Almost 400 million people 1 fall victim to cybercrime every year.



Similar documents
OCT Training & Technology Solutions Training@qc.cuny.edu (718)

2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE

Learn to protect yourself from Identity Theft. First National Bank can help.

10 Quick Tips to Mobile Security

Malware & Botnets. Botnets

Norton 360. Benefits. Our ultimate protection, now even more so. Introducing the new Norton 360.

BE SAFE ONLINE: Lesson Plan

3 Marketing Security Risks. How to combat the threats to the security of your Marketing Database

WEB ATTACKS AND COUNTERMEASURES

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

What Do You Mean My Cloud Data Isn t Secure?

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Cyber Security. Maintaining Your Identity on the Net

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

High Speed Internet - User Guide. Welcome to. your world.

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Security and Trust: The Backbone of Doing Business Over the Internet

Internet threats: steps to security for your small business

Introduction: 1. Daily 360 Website Scanning for Malware

Top tips for improved network security

Shop Online with Confidence

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

GlobalSign Malware Monitoring

Streamlining Web and Security

Ten Tips to Avoid Viruses and Spyware

2012 NORTON CYBERCRIME REPORT

How To Prevent Cybercrime

Data Security. So many businesses leave their data exposed, That doesn t mean you have to Computerbilities, Inc.

Open an attachment and bring down your network?

Protect yourself online

Retail/Consumer Client. Internet Banking Awareness and Education Program

Five Trends to Track in E-Commerce Fraud

Marlon R Clarke, Ph. D., CISSP, CISM Director Network Operations and Services, NSU

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!

Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise

Protecting your business from fraud

MAXIMUM PROTECTION, MINIMUM DOWNTIME

Welcome to the Protecting Your Identity. Training Module

National Cyber Security Month 2015: Daily Security Awareness Tips

STRONGER ONLINE SECURITY

Protection from Fraud and Identity Theft

Perception and knowledge of IT threats: the consumer s point of view

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

How To Protect Yourself Online

The SMB Cyber Security Survival Guide

Phishing The latest tactics and potential business impacts

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Don t Fall Victim to Cybercrime:

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

OIG Fraud Alert Phishing

Activities for Protecting Your Identity and Computer for Middle and High School Students

How to prevent computer viruses in 10 steps

WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

What you need to know to keep your computer safe on the Internet

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Spyware: Securing gateway and endpoint against data theft

How To Protect Your Online Banking From Fraud

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

How to stay safe online

White Paper. Business Continuity and Breach Protection: Why SSL Certificate Management is Critical to Today s Enterprise

4/20/2015. Fraud Watch Campaign. AARP is Fighting for You. AARP is Fighting for You. Campaign Tactics. AARP can help you Spot & Report Fraud

Cyber Security. Securing Your Mobile and Online Banking Transactions

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Identity Theft Protection

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Transcription:

400,000000 Almost 400 million people 1 fall victim to cybercrime every year. A common way for criminals to attack people is via websites, unfortunately this includes legitimate sites that have been hacked or compromised in some way. This puts your visitors and your reputation on the line, so every website owner needs to understand the risks posed by cybercrime and how to prevent it. This essential survival guide will help you navigate the wilds and come out of the other side safe, sound and protected. 1 2013 Norton Report. Slide 10. http://uk.norton.com/cybercrimereport Arm yourself with knowledge I 2

ATTACK - THE DANGERS OF A CYBERCRIME ATTACK 1 in 500 61% One in 500 websites are infected with malware. These sites are often legitimate websites (worryingly 61% of websites serving malware are legitimate sites) that have been infiltrated by online criminals. Criminals can buy off the shelf software toolkits to attack websites, or more accurately the servers that run them, in the same way that computer viruses attack people s home and business PCs meaning that today almost anyone can access the tools required to hack a website. These attack kits can scan thousands of sites a minute over the internet and spot known weaknesses and vulnerabilities, which are then used to insert malicious software onto vulnerable websites. There are other ways to break into a website server too. Hackers can use social engineering, phishing attacks or spyware to steal the user name and password of an administrator and simply give themselves access to the system so don t give them a chance! 2 ISTR 18 http://www.symantec.com/security_response/publications/threatreport.jsp 3 ISTR 18 http://www.symantec.com/security_response/publications/threatreport.jsp Attack I 3

How identity theft and phishing work Identity theft is one of the most insidious forms of online crime. It takes different forms from the theft of a credit card number to a complete takeover of someone s online identity. This is what happened to journalist Mat Honan 4 in 2012 when hackers progressively broke into his email and other online accounts and then remotely wiped his computer and smart phone. In the process, he lost a year s worth of photos, covering the entire lifespan of his daughter as well as documents and emails. Regaining access to all his accounts and reclaiming his digital life took a huge amount of time and effort 5. Honan was the victim of a clever series of social engineering attacks designed to get access to one system after another but many more people are tricked into giving away their user names and passwords on increasingly convincing sophisticated phishing sites. With phishing, a victim gets an email or social media message or clicks on a link from a seemingly legitimate website. They then arrive at a fake website that looks exactly like the real thing a bank, a social media site or whatever and they enter in their login details. Except that now it s the criminals who have those details. Some security suites include tests that scan for fake sites and forward-thinking website owners use advanced security technology such as extended validation SSL certificates to prove that they are a real site and not an imposter; but without this help it is often very difficult to spot the difference between a real site and a phishing replica. With phishing, a victim gets an email or social media message or clicks on a link from a seemingly legitimate website. 4 http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ 5 http://www.wired.com/gadgetlab/2012/08/mat-honan-data-recovery/ Attack I 4

How botnets work Because of the way movies portray internet hackers, it s easy to imagine a lone genius sitting in a darkened basement room trying to hack into your website. In practice, that s extremely unlikely. Instead, criminal gangs use botnets on a large scale to probe millions of PCs and websites automatically. A botnet is a collection of computers that have been taken over by malware, often without the users knowledge, so that they can run software for the botnet operator. One common method of recruitment is drive-by attacks when users visit infected websites. Individual botnets can include thousands or tens of thousands of individual machines. Botnet operators can use them to: Send spam on a vast scale. Host phishing websites. Probe PCs and legitimate websites using attack toolkits. Click on adverts generating fraudulent revenue. Launch denial of service attacks that stop people using online services. Botnets give internet criminals processing power and internet connectivity on a huge scale. This is how they are able to send out millions of spam emails or infect millions of PCs an hour. Attack I 5

INFECTION - THE ALARMING TRUE COST OF DATA THEFT Once criminals have infiltrated a website, they can use it to make money and quite often in many cases a lot of money. For example, they can install spyware on visitors computers that steal personal information like credit card details. The installation software hides on regular web pages so often it s impossible to spot without the right security software. Alternatively, they can stealthily redirect visitors to other sites or change the contents of a site. Stealth works in the criminals favour. If people know they re a victim, they are likely to try to do something about it but most site owners don t know that their site has been infected and most visitors don t know they ve been attacked. The consequences for visitors are potentially serious but the risks for a business with a corrupted website is equally grave: Loss of customer trust and goodwill. Redirection of site visitors away to other sites. Interception of private information entered on the site. Blacklisting by search engines (For example, Google blocks 10,000 infected sites a day 6 ). Stealth works in the criminals favour. If people know they re a victim, they are likely to try to do something about it 6 http://mobile.businessweek.com/articles/2012-05-07/protect-your-companys-website-from-malware Infection I 6

The size of the cybercrime problem Cybercrime is a serious issue for website owners. It s also a problem for the economy as a whole. It represents a sort of criminal tax on internet commerce of up to 83 billion annually, according to the 2013 Norton Cybercrime Report 7. There are more than a million victims every day and the average cost per victim is 220. CRIMINAL INTERNET COMMERCE TAX 83 BILLION VICTIMS OF CYBERCRIME PER DAY 2 MILLION What does this mean on a practical level? Four in ten people who used the internet have fallen victim to attacks such as malware, viruses, hacking, scams, fraud and theft. And this means: Spending hours trying to repair their computer, for example removing a virus (24 percent of respon ents). Losing money to fraudsters who lock an infected computer using Ransomware and demand payment to release it. Losing their identity to criminals who clone credit cards, apply for loans and destroy credit records, leaving victims with months of work trying to sort out the damage. Having their computer turned into stealthy slave PCs in a criminal s botnet (see What is a botnet for more on this). On a broader scale, it means a loss of confidence and trust in the internet, which reduces people s freedom of choice and action. 7 go.symantec.com/norton-report-2013 Infection I 7

Who is most at risk of cybercrime? According to the 2013 Norton Cybercrime Report which surveyed 13,022 online adults around the world: Men are more likely to be victims than women. People who use mobile devices, social networks and public or unsecured Wi-Fi are also more at risk. Parents of children 8-17 are more vulnerable! When it comes to websites, botnets and attack toolkits don t differentiate between big companies or small ones, famous names or anonymous family businesses, profitable companies or charities. They probe as many websites as they can find. By their very nature, no website is invincible and consequently every site is a target. How website malware works Home and business users should regularly update their computers with recommended patches and updates for programs, operating systems etc... This is because software companies and security researchers find new glitches and weaknesses that hackers can exploit and so send patches out for them. Hackers know about these vulnerabilities too and they can use them to take control of unpatched computers: installing viruses or accessing private information, for example. It s the same with the servers that run websites. They have an operating system, like you have Windows or Mac OS on a regular computer. There is also application software that serves up web pages to site visitors. Increasingly, websites also use content management systems to allow non-technical users to create and edit web pages. Each of these layers of software could contain vulnerabilities that might allow criminals to change the contents of a website. Once they have control, they can use the site as a springboard to attack visitors. Internet criminals take different forms. Some look for software vulnerabilities, some write attack toolkits that use vulnerabilities to attack websites and others specialise in using these toolkits to attack sites. There are online black markets where different specialists can meet and trade tips and tricks and buy these toolkits. Attack toolkits are like any other kind of commercial software; they are updated regularly, come with warranties and include technical support. One particularly popular toolkit, known as Blackhole accounted for 41 percent of all web-based attacks in 2012 8. 8 ISTR 18 http://www.symantec.com/security_response/publications/threatreport.jsp Infection I 8

PROTECTION - WHAT INDIVIDUALS CAN DO TO PROTECT THEMSELVES Individuals, whether they are home users or your employees and colleagues, can protect themselves a by using a bit of online common sense: Delete suspicious emails and social media messages without clicking on links. Install up-to-date antivirus security software Keep your computer up-to-date with the latest software patches and updates. Backup your PC to an external drive or cloud based backup service. Be security-conscious on social media sites: log out when you re done and don t connect to people you don t know. Regularly change and use strong passwords and don t share them with anyone. Be careful about what you share online don t give away more personal information than you need to on social media sites and be careful about what you upload to online file stores. Look for trust marks like the Norton Secured Seal and Extended Validation SSL certificates when you visit a site don t entrust your confidential information to a site you don t trust. How to tell if your site is vulnerable The growing risk of website corruption from internet criminals using attack toolkits means that website owners, even if they are not technically inclined, need to take steps to protect their sites, their visitors and their reputation Nearly a quarter of IT managers don t know how secure their website is and more than half have never conducted a vulnerability assessment on their website 9 You can sign up for Google s free Webmaster Tools. This will warn you if Google has blocked your site because of malware but that s a bit like spotting that the stable door is open after the horse has bolted. A more proactive alternative is to choose Symantec Extended Validation or Pro SSL Certificates for your site, which includes Symantec s Web Site Malware Scanning 10 service. This checks your site daily and warns you if there is a problem. In addition, these certificates also include a weekly Vulnerability Assessment 11 to highlight critical problems that may leave your site vulnerable to attack. These services allow you to be proactive rather than reactive. 9 http://www.symantec.com/connect/blogs/website-vulnerabilities-which-countries-websites-are-most-vulnerable-malware 10 http://www.symantec.com/en/uk/page.jsp?id=ssl-resources 11 http://www.symantec.com/en/uk/page.jsp?id=ssl-resources Protection I 9

What can you do to protect your website? Having read this guide, you already understand the risks and the need to scan your website for malware and vulnerabilities. However, you can do more to keep your site and visitors safe, including: Use the Norton Secured Seal, which shows visitors that we scan your site regularly for malware and vulnerabilities. It is the most recognised trust mark on the Internet 12 and 94% of consumers are likely to continue an online purchase when they see it 13. Choose Extended Validation SSL Certificates to show your visitors that they are on a real site, not a fake phishing site and to confirm the identity of the company behind the site. Online shoppers are more likely to enter their credit card and/or other confidential financial information into a website with the EV green bar 14. Keep your server software up-to-date. If you host or control your own web servers, keep them up to date with patches and updates. If you use a content management system such as WordPress, keep that up to date too, including any third party plugins. Symantec research suggests that toolkits mainly tend to target well-known existing vulnerabilities for which there are already fixes. Control access to web servers. Use strong passwords for content management systems and web servers. Don t allow users to share passwords and ensure that admin-level passwords are limited to users with a strict need to know. Consider an always-on approach to SSL. Well-known sites like Facebook and Twitter use SSL on every page, not just on forms and checkout pages. This encrypts and protects all the information given by a user on the site and makes it less vulnerable to so-called man in the middle attacks. Understanding the cybercrime threat to your website is not just good for security, it s good for business. Put simply: if customers feel safe, they will buy more. Symantec is your partner in protecting your site and its range of Website Security Solutions make it easier to stay ahead of the criminals and increase trust for your customers. 12 International Online Consumer Research: U.S., Germany, U.K. July 2012 13 Symantec U.S. Online Consumer Study, February 2011 14 Symantec Online Consumer Study (UK, France, Germany, Benelux, US and Australia) conducted in January 2011 Protection I 10

SYMANTEC CYBERCRIME SURVIVAL GUIDE VIDEOS Don t let their next victim be you or your organisation watch our three-part video series and arm yourself with the knowledge you need to defend against attacks. Discover how many websites are currently infected and why even legitimate sites may not be safe. See how easy it now is to become a data thief, and learn what methods will be used to try to steal your valuable information. Discover the alarming true cost of data theft and learn what steps you can take to safeguard yourself and your organisation. www.symantec-wss.com/uk/cybercrime/social For more information about Symantec, www.symantec.com Copyright 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Circle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. Survival Guide Videos I 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information