Why 2013 was the year of the personal data breach

pcw

As 2013 winds to a close, it’s time to look back at the biggest security events and incidents of the year. Here’s hoping there are some lessons to be learned—something to provide a foundation for stronger protection and a safer online and mobile world in 2014 and beyond.

With each passing year, the world of technology evolves and improves, and that includes building stronger defenses against cybersecurity threats. Unfortunately, cybercriminals are continuously adapting and acquiring new techniques, too, and successfully exploiting emerging technologies in a perpetual game of security leapfrog.

Here’s the 2013 security highlight—er, lowlight—reel.

Ransomware

The concept of ransomware is simple: Attackers encrypt your data or lock you out of your PC or device using malware exploits, and then demand payment in exchange for restoring your access.

The biggest ransomware threat of 2013 was CryptoLocker. A recent report from Dell security researchers suggests that the CryptoLocker crooks raked in $30 million in only 100 days. That’s $300,000 a day on average from users paying the ransom to get access to their data again.

“2013 saw a significant trend toward ransomware because cyberattackers were able to utilize Tor and Bitcoin to anonymously blackmail people into paying for access to their own data,” says Ken Westin, security researcher for Tripwire.

The CryptoLocker ransom is generally $300. If you don’t have a recent backup of your data, you don’t have many options—either pay the ransom, or lose all of your data and start over from scratch. On the positive side, the criminals do, in fact, follow through on their promise to return your PC or data once you’ve paid the ransom.

“This trend will accelerate and migrate to mobile devices in 2014,” Westin says. “There’s an enormous number of consumers to target who are dependent on the data and services in their mobile device. More than half of mobile-device users don’t use even the most basic security precautions, making them easy prey for cyberattackers.”

Wolfgang Kandek, CTO of Qualys, warns that traditional defenses may not offer much protection against CryptoLocker. The attack does not require any special access or privileges, so it’s very difficult to prevent using standard computer security tactics. “XKCD had it absolutely right in its April 2013 comic strip,” he says. “If all my important data is my user data, the malware does not need to escalate to administrator to wreak havoc.”

You really have only one way to protect yourself against ransomware threats: You mustback up your data on a regular basis. If your system is compromised by ransomware, you can simply restore your own data from the backup rather than paying the extortionists.

Mobile malware

The overlap between ransomware and mobile security brings us to the next security trend of 2013: mobile malware. The volume of mobile malware has continued to grow exponentially, as cybercriminals try to take advantage of the fertile new territory.

FortiGuard Labs reported that it logged 50,000 malicious Android samples in January 2013—about 500 per day. As of November, that number had spiked to 1500 new malware samples per day…

Read the full article at PCWorld.com: Why 2013 was the year of the personal data breach.