock markets, communication and transport systems against such attacks.

Furthermore, with all these growing threats there is a need for nations to come together and sign a legally binding digital asset treaty. A treaty such as this would make it an offence for a hostile government to use cyber attacks or electronic espionage against another country. In November 2001 UK, the European Union States, Canada, Japan and the United States signed what is known as the Council of Europe Agreement on digital crime activities. The significance outcome of this agreement is cross border investigation of cybercrime between these nations. This makes it easier for law enforcement agencies of these nations to cooperate on extradition requests for offenses against one country committed from within another country. In addition, these countries went further to adopt common ground on criminal laws such as hacking, forgery, digital related fraud, unauthorised access to computer systems, infringements of copyright and child pornography.

The agreement stopped short of including developing countries such as the G20, however the UN should take a lead in enacting a digital asset treaty that will cover offenses such as fraud, unauthorised computer access, child pornography, data privacy and copyright.  Although, computer crime is truly international, differing Acts in different jurisdictions inhibits prosecution of international digital crime.

For more information please visit our network security website at http://www.honeyjet.co.uk/. There we have an extensive selection of network security articles, tools and network security solutions.

Across the globe, now mainly targeting African countries with evolving technology capacity like Ghana and other West African countries, online cyber criminals are focusing dedicated funds, time and resources to perpetrate fraud – and they are very adept at this process penetrating financial institutions, banks, businesses, governments critical mission infrastructures moving from towns to countries. The result has been a dramatic increase in online fraud that specifically targets consumers, enterprises and citizens. Every data breach or costly identity-theft case going on unabated and unreported erodes the public’s confidence in the security of online POS and other financial transactions. This loss of confidence jeopardizes the ability of organizations to conduct transactions online effectively with wider patronage and profitability especially in Africa. Lack of knowledge and effective manpower resources in ICT security continues to make the situation more vulnerable with inadequate response.

A myriad of security vendors have stepped to the forefront in attempts to ease these concerns. While this has inspired an explosion of innovation around both strong authentication and fraud detection, there have been challenges introduced as well. Some of these vendors are trusted providers of online security expertise, but many newer players in the African continent lack the experience and know-how that growing and larger organizations and businesses requires.

Protecting the corporate brand, safeguarding customers and meeting the appropriate regulations are now primary security concerns for governments, private and the public sector institutions using data, biometrics and other modern technologies. To properly implement a strong, layered security strategy that fulfils those goals, organizations need to thoroughly review their overall business security and online activities and conduct risk assessments to determine the level of authentication and fraud detection required. There are many available security options that can help thwart fraud today and into the future, including multifactor authentication and fraud detection solutions. With a clear understanding of the tools available and ways to effectively begin and evolve, organizations can take the essential steps toward protecting consumers, enterprises and citizens today … and tomorrow.

Corporate and business information loss can mostly be credited to a company’s internal organization, or lack thereof. In other words, in order to prevent data leakage, corporations must not only eliminate external threats, but also internal processes that could enable data leakage. In many cases emanate from lacking in security plan, internal risks as well as bad storage procedures. Costs associated with a data breach are rising leading to financial consequences and image damage that will see many firms struggling to lock down information and prevent leakage of sensitive data.

The total average costs of a data breach grew to record high. Depending on the size of the breach, costs could become astronomically expensive. But in Africa, many in the financial and privacy level have a view that people over time will become indifferent to a data breach notification. But the breach found the costs associated with lost business continue to climb drastically. Lost business now accounts for data breach which costs is gradually climbing at an alarming rate.

2009 – Data breach costs soar: A trend indicates the costs associated with data breaches have soared and will continue to skyrocket unless companies do more to prevent them in the first place. Experts say breach costs are far reaching and could lead businesses, banks and merchants to find alternative payment methods which are ever flourishing in Africa (Grey/Black Market). Corporate information loss can mostly be credited to a company’s internal organization, or lack thereof.

African firms are not doing enough preventing data breaches. This is because many countries lack proper data policy management systems, no consumer watchdog unit and no government legislation regulating and protecting data handling and misuse.

It’s impossible to create an environment where you cannot have a data breach. Data breaches will continue even for the best of companies and government bureaucracy, but its how you detect it, how you respond to it and how you manage the risk that matters most. Companies, organisations and governments should be fearful of malicious insiders getting access to sensitive and confidential data. The rising tide of layoffs as a result of the poor economy has put a focus on the insider threat. But insider negligence continued to play a major role in causing a data breach. More than 88% of all cases involved incidents of insiders mishandling data and compromising job discreption because of the low wage paid to system analyst and administrators. Far fewer breaches were influence from white collar malicious insiders.

Companies must respond to rising tide of insider threats with security training and awareness programs. Training programs were started by just few companies. And other firms said they are also creating additional manual procedures and controls which is not mentained or consistent.

Fewer firms are investing in additional technologies like CCTV and Time Attendance Systems. Encryption was the first technology implemented after a breach. Of the technology options, companies have expanded their use of encryption. Technology should be implemented with education and diligence; African businesses too often get lulled into a false sense of security. One of the mistakes companies and individuals including IT administrators is relying only on encryption solution to network servers, desktops and laptops forget about thumb drives, email or FTP servers. Some are trying addressing some issues but not addressing the entire problem. Some companies turn to the use of third-party services to handle personal information such as payment transactions and customer loyalty programs. But they do not realise that those services may increase the risk of data leakage and also increase the cost of a breach.

Breaches by outsourcers, contractors, consultants and business partners were up in 2009 in many African countries especially in Ghana. Third-party vendors often take more time to investigate and conduct forensic analysis. Services sometimes lose information due to poor processes or inadequate data protection technologies. Not all data breaches are the result of high tech glitches or cybercrimes, Sometimes they’re pretty low tech. The financial impact goes so much deeper than simply costing victims, but also ripples throughout the network of organizations involved. “I’m always glad to see when other organizations produce evidence to corroborate what we’ve been saying for years: ‘failure to maintain proper data security is a high risk gamble that companies simply can’t afford in this time of global economic recession’”.

In Australia, nearly 93% of all children have a computer they can use at home. Of those students, 83% have access to the Internet. Teens use the Internet for a variety of reasons. 63% of kids are using the Internet for sending and receiving emails. 59% of use is for instant messenger, such as MSN. With such high percentages, it is clear why it is so important for parents to be involved with their kids’ computer usage.

My Space: the ins and outs

My Space is a website that allows your child to post blogs, post pictures and send messages back and forth to anyone connected online. My Space allows people from any part of the world to send messages back and forth. The site also allows people to search for other people with certain demographics. This site is probably one of the most popular sites among teenagers.

MSN: The ins and outs

MSN allows user to access their Hotmail email along with many other features. One of the main features teens love MSN, is the messenger program. With MSN messenger, teens can chat with others who also have the messenger program. The use of a messenger program often interrupts teens who are supposed to be working on their homework. Instead of concentrating on their homework, they are distracted by messages popping up from their friends, who are trying to chat with them.

The risk to teens

Like a lot of things teenagers try out, there are risks to using the Internet. Predators fill the Internet just looking for vulnerable people to prey on. Often times, they will pretend they are teenagers in order to gain trust. Once a bond is formed, they may ask to meet with your teenager. Ensure your children never gives out their personal information, name, age, location, school, sporting team etc.

Interruption to study or homework

Czerwinski, a leading expert in interruption science, says, “The danger of interruptions is not really the interruption – it’s the havoc they wreak with memory; “what on earth was I just doing?” Although we believe teenagers are far better than any generation at multi-tasking their flow of work will suffer when MSN or MySpace pop up to alert them that someone wants to chat. It can take anywhere between 5 and 25 minutes to return, with the same kind of attention, to the task they were working on.

When completing work that requires flow, such as writing an essay, it is best to turn off all programs that pop up at you. If working on an assignment that requires you to multi-task then the distractions are not so bad. Managing the distractions is the most important thing, and some teens are not great at controlling this. Software programs such as Chronager V 3.2 are a great way to monitor and control your teen’s use of the Internet.

The Internet can be a fascinating place when used properly. Begin by educating your pre-teen or teen on how to safely use the Internet. Become an involved parent with your child’s Internet usage. With some proper guidance, the Internet can be a fun and safe place. So the next time your teen wants to log on, be sure they are equipped with proper Internet safety.