“According to the article [on CNN’s website], the accounts details that were leaked were obtained using keyloggers installed on end users’ computers. No networks were breached in order to obtain the information, which is good on one side, but it is worrisome on the other. This also gives us a pretty good view on the security status of many computers worldwide. I say computers and not home users because malware infects any kind of computers and not only those at home. As we can see, in the end it is not even a matter of price of a security solution because any decent free antivirus solution detects this malware type. It is an awareness problem. People continue to think that “this can’t happen exactly to me” (that is, becoming infected) despite the massive media coverage of the security issues world-wide. Users have to change their thinking, to take IT security serious and most important of all, to constantly improve their security. I published a free eBook exactly to help these people to understand the risks and to teach them how to make their accounts and devices more secure (available under www.improve-your-security.org). The other view of this incident is that attackers targeted … Facebook, Google, [and] Twitter. This means that there is value in owning the credentials of these accounts. One may think that there is actually little to none money behind these accounts, but if you think better, there is something which is far more interesting for the cybercriminals: the engine to spread their malware. If they own the credentials to these accounts they can impersonate the owners and spread the malware with a very high rate of success. Fortunately, there is something which the users can do to prevent misusage of their credentials: activate two-factors authentication and location-based control. If these extra measures are activated, the system would require on login something that only the user has: a code sent to a mobile phone via SMS or a token generated by something. If the location-based control is activated, the system would warn and depending on the system even prevent a login from a previously unknown and not authorized location or device.” – Sorin Mustaca, product manager at Avira GmbH and online security expert.
© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch