Beware! Cyber criminals are on the prowl

Cyber criminals use their best schemes during holidays to trap the web surfer -- this New Year is going to be no different.

With a 111.4 per cent rise in malicious websites from 2009 to 2010, internet security is on a high and companies like Websense, Symantec and McAfee have warned of sharper and specific cyber attacks this festive season.

Hackers have defaced more than 9,000 Indian websites in the first three quarters of the calendar year by taking advantage of security gaps.

. . .

The recent news of Prince William's engagement triggered malicious activity: McAfee's security researchers found that several 'Prince William' search results on Google and Yahoo were 'poisoned' (or infected) by hackers who manipulated the results to infect users' computers.

"This is a growing trend. Bad guys target the hot news of the moment and take advantage of people's tendency to trust Google," reports Websense, which estimates that 22.4 per cent of all searches for current news lead to malicious results on search engines.

According to Websense 2010 Threat Report, out of the 40 million websites that Websense scans for malicious code, nearly 10 million emails have unwanted content and malicious code.

With Christmas less than a month away, Apple iPad offer scams, fake gift cards, holiday job offers and Grinch-like greetings are expected to multiply.

. . .

"Scams continue to be big business for cyber criminals who have their eyes set on capitalising on open hearts and wallets this holiday season.

"As people jump online to look for deals on gifts and travel, it's important to recognise common scams to safeguard against theft during the busy season ahead," said Dave Marcus, director of security research for McAfee Labs.

In fact, online threats are no longer delivered in just email attachments. Now, sophisticated script-based attacks embedded in Flash or social websites like Google, Facebook and YouTube, where 80 per cent of web traffic has access, are now the playgrounds for cyber criminals.

. . .

The most dreaded worm of the year was Stuxnet that affecting industrial control systems in as many as 155 countries, including India.

Besides being the first computer worm to affect real-world equipment, Stuxnet has impacted critical infrastructure such as nuclear power plants, dams, water treatment facilities and other factories.

Till September 29, Symantec data reveal there were approximately 100,000 infected hosts and over 40,000 unique external IP addresses that were infected by the Stuxnet worm.

. . .

"While 60 per cent of the infections were observed in Iran, India had the third highest infection rate globally, just behind Indonesia. Nearly 10 per cent of Stuxnet infections were observed in India," the Symantec report said.

Shantanu Ghosh, vice-president (India Product Operations) of Symantec said: "Critical infrastructure will increasingly come under attack and while service providers will respond actively, governments will be slow to react. Moreover, a new frontier in politically motivated attacks will emerge."

Security experts warned that users also need to be aware of smishing (SMS that contain links to corrupt websites).

. . .

These text messages may appear to have come from your bank or an online retailer citing an account error and asking you to call a number to verify your account information.

In reality, these are merely a ruse to extract valuable personal information from the user.

So, how can users protect themselves from such cyber attacks?
Stick to well-established and trusted sites that include trust marks (icons or seals from third parties verifying that the site is safe) and by not responding to offers that arrive in a spam email, text or instant message, said security experts.

Users should also be aware that Wi-Fi networks are easily compromised. Marcus of McAfee Labs said, "Don't check bank accounts or shop online if you're not sure the network is safe. Don't believe anything that's too good to be true."