Hackers are switching up their targets and are mounting increasingly sophisticated attacks. Their recent targets include text messaging malware, smart grid attacks, social media account spoofing, and intercepting wireless technology for cars.
1) Text Message Malware
Attacks on text messaging are fairly new, as are viruses and malware targeting smartphones. The attacks are not only focused on consumers, but on business users because stealing company data and selling it on the black market is a much more lucrative business.
Text messaging attacks are very similar to those we see on the computer, where clicking a malicious ad or link infects your phone and begins spreading to your contacts. In some cases the malware can even start purchasing ringtones, and apps. That money is then filtered right into the hackers’ pockets.
Wireless carriers are beginning to take notice, Brenda Raney of Verizon Wireless stated that “the company [Verizon Wireless] scans for known malware attacks and isolates them on the cellular network, and even engages with police to block attacks.”
In the end, common sense is the best defense in these attacks. Avoid messages with attachments from anyone you don’t know, and use extreme caution when receiving offers of download and app even when they come from someone you know.
To reduce the liability of employee-targeted attacks, organizations should provide employees with basic Information Security Awareness training, and more specifically Web 2.0 training.
2.) Smart Grid Attacks
Utility companies are increasingly using Smart grids, which use electronic metering to streamline power management data between the utility company and their customers. Smart meters are attached to houses or buildings and continually communicate energy consumption data to the utility for monitoring and billing purposes.
When computers are used everywhere in the grid, there are security risks – and unfortunately, it’s all too common for security to be an afterthought. We need to be cautious about how data is collected and stored. For example, if someone knows that your energy consumption is extremely low for a couple of days, that probably means that nobody is home…and someone might want to break into your house.
On a larger scale, the Stuxnet worm, which some security experts speculate was developed by Israel and the US, attacked the control systems at an Iranian nuclear power plant.
Intrusion detection systems for commercial power plant use are currently being developed. The most effective defense against these attacks is isolating the network. A smart grid should not touch any other network, and should be routinely penetration tested and firewalls should be evaluated.
3.) Social Media Account Spoofing
With 400 million Facebook users worldwide and 50 million tweets being sent out every day, social networks have become a gold mine for hackers looking to exploit these networks.
It’s pretty basic too; hackers use social engineering tactics to fool people into revealing their personal information. They’re pretty good at it too. Once you’ve been duped, they use this information to gain access to your accounts and eventually steal your identity.
Social media attacks are also combined with email and website spoofing, which trick you into unwittingly revealing more personal information about your web accounts and login credentials.
As with the text messaging malware, the best defense is to use common sense and to be cautious. Again, training goes a long way in teaching users what to look out for.
4.) Hackers Controlling Your Car
Most of us have seen the Chevy Cruze commercial in which a woman remotely unlocks her car from inside an airplane while her husband is standing near the car with a buddy showing off his new toy. This seems like a great tool to avoid frustration over lost keys, but it’s also a huge welcome sign to hackers.
Since these systems often tap into the car diagnostics and safety features, a hacker could potentially interfere with these systems and, for example, cause a car’s engine to surge at just the wrong time.
While no incidents have been reported, security researchers have hacked into the computers of several late model cars and successfully disabled the brakes, turned off the engine, locked passengers into the car, and more. Fortunately, most of this wireless technology works only within short range. Still, the auto industry needs to incorporate strong, hardware-based encryption technology to protect these controls.
We’re all familiar with OnStar communications and how they use wireless signals for theft recovery. If your car is stolen, you can report the theft to the police, who can then contact OnStar. OnStar can transmit a signal over a 3G network to stop the accelerator from working in the stolen car. Thankfully, OnStars wireless transmissions are encrypted to thwart unauthorized attempts to tap into signals and interfere with vehicle operations.
The technology is called Dedicated Short-Range Communications (DSRC) – a new form of communication that combines Wi-Fi and GPS. Other uses for this technology are underway and are expected to debut in the 2012 vehicle models. Features include GPS navigation with details on traffic build-up, access to music stored at home and streamed to your car, payment for parking and toll roads, and more – even the ability to track speed and automatically issue speeding fines or limit your car’s speed.
In the end, car and technology companies will be responsible for ensuring that DSRC technology is secure. When purchasing a vehicle with DSRC technology, consumers should ensure they receive an option to limit wireless services or even turn them off completely.