So let’s take a look at a few predictions which are more likely to hit the mark:

1. Social Networks

Social networks are malware creators’ field of opportunity. Why? Think about it, social media users share information (sometimes too personal) with their ‘friends’ and click on their friend’s posts and links without the slightest suspicion that that link might be malicious. They don’t see the link; they see who posted it and associate it with him/her – a friend they trust. This is just what hackers want – victims delivered on a silver platter. There are various methods of stealing social networking logins, gain access and then use these trusted profiles to send spam email and share other malicious content. We’ve already seen this happen in 2011 with the Ramnit virus which was used to steal 45,000 passwords, and it will surely be used more often. Social network details will be sold in the online blackmarket, and will become a much sought after resource leading to more and more attacks.

On the same lines, celebrity Twitter accounts will also become lucrative targets. With millions of followers, a compromised account could result in millions of victims in a few hours. Lady Gaga was the notorious target in 2011. Who will it be in 2012?

2. Social Engineering

Highly targeted social engineering will remain hackers’ top method of attack. Malware creators will design new and highly targeted techniques which will win them their victims’ trust and guide them into giving the information they’re after. We can expect variants of existing techniques to flourish as well.

3. Mobile Malware

What about your mobile device? With so many smart phones around (especially in the business sphere – where people are using these phones to check their work mail even when outside the office), this is a brilliant opportunity for malicious individuals to get information from their victims. And to add insult to injury, few mobile users are aware of the threats. They tend to install any app without reviewing permissions or the small print (or lack of it), making it so easy for rogue apps to make it onto their device. There’s definitely going to be more news of adware, spyware and other malware targeting mobile devices this year!

4. Topical News

And once we’re at it, the end of the world predictions (and with it, the Mayan calendar), the London Olympics, the elections in the US, and any other major events will definitely be used to spread more malicious attacks.

How can you prevent these threats from turning 2012 into a year that will mark the end of the world for your business?

The first and most important step is to educate your employees. You can invest in the best security software and control most of what goes on in your infrastructure, but what about what happens outside work? Who is going to stop an employee from giving out confidential information to malicious sites whilst working from home? Your employees need to understand the danger and they need to know how to distinguish phishing and malicious mail from genuine email, malicious URLs and downloads from the real thing and so on.

One way to educate employees is for the IT department and Human Resources to work together to create an acceptable usage policy which employees can refer to. Not only will this document clearly state what is acceptable or not, but it will help employees to understand what threats exist and how their actions can cause problems for the company and for themselves.

The next step: do not believe that every employee is going to follow policy to the letter or do everything right. You need to complement education with an investment in the right security tools. Even the most cautious of employees can be misled by websites that appear to be genuine. Protect your corporate network by investing in good web monitoring, web filtering and web security solutions; suggest to your employees to invest in a good anti-virus solution for their phones; and if those phones are sanctioned by the company, make sure you have the tools in place to implement security and protect the network. Also invest in a comprehensive email security solution.

Are you seeing any other forms of cybercrime making the headlines this year? Leave us a comment and let us know!

So why do malicious people bother stealing online games credentials? The answer as always is Money.

Since the dawn of online gaming people have figured out that there is money to be made by selling virtual and actual goods ‘in game’ currency. As opposed to offline games, online games are generally slower to generate ‘‘in game’’ money for the players. ‘in game’s, money will also help players buy better equipment which will give them an edge over other players. This creates two needs that malicious people can exploit.

The first need is obviously for ‘in game’ money and then there is the need for premium virtual objects. Where there are needs one can be sure that there will be people selling items to satisfy those needs and here it’s no different. While selling / buying game items including ‘in game’ currency is generally prohibited by the EULAs of most, if not all, online games the practice is still widely used. A quick search on Google returns numerous sites that sell gold and/or items for World of Warcraft and other games. Prices are quite similar with the cheapest I found being $31.49 for 5000 World of Warcraft Gold coins whilst the most expensive site wanted $47.99 for that same amount of gold. Now the question is ‘what’s the worth of 5000 gold coins really?’Well for a new player who plays casually 5000 gold coins will mean a couple of months of gaming but this is just a very rough estimate. For veteran players these sites sell bundles of 100,000 gold coins at the cost of ~$600. And that’s not all.  It’s also possible to buy ‘in game’ items with prices for rare items going for +$1000 each. This all illustrates that even though we’re talking about games and items that do not really exist; they still have real world value which makes them worth stealing.

The people who are selling these items do not have magical ways to acquire them. In some cases bots are used to acquire these resources. Bots are a software program that take control of the game and perform tasks automatically without a player’s intervention. While they are great to generate gold while someone is busy either at work or doing something else, they are forbidden by the game EULAs as well. A court has also ruled against one such bot and this is the only court case I know off against such programs. Furthermore accounts using bots are sure to be banned if caught, so using bots to generate gold is not very efficient. This leaves one other option to obtain gold and items in mass quantities and efficiently – steal them off other players and the only way to do that is if someone gets access to that player’s account.

Another motivator for people to resort to stealing virtual items is that it is generally safer for them to steal virtual items than it is to steal money/items in the real world. Prosecution of people stealing virtual items is quite low if at all, while if one were to steal money from a bank one can be sure they will have the police looking for them almost immediately. This is not to say that stealing virtual items automatically makes a person safe, as this story illustrates – a guy killed another player for stealing his virtual sword after the police said they couldn’t do anything about it.

In conclusion, people who play online games invest both time and money in them and they too are assets that require protection. Security is not something that applies only to big companies, even a home user who uses his computer exclusively for gaming needs to secure his environment or risk losing everything virtual that they own. In short, the threats you need to defend against in your online game are not just enemies within the game but also malicious people in the real world who would love to get hold of your items the easy way.

Something to consider is that if someone has access to your account it means they have access to your credentials. If those same credentials are used elsewhere then that too is at risk. This is more so if those same credentials give access to systems inside your company IT infrastructure. Even though the risk might be low since the person who stole the credentials needs to link you to your workplace it still can be done. For this reason and more it is good practice to change all the passwords in the event that a password which gives access to multiple systems is compromised.

The usual tips apply here as well.

• Always ensure you are running an antivirus programme that is up to date.
• Do not visit dubious sites that might carry viruses or at least ensure that your web access is also scanned for possible viruses.
• Do not click on email attachments without knowing what they are, especially if they are executables – no matter who is sending them.
• Always ensure that your computer has the latest patches and is fully up to date.

It is also good to remember that your game credentials are likely to be a target for malicious people almost as much as bank credentials are. For this reason I would recommend that you try to use unique credentials for online games. Do not use the same login and password you use for your systems, emails and anything else.

Brian says that through his research and reports on cyber theft, SANS Technology Institute came up with a simple solution to the problem – use a DVD-based bootable operating system such as Knoppix.

I tend to fully agree. You see the problem is that once your system is infected with a Trojan it now becomes a ticking time bomb. The Trojan stays sitting there hidden in the background monitoring, waiting for you to access your online bank account. Once you do so, it does its thing. Depending on the Trojan it can either hijack your session and make its own transfer instead of yours, or, less sophisticated ones, will just email your credentials to the owner of the Trojan.

Online banking is obviously a great tool but unfortunately there is no foolproof way to be 100% safe except by using the bootable operating system solution. Banks obviously try their best. They employ a lot of effective measures, using two-factor authentications, restricting access based on your IP address and other schemes like these in order to protect their customers effectively. However each and every one of these security measures is useless if a Trojan just hijacks your session and changes it with its own transfers.

Needless to say to really be safe we want to be sure that there are no Trojans running when we’re doing our online banking; but how can we? Anti-virus solutions are a good resource; however, they can generally only detect known Trojans that are running in the wild. We could be infected with a custom made Trojan or the anti-virus in use might not yet have been updated to safeguard against the particular Trojan that I was infected with. So how can we be 100% safe?

My recommendation for a completely safe environment when conducting online banking is as follows (it is a bit cumbersome but I believe it is as secure as one can get and if you either make a lot of high value transactions or even if the account you interact with contains a lot of cash, it might be well worth the overhead).

Firstly set up a firewall exclusively for the machine doing the online banking and then connect to it the actual terminal that will be doing the banking. The firewall should block everything, both in or out, except for a pipe between it and the bank (the machine will be limited to connect only to our bank and nowhere else to remove the risk of Trojan infection due to some browser exploit). Secondly the machine should be always powered off and turned on only when it is necessary to interact with the bank. This is very important to ensure that no Trojan/viruses are running in memory. When the machine turns on it will boot our DVD/CD-based environment and we’ll use that to do our transactions. Finally ensure that there is no physical access to the machine except for the keyboard, mouse and CD/DVD drive. Ensure that it has no USB/FireWire/Hard drives installed and no network connectivity except to the firewall which in turn only allows access to the bank site.

This simple setup will protect us in a number of ways. Firstly the firewall will ensure that no one will use the terminal to browse sites which might have exploit code that could install a Trojan on our system. Running the system off a CD / DVD will ensure that our environment is never compromised, because even if a Trojan infects our system, it cannot modify any files or reload again on the next bootup. Finally if a Trojan does somehow manage to get in, keeping the machine switched off when not in use will ensure that any running Trojans which might infect our system (and they can only live in memory since our operating system is physically read only) will be wiped out. Additionally if everything really fails and we are infected with a Trojan that is running while we bank, the Trojan will not be able to call home or send the data anywhere. Obviously as I said in previous articles, one is never 100% safe; there is one possible scenario I can think of and that is that the bank itself, maybe through cross site scripting, ends up hosting the malware which manages to infect your machine through a browser exploit and is completely autonomous in that it can do transactions without needing to be connected to a command and control station. However I think this scenario is pretty remote.

If you want peace of mind and want to have the maximum level of security when interacting with the bank I think that this is in fact the best way to go about it. I would appreciate any thoughts you might have regarding such an approach or maybe something better! I understand that it might be a bit cumbersome to implement; however, I believe that it can be a very effective defense. Ultimately it’s surely more desirable to wait a couple of minutes for a system to boot than to end up with $500,000 less in your bank account!

This theft consisted of a number of steps as well as social engineering to accomplish its task.

The first step involved infecting victims’ computers with a Trojan. This was accomplished using the LuckySpoilt toolkit which exploits browsers and allows hidden installation of payloads; in this case a sophisticated Trojan called “URL Zone Bank Trojan” was installed on the victim’s computer.

Once installed the Trojan would contact a command and control system. As stated previously, this Trojan was quite sophisticated in that its use was not to simply steal money but to do so intelligently and cover the perpetrator’s tracks as best  possible. The command and control system instructed the Trojan on how to operate. The Trojan would receive instructions such as the minimum amount to transfer, the maximum, which accounts to transfer the money to and the minimum account balance. The Trojan would then piggy back on an actual transaction done by the victim. When the transaction is complete, the Trojan would then intercept the response by the bank, modify the values to show the actual amount the victim wanted to transfer and thus hiding the real amount the Trojan transferred to an unintended account. The Trojan would also fake the available balance reported by the bank to hide the fraudulent transaction.  As long as the victim checks his banking statements online from his infected computer he will never be aware of the stolen money. This ensures that the theft is likely to remain hidden until the next bank statement, or until the victim access his account from an ATM thus counteracting the best practice of checking your balance online periodically to detect fraudulent activity.

The final step of this scheme involves social engineering. The perpetrators “hire” another set of victims to act as unknowing money mules. This is done by posting fake online jobs, most likely of mystery shoppers.  Mystery shopping is a technique used by businesses that employ a person to pretend to be a normal shopper who goes to buy items and record their experience as a way to measure various matrices such as employee efficiency, customer service and overall shopping experience. The Trojan would transfer the money to the money mules bank account not to the perpetrators directly thus further covering the tracks. The mules would then be asked to perform tasks which include keeping a cut of the transferred money as a commission for their services and transfer the rest to the perpetrator in some other untraceable fashion such as money transfer services that require simply a password to retrieve the funds.

This scheme netted the perpetrators a whopping average of €16,500 daily which would mean more than €5 million per year if the scheme is successful and runs unchecked.

What we learn from this lesson is to not fully trust your computer. Trojans and root kits are sometimes designed to make your computer lie to you and as such it is not enough to check your accounts periodically using just your computer. While it is a very good practice, in this case it is not enough in terms of protection. I would recommend checking balances once a month by either requesting that the bank sends you periodic statements on your activity or maybe via a short visit to an ATM. Some banks also offer services where they notify you by SMS regarding transactions and the amount spent. When available this can be a very good tool to monitor your accounts activity.