Source: USA TODAY

It’s a sinking feeling, when you realized you’ve been had by a phishing scam. In the frenetic digital world we live in, it can happen to anyone.

So you’ve clicked on a link that now seems very suspicious. You’re concerned that the bad guys may be in control of your computing device. Or perhaps you’ve typed some account information into a web form , and you’re having second thoughts about the authenticity of the form.

Recovering will require work. Here are three things you can do if you believe you’ve fallen prey to a phishing scam delivered by e-mail, a social media posting or even a phone call, according to Adam Levin, Chairman of IDentity Theft 911.

Update and scan: If you have clicked on or downloaded anything that might infect your system, then make sure you install or update anti-virus software and run a full scan of your system. Here is helpful guidance from ID Theft 911.

Contact credit agencies. If you have disclosed any personal information or you’re worried your account may have been accessed, you can place an alert with any one of the three major credit bureaus signals to potential creditors that you could be a victim of identity theft.

Update account logons. If you have reason to believe that any of your email or social media accounts are compromised make sure you change the passwords immediately. See tips here.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

Source: USA TODAY

It’s been nine months since the milestone Shamoon virus wreaked havoc at Aramco. Shamoon was not designed to steal data. Nor was it just another garden variety denial of service attack, intended to disrupt and embarrass. Shamoon’s express purpose was the crippling the Saudi Arabian national oil and natural gas company. It accomplished its mission, destroying data on some 30,000 desktops and servers at the oil company.

The U.S. Departmentof Homeland Security’s National Cyber Security Division has updated its standing alert, specifically recommending that IT organizations implement ways to detect propagation of viruses like Shamoon. CyberTruth asked Gord Boyce, ForeScout Technologies’ CEO, to frame the go-forward concerns:

CT: Why does concern remain heightened about Shamoon?

Boyce: A decade ago, we used to see viruses that were destructive like Shamoon. But by 2004, the people who write viruses shifted their intentions from notoriety to profit. Since then, most viruses have been designed to remain undetected and unobtrusive. The viruses quietly do their work, such as using your computer to send hundreds of spam messages without your
knowledge. Shamoon is a huge departure.

CT: Is there a consensus about who likely was responsible?

Boyce: No. Most security experts believe that the author of Shamoon was politically motivated. Strong anti-American sentiment was evident within the Shamoon code. For example, there was an image of a burning American flag. Some say that the author of the virus intended to send a message to the Saudi government for supporting controversial American foreign policy in the Middle East.

CT: Should the public be concerned that Shamoon’s creators/controllers are likely still active?

Boyce: Yes. After a terrorist event that makes an apparent change in the threat landscape, it is natural and prudent to have a heightened awareness and to exercise defense procedures designed to reduce the risk of a similar event. Shamoon is highly
destructive and an organization infected with this type of malware could experience operational impacts including loss of intellectual property and disruption of critical systems.

CT: What about copycats?

Boyce: Computer forensic experts who have inspected the Shamoon code have stated that Shamoon was not an especially difficult virus to create, so copycat viruses are quite possible.

CT: How would you summarize the go-forward concerns?

Boyce: Organizations have to assume copycat similar attacks might take place and protect against them. The concern is that from a single computer the virus infection can spread internally from computer to computer. And perimeter defenses like firewalls and network intrusion prevention cannot prevent the spread. Organizations need to upgrade their internal network defenses to
ensure even previously unknown malware cannot spread undetected.

CT: Anything else?

Boyce: Traditional measures such as antivirus are not enough to prevent 100 percent of fast-spreading infections. The main thrust of cyberthreats is continuously shifting inside organizational networks; IT security needs to follow suit, and deploy technologies that effectively address those threats over their internal network.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

Source: USA TODAY

SEATTLE — Kids start watching porn from as early as the age of 6, and begin flirting on the Internet from the age of 8, according to a survey of over 19,000 parents worldwide.

What’s more, kids are accessing instant messaging and computer games at a much younger age than just a few years ago. At the extreme, 3.45% of kids covered in the analysis used Instant Messaging to chat with friends while 2% of computer game addicts were just 5 years old.

The study results were released exclusively to CyberTruth by Bitdefender. The Bucharest-based antivirus vendor correlated results of an online survey of parents with data compiled from its parental control services, such as which sites parents choose to block, and which sites children access regularly.

Almost a quarter of the kids accounted for in the study had at least one social network account at age 12, while 17% were social media users at 10.

Bitdefender found that children lie about their age when creating social network profiles, especially on Facebook, where they are supposed to be least 13.

“Kids nowadays are acting like young adults online — just give them an Internet-connected device, and they will find a way to things parents would like to ban forever,” says Bitdefender Chief Security Strategist Catalin Cosoi.

Almost a quarter of the kids accounted for in the study had at least one social network account at age 12, while 17% were social media users at 10.

The survey found that gaming, hacking and so-called “hate” websites, where youngsters are free to use profanity and express disdain, are hot destinations for kids and teens.

“Kids lie about their age to get access to something they want to explore, in this case a social network,” says Jo Webber, CEO of Virtual Piggy, a website that enables kids to manage and spend money within a parent-controlled environment. “It’s no different than my generation lying about age to get cigarettes or into a bar.”

Webber points out that this generation of children were born into an Internet-centric society.

“The Internet is a huge system that houses good and bad,” Webber opines. “Parents need to stay involved with their children and be ready to explain things that their children may stumble upon.”

Child safety experts call for parents to educate their offspring about how dangerous giving out personal information can be, and enforce usage rules.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

Source: USA TODAY

SEATTLE — U.S. physicians and hospitals are in the digital dark ages when it comes to using the latest mobile devices and Internet services to deliver patient care.

As a result, U.S. hospitals are absorbing an estimated $8.3 billion annual hit in lost productivity and increased patient discharge times, according to a Ponemon Institute survey of 577 health care professionals, released Tuesday to CyberTruth.

Hospitals continue to struggle with security and privacy concerns arising from the mainstreaming of social media at a time when federal rules carry the threat of steep fines for violating patient privacy.

The study, sponsored by tech security firm Imprivata, shows that clinicians waste an average of 46 minutes per day waiting for patient information. The main reasons: reliance on inefficient pagers, no Wi-Fi access, deficient e-mail and bans on use of personally owned devices.

That adds up to a productivity loss of $900,000 per year for the typical hospital — or more than $5.1 billion annually across the health care industry.

“The only industry that uses pagers pervasively is health care,” Imprivata CEO Omar Hussain says. “Everyone else has moved to forms of communications that are faster and quicker.”

Hospitals fritter away an additional $3.2 billion by continuing to rely on clunky communications systems as part of the patient discharge process. An estimated 37 minutes of the average discharge time of 102 minutes is due to waiting for hospital staff to respond with information necessary for the patient’s release.

This lengthy discharge process costs the U.S. hospital industry $3.2 billion annually in lost revenue, the study found.

“If the technology was a little better and less restrictive, that’s where the value add would occur,” says Larry Ponemon, of the Ponemon Institute. “The goal is to maximize face time with patients. I think that could be achieved by having better technology.”

Beaufort Memorial Hospital, a 197-bed facility in Beaufort, S.C., with a staff of 1,300, including 150 physicians, is a case in point.

The hospital recently implemented a secure-texting system that enables doctors and nurses to use text messaging on personally owned iPhones for business communications. The fix was simple: a Web application, downloaded from the Apple Store, that encrypts all messages and stores them in an archive that can be audited.

“The manufacturing and banking industries have been doing these things for a long time,” says Edward Ricks, Beaufort’s chief information officer. “These technologies aren’t new. It’s just that the culture for using them to improve workflows hasn’t happened in hospital culture.”

Beaufort also replaced its aging in-house network, in which doctors had to memorize multiple logons to access records in different departments. Today, the hospital uses a new “virtualized desktop” and “single sign-on” system. Simple computing devices are located in all rooms and at all nurses stations. Each staffer has a single logon to access records in different departments, and can do so from and device.

“We’ve seen a great improvement in workflows for physicians and nurses,” Ricks says. “Folks will do the right thing if you give them the right tools.”

The Obama administration has supplied a juicy carrot for others to follow suit. In 2009, President Obama signed into law the Health Information Technology for Economic and Clinical Health (HITECH) Act, allocating $19 billion to promote the wider use of electronic medical records.

Under a federal program referred to as “Meaningful Use,” doctors can get reimbursed for demonstrating increased adoption and use of electronic medical records.

“Meaningful use is forcing the health industry to adopt new technologies to make more patient information available in real time and improve communications,” says Hussain.

Sweeping change is not likely to happen overnight. Jeremy Delinsky, chief technology officer at Athenahealth, which supplies electronic medical record systems, notes that there is no infrastructure for physicians to easily share patient information.

Someone from, say, Boston, who falls ill while on vacation in Phoenix, would have a difficult time getting the family physician to send health records to the attending physician in Arizona. This could present enormous problems for patients with chronic conditions or complicated medical histories, he says.

“Health care is incredibly complex,” Delinsky observes. “Technology innovators must contend with regulatory restrictions and run interference with insurance companies. These compounding factors make it very difficult to digitally advance the way patients receive care.”

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

Source: USA TODAY

SEATTLE – Don’t be surprised if your bank or credit union website suddenly goes offline on Tuesday.

Consumer websites for the White House, FBI and seven other federal agencies, along with 130 large and small banks and credit unions have been targeted by the hacking collective Anonymous for Distributed Denial of Service, or DDoS, attacks on Tuesday.

What’s notable is that dozens of smaller banks and credit unions are on the target list, which has been posted on Pastebin. And many may not be adequately defended, says Jerry Irvine, chief information officer at Prescient Solutions, a Chicago-based technology IT outsourcer.

The hacktivists’ motive: backlash over what the attack organizers refer to as America’s “war crimes.”

The U.S. finance sector already has spent millions repelling DDoS attacks that are part of a months-long campaign, presumably by Iranian nationalists, determined to systematically harass U.S. financial institutions, as CyberTruth has reported.

Tomorrow’s planned caper does not appear to be connected to that campaign, says Irvine. CyberTruth asked Irvine to set the scene.

CT: How likely is it that Anonymous will attempt to carry out this DDoS attack?

Irvine: This is absolutely a real threat. Most attacks that have been publicized have been attempted. They are not always successful. However, there has been some malicious activity as a result of hacktivist threats.

CT: What do these attacks tell us about the current state of hacktivism?

Irvine: There have been a number of predefined hacks that have been absolutely tactical. They know small banks, businesses and governments are vulnerable because they typically don’t get large funds for IT.

CT: Why should the average person be concerned?

Irvine: While on the surface denial of service attacks may seem more of an annoyance, this is a real risk. DDoS attacks are the gateway drug to other attacks. DDoS attacks weaken networks making them more vulnerable for other attacks. Identity theft or monetary loss could all be a result of just this one DDoS.

CT: What’s the going forward concern?

Irvine: The big concern here is that it just gets worse. These attacks are the wave of the future, not a one-time occurrence, only we’re not going to be told about other ones.

CT: Anything else?

Irvine: Prepare your infrastructures and systems to support any type of risk, whether it’s Anonymous or a script kiddie.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

Source: USA TODAY

There’s been a stunning shift in the way malicious software circulates on the Internet.

Viral attachments and web links arriving in e-mail remain pervasive. But fresh research findings from firewall vendor Palo Alto Networks revealing that the vast majority of malware seeping into company networks arrives via drive-by download.

It turns out that the biggest threat to corporate networks is employees unwitting clicking on webpages carrying nasty infections, such as widely-used Blackhole programs designed to intelligently fingerprint your computing device and locate the best available security hole to infect it.

Palo Alto’s discovery finding suggests that the bad guys have shifted their attention to corrupting vulnerable webservers, and thus booby-trapping innocuous web sites to silently infect the computer or mobile device of any and all visitors.

(Dot connection: Palo Alto’s research dovetails with findings by security firms ESET and Sucuri, disclosing details of a nasty bit of malware dubbed, Linux/Cdorked.A. As CyberTruth reported earlier this week, Linux/Cdorked.A has stealthily implanted driveby download infections in hundreds of Apache webservers, the most well-known and widely-used webserver in the world.)

Palo Alto analyzed three months worth of Internet traffic circulating through its customers’ networks, and found that 90% of the malware leaked in from web-browsing, while only 6% arrived via tainted e-mails.

Malware circulated via driveby download, via a tainted webpage, also did a much more effect job of remaining undetected. On average it took 20 days or longer for antivirus programs to detect and block malware from a web borne compromise versus five days for email-based malware.

The simple reasons for this, says Palo Alto product manager Wade Williamson, is that web-browsing is real-time and email is not. Therefore, there is less time for security to analyze suspicious coding and make decisions as to whether to block.
And the bad guys have become masters of customizing malware each time it gets delivered from a webserver to another victim, whereas most e-mail goes out in bulk.

“The malware fight has moved into the network and businesses need to make sure their anti-malware efforts in the network are as good or better than what they do for e-mail,” says Williamson.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

Source: USA TODAY

SEATTLE — Nation-state-supported cyberspies are increasingly targeting small businesses as part of long-term espionage campaigns.

That’s a new pattern that emerges in Verizon’s just released 2013 Data Breach Investigations Report (DBIR), which correlates forensics findings from 621 actual databreach investigations in 27 different countries.

Verizon’s DBIR has long been considered a rich trove of security intelligence in the cybersecurity community. And it’s getting richer. This year’s version includes contributions from a record 19 different investigatory organizations from around the world. Key findings:

“Verizon’s newest report indicates that most data breaches involve stolen credentials, backdoors and brute force attacks,” says HyTrust president and founder, Eric Chiu. “In addition, it confirms what HyTrust has also found– that the vast majority of breaches aren’t detected until months after compromise.”

Nathaniel Couper-Noles, senior security consultant at security firm Neohapsis adds that cybercriminals continue to get better at finding and taking advantages of security weaknesses intrinsic to complex networks.

“The breadth of successful attacks in the report shows that technological innovations can benefit attackers as well as defenders,” says Couper-Noles.

Andy Green, analyst at Varonis Systems, notes that Verizon’s report emphasizes that 80% of breaches could be easily prevented with two-factor authentication, and that it still takes months for most breaches to be discovered.

Varonis recently published a privacy survey that found 47% of resondents using multi-factor authentication for their personal e-mail accounts.

“If this trend can carry over to corporate email and intranet access, then we may finally see a dip in these low-skill, but still very effective, password-based hacks,” Green says.

Andy Green, analyst at Varonis Systems, notes that Verizon’s report emphasizes that 80% of breaches could be easily prevented with two-factor authentication, and it still takes months for most breaches to be discovered.

Varonis recently published a privacy survey that found 47% of resondents using multi-factor authentication for their personal e-mail accounts.

“If this trend can carry over to corporate email and intranet access, then we may finally see a dip in these low-skill, but still very effective, password-based hacks,” Green says.

Another pattern Verizon’s investigators have been able to parse out, to some degree, is whether profit-motivated crook or state-sponsored spies appear to be behind corporate network intrusions.

State-affiliated actors accounted for 21 percent of attacks, while organized crime groups were behind 55 percent. China accounted for 96 percent the state-sponsored attacks, while Eastern European countries such as Romania, Bulgaria and Russian Federation countries were responsible for the bulk of financial crimes.

“The bad guys have unlimited resources and time to poke and prod company networks,” says Patrick Harbauer, Neohapsis senior consultant. “Your only hope is to invest in qualified people and automated tools so that you can effectively monitor your systems for malicious activity.”

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

Source: USA TODAY

SEATTLE – Facebook scammers continue to use top celebrities in ruses to get users of the world’s largest social site to click on links that infect their computing devices.

The Top 10 Facebook scams revolve around come-ons to view lewd content relating to Kim Kardashian, Megan Fox, Justin Bieber, Selena Gomez and Chris Brown, according to analysis supplied exclusively to USA TODAY from Romanian anti-virus company BitDefender. Catalin Cosoi, Chief Security Strategist at Bitdefender, supplies context:

Q: Facebook puts a lot of resources into security. So why are these scams still getting through to users?

Cosoi: Facebook is doing a lot in terms of security. If you keep using the same target and constantly fine-tuning your attack vectors, though, at some point you will find ways to bypass security measures. However, once they start spreading, they will probably pop up in an outbreak detection mechanism and will be removed. Compared to a couple of years ago, Facebook is doing really well in eliminating threats.

Q: How would you characterize the success level of the bad guys?

Cosoi: They aren¹t starving . Thousands of unwary victims click daily on third-party applications that promise to let them see their stalkers or change their Facebook color. Educated but non-technical men are usually the first who hurry into clicking and spreading such messages, especially bogus sex tapes.

Q: Can you briefly describe how a typical Facebook attack unfolds; what are the steps?

Cosoi: A typical Facebook attack unfolds in waves, with a series of compromised URLs luring users with the same bait in a short period of time. It all starts with an attention-grabbing message. The victims land on another web page where scammers host fraudulent schemes or malware.

They may be asked to complete endless surveys, but they never get to see the promised sex tape or new feature. Last but not least, the scammy app will automatically post messages on the victims¹ timeline and on the timelines of their friends to trick as many people as possible into spreading it further.

Q: Do you expect these type of attacks to continue? Why so?

Cosoi: Cyber-criminals have no reason to stop ­ for them, it¹s a profitable business with low overhead. The lack of novelty when it comes to crafting Facebook scams shows they have no reason to invest in new baits. And why would they spend time and energy coming up with new material when users still answer to the same old emotional triggers?

Q: What can or should Facebook users do?

Cosoi: Facebook users should count to ten before clicking any button or image promising them sex videos or features the social network doesn¹t have. The compulsive social media behavior of a few users helps scammers maintain a profitable business. With techniques such as likejacking and tagjacking, users also unwittingly become brothers-in-crime with cyber-crooks.

Q: Could Facebook be doing more?

Cosoi: Facebook already invests a lot of resources into keeping its platform safe for more than a billion users, with all the traffic and spam that a number like that generates. The scams that do get away represent just a small percentage of over 3 billion likes and comments posted every day.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

Source: USA TODAY

The hack that caused the market to stumble briefly today was trivial.

Someone cracked into the AP’s Twitter account and tweeted a bogus headline about the White House being bombed. That was enough to cause the S&P 500 to crater for a few minutes.

Cybercriminals often take the easiest route. So it’s likely that this prankster simply went shopping in the cyberunderground to obtain the username and password of an AP employee authorized to use the wire service’s Twitter account, says J.D. Sherry, security consultant at Trend Micro.

Stolen logons for financial and social media accounts readily flow through underground forums. And over the past week there has been a big infusion of freshly stolen data. “Hackers are compromising our computing devices and then spreading false information that can be damaging to an individual or a company,” Sherry says

A surge of stolen data came from phishing attacks pegged to videos of the Boston Marathon bombing and Texas fertilizer plant explosion. Phishers sent out links to actual disaster videos in millions of e-mail messages. Clicking on one of these links displayed the video – but also infected the computing device.

What’s more, banking security firm Trusteer on Monday disclosed that it found malicious software for sale designed to steal Twitter credentials from infected PCs, then instantly send out Tweets from that account to all of the account owners followers. The Tweets carried links to viral websites.

“Once you get that user name and password, you can use it for any number of things, says George Tubin, Trusteer senior analyst. “By taking over the account of a respected Twitter source, you can then use it for hacktivism, or to disrupt business or create turmoil.”

In the cyberunderground, stolen account credentials, personal information and payment card numbers are sold to the highest bidders, and often posted for free by hacktivists out to make an ideological point.

In this case, it appears the hacker was able to logon as an official AP employee, says Wade Williamson, researcher at Palo Alto Networks.

“A hijacked Tweet is a real Tweet for all intents and purposes, but the account has been compromised and this usually happens the old-fashioned way — by breaking or stealing passwords,” says Williamson.

Whether the prankster was out to get a laugh, embarrass the AP, or game the stock market remains to be seen.

“It will be interesting to see if there was a rash of short sales ahead of the Tweet,” says Williamson.

The escapade underscores concerns sparked by the SEC recently approving corporate use of Twitter, Facebook and other social media to officially post company financial results and other announcements.

“The SEC looked at it purely from the perspective of disclosure equality, but not from the information risk standpoint,” says Kavitha Venkita, managing director at CEB a Washington D.C. business advisory firm. “Companies need to have the right kind of staff training to ensure employees use these services securely and don’t let their accounts fall into the wrong hands.”

Chris Boyd, senior researcher at Threat Track Security, concurs. “The onus is on whoever is running the social media account,” says Boyd. “He or she should know who they are sharing the passwords with and make certain they do that in a secure manner.”

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.

Source: USA TODAY

Cybergangs that specialize in phishing scams wasted little time moving to take advantage of the Boston bombing saga and the Texas fertilizer plant explosion. Dell SecureWorks’ on Friday detected and blocked waves of e-mails carrying enticements to click to video of the twin news events. Doing so does take the victim to a YouTube video of the event – but it also triggers an infection that turns control of the victim’s PC over to operators of two of largest networks of infected PCs, referred to as the Cutwail and Kelihos botnets. USA TODAY asked Dell security researcher Dr. Brett Stone-Gross for more clarity.

Q: What stands out about this wave?

A: The volume of malicious spam is extremely high because it is being sent out by two different spam botnets at the same time.

Q: What kind of badness is Cutwail and Kelihos known for?

A: Cutwail is known for sending out the notorious ZeuS Banking Trojan, money mule recruitment, fake anti-virus, rogue pharmacies, dating scams, fake diplomas, and replica watches. Kelihos is well-known for its advertisement of so-called “pump-n-dump” stock fraud scams that promote penny stocks in order to manipulate their price; followed by a massive sell-off.

Q: What’s a typical lure a consumer might see this weekend?

A: The next lure will likely depend on the upcoming news events and updates that unfold, including updates around these two tragedies. However, the miscreants behind these spam campaigns usually take weekends off, so we may not see new lures until the start of next week.

Q: What will happen if I click on the link, thinking I’ll see a video?

A: The Kelihos spam links to fake websites that embed legitimate YouTube videos surrounding these events, along with a malicious HTML iframe that loads an exploit kit that targets vulnerabilities in browser plugins. If a user’s system is vulnerable to the exploits, malware will be silently installed in the background.

Q: Why is it so difficult to stop these predictable attacks?

A: Unfortunately, it is very difficult to educate every computer user about the dangers of clicking on links and attachments in email, and the process of routinely updating software can often seem like a tedious process, leaving many users vulnerable to these attacks.

Copyright © 2013 USA TODAY, a division of Gannett Co. Inc.