cybercrime survival guide
TRANSCRIPT
CYBERCRIME SURVIVAL GUIDE
Arm yourself with knowledge
400,000,000 Almost 400 million people1 fall
victim to cybercrime every year.
A common way for criminals to attack people is
via websites, unfortunately this includes legitimate
sites that have been hacked or compromised in
some way. This puts your visitors and your
reputation on the line, so every website owner
needs to understand the risks posed by cybercrime
and how to prevent it. This essential survival
guide will help you navigate the wilds and come
out of the other side safe, sound and protected.
1 2013 Norton Report. Slide 10. http://uk.norton.com/cybercrimereport
Attack I 3
61% One in 500 websites are infected with malware. These sites are often legitimate
websites (worryingly 61% of websites serving malware are legitimate sites) that
have been infiltrated by online criminals.
Criminals can buy off the shelf software toolkits to attack
websites, or more accurately the servers that run them,
in the same way that computer viruses attack people’s
home and business PCs meaning that today almost anyone
can access the tools required to hack a website.
These attack kits can scan thousands of sites a minute
over the internet and spot known weaknesses and
vulnerabilities, which are then used to insert malicious
software onto vulnerable websites.
There are other ways to break into a
website server too. Hackers can use
social engineering, phishing attacks
or spyware to steal the user name
and password of an administrator
and simply give themselves access
to the system – so don’t give them
a chance!
2ISTR 18 http://www.symantec.com/security_response/publications/threatreport.jsp
3ISTR 18 http://www.symantec.com/security_response/publications/threatreport.jsp
Attack I 4
How identity theft and phishing work
Identity theft is one of the most insidious forms of online crime. It takes
different forms from the theft of a credit card number to a complete takeover of
someone’s online identity.
This is what happened to journalist Mat Honan4 in
2012 when hackers progressively broke into his email
and other online accounts and then remotely wiped his
computer and smart phone. In the process, he lost ‘a
year’s worth of photos, covering the entire lifespan of
his daughter’ as well as documents and emails. Regaining
access to all his accounts and reclaiming his digital life
took a huge amount of time and effort5.
Honan was the victim of a clever series of social
engineering attacks designed to get access to one system
after another but many more people are tricked into
giving away their user names and passwords on increasingly
convincing sophisticated phishing sites.
With phishing, a victim gets an email or social media
message or clicks on a link from a seemingly legitimate
website. They then arrive at a fake website that looks
exactly like the real thing – a bank, a social media site
or whatever – and they enter in their login details.
Except that now it’s the criminals who have those details.
Some security suites include tests that scan for fake
sites and forward-thinking website owners use advanced
security technology such as extended validation SSL
certificates to prove that they are a real site and not an
imposter; but without this help it is often very difficult
to spot the difference between a real site and a
phishing replica.
With phishing, a victim gets an email or
social media message or clicks on a link
from a seemingly legitimate website.
4http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
5http://www.wired.com/gadgetlab/2012/08/mat-honan-data-recovery/
Attack I 5
How botnets work
Because of the way movies portray internet hackers, it’s easy to imagine a lone
genius sitting in a darkened basement room trying to hack into your website. In
practice, that’s extremely unlikely. Instead, criminal gangs use botnets on a large
scale to probe millions of PCs and websites automatically.
A botnet is a collection of computers that have been taken
over by malware, often without the users’ knowledge,
so that they can run software for the botnet operator.
One common method of recruitment is drive-by attacks
when users visit infected websites.
Individual botnets can include thousands or tens of
thousands of individual machines. Botnet operators can
use them to:
• Send spam on a vast scale.
• Host phishing websites.
• Probe PCs and legitimate websites using attack toolkits.
• ‘Click’ on adverts generating fraudulent revenue.
• Launch denial of service attacks that stop people
using online services.
Botnets give internet criminals processing power and
internet connectivity on a huge scale. This is how they
are able to send out millions of spam emails or infect
millions of PCs an hour.
Infection I 6
Once criminals have infiltrated a website, they can use it to make money and
quite often in many cases a lot of money.
For example, they can install spyware on visitors’
computers that steal personal information like credit
card details. The installation software hides on regular
web pages so often it’s impossible to spot without the
right security software. Alternatively, they can stealthily
redirect visitors to other sites or change the contents of
a site.
Stealth works in the criminals’ favor. If people know
they’re a victim, they are likely to try to do something
about it but most site owners don’t know that their site
has been infected and most visitors don’t know they’ve
been attacked.
The consequences for visitors are potentially serious but
the risks for a business with a corrupted website is
equally grave:
• Loss of customer trust and goodwill.
• Redirection of site visitors away to other sites.
• Interception of private information entered on the site.
• Blacklisting by search engines (For example, Google
blocks 10,000 infected sites a day6).
Stealth works in the criminals’ favor.
If people know they’re a victim, they are
likely to try to do something about it
6http://mobile.businessweek.com/articles/2012-05-07/protect-your-companys-website-from-malware
Infection I 7
83 BILLION 2 MILLION
The size of the cybercrime problem
Cybercrime is a serious issue for website owners. It’s also a problem for the
economy as a whole. It represents a sort of criminal tax on internet commerce
of up to €83 billion annually, according to the 2013 Norton Cybercrime Report7.
There are more than a million victims every day and the average cost per victim
is €220.
CRIMINAL INTERNET COMMERCE TAX
VICTIMS OF CYBERCRIME PER DAY
What does this mean on a practical level? Four in ten
people who used the internet have fallen victim to
attacks such as malware, viruses, hacking, scams,
fraud and theft. And this means:
• Spending hours trying to repair their computer,
for example removing a virus (24 percent of
respondents).
• Losing money to fraudsters who lock an infected
computer using Ransomware and demand payment
to release it.
• Losing their identity to criminals who clone credit
cards, apply for loans and destroy credit records,
leaving victims with months of work trying to sort out
the damage.
• Having their computer turned into stealthy slave PCs
in a criminal’s ‘botnet’ (see ‘What is a botnet’ for
On a broader scale, it means a loss of confidence and
trust in the internet, which reduces people’s freedom of
choice and action.
7go.symantec.com/norton-report-2013
Infection I 8
Who is most at risk of cybercrime?
According to the 2013 Norton Cybercrime Report
which surveyed 13,022 online adults around the world:
• Men are more likely to be victims than women.
• People who use mobile devices, social networks and
public or unsecured Wi-Fi are also more at risk.
• Parents of children 8-17 are more vulnerable!
When it comes to websites, botnets and attack toolkits
don’t differentiate between big companies or small
ones, famous names or anonymous family businesses,
profitable companies or charities. They probe as many
websites as they can find. By their very nature, no website
is invincible and consequently every site is a target.
How website malware works
Home and business users should regularly update their computers with
recommended patches and updates for programs, operating systems etc... This
is because software companies and security researchers find new glitches and
weaknesses that hackers can exploit and so send patches out for them. Hackers
know about these vulnerabilities too and they can use them to take control of
unpatched computers: installing viruses or accessing private information,
for example.
It’s the same with the servers that run websites. They
have an operating system, like you have Windows or
Mac OS on a regular computer. There is also application
software that serves up web pages to site visitors.
Increasingly, websites also use content management
systems to allow non-technical users to create and edit
web pages. Each of these layers of software could
contain vulnerabilities that might allow criminals to
change the contents of a website. Once they have
control, they can use the site as a springboard to
attack visitors.
Internet criminals take different forms. Some look for
software vulnerabilities, some write ‘attack toolkits’
that use vulnerabilities to attack websites and others
specialize in using these toolkits to attack sites. There
are online black markets where different specialists can
meet and trade tips and tricks and buy these toolkits.
Attack toolkits are like any other kind of commercial
software; they are updated regularly, come with
warranties and include technical support. One particularly
popular toolkit, known as ‘Blackhole’ accounted for 41
percent of all web-based attacks in 2012.
Protection I 9
Individuals, whether they are home users or your
employees and colleagues, can protect themselves
by using a bit of online common sense:
• Delete suspicious emails and social media
messages without clicking on links.
• Install up-to-date antivirus security software
• Keep your computer up-to-date with the latest
software patches and updates.
• Backup your PC to an external drive or cloud based
backup service.
• Be security-conscious on social media sites: log out
when you’re done and don’t connect to people you
don’t know.
• Regularly change and use strong passwords and
don’t share them with anyone.
• Be careful about what you share online – don’t
give away more personal information than you need
to on social media sites and be careful about what
you upload to online file stores.
• Look for trust marks like the Norton™ Secured Seal
and Extended Validation SSL certificates when you
visit a site – don’t entrust your confidential
information to a site you don’t trust.
How to tell if your site is vulnerable
The growing risk of website corruption from internet criminals using attack
toolkits means that website owners, even if they are not technically inclined,
need to take steps to protect their sites, their visitors and their reputation
Nearly a quarter of IT managers
don’t know how secure their
website is and more than half have
never conducted a vulnerability
assessment on their website9
You can sign up for Google’s free Webmaster Tools. This will warn you if Google has blocked your site because of
malware but that’s a bit like spotting that the stable door is open after the horse has bolted.
A more proactive alternative is to choose Symantec Extended Validation or Pro SSL Certificates for your site, which includes
Symantec’s Web Site Malware Scanning service. This checks your site daily and warns you if there is a problem. In
addition, these certificates also include a weekly Vulnerability Assessment to highlight critical problems that may
leave your site vulnerable to attack. These services allow you to be proactive rather than reactive.
9 http://www.symantec.com/connect/blogs/website-vulnerabilities-which-countries-websites-are-most-vulnerable-malware
Protection I 10
What can you do to protect your website?
Having read this guide, you already understand the risks and the need to scan
your website for malware and vulnerabilities.
However, you can do more to keep your site and visitors
safe, including:
• Use the Norton™ Secured Seal, which shows
visitors that we scan your site regularly for malware
and vulnerabilities. It is the most recognized trust
mark on the Internet12 and 94% of consumers are
likely to continue an online purchase when they
see it13.
• Choose Extended Validation SSL Certificates to
show your visitors that they are on a real site, not
a fake phishing site and to confirm the identity of
the company behind the site. Online shoppers are
more likely to enter their credit card and/or other
confidential financial information into a website with
the EV green bar14.
• Keep your server software up-to-date. If you host
or control your own web servers, keep them up to
date with patches and updates. If you use a content
management system such as WordPress, keep that
up to date too, including any third party plugins.
Symantec research suggests that toolkits mainly
tend to target well-known existing vulnerabilities for
which there are already fixes.
• Control access to web servers. Use strong
passwords for content management systems and
web servers. Don’t allow users to share passwords
and ensure that admin-level passwords are limited to
users with a strict need to know.
• Consider an always-on approach to SSL.
Well-known sites like Facebook and Twitter use SSL
on every page, not just on forms and checkout pages.
This encrypts and protects all the information given
by a user on the site and makes it less vulnerable to
so-called ‘man in the middle attacks’.
• Understanding the cybercrime threat to your
website is not just good for security, it’s good for
business. Put simply: if customers feel safe, they
will buy more. Symantec is your partner in
protecting your site and its range of Website Security
Solutions make it easier to stay ahead of the
criminals and increase trust for your customers.
12 International Online Consumer Research: U.S., Germany, U.K. July 2012
13 Symantec U.S. Online Consumer Study, February 2011
14 Symantec Online Consumer Study (UK, France, Germany, Benelux, US and Australia)
conducted in January 20