Quoted on Adotas.com: Today’s Burning Question: Massive Hack Attack Reaction

http://www.adotas.com/2013/12/todays-burning-question-massive-hack-attack-reaction/

“According to the article [on CNN’s website], the accounts details that were leaked were obtained using keyloggers installed on end users’ computers. No networks were breached in order to obtain the information, which is good on one side, but it is worrisome on the other. This also gives us a pretty good view on the security status of many computers worldwide. I say computers and not home users because malware infects any kind of computers and not only those at home. As we can see, in the end it is not even a matter of price of a security solution because any decent free antivirus solution detects this malware type. It is an awareness problem. People continue to think that “this can’t happen exactly to me” (that is, becoming infected) despite the massive media coverage of the security issues world-wide. Users have to change their thinking, to take IT security serious and most important of all, to constantly improve their security. I published a free eBook exactly to help these people to understand the risks and to teach them how to make their accounts and devices more secure (available under www.improve-your-security.org). The other view of this incident is that attackers targeted … Facebook, Google, [and] Twitter. This means that there is value in owning the credentials of these accounts. One may think that there is actually little to none money behind these accounts, but if you think better, there is something which is far more interesting for the cybercriminals: the engine to spread their malware. If they own the credentials to these accounts they can impersonate the owners and spread the malware with a very high rate of success. Fortunately, there is something which the users can do to prevent misusage of their credentials: activate two-factors authentication and location-based control. If these extra measures are activated, the system would require on login something that only the user has: a code sent to a mobile phone via SMS or a token generated by something. If the location-based control is activated, the system would warn and depending on the system even prevent a login from a previously unknown and not authorized location or device.” – Sorin Mustaca, product manager at Avira GmbH and online security expert.


© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close