Malware, schmalware–You’re the biggest threat to yourself

Viruses, worms, Trojans, botnets, and other malware are all constant threats facing you as you surf the Web and use your PC. The biggest threat, however, to the security of your PC and personal information is you.

People have always been the weakest link in the security chain, and that problem is about to get significantly worse. Recent data breaches at Target, eBay, and other popular companies have exposed detailed personal information on tens of millions of consumers to attackers. Armed with personal information like names, addresses, phone numbers, birth dates, and more, attackers can craft very realistic phishing messages and websites that will have much greater odds of success than the average malware attack.

I wrote about this trend for PCWorld:

When a eBay suffered a massive data breach a few weeks ago, most of the attention revolved around the compromise of passwords and the vulnerabilities in the site’s security. While those are legitimate concerns, they obscure the most glaringly weak link in the security chain: people.

Indeed, it was not a sophisticated exploit that facilitated the eBay breach, but an old-fashioned con. It’s been determined that as many as 100 eBay employees were likely victims of a social engineering scheme: an attack where the perpetrators arm themselves with enough information to pass themselves off as a known and trusted individual or organization and convince the victim to reveal valuable personal information—in the case of the eBay employees, their logins.

That’s actually not surprising. When I recently asked a number of security experts to weigh in on innovative new attacks we should look out for, I was told the most concerning trend couldn’t be remedied by patching and updating applications or thwarted by your security software.

“The lowest hanging fruit is still humans,” said Ken Westin, a security researcher for Tripwire. “As long as attacks against humans still work consistently attackers will use them on their own, or as part of sophisticated, integrated campaigns.”…

You can read the full article at PCWorld: What data breaches teach us about the future of malware: Your own data could dupe you.

Has your personal data been compromised in the Target, eBay, or other recent data breach? Let me know in the comments what questions or concerns you have about how attackers might use the compromised information to exploit you.

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.
Related Post