Just when you have finally figured out that the Nigerian prince email is a scam, McAfee is out with a new report today on cybersecurity that says email attacks are getting much more realistic — and they’re going mobile.
Nick Rowe | Photodisc | Getty Images
On Tuesday, the computer security firm McAfee released its second quarter “threats report” for 2012, announcing the biggest increase in malware samples detected in the last four years.
But it’s not so much the volume of the attacks as the sophistication of them that’s making them harder to spot, and to prevent.
With the rise of social media platforms like Twitter and Facebook , hackers know a lot more about you. And while you may not fall for an email from an alleged Nigerian prince, you may very well fall for an email that appears to be from someone you really know and on a topic you really discuss with that person. (Read More: Cybersecurity Law Fails to Pass Senate Before Month-Long Break.)
“For instance, you’ll publish your friends, you’ll publish the fact that you like golf,” said Pat Calhoun, McAfee’s senior vice president and general manager. “And then these criminals can send you an email that comes from a trusted friend — that looks like it comes from a friend — it may be about a golf event and you may open up a PDF document that you think is basically a tournament.”
But what is inside the email, Calhoun said, is malicious software that causes your device — desktop or hand held — to be compromised.
The ability of cybercriminals to spend that much time focusing on the details of your life stems from another trend McAfee spotted — attacks are becoming much more targeted. \(Read More: How to Defend Against a Cyberattack.\)
More and more, cyber-attackers know what specific piece of information they’re looking for inside a company’s systems, who has access to that information, and how to get that specific person’s attention on the internet. That makes these attacks much more difficult to detect, and it makes corporate security officers’ jobs much more difficult.
“Because they're lowering the volume, they actually end up going under the radar,” Calhoun said of the new cyber-attackers. “They remain undetected much longer than they have in the past.”
McAfee’s report also found that Twitter has become a significant new threat, as hackers use the service to attack, infect and control data, often bypassing corporate server security.
And they’re seeing a surge in in so called “ransomware” crime in which the attackers take over a user’s entire computer and demand payment online or else they’ll destroy the contents of the machine.
The threat from all of that is compounded by the spread of new devices employees are bringing into their offices — iPhones, tablets, and the like. Those mobile machines have become a little-known backdoor for hackers to get into corporate networks. (Read More: 10 Ways Companies Get Hacked.)
“A lot of the traditional laptops and desktops have a fair amount of security that's been added to them,” Calhoun said, “but a lot of the personal consumer devices don't have that same degree of security. As users bring their personal devices into the organization those tablets and those smartphones now become that weak link in the chain.”
—By CNBC's Eamon Javers
@EamonJavers
