INTERNET EXPLORER UNDER THREAT AFTER 12 JANUARY, 2016
Microsoft is closing security and tech support for Internet Explorer versions 7, 8.1 and 10 on 12 January, 2016. Microsoft was careful to be direct and blunt in stating that users who fail to update their browsers will become vulnerable to online attacks after the given due date.
According to Microsoft:
“Customers have until January 12, 2016, to upgrade their browser after which time the previous versions of Internet Explorer will reach end of support. End of support means there will be no more security updates, non-security updates, free or paid assisted support options, or online technical content updates.”
Microsoft’s Standard Operating Procedures dictate that security and tech support for software only lasts for a limited time period after the release of the said software. It is unclear if the cap is meant to push users towards new software/updates, or if Microsoft is struggling to cope with the global success of its software.
However, regardless of Microsoft’s capacity to offer users protection, history shows that hackers and cyber criminals tend to hold off their online attacks until the official publisher closes down tech and security support.
Learning from Microsoft’s History
The same was observed in the case of Windows XP when cyber-crimes targeting Windows XP users increased exponentially after support for Windows XP was abolished. Windows XP was one of Microsoft’s most popular operating systems.
XP came out in 2001 and mainstream support for the OS ended in 2009, with extended support closing down in 2014 – forcing countless XP users to move to Vista in search for protection from the barrage of online hack attacks.
How to Update your Internet Explorer to the Latest Version
To enable automatic updates on your Internet Explorer, click Tools/Help in your browser, and then click on “About Internet Explorer”. Check the box for ‘Install new versions automatically’ and that should suffice.
Don’t Use Internet Explorer
Users who don’t use Internet Explorer are still under risk as it can be exploited to plant cookies and malware. It is best to either update it or delete it before 12 January, 2016.
SYMANTEC REPORT PUTS APPLE IN THE DANGER ZONE FOR 2016
Symantec’s latest Internet Security Threat Report has confirmed that malware threats targeting Apple will set new records in 2016. Symantec’s security intelligence team highlighted that information security technology is playing catch-up with Apple’s attempt to encourage the growth of ‘the internet of things’.
According to Symantec’s Dick O’Brien:
“The number of new Mac OS X threats rose by 15 percent in 2014, while the number of iOS threats discovered this year has more than doubled, from three in 2014 to seven so far in 2015.”
Adopting a Healthy Cyber Lifestyle
The report encouraged Apple users to adopt healthy cyber lifestyles in order to avoid falling victim to malware. Anti-malware measures that Apple users are recommended to use include encryption for data security, anti-malware software for basic malware protection, and VPN for online anonymity.
Apple’s Disastrous Track Record
Apple is one of the world’s most popular mobile device manufacturers and has been experiencing an increase in security collapses over the last few years. Apple’s security infrastructure came under fire this year for the iCloud leaks. Hundreds of celebrities’ private photos and videos spilled online when hackers were able to retrieve them from personal accounts using phishing and brute force guessing.
Another notable incident was the much more recent removal of apps the iTunes app store after apps downloaded from Chinese servers were found to contain malicious code. It is unclear if any devices were affected by the malware riddled apps or not.
CYBERCRIMINALS HAVE THE CORPORATE SECTOR IN THE CROSS-HAIR
2015 saw companies like Ashley Madison, Sony and others get ripped apart by hackers, and 2016 will be no different. Cyber criminals plan to target corporate establishments that function on Business-to-Customer models in order to cause widespread damage by targeting a single entity.
Users are recommended to avoid sharing/uploading personal information unnecessarily. Hackers piece together bits of information to orchestrate attacks, and limiting the availability of information online can help deter such massive attack events.
The 3 Phases of a Hack Attack in the Corporate Sector
Corporate attacks start with data collection from users and employees.
- In the first phase, the entire activity is carried out silently and special care is taken to ensure that no harm is caused to the victims.
- The second phase is the assimilation of the collected data and the silent penetration of the target enterprise. Much like the first step, this is carried out without leaving any trace or evidence of infiltration.
- The third phase is the longest and involves the extraction of data. This may be covert or public, depending on the objective of the attack.
Some attacks are meant to publicly embarrass the target corporate enterprise, and are immediately declared. Others are designed to extract data and become visible once users begin reporting the consequences of the attack.
Hackers often want fame and fortune, which is why they tend to target established organizations and upcoming enterprises alike. There is no line that divides potential targets, and 2016 will see Startups and Multi-nationals scrambling to implement data insurance and recovery services.
TEENS & CHILDREN WILL BE IN LIFE-THREATNING DANGER
2016 will see cybercriminals targeting children and teenagers through social media and interactive web services. This is because online service providers are increasing their use of third-party services to improve functions and features.
Hackers target children and teens as they are most likely to reuse passwords across their accounts and online services. While it might be possible for social media platforms like Facebook to employ strict rules over third-party service providers, it is not easy for other platforms. A classic example of this vulnerability was observed recently when SanrioTown.com was hacked.
It was discovered that hackers had infiltrated the security protocols in November and were able to extract the personal information of 3.3 million registered users by the time the leak was detected. SanrioTown.com is part of the Hello Kitty network. Information stolen included personally identifiable data, password recovery data, email addresses, etc.
These threats are unlike the annual holiday hack attacks that threaten to bring down XBox Live and Playstation networks. It is important to note that this threat is a real and present danger to the safety of children and teenagers. Data stolen from vulnerable databases can be used to carry out crimes ranging from bank fraud to armed robbery and arson. The debate over the Hello Barbie doll presents a perfect example of the danger that comes with internet-enabled entertainment.
ONLINE EXTORTION ON THE RISE
Ransomware has evolved rapidly in 2015 and it is expected to cause significant damage in 2016 unless adequate steps are taken. Japan based global security software company Trend Micro Inc. has recently reported that Ransomware grew by 165 % in the first quarter of 2015 alone, and 2016 will see online extortion cause near catastrophic damage unless adequate measures are taken by users at the individual level.
Ransomware is expected to piggy back on malware in targeting digital wallets and gaming consoles in addition to the regularly targeted email accounts, bank accounts, etc. Trend Micro also pointed out that Ransomware demands attention in 2016 because it will move to targets mobile users.
Users who prefer to shop (or engage in any form of selling/buying) online using their mobile phones will be targeted by Ransomware developers in order to capitalize on weaknesses in the e-merchants’ mobile payment platforms.
2015 saw the XcodeGhost malware infect Apple mobile devices to target the Apple App store, manipulate permissions and carry out malicious activities. Fraud prevention and research firms believe that mobile device users are under particular threat on account of the increasing availability of hacking tools.
ENSURING DATA AND IDENTITY SECURITY IN 2016
Ensuring data security and identity in the coming year will require users to take pre-emptive precautions. There is a large margin for error here as most users believe that a simple anti-virus will do the job. Precautionary measures must include the protection of data, the encryption of sensitive information, and the concealment of personally identifiable meta-data.