Many of you will instantly recognize the opening line to one of the most popular Sci-Fi shows of all time, The Twilight Zone. Others of you, many much younger than the author of this blog, will most likely not have a clue to what I am referring to. All is well however! You can get all the series on iTunes and do some binge watching over the holidays to see how truly great this series was. Rumors indicate that they’re hoping to revive it. This is very relevant to our current state of information security, and many twists and turns occur daily in this plot of bad guys versus the rest of us.
Achieving a world safe for exchanging digital information is a never-ending quest in today’s heavily driven, hyper-connected information society. Can it be achieved? At Trend Micro, we think so. It is all about mitigating our risk in our personal and professional realms. Whether that’s managing the security of the mobile wave and explosion of social media, embracing and realizing the benefits of cloud computing, or combating the polymorphic threats in the ever-changing cyber threat landscape. Trend Micro has made big bets and investments to go after this mission of securing our data no matter where it resides. We are imagining this world and taking direct action. Rod Serling, the mastermind behind The Twilight Zone, most definitely would be proud.
What can we do to progress toward this state? Most days are not going by without a security event making some sort of news. Unfortunately, many of these events can directly and/or indirectly impact our personal and professional lives. Cyber crime across the globe is impairing our credit and financial status on a personal level, as well as severely damaging our brands and customer trust within the businesses we own and work for. This trend doesn’t appear to be changing anytime soon. In fact, it is going to get worse before it gets better. Trend Micro and its dedicated team of visionary threat researchers have spent a great deal of time reflecting back on these events of 2013. During this intense analysis, they have come up with our latest predictions for 2014 and what we should all be cognizant of.
Mobility continues to rule much of our day-to-day lives. It has fundamentally changed the way we interact on a personal and business perspective. It started with the simplicity of putting a camera on our phones and quickly moved to conducting payment transactions and sensitive document access via smartphones and tablets all via the public Internet. Cyber criminals have studied extensively the behaviors of consumers of mobile devices and consumption of cloud services over the last five years. They know where our devices and actions are vulnerable and are focusing on globally exploiting our lackadaisical approach at protecting these devices. That being said, they would much rather profit from their nefarious activities than simply maiming your public image on Facebook or Twitter. They are looking for big payouts in which they penetrate your mobile device through a malicious Facebook or Twitter URL. It is still most likely done via a common spam campaign to trick you into downloading their Remote Access Trojans (RAT). This allows them to inject themselves into running processes and applications via malicious software, unbeknownst to the end user and maintain a silent presence. This has proven to be a fiscally detrimental approach to many user’s bank accounts and ability to conduct secure transactions.
We are all targets. As long as we continue to be less than diligent with our mobile devices than our traditional PCs, even as we consume more services from these devices than our PCs, we will continue to see the threat actors have a field day with our net worth and our privacy. To be blunt, this is something much more likely to infringe on our lives than any form of government eavesdropping.
Key logging via these RATS lets them get in the middle of your transaction between your bank or your other respective financial institution. This is known as a Man In The Middle (MiTM) attack. This speaks to the first threat prediction our researchers at Trend Micro emphasize for 2014. However, don’t be fooled that cybercrime is regulated to just men. Females are seeing how lucrative this can be and are perfecting their craft as well. They are cashing in on the payouts associated with mobile fraud and credential stealing. In short, it essentially lets them steal your username and password and log into your bank or credit card company through the recording of your mobile keystrokes. This allows them to then manipulate funds and stage false bank balances on your mobile devices, continuing the masquerade. All while remaining clandestine on your mobile device while they pillage and plunder your bank account. As more financial institutions embrace mobile banking, they will be looking to implement at a bare minimum, two-factor authentication to mitigate against banking fraud.
Trend Micro and the entire security industry applaud these efforts and it is absolutely the right thing to do to. However, we must remain cognizant that cybercriminals are already manufacturing malware that stays one step ahead of this game. They are creating malicious packages that once on your device, intercepts the SMS texts that are sent via your financial institution to your phone to validate that you are performing the transaction or the secure request. Hence, the second factor of a banking or secure transaction to prove you are who you say you are. Such packages as PERKEL and ZITMO are the leading suspects for this innovative, two-factor busting technique. They will continue to evolve and proliferate our banking and financial ecosystems in 2014 and beyond.
So how do we get closer to achieving The Twilight Zone state of a world safe for exchanging digital information? It takes awareness on all our parts as digital natives. We are significant consumers of social media and mobile devices. We owe it to ourselves to behave responsibly and practice due care when it comes to securing them. If not, we run the risk of being the victim in the next episode of The Twilight Zone, 2014.