Your home and the devices in it will be a viable target for cybercrooks in 2016.
Back in the good ol’ days of the early 2000s until just a few years ago, all we had to be concerned about was security on our desktop computers and laptop. In the intervening years, mobile devices have become so ubiquitous that hackers have turned their sights on them, especially Android devices.
But starting in 2015, everyone began to realize just how close to home cybersecurity really is. Home networks are the new gateway, and 2016 will be the year that vulnerabilities in the Internet of Things (IoT) and wearable devices combined with weak home router security will lead to personal attacks.
The weak link is your home router
“The security situation with home routers is actually pretty bad,” Ondrej Vlcek, COO of Avast told Fast Company. “Most of the companies do a relatively good job of . . . patching the vulnerabilities, but the problem is that no one updates the firmware in the routers. The user doesn’t at all, and usually the ISP doesn’t either.” He added that we saw the most attacks on routers by far in 2015.
“Right now, attackers are targeting routers en masse,” said Pavel Sramek, an Avast Virus Lab research analyst. “It’s highly probable that they’ll expand their target list to network-attached storage and “smart” TVs as well, since the security aspect of these devices has been almost completely neglected by their manufacturers so far.”
“Many of the companies and engineers don’t really think about security,” says Vlcek. Data, for example, is often transmitted without any encryption, making it easy to steal or fiddle with.
Since this is the time of year to look forward, I asked several of our Avast Virus Lab research analysts about what to expect in 2016 for home networks, wearable devices, and all the gadgets that make up the Internet of Things.
Back in May, I pulled my new copy of Entertainment Weekly out of the mailbox and flipped through it quickly, as I usually do before sitting down to read the whole thing. An article about an unusual premier of a new TV show called Mr. Robot caught my eye. The cyberthriller’s pilot episode was set to make its debut online and through alternative viewing services like Xfinity On Demand, iTunes, Amazon Instant Video, XBOX, and Google Play almost a month earlier than its USA Network television debut on June 24.
The next Monday morning, I shared the news about the show with my colleagues, and we all vowed to watch the new drama about a cybersecurity expert who joins an underground hacker group, as soon as we could. We hoped it would be a more realistic version of the security issues we face today than CSI: Cyber or any number of Hollywood movies. We even contemplated having a weekly viewing party with Avast Virus Lab researchers and getting their comments live, a la Mystery Science Theater 3000, if the show was good.
A twist in the plot
The very next day after the initial discussion, one of my colleagues, and regular blog writer, Stefanie Smith, received an email from a Mr. Robot production staff member asking if we would be interested in having an Avast antivirus product make an appearance on one of the upcoming episodes. At the time, a few weeks before the pilot episode even aired, this was a difficult call – but our decision to be a part of the show, even for a brief moment, proved to be the right one.
Mr. Robot has consistently been named one of 2015’s best TV shows, and it received Golden Globe nominations for Best Series, Best Actor for Rami Malek, and Best Supporting Actor for Christian Slater.
We didn’t watch it together with the Virus Lab guys, but every week after the show, we got their expert opinions about the hacks depicted on Mr. Robot. Here’s some of our favorite moments from season one:
When I was checking my Facebook News Feed this morning, I found this message.
It seems one of my friends was very excited because Facebook founder, Mark Zuckerberg, was scheduled to give away 4.5 million shares of Facebook stock at midnight. To enter this lottery-like giveaway, all you had to do was copy and paste the message to your own news feed. The message, and variations like it, go on to say that the winners will be announced live on today’s Good Morning America. Read more…
Merry Christmas! Happy Holidays! Seasons Greetings!
All of us at Avast raise our glass in a toast to all of you, the global community of people who help us keep cyberspace secure. You motivate us everyday, and we wish you the happiest of holidays and a New Year full of joy, peace, and security. Cheers!
Avast Wi-Fi Finder saves your data and roaming fees by locating safe and reliable connections.
Everyone loves free Wi-Fi. You can surf the web, check your email or newsfeed, make Skype video calls across the world, or stream games, movies, and music – without eating up your data plan. That’s a great deal! Or is it?
The problem with free Wi-Fi hotspots is they can’t be trusted to be safe and keep your data secure. Cybercrooks can eavesdrop on your conversations and even break in to steal personal information.
When you need to find safe Wi-Fi, use Avast Wi-Fi Finder
Our new mobile app, Avast Wi-Fi Finder, lets you instantly search for available networks on the map or browse through a list. Wherever you are in the world, you can always find a safe connection, because after a successful beta test, we launched the app with nearly 800,000 networks in our database. The more people who use Avast Wi-Fi Finder, the bigger and better that database will become.
Be aware that cybercrooks send “special” offers via fake email campaigns during the holiday season.
The holiday season is a time for decorations, cheerful music, shopping, spending time with loved ones, and unfortunately, for cybercriminals hoping you will fall for phishing scams.
“Cybercriminals use the same tactics they always do, but target people more during the holiday season with “special” offers via fake email campaigns. These fake email campaigns can trick people into downloading malware and/or can trick people into giving attackers their personal information”– Jan Sirmer, senior malware analyst at Avast.
We decided to take a look at a few recent examples of malicious emails, more specifically their email subject lines and the email addresses they were sent from. Our goal was to see how cybercriminals are taking advantage of the holiday season.
Here’s what you should look out for:
The Fake Holiday Offer
Whether it be membership offers or special shopping deals, be cautious of the offers you receive around the holidays by email. Some of them might be too good to be true and are fake or some may come from trustworthy businesses whose email accounts have been hacked. Here is an example:
‘CHRISTMAS OFFERS.docx’ From: “Nicole*” <Nicole@fitfunfitness.co.uk*
This could be a tempting offer, especially if your upcoming New Year’s resolution is to lose weight. The original email address belongs to an actual business owner, lending credence to the scam. Unfortunately, cybercriminals understand this and misuse business email addresses, such as this, to send out phishing emails to customers, because they know customers trust the business and there is a better chance they will fall for the scam.
Traveling can be stressful, but even more so during the holiday season. AAA projects that the number of year-end holiday travelers in the U.S. will top 100 million for the first time on record. Nearly one in three Americans will travel this holiday season and more than 100.5 million are expected to travel than 50 miles or more from home.
The one thing you really want to make sure you protect while you travel is your smartphone. Not only may you have your boarding pass on your smartphone, but more importantly, the hardware is expensive and it most likely contains a plethora of personal data.
There are two main ways your phone could be compromised while traveling, especially during the holidays: physical device loss and network threats.
Have an anti-theft app installed
Airports and train stations will be bustling with people, you may have to dash to catch a flight or make a pit stop during a long car ride. In all of these situations, your phone is at risk –physical risk. Pickpockets prefer to work in high density areas, and it’s easy to lose things like your phone when you’re in a rush.
Not very long ago, in a galaxy not far away, a group of cybercriminals decided to take advantage of the Star Wars effect to spread malware among the most impatient fans.
A lot of people cannot wait to see Star Wars: The Force Awakens, and that’s something cybercrooks know. That’s why a lot of links that theoretically allow the download of the new movie of the popular saga appeared. As many of you can imagine, those links do not include the films, the only thing they include is malware! An idea worthy of Darth Vader!
By using some retailer’s apps to make your holiday wish list, more people than just Santa Claus can see your list. In fact, it may be accessible to anyone over the Internet!
America’s most popular retailers collect more information about you via apps than you may be comfortable with.
Recently, the Avast Security Warriors began looking into shopping apps to see what your favorite retailers know about you. They found that these apps, like many other apps out there, collect data and request permissions that are unnecessary for their app to function properly.
Initially, we were curious to see what retailers wanted to know about their customers based on the data they collect. We randomly chose apps from the following retailers: Home Depot, J.C. Penney, Target, Macy’s, Safeway, Walgreens and Walmart. In this blog post, we focus on Target and Walgreens.
You’re making your list and Target is checking it twice!
If you created a Christmas wish list using the Target app, it might be accessible to more people than you want to actually receive gifts from. The Target app keeps a database of users’ wish lists, names, addresses, and email addresses. But your closest family and friends may not be the only ones who know you want a new suitcase for your upcoming cruise!
Internet-connected toys gather data on the user and have weak security compared to other computer products.
Digital devices and toys like cameras, smartwatches, and tablets may be on your child’s Christmas wish list. But more parents are having second thoughts about placing these items under the tree, because Internet-connected toys gather data on the user and have weak security compared to other computer products.
6 million children’s accounts taken by a hacker
This weakness was made very public during the Black Friday shopping bonanza, when a Hong Kong-based digital toy company called VTech lost databases of more than 6 million children and almost 5 million connected parental accounts to a hacker.
By putting the databases together the hacker was able to retrieve personally identifiable information like children’s names, ages, and genders, and even pictures and chat logs were found. Parents’ names, email addresses, secret questions and answers, IP addresses, encrypted passwords, and mailing addresses were also accessed. Supposedly the breach did not include credit card or financial account information exposure.