For online users, individuals or organizations, malware has always been a significant threat. A rapid rise is being witnessed that is more than capable of compromising, damaging or acquiring sensitive data which can either be personal or could lead to loss of intellectual property in the overall threat landscape. Statistics say that, rather than being hacked by using an exploit; IT users are more likely to be tricked into downloading malware. Hence, there is a continuous challenge in detecting and preventing such threats. Though, not all of these attacks are socially engineered, however, the technique is being used to evade security programs and is being applied to the web that increasingly triples the distribution of malware, of which 55% (Malware) is now delivered via Internet downloads, whereas only 14% is delivered through malicious emails. Which means that as there are more than a handful that don’t understand the complexity of web based threats, from a hacker’s perspective tricking users into installing malware is much preferred.

Also, the inappropriate use of SEO is on the rise. Attackers lure the users to the sites that contain the malware software and expose them to fake Anti-virus downloads, Trojans, worms and fake surveys. In addition to Search Engine Poisoning, the upturn in social networking sites makes them the prime focus of cyber criminals. As the information accessibility and services are interconnect and interdependent of each other, it opens more opportunities for more effective attacks on individuals and organisations.  The emerging Java threats due to Java plug-ins soon will be ruling the malware distribution. Also, URL Shortcut services and Location services contribute greatly in the business of malware distribution. URL Shortcut services will be witnessed.

Apart from creating new malware, Cyber-Criminals are effectively re-modifying the code of known deceased malware. A very good example would be that of the Ramnit Worm which has recently morphed into a financial malware. Moreover, there has also been an enormous increase in malicious programs accounting for at least 25% rise in fresh threats when compared to similar months in 2010. Trojans dominated the line of newly detected threats comprising of at least 70% of all newly created malicious software.

There was a whopping $114 Billion loss due to cyber crime itself cost the world last year. With over 2.9 million users falling as victims to cybercrimes, India alone stood at a loss of $7.6 Billion or Rs 36,200 crore out of which $4 Billion was the total financial loss while $3.6 Billion was the amount spent to resolve reported theft. Of the total amount reported a mere 21% of victims actually reported the crime to the police. Despite the efforts made by security vendors, only 16% had security software installed on their cell phone while 21% had on their PCs. Also, additional $274 billion was lost, based on the value victims placed on time lost due to their cyber crime experiences. More than two thirds of all adults who used the Internet more were victims of cyber crime. While most issues are more than preventable, over 54% of online users have experienced malware followed by 11% in online scams and 10% in phishing scams. In comparison to 2009 and 2010, there has been a decent increase in malware amounting to 19% in 2011.

There key reason for this increase in the cyber attacks is financial profit. Also, there been a whole automation in terms of the creation of malware due to the web attack toolkits that are growing at a rapid rate as the chosen weapon.

On the other hand, the way cyber crime is dealt by people online shown by the overall number of infected users itself signifies a defect. According to studies, in the last one year the overall number of users infected with regard to online cyber crime has tripled in comparison to offline crime. A major flaw is been noticed in the way users perceive online threats. There is a huge gap between awareness and the action that needs to be taken by IT users. Approximately, 80% of PC users are aware of cyber crime as a growing threat, however the necessary precautions are not being taken against it. At times, either the Security is outdated or the implementation of the necessary updates to protect users from complex threats id not up to the mark.

With respect to enterprises, cyber crime is increasing at an alarming rate with over $30 Billion being invested annually on corporate defences and cyber criminals are invariably being able to evade these conventional defences. In fact, even the most security conscious industries are vulnerable to online attacks such as HBGary, Epsilon, RSA and DigiNotar, Comodo– to name a few.

This article is a continuation of Security for Your Business – Part 1. We will discuss various statistics related IT threats and security concerns. This article points out clearly the importance and significance of securing your IT infrastructure. Do not hesitate in anyway from ensuring proper security measures, as not doing so can lead to damage and theft of your business data.

Phishing Scams

Phishing scams come under social engineering attacks. They provide a fake e-mail or website that looks like an authentic one and tricks you into putting your username and password. Once they capture your username and password, they now have access to your bank account or whatever website they are pretending to be.

A disputed study by Trusteer showed that spear phishing a hundred LinkedIn users resulted in a failure rate of 68%. That would mean that around 30% of those targeted with phishing attempts disclosed their personal data. That is significant enough for businesses to lose a substantial amount of money once their bank account information has been captured.

Cnet interviewed Michael Barrett, chief information security officer at PayPal (online payment processor) in April, 2011. This is what he had to say regarding the question of PayPal’s weakness to phishing attempts:

“I joined PayPal almost exactly five years ago and it’s fair to say the company had not realized at that point the true significance of phishing. But since that time we’ve put in place a number of defenses against it. It probably will never go away completely as a problem, but it can be substantially minimized. We’re at No. 8 on a list of most phished sites, which is better than being No. 1. I’m not satisfied with being No. 8 and I’d really like to obliterate the crime completely, but I realize that will take another five years to get to that state. A few years ago we started digitally signing all our outbound e-mail and we worked with Yahoo and Google so if they saw e-mail that purported to come from us but wasn’t signed they would block it. That has been stunningly successful. Now we’re trying to get the whole industry to take up that type of approach. But it will take several more years of pushing to get the rest of the industry to do that.” (1)

Malware

Malware is software that is damaging to your computer in various ways. Spyware is a type of malware that infects a computer and relays information of your computer use to different parties.

In 2007, Kaspersky Labs was seeing new malware samples every two minutes, but in 2010, just three years later, that had increased to one new sample every two seconds.

This is what InformationWeek has to say about small businesses and virus threats:

“Small business respondents’ other top concerns were Trojan applications (60%), malware designed by criminals expressly to steal data (59%), data leaks (56%), spyware (55%), and fake AV (52%). Spam and phishing threats ranked lowest. Most of today’s antivirus software suites protect against many viruses and worms. But when it comes to data-stealing malware, 21% of small U.S. business respondents said that their IT department could do a better job of protecting end users. Notably, only 47% of small businesses install security software to help stop such malware, 30% offer related security policies, and 28% provide relevant education or guidance.” (2)

Some are touting Cloud resources as the answer to fighting back malware spread. That remains to be seen.

Security Breaches – Hacks

It’s interesting to note that organizations attribute 59% of all security breaches to human error. This can occur if the network administrator has failed to set up the proper security barriers, or it can occur by inadvertently giving our information that a hacker can use to compromise the system.

About half of all organizations consider IT security a top priority. This stat indicates two scenarios. One, namely that there are pockets of IT infrastructures that don’t need high security. Perhaps these are small businesses that have a wireless network setup, and they don’t see themselves as a potential target from hackers. The network is small and their data isn’t all that critical. The second is that IT security is seen as a big issue for larger organizations. They have important data that cannot be leaked and as such they are prime targets for hackers. Hackers use stolen company data to sell to competitors and it is quickly becoming a lucrative business. Larger organizations need security for their systems and that entails purchasing the right equipment and having it administered properly.

The cost of an individual data breach – including lost business and the burden of responding to the incident – in 2010 increased 13% year-over-year for U.K. companies. That roughly equals $3 million for each breach, which is quite substantial. Needless to say, every organization, small or big, should pay close attention to its IT security needs.

Viruses

Small businesses still fear the virus according to a new survey of 1,600 end users in Germany, Japan, the United Kingdom, and United States. Conducted by antivirus vendor Trend Micro, viruses are the leading concern for 63% of small businesses.

A CompTIA stat shows that 33% of law firms admit to experiencing a security issue such as a virus. That’s only law firms, if you total firms from other fields the number is much higher.

Conclusion

The presentation of stats and facts in this article is only intended to create an awareness of various cyber threats. Cyber security is a huge issue and should not be taken lightly.

References

(1) http://news.cnet.com/8301-27080_3-20052310-245.html#ixzz1MvDmlGv5
(2) http://www.informationweek.com/news/security/vulnerabilities/228200171

Once a full scan is carried out and you plan on performing an additional scan within the future, just utilizing a fast scan ought to be great sufficient. There’s 1 primary downside to utilizing the totally free version of this software – you do need to manually update it by clicking on the update button.

The second piece of software that I use is known as Spyware Blaster. This will be the program that I use to protect my pc by preventing malware and spyware from obtaining in. Notice the distinction here: 1 program is utilized to scan and remove malware/spyware and also the other tries to stop it from ever coming in. Just download and install the program and it’ll offer you with full protection. With this program you’re also going to need to manually update it, but hey its a great deal much better than paying for it.

Now that you know about how you can stop against spyware your pc will probably be secure from all type of infections and this will also make your pc run quicker because there will probably be much less programs running within the background.

How Zeus botnot enters into User’s Computer?

Zeus is a financial malware which has affected about 3.6 million PCs in USA. This malware enters into user’s computer in the form of fake LinkedIn connection request. Fake messages like “accounted for as much as 24 percent of all spam sent within a 15-minute interval.” Is displayed on user’s computer and if anyone clicks on link given then a website is opened displaying message “Please Wait…. 4 seconds” and then the browser is redirected to Google. In this short duration of time this malware enters into user’s computer through this corrupted website.

This malware affects user computers in the form of Trojan. One of the major problem is that is available in different form and with different names and it affects your system in number ways.

Koobface spreads by delivering Facebook messages to people who are ‘friends’ of a Facebook user whose computer has already been infected. Upon receipt, the message directs the recipients to a third-party website, where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, Koobface is able to infect their system. It can then commandeer the computer’s search engine use and direct it to contaminated websites. There can also be links to the third-party website on the Facebook wall of the friend the message came from sometimes having comments like LOL or YOUTUBE. If the link is opened the trojan virus will infect the computer and the PC will become a Zombie or Host Computer.