As we look back on 2012, it’s impossible not to recall the many high-profile breaches and cybersecurity incidents that took place this year. 2012 has certainly been a rocky one for online safety and consumer security as a whole, with numerous high-traffic websites breached and more malware and mobile threats than ever before.
While it’s difficult to say which security trends caused the biggest stir, I’ve outlined my top five incidents of the year below. Let us know in the comments section if you agree with my list, or if you think there are other incidents or security trends that should have made the top five.
1. The Social Engineering Shakedown
Social engineering is a hacking tactic that can be just as effective as brute force attacks or malware. Criminals can use information readily available on social profiles and elsewhere to trick their way into gaining access to your accounts. A common tactic employed by social engineers is to leverage your personal information to play on your emotions, such as sending you an email from a friend or other trusted source that contains a link or download that, when clicked, can infect your computer with malware. The most notable social engineering story of the year was, of course, Mat Honan’s epic hack, which resulted in the hijacking of his Twitter handle, as well as the deletion of his phone, Mac, iPad, and Gmail account.
What really made social engineering a top security threat for 2012 and beyond was the ease with which hackers could dupe well-intentioned customer service agents into handing over your personal accounts. In this age of over-sharing, your Facebook updates and Tweets can betray valuable information. Social networks have taken notice, and Facebook made a significant push to boost security in 2012 with initiatives like the McAfee Social Protection app to guard your photos. Ultimately, consumers should always be wary of publishing to social networks and take appropriate measures to guard their content.
2. High-Profile Security Breaches
Yahoo!, LinkedIn, Dropbox, and Last.fm were just a handful of high-profile companies hit with security breaches this year. It started with Last.fm in May (although reports suggest the breach took place as early as February), LinkedIn in June, Yahoo! in July, and then Dropbox in August. The common denominator between all of these attacks was password security, both on the part of the companies and the users. With our lives going digital, cybercriminals are following the money, and the money is in personal data.
Both consumers and businesses alike need to take password security more seriously, as the frequency of these events won’t be slowing down anytime soon. The risk of a password hack is very real, and ultimately, whether or not your account is compromised relies on your password strength and variety. Many of the users affected by the aforementioned breaches used frighteningly simple passwords like “123456” and “password.” Today, having a weak password is just like having no password at all.
3. Mobile Malware Madness
In 2012, the frequency and severity of mobile malware has skyrocketed. Malware for the Android platform in particular has increased considerably in the past year alone. According to the McAfee Threats Report: Third Quarter 2012, the amount of mobile malware samples has increased tenfold over 2011, with no signs of slowing down.
With the majority of the mobile market using Android, the presence of a large malware market presents many obvious dangers to consumers. All of the contacts, photos, text messages, emails and everything else we use our phones for are at risk, which means that in 2013 we need to put a greater emphasis on mobile security. Especially with the increase in mobile payments through services like Google Wallet, it’s more important than ever to guard our mobile devices. For a dependable security solution, try McAfee Mobile Security to protect your smartphone or tablet from theft and security threats.
4. Cyber Attacks on Banks
Big names like Bank of America, JPMorgan Chase, Wells Fargo, and many others were victims of distributed denial-of-service (DDoS) attacks this year. The hacker group Izz ad-Din al-Qassam Cyber Fighters took responsibility for a string of attacks in the fall, and another round of attacks were launched in December. DDoS attacks can have devastating consequences for both the financial institutions, and in effect the consumers who rely heavily upon online banking to conduct transactions. While DDoS attacks do not pose a direct threat to customers’ security, they often act as a diversion to distract from other malicious activity.
How do DDoS attacks work? Hackers bombard websites with an excessively high volume of traffic—so high that others cannot access the site. Instead of being able to log on to your online banking account, the site will be unavailable. If you’ve run into this problem, it’s a common sign the website you’re trying to visit is facing a DDoS attack. When a company is trying to ward off a DDoS attack is when hackers strike and steal sensitive data.
Sony experienced this back in April 2011, when a DDoS attack was just a distraction from the security breach taking place. About 101 million user accounts for PlayStation Network, Qriocity, and Sony Online Entertainment were compromised while the company was distracted by the distributed denial-of-service attacks. There is little consumers can do to thwart a DDoS attack, but taking steps to strengthen passwords and security questions offers protection in case of a malicious attack.
5. Increase in Mac and iOS Threats
Traditionally considered impenetrable, Apple is facing a significant increase in targeted malware. In the McAfee Threats Report: Third Quarter 2012 our research team saw a consistent increase in Mac malware each quarter of 2012. One of the most dangerous threats from the year is Flashback, a piece of malware that affected over 600,000 Mac machines worldwide. Experts project that as the number of Apple users continues to rise, Mac malware will become more prevalent and sophisticated.
Mobile devices face a similar fate. Apple iPhones and iPads are some of the most popular mobile devices, and security risks like the Instagram vulnerability can expose all users on the Apple mobile operating system (iOS) to hacks. The recent rise in mobile malware is often most closely associated with the Android platform, but iOS is also seeing its fair share of threats. It is critical that Apple users take measures to secure their devices with security solutions capable of defending against these new threats.
What do you think was the biggest security event of 2012? Let us know in the comments below, and be sure to follow us on Twitter @McAfee for future updates!
For peace of mind regarding any of threats mentioned above, consider investing in a comprehensive security solution to protect across all of your devices. Try out McAfee All Access for complete protection for your devices, from your PC and Mac, to your smartphone and tablet.