As I sat down to focus on this month’s ‘Protected with Purpose’ column, an unprecedented $1.6 Billion Powerball Lottery drawing was only a few hours away. News sites, social media and I assume many workplace water-coolers were all abuzz in anticipation of the record setting event. If you have had your head buried in the sand and escaped all the excitement over the last few weeks as the grand prize reached hundreds of millions and eventually 1.6 billion dollars…the Powerball Lottery is similar to other lotteries, except that selecting the winning combination is more difficult. For the Powerball, participants have to pick five numbers ranging from one through sixty-nine. In addition, there is a sixth, separate ball ranging from one to twenty-six that also has to be picked correctly. When you take into account all the possible combinations, the odds of choosing all six balls correctly is roughly 1 in 292,000,000. Try to envision the following picture, in order to grasp the likelihood of winning the jackpot: According to the United States Census Bureau, the current population of the United States is a little more 321 million. I have read that if we were to line up every person in the U.S. in a single file line, that line would stretch around the Earth seven times. (Whether that is 100% factual I am not sure, but it provides a nice visual.) Your chances of winning the Powerball last night would have been only slightly better than having someone randomly select you from everyone else lined up in that single file line encircling the Earth seven times. And just in case that is still too hard to comprehend, your chances of getting hit by lightening in the United States in any one year is over 400% greater than winning the Powerball!
Optimist or not, I hope we can all agree that the odds of becoming the lucky (or unlucky) winner were not great. However, the lottery hysteria got my wheels turning about the increasing probability of users falling victim to a computer security attack (i.e. malware, hacking, etc.) in 2016, and the steps that a user can take to decrease those odds.
According to a recent Data Breach Investigation Report published by Verizon, hackers are blasting businesses with malware-based cyber attacks five times a second or 18,000 times every hour. (Does that make anyone else uneasy?) The statistic was correlated from data collected from over 10,000 businesses across a broad range of industries Nationwide. The financial impact of hacks on the American economy is reported as exceeding $100 billion a year, that’s over 60 times greater than last night’s record Powerball jackpot! And while major banking institutions, large retailers (i.e. Home Depot, Target), etc. remain high-profile targets, statistically many of the noted financial losses are from cyber attacks on small businesses and you, the typical home computer or mobile device user. For example, the FBI reported over $18 million in user-reported losses due to CryptoWall infections alone over the past year. That’s a staggering number considering that we’re (Thirtyseven4) updating for nearly 500 new ransomware variations every month! CryptoWall is a form of ransomware that encrypts files on a system until a desired ransom is paid. If you or anyone you know has been infected with any of the Crypto-variants, then you know that there is not much “recovery” from it—even when you pay the “ransom”. Thirtyseven4 serves thousands of school districts and hundreds of churches across the Nation (not one has been touched by Crypto since the addition of our DNA Scanner over 2 Years ago) and in the these first few weeks of 2016 we have been flooded with inquiries and pleas from non-customers seeking help because they have been hit by Crypto. Prevention is the only cure for Crypto-variants and so many other vulnerabilities. Get a solid antivirus product on your devices!
I mention everything above not to scare you, but to remind you that today’s threats are real and with the unfortunate profitability of cybercrime and millions of computers and smartphones connecting online all over the world, the odds are increasingly stacked against you.
To further that point, let’s have a detailed look at statistics collected from my (Thirtyseven4) Virus Research Team last quarter (Q4, 2015). The average per-day number of Android-based and Windows malware files received into our lab that targeted users totaled (on average) more than 450,000 samples a day. (I hope no-one is paranoid, because that is a lot of nasties pointed in your direction.) Of that total, over 225 new families of Android malware were discovered. Android malware-writers are not-only targeting your smartphones, tablets, etc., but they are becoming increasingly more savvy at doing so. Towards the end of last year Android.Mero.A was found live in the Google Play Store for the first time, as it had the capability to bypass CAPTCHA authentications systems. So not only are “the bad guys” producing expediently more malware, the malware is increasingly sophisticated. (Can’t these malware writers use their gifts for Good?)
And before the iPhone users get too proud, targeted attacks on the iOS have already arrived. Late last year, the XcodeGhost malware was found on the Apple App Store. Here’s another mind boggling number: the number of Windows malware doubled from the levels seen in Quarter 3, 2015. While the top category of Windows malware received remained under the Trojan (31%) classification, ransomware and adware we’re the most costly and huge nuisances in 2015.
Exploit kits also played a role delivering malicious payloads. Exploit kits use known or unknown vulnerabilities of software programs, web browsers and operating systems. The most commonly exploited program was Adobe Flash due to its compatibility with multiple platforms and because of how widely it is installed. Overall the Adobe Flash exploits grew 276% over the last Quarter. Java is highly exploited software for the same reasons. The exploit ‘CVE-2015-2590’ was a zero-day exploit used in ‘Operation Pawn Storm’, a targeted attack campaign that allowed attackers to control your system and lead to information stealing malware.
News-media and family-members alike often-times ask me if things will get better, and unfortunately I have to answer “No”. As millions of additional users connect online and as we enter the age of the “Internet of Things” (IoT) (fitness wristbands, smart watches, home appliances, vehicles, T.V.’s etc.) this further dependence and reliance on the latest technologies will undoubtedly open a whole new realm of security holes. As we rush and society pushes us into the technological “next-best-thing”, the lid is further lifted off of Pandora’s Box.
But unlike the Powerball drawing, staying secure with your device doesn’t have to be a gamble. Here are a few suggestions that can better-your-odds against a cyber-attack.
1) Use complex and lengthy passwords, and change them periodically. Never reveal your personal details/passwords to anyone. This includes family, relatives, coworkers and even a best friend.
2) Be cautious while participating on social networking sites, such as Facebook and Twitter.
3) Don't blindly follow links without knowing what they link to (i.e. shortened URL's). This goes for emails, texts and social media posted links.
4) When entering personal information to a website, always look for the padlock that’s located on the left of the location bar of the web address (https://). By clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details.
5) Apply the latest security updates whenever required by an application - such as Operating System updates (Windows, Mac, etc) or other programs like Java, Adobe, etc.
6) Install STRONG antivirus software, making sure it remains up-to-date and scanned at regular intervals. May I recommend Thirtyseven4 Endpoint Security?
7) Use common sense! Many risks are identifiable, and must be approached with caution.
The numbers were high in relation to the Powerball drawing. High volumes of people bought tickets. The Jackpot was a high-dollar amount. Hopes were high. But three people won. Only three lucky ducks out of millions got a piece of the pie. Malware, viruses and ransomware have different odds.
Thousands of new variations in malware a day. That means cyber-criminals are working to penetrate your data now…and now…and now. I am not trying to make you paranoid, but I am trying to inform you, to educate you. Online security threats are not like Powerball, where there are lots of numbers and a few are picked. Online security vulnerabilities number in the millions and they affect people, businesses, schools and churches by the millions. Being prepared and informed (and well-protected!) is the best defense and the only way to be a “winner” in this lotto. Stay informed, be smart and be proactive with a trusted antivirus product and odds are--you will have good luck in staying protected.