15 Apr Connected Consumer Security: Part 1 – The Threats We Face
April 15, 2021
Thanks to the Internet and interlocked developments in digital technology, everyone’s interconnected. It’s now the norm for a typical family, both parents and children, to use various desktop and smart devices, mobile apps, and desktop software in their everyday lives, equally at home or outside it. It’s a digital ecosystem for family communications, financial transactions, learning, and entertainment. During family time, they’ll watch movies together through a streaming service on their smart TV and may find themselves asking their voice-assisted device to show them a list of movies the entire family can enjoy. But it all comes at a price. Parents now have the added burden of monitoring their kids’ screen times and device use while managing the smart devices in the home. It’s wonderful—but complicated—and it’s certainly a challenge to keep it all secure.
Security Threats Confronting Today’s Connected Consumer
Today’s connected consumer faces a variety of threats to their digital security and privacy:
1. Malware: This is a general category of malicious software that includes the following:
- Keyloggers monitor and log keystroke activity that is then used to gather information unknown to the user. They can be installed in one’s computer several ways: through a webpage script of an exploited vulnerable browser that launches the keylogger when the user visits the malicious site, or by opening an attachment file, or clicking a link in an email. For example, the known keylogger Hawkeye’s resurgence is distributed using spam that poses as an “alert” from the Director-General of the World Health Organization (WHO). (See Threatpost.)
- Rootkits install and execute code on a system using stealth to maintain a persistent and undetectable presence on the machine. The infection starts via social engineering, upon malware execution, or simply from browsing a malicious website. Once installed, an attacker can perform virtually any function on the system, including gaining remote access, eavesdropping, as well as hiding processes, files, registry keys, and communication channels. In 2019, the Purple Fox rootkit improved its malware capability by abusing publicly available code like Powershell, enabling it for fileless infection.
- Spyware monitors and gathers personal information and sends it to a third party without the user’s knowledge or consent. Spyware usually installs itself on a system via deception, often bundling itself with what looks like a useful program. Recently, spyware is more prevalent in mobile devices; examples include CallerSpy and Project Spy.
- Trojans have malicious intent hidden within their code. A trojan may appear as a normal program, but once executed, it will cause unwanted system problems in operation, lost data, and loss of privacy. For example, while using the shared computer at home, your child may receive something called “Happy Birthday!” Unaware of the danger it may pose, he executes the file, which plays a song and displays an animated dance on his screen. With that, he unknowingly allowed the trojan to open a port in the background, dropping files that let malicious hackers take control of the computer for whatever nefarious scheme or exploit the cybercriminal may have in mind. Last year, a coin miner trojan named AutoIt was bundled with what appeared to be the legitimate conferencing Zoom app but was hosted on fraudulent websites.
- Ransomware is a threat designed to force users to pay a ransom (fee). It holds one’s laptop and data hostage by locking the screen or encrypting its files, then forcing the user to pay the ransom through certain online payment methods to get a decryption key or an unlock tool to regain access to one’s hostaged device and its data. Or the criminal may steal your data for ID theft, then take the money and run.
Users might encounter this threat through a variety of means. Ransomware can be downloaded onto systems when unwitting users (like your kids) visit malicious or compromised websites and inadvertently download it. It can also come as a payload that is either dropped or downloaded by other malware. A well-known example of this threat is WannaCry.
2. Fileless Attacks don’t behave like your regular malware, which drops a file on your disk to infect your computer, hijacks system processes, or steals your data. However, it can wreak havoc like typical malware. It is a memory-based threat that resides in the computer’s RAM. It can bypass whitelisting protection, which builds a list locally or online of legitimate programs since it takes advantage of allowed legitimate applications/processes already running in the computer to facilitate an attack. As such, it has no identifiable code, signature, or particular behavior that conventional security software detects. Fileless attacks start in a familiar way–like a web popup that instructs you to “update” a piece of software (like your Flash Player), so that it “runs properly;” or with a spam or phishing message, which entices you to click on a malicious link; or leads you to open what seem to be normal files and are anything but. When you do so, the action injects malicious code into your computer system, thereby starting the infection process.
3. Malvertising (Malicious Advertising): These are online ads that lure users to malicious sites, often using dubious ads to display offers that are relevant to you. Based on one’s online profile, browsing behaviors, and preferences, attackers can customize their ads via browser cookies to show one’s particular interests in an attempt to capture attention—making it more difficult on the user’s end to resist checking it out.
4. Data Theft: This is the act of stealing information from unknowing victims (which violates one’s privacy) to obtain confidential information, particularly identity data. Some prevalent means of stealing data involve insecure e-commerce sites that leak your private account information; cracking the weak passwords to your online accounts; via smart devices, hacking your voice-assisted smart speaker, which can be abused to eavesdrop on unsuspecting users; and via device theft (be it a laptop or mobile phone), which contains valuable personal information.
5. Home Network Attacks: Finally, with unsecured vulnerable home network routers, your home becomes a gateway for inbound attacks against your connected devices or from outbound attacks through your connected devices. Inbound attacks mean the home network is breached from the outside in (from the internet to the home network), to target connected devices like desktop computers, tablets, smart TVs, and game consoles Outbound attacks refer to instances when hackers access a home device through an inbound attack, then use the smart device to remotely execute malware, either to obtain sensitive information, intercept communications, or to launch attacks against other targets within your home network or across the internet.
Stay tuned next week for Connected Consumer Security: Part 2 – Making Your Digital Life Safe with Trend Micro