Today is the 12th Safer Internet Day (SID).
Is this the first time you’ve heard about SID? No worries. The video below will brief you on what it’s all about, focusing on this year’s theme “Play Your Part for a Better Internet”.
More Than an Invitation, It’s a Challenge
In 2015, Insafe, the organization behind the SID global campaign, came up with the slogan “Let’s Create a Better Internet Together”. Although the current and previous themes are essentially not that different, the former’s tone and scope have indeed changed from merely inviting, which anyone can easily turn down, to challenging and reminding Internet users that they can make a difference, no matter how small the effort. We think it is the perfect message that can drive one to respond with greater seriousness and vigilance in taking care of not just what we say online but how we, as privacy- and security- conscious citizens of the Web, should generally respond to the growing sophistication and prevalence of digital threats like exploits and ransomware against businesses and consumers of all ages.
Threats in the UK: A Brief Review
To help further foster this call for UK citizens to get involved in creating a better and safer online experience, let us refresh ourselves with a four-point list of worrying security findings from previous months that hit the news:
- A report in mid-2015, our friends at Symantec named the United Kingdom as the most targeted and cyber-attacked nation in the whole of Europe, with a third of them targeting small- to medium-sized businesses.
- The National Crime Agency (NCA) revealed that the UK lost £16 billion to cybercrime and cyber-enabled crimes. One of the main concerns of the organization is the rise of mobile malware due to the increasing number of apps being used for financial transactions. A rife market of users depending on the Internet to procure of goods and services online also proved to be attractive to online criminals.
- Speaking of mobile, Ponemon surveyed hundreds of individuals in the UK and reported that majority of Brits would prefer losing their wallets than their smartphones—not because of the value of their device but what is found in it. In fact, they have assessed the data in their smartphones would cost around £6.5 thousand. Although they put great value and importance to their devices, 47 percent of those surveyed don’t think that having data protection features on phones are needed.
- In November alone of 2015, the UK was attacked by 1,200 types of malware families. Topping the count were variants from the Kelihos Trojan, the Necurs backdoor, the Bedep Trojan, and the Conficker worm.
To add more to the above, our telemetry data has showed that in last 12 months, a total of 154.5M malicious files and 138.2M potentially unwanted program (PUP) have been detected from machines based in the UK.
“No Site is Safe Anymore”
In addition to malware, phishing, hacking and fraud threats, malvertising is a household name. The prevalence of ads on normal and legitimate sites we visit made it easier for online criminals to tap into and take advantage of potentially unpatched systems in an effort to infect or control for their malicious purposes. Essentially, any site that monetize via ads can be an unknowing accomplice to a malvertising attack, and these sites are everywhere. Below is a rundown of UK-centric campaigns we have found and documented (We owe the hard work to senior security researcher Jérôme Segura):
- Premier League Fantasy Website Meets Malvertising. Perhaps no sport in Britain is more popular than football. Unfortunately, the criminals may have banked on the love of this sport, automatically redirecting thousands of end-user machines to a destination hosting a kit that uses Flash Player exploits.
- Official Jamie Oliver Website Hacked to Point to Exploits. Hackers rigged certain pages of the website to load a compromised script that points users to an equally compromised WordPress page made to house an exploit kit without them knowing. The said kit launches a number of exploits, namely for Flash Player, Silverlight, and Java.
- Malvertisers Home In on The Daily Mail. Sophistication was the name of the game for this campaign as it used an SSL attack via Microsoft Azure. In case you’re not familiar, Azure is an open cloud platform wherein anyone can create and host their own pages on it. Its trial version feature enables criminals to take advantage of this, too.
- Ebay.co.uk Part of a Large Malvertising Campaign. At least 10 websites were affected by a somewhat undetected attack against their visitors. Segura noted that whoever was/were behind this campaign took great care on masquerading themselves as legitimate ad networks in order to avoid detection.
- Online Dating Site Hooks Up with Potential Victims. The UK version of Match Dot Com was one of several dating sites found to unknowingly host malicious adverts. At the time of the campaign, users may find themselves redirected to a page for the Angler exploit kit, which usually serves Bedep and the CryptoWall ransomware.
SaaL: Security-as-a-Lifestyle
The Internet can both be a blessing and a curse, depending on whether one chooses to be accountable with what they do or say online or not. Of course, our accountabilities don’t end there. Internet and tech users are now expected to be up-to-date about the latest online threats, keep all software on devices updated to ward off zero-day attacks, and have security features installed and configured effectively in order to keep malware infection at bay. These all sound like hard work, and that may be the case. We must remember that being and staying safe online is not just the job of your parent, guardian, teacher, boss, or (in the case of businesses) the IT department. It’s a duty that everyone must, at some point, adhere to. No one is more responsible over our own devices than us, the owners.
If you’re already doing one of the three expectations I mentioned above, keep at it. If not, why not?
Challenge Accepted
So, how are you going to play you part for a better Internet? Let us know at the comments section below. For us here at Malwarebytes, we’re kicking off #SID2016 with a tempting offer:
While we believe that education and awareness are crucial, we also believe that everyone with a computing device has the right to be protected against malicious actors who are after their money, personal data, and resources. As such, this offer will provide our readers the opportunity to get the protection they need and deserve for less. Take note that this is only available today.
Stay safe, everyone and Happy Safer Internet Day!
Other related post(s):
Jovi Umawing