Trends for 2014 - We Live Security

Maddison Silva | Download | HTML Embed
  • Dec 13, 2013
  • Views: 30
  • Page(s): 35
  • Size: 4.60 MB
  • Report



1 Trends for 2014 The Challenge of Internet Privacy

2 Trends for 2014: The Challenge of Internet Privacy Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Malware Diversification: Computerization of all Kinds Loss of Privacy and Mechanisms to Protect Information on of Electronic Devices which Allow Internet Connection theInternet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 and Data Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 The NSA and thePrivacy Debate . . . . . . . . . . . . . . . . . . . . . . 4 Automobiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Greater Concern of Users about Privacy in theCloud. . . . . . . . . 5 Smart TV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 The Cloud and Information Storage in Other Countries. . . . . . . 8 Smart Homes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Greater Legal Regulation and Clearer Privacy Policies . . . . . . . . 9 Smart Toilets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 How to Protect Information on theInternet . . . . . . . . . . . . . . 10 Smart Lighting Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Data Encryption (Cryptography). . . . . . . . . . . . . . . . . . . . . . 12 Refrigerators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Information Theft and Mitigating Attacks IP Cameras . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 with Two-Factor Authentication. . . . . . . . . . . . . . . . . . . . . . 13 Digital Lock. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Cybercrime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Google Glass and Other Intelligent Accessories . . . . . . . . . . . . 31 Android: Market Leader and Most Attacked . . . . . . . . . . . . . . 15 Android in Other Devices (NVIDIA Shield Portable Games Computer Threats for Android Keep Increasing . . . . . . . . . . . . 16 Console, Clocks, Home Appliances, Among Others) . . . . . . . . . . . 31 Malware Versions also increasing . . . . . . . . . . . . . . . . . . . . . 19 Conclusion: Is Internet Privacy Possible? . . . . . . . . . . . . . . . . . . . 31 Vulnerabilities in Mobile Platforms. . . . . . . . . . . . . . . . . . . . 19 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 NFC Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Other Trends in Cybercrime. . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Vulnerabilities Java and Latin American Sites . . . . . . . . . . . . 21 Botnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Ransomware in Latin America. . . . . . . . . . . . . . . . . . . . . . . 25 Author: Malware Evolution for 64-Bit Systems . . . . . . . . . . . . . . . . . . 26 ESET Latin Americas Research Team Bitcoins. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3 Trends for 2014: The Challenge of Internet Privacy Introduction complexity of malicious code designed for theAndroid operating system. Cybercriminals are applying classic attack methodologies As usual for theend of theyear, ESET Latin Americas Research of attacks to newer, mobile platforms. On this basis, thediscovery Laboratory has written ESETs annual threat trends report, which of critical vulnerabilities and their later exploitation through addresses several subjects in Information Security. theaim of this malicious code represent anevolution of cybercrime affecting mobile report is to make thecommunity aware of thepresent computer technology. On theother hand, anincrease in complexity of botnets, threat landscape and, accordingly, attempt to predict its possible 64-bit threats and malicious codes which try to obtain profits evolution in thecoming years. On this basis, in 2011, agrowing trend 1 by stealing electronic coins, are all topics that have lately gained for botnets and malware for profit was noticeable . In 2012, themain 2 prominence. Finally, avariety of non-traditional devices such as smart trend was directly related to threats designed for mobile platforms . cars, game consoles, smart TVs and others, introduce thepossibility One year later, our main topic was vertiginous growth of malicious 3 that in afuture, threats for this kind of technology may be seen. codes for mobile devices and at present, although these threats keep growing and evolving, themain topic focuses on thegrowing concern Taking into account theabovementioned topics, will privacy on expressed by users regarding Internet privacy. theInternet be possible? In this sense, cases such as therevelations by Edward Snowden concerning theNational Security Agency (NSA) of theUnited States Loss of Privacy and Mechanisms to Protect Information on theInternet had influence on thegrowing concern about Internet security. Nevertheless, this trend has not meant adecrease in cases of people Over thelast few years, cloud storage technology has grown affected by any malicious code or other kind of computer threat. It considerably in terms of thenumber of individual users and can be asserted that concern about privacy is agood starting point companies using it. Previously, it was normal to share information on theuser side; however, it is essential for people to be aware of through diskettes, optical media (CD/DVD), USB removable storage all aspects of Information Security. Otherwise, it is not possible to devices and so on; it is currently possible to note aclear trend towards mitigate theimpact of computer threats. This situation is equivalent amassive use of thecloud to thedetriment of other traditional to aperson being worried about thesafety of his home, but not means. theadvantages that thecloud offers are considerable: for actually installing analarm system, so that he is still just as likely to example, it provides easier to access information since files are become thevictim of some incident. available from almost any place and device connected to theInternet. Thus, in case of backups, it isnt necessary to choose aphysically Another trend noted during 2013 and which we expect to trend safe place to save thebackup media. All these advantages have upwards in thecoming years is related to theincreasing number and 2

4 Trends for 2014: The Challenge of Internet Privacy caused thecloud to become more popular among all kinds of users. The chart above indicates agrowth in cloud storage in every region, In this respect, Gartner stated that in 2011 only 7% of final users i.e., theuse of this technology by theusers is growing over time. information was stored in thecloud. However, it is expected that In thecase of Latin America, thepercentage growth expected for 4 by 2016 this percentage will increase to 36% . On theother hand, 2017 is 31%, compared to previous years. Despite this growth and its publication of theGlobal Cloud Index from Cisco, estimates that in advantages for users, it is important to consider that this technology 2017 Latin American users will have stored aquantity of 298 exabytes is not exempt from therisks associated with information security. 5 of information in thecloud (1 billion gigabytes) . thefollowing chart shows theprojected cloud growth in several regions of theworld and This trend of going to thecloud has many information security thequantity of stored data (expressed in exabytes): implications, but there is another subject which has suffered some changes due to theuse and misuse of technology; that subject is privacy. In this sense, it is necessary to understand that humans are social beings who use different means to communicate with others such as speech or sign language, among others. theaim of communication is to share emotions, opinions and other points of life in society. If this case is applied to thetechnology environment, it is possible to relate it to social networks, services which make personal interaction easier through anonline platform. However, despite this social and / or public human activity, there is another dimension with thesame importance related to privacy. At this, theInternet is not anexception. In thesame way that you would keep aprofessional or personal secret, in thevirtual world there also exists confidential information which should not be available to unauthorized third parties. If aperson needs to protect legal documents or any valuable object, he is more likely to think about asafe or any other secured place. Although Internet users face thesame scenario, mechanisms to adequately protect data are not always known or even when they are, used correctly. Although this subject arose decades ago with Chart 1 Traffic growth in the cloud by region (expressed in exabytes) 3

5 Trends for 2014: The Challenge of Internet Privacy thegrowing availability of information technology, cases such as that and theUnited States, which considers this as anaction justified by involving theNational Security Agency (NSA) in theUnited States have theneed to prevent terrorist attacks. caused, in away, increased user interest in protecting theinformation stored in thecloud. Beyond ideological, legal and moral debates created around this subject, there also exist incompatibilities dealing directly with The NSA and thePrivacy Debate Security of Information. From this point of view, it is important to understand that thesecurity measures auser should take do reduce As anaspect of Internet and some value-added services such as search theimpact and occurrence of several computer attacks such as engines, social networks, and webmail, among others, privacy of hacking, malicious codes, information theft, etc. but they are not so information started to gain more significance for thecommunity in efficient at themoment at preserving theprivacy of theindividual in general as opposed to security-conscious companies and experts in scenarios of determined intrusion, such as those popularly associated computer security. In 2004, it was noticeable at thetime of thelaunch with theNSA. In this sense, if atechnological provider company of Gmail, Googles web-based email service, some users were worried establishes in its privacy policy any clauses that mention possible uses 6 about their privacy . thereason for this is that thecompany analyzes for thestored information, traditional protection mechanisms set up thecontents of email and shows users advertisements based on that by users do not prevent such information from being used with some purpose established in theagreement. For example, some providers On theassumption that actions performed on theInternet may still keep users files even if theservice is cancelled; thus, even former have tangible consequences (whether positive or negative), several customers data could be jeopardized in theevent that thecompany is countries have applied regulations to address activities theresults of victim of any computer incident. which may cause damage related to aspects of social interest such as hacking, electronic fraud (malicious codes, phishing, etc.), pedophilia, Regarding traditional protection mechanisms, asecurity solution and national security, among others. This last item was precisely protects theuser from different malicious codes, afirewall defends themain subject of theincident and media debate created from public against hacking, two-factor authentication defends against disclosures by Edward Snowden. Snowden was born in United States, password-stealing attacks, and so on. However, in thecase of user he worked as anNSA technician through acontractor company data that is stored in asystem whose use depends on theacceptance until June 2013 when he leaked massive quantities of intelligence of theprivacy policy, it is thecompany rendering theservice itself information related to thecontrol exercised by US government over which may make use of such information; thus, other measures are 7 data privacy of citizens of theworld in general . This caused aglobal required to strengthen security. In this context, it is crucial to read debate between countries which do not support this kind of control thoroughly theTerms and Conditions of Service agreement and 4

6 Trends for 2014: The Challenge of Internet Privacy thesoftware they use. It is important to take into account that when aperson accepts this kind of agreement, he is explicitly accepting all items it contains whether he actually read them or not. Greater Concern of Users about Privacy in theCloud As was previously mentioned, problems related to security and privacy of data stored in thecloud existed from themoment this technology started to take off. However, what has happened with NSA has caused more users to concern themselves with Information Security. thefirst statistical study to confirm this increase is related to 8 web traffic from thesearch engine DuckDuckGo . This site is known for offering users ahigher level of privacy by offering thechance to search theInternet without registering internet user information. In this way, anyone using DuckDuckGo will obtain thesame results regardless of their individual interests, location, and other personalization factors. In this sense, theamount of traffic registered by thesite underwent Graph 1: DuckDuckGo Monthly Average Search Per Day aconsiderable increase after information regarding NSA surveillance leaked. Here is achart illustrating this information: As can be seen in thegraph, was registered anincreased number of searches from May. It is important to mention that, at that time, there had been no massive leakage of information regarding NSA surveillance disclosures. Increase of searches was proved as from June, when Snowden gave details of how NSA works. From that moment, monthly visits to DuckDuckGo experienced asustained increase of more than 200%, from 1,755,121 searches in May to atotal of 3,890,084 in September. Although these numbers are considerable lower than those from Google, they suggest anincrease in thenumber of users worried about Internet privacy since Edward Snowdens leaking of information. 5

7 Trends for 2014: The Challenge of Internet Privacy Another research showing popular concerns about Internet privacy Likewise, countries which were shown to be more worried about this is thesurvey performed by ComRes, aresearch consultancy from subject are: India (94%), Brazil (90%) and Spain (90%). Next, achart theUnited Kingdom. This research showed that out of 10,354 people summarizing themain findings of that research is shown. Information interviewed living in nine different countries (Brazil, United Kingdom, is categorized on thebasis of thenine countries considered in 10 Germany, France, Spain, India, Japan, South Korea and Australia), theresearch : 9 79% expressed their worries about their privacy on theInternet . Chart 2: Summary of thesurvey by countries 6

8 Trends for 2014: The Challenge of Internet Privacy The second column shown in thechart reflects thedegree to environments they use (computers, smart phones, tablets, and so which people in each of thecountries are worried about privacy on on) are not enough in some cases. Likewise, as aconsequence of this theInternet. thenext column is related to how companies obtain lack of security awareness, people often act in ways that are risk- personal information, that is, which users personal information is laden, from thepoint of view of Information Security. For example, stored by organizations and how its internal internally. thethird asurvey applied by ESET Latin America showed that 67% of users who item is about research started by theEuropean Union measuring received aSkype worm were eventually infected with thethreat in question. attitudes to achange in privacy policy applied by Google in 2012 and theaforementioned malicious code was spread using suggestive allows thecompany to unify data from different services that users messages, shortened links and Skype; acombination of social 11 use . Finally, thefourth column confirmed thedegree of agreement engineering techniques which proved to be effective enough to spread regarding theneed for more severe regulation of Internet users it in impressive numbers. privacy protection. This affected percentage contradicts thetrend which indicates that According to theinformation gathered in countries taken into people are becoming more worried about their privacy in Internet. account in theresearch, Germany is theleast worried about privacy This is because malicious codes are threats which are generally in theInternet. theother nations share amore consensual view developed to steal information, thus invading theprivacy of those of theimportance of how peoples privacy should be protected on who become affected. Although at first sight this is aninconsistency thenet. per se, it can be explained by thefact that many users, even while using security technologies such as antivirus, firewalls and Beyond these specific cases, thecurrent global trend is towards other tools, do not pay enough attention to security awareness. ahigher concern regarding theways in which companies and In fact, education is fundamental to theadequate protection of governments store, control and use private information of Internet acomputer environment and, in that way, it improves user privacy users. It is possible that what happened with theNSA and Edward on theInternet. This opinion is borne out by analysis of theresults 12 Snowden had contributed to this concern, in that so many people 13 of theESET Latin Americas Security Report 2013 . In that document, around theworld have become aware of thesituation and, thus, it is possible to observe that companies adopting awareness have become more interested in preserving their own online privacy. plans regarding Information Security are less prone to be victim of Notwithstanding this concern, which was to all intents and purposes computer attacks, compared to those which do not carry out that extended to theworld and beyond social and media debate caused kind of practices or do so inconsistently. It is important to mention by initial concerns about theNSA, theprotective measures taken that security consciousness, whether corporate or personal, must by users to maintain their own privacy and security in thecomputer be persistent and sustained over time since security is afield which 7

9 Trends for 2014: The Challenge of Internet Privacy evolves quickly. thefollowing diagram aims to show that, although In afirst attempt to reduce this problem, some social networks such installation of asecurity solution grants anadditional protection layer, as Facebook have applied simpler methods to limiting theinformation consciousness is fundamental to obtain anadequate aperson publishes, such as buttons to set up visibility of something protection level: transmitted. In this setting, theuser can choose to make thecontent public or just for theusers friends or exclusively for asingle individual. On theother side, Facebook also applied anew menu which allows theFacebook user to manage user privacy easily. To relieve problems at this first stage, it is important for theuser to know that this kind of control Diagram 1: Greater concern is not synonymous with more privacy exists and also to think about theimplications this situation may have. One example might be thechance that aspiteful third person As it may be seen in thediagram, there is more concern to keep may obtain personal information if potential victims make public any privacy in Internet, however, lack of consciousness is still one of data such as domicile, telephone numbers, workplace, and so forth. themain obstacles at themoment hampering adequately protection of information and privacy. Another survey which confirms thetrend The Cloud and Information Storage in Other Countries is theone carried out by ESET Latin America in July 2013. In that instance thesubject was social networks. Regarding thequestion of As was previously mentioned, thecloud is not anew online storage how safely users think their information is kept on social networks technology: however, its flexibility has caused, with thepassage of servers, 52.2% think that they are slightly unsafe, i.e. more than half of time, amassive increase in use in homes and by companies. According therespondents consider it is possible that such information may be to Gartner research projecting several aspects of thestate of thecloud obtained by athird party. between 2011 and 2016, Latin America is not theregion which has economically invested themost in this technology (that would be Before explaining thefactors which may affect apersons privacy, theUnited States with 59% of investments); however, some individual it is essential to understand therole theuser plays in this whole countries in Latin America, such as Argentina, Mexico and Brazil are 14 process. In thefirst instance, it is theuser who decides which piece nations with higher rates of growth of services in thecloud . of information he wants to publish and which he does not, adecision which may increase or decrease his level of privacy in theInternet. At Despite this increase, and theflexibility given by aservice of this kind, first sight, this process may seem simple, however, it is necessary to thecloud is still creating controversies and uncertainties regarding be careful and to understand properly thereal scope and distribution thesecurity and privacy of thestored data. In this respect, some anInternet publication may have. users express their concern because this technology does not allow 8

10 Trends for 2014: The Challenge of Internet Privacy direct control over data as does alocal server or theusers own adopted by theservice provider in thecloud such as data encryption, system. To clarify this subject, it is necessary to understand some policies governing use and security, and so on, also determines aspects of thetechnology in question. First, it must be considered theprobability that information to be stored in thecloud may be that theinformation or theplatform in which it will be stored in damaged as theresult of anattack against theservices provider. thecloud may have been compromised before, during or after data transmission. thefollowing diagram shows thethree previously Likewise, thecountry where theserver that stores information resides mentioned stages: may also have acritical influence on information security and privacy. Each country has adifferent set of rules regarding data protection in computer environments. Thus, more restrictive legislation may be of benefit at thedata protection level. However, aless severe legal system or absence of specific regulation may affect information privacy. Greater Legal Regulation and Clearer Privacy Policies Legislation is one of themeans employed by countries to regulate Internet use, penalizing acts such as information theft, fraud, pedophilia-related crime, and hacking, among others. Accordingly, in 2013 Peru tried to penalize specific activities that may attempt, whether direct or indirectly, to work against users privacy in Internet. Diagram 2: Stages in which information theft may happen in thecloud In this case, thePeruvian congress passed its Computer Crime Law. This law tries to punish pedophilia-related traffic and electronic fraud. For According to thediagram above, thefirst stage at which information example, in case of privacy breaches, thelaw establishes asix-year may be compromised is before it is stored in thecloud. For example, prison punishment. acompany whose systems are infected with malicious code is vulnerable to having information stolen before it is ever uploaded On theother hand, in thewake of NSA case, thepresident of Brazil, to thecloud. On theother hand, information may also be at risk if Dilma Rousseff, was worried about theprivacy of citizens using organization sends information through anunsafe connection. In Internet. For that reason, she raised thepossibility that companies this case, hacking would happen during transmission of data due 15 would be obliged to store all data from Brazilians on local servers , to attacks such sniffing or packet theft. At thethird stage, security that is, computer systems that are physically established in that 9

11 Trends for 2014: The Challenge of Internet Privacy country so that Brazilian data protection legislation may be applied. How to Protect Information on theInternet More precisely, about thelocation of acomputer system and Starting from thepremise that theComputer Security of individuals regulations applicable within thesaid countries is one of theproblems can be observed and quantified, it is necessary to understand specific to thecloud and it is explained in detail in thefollowing pages. thedifferent factors which may compromise theindividuals As it may be seen, cybercrime as well as government surveillance privacy. In thesame way, it is essential to know which technologies issues have caused users Internet privacy to be apriority for society as may mitigate theimpact of this problem. thenext chart exposes awhole. thedifferent factors that may compromise user privacy. Technologies Companies have played their own part in this situation. There is and protection measures are also summarized that may be adopted to agrowing trend towards making known and simplifying theprivacy reduce such impact (see Chart 3). policy of services such as Facebook, LinkedIn and Pinterest. In thecase In theabove chart, some concrete measures are mentioned that of Facebook, thecompany inserted changes into its Data Use Policy theuser may apply in order to increase security and privacy on and Bill of Rights and Responsibilities for users of that service. Updates theInternet. Some actions in particular, such as encryption of data try to explain some aspects of these documents and also give advice and two-factor authentication, are explained in detail in thefollowing focused on privacy such removing Facebook applications no longer used. pages. In thecase of LinkedIn, theaim was to make privacy policy easier to understand. For its own part, Pinterest carried out asystem which offers personalized content and which can change set-up parameters 16 related to theprivacy of theaccount . With all these changes, it seems that there is atrend towards publicizing privacy policy and making people more aware of thetopic. Similarly, some countries in theregion have gradually shown more interest in regulating theInternet and users privacy. 10

12 Trends for 2014: The Challenge of Internet Privacy Chart 3: Factors which may compromise user privacy 11

13 Trends for 2014: The Challenge of Internet Privacy Data Encryption (Cryptography) depends on therobustness of theencryption algorithm, that is, theway in which information is encoded to make it unreadable. Another effective security measure in this context is data encryption Although it seems paradoxical, its important to read one more time (crypto). Simply expressed, this is amethod of making information theuser agreement in case thesoftware or theencryption service unreadable in such away that it is necessary to use akey (password, includes among its policies theright or necessity to share thekey or passphrase, PIN, token) to decipher data and make it readable decryption algorithm, in which case user information may be further again. In this event, information may still be obtained by athird exposed. person: however, if adequately encrypted, it isnt readable without thenecessary password. However, as with every computer protection Next, we show adiagram summarizing thedata encryption measure, it is not infallible. thedegree of security given by encryption operation: Diagram 3: Data encryption operation 12

14 Trends for 2014: The Challenge of Internet Privacy As may be seen in thediagram, theoriginal information is in plain authentication by password, i.e., something theauthorized user text, i.e., not encrypted (1). At thesecond stage, information is knows) is not enough to reduce theimpact of attacks. encrypted and protected by akey (2). Next, any user who tries to access encrypted data and does not have theright key will not be able Two-factor authentication is amethodology which implements to access or at any rate read theinformation (3).Finally, those persons asecond authentication stage, so that it reduces therisk of successful who actually have thekey are able to decrypt thedata (4) and view attacks. For example, when auser accesses his account (mail, social theoriginal message as it was before encryption (5). network, bank, etc.), as well as entering access credentials (simple authentication by password) he has to enter asecond corroboration On this basis, it is always convenient to encrypt information before code such as asoftware token which might be sent to asmartphone uploading it to thecloud. In this way, data is not vulnerable to being by SMS or provided by anapplication. In this way, if anattacker decrypted and accessed by unauthorized third persons. Similarly, can obtain thename of theuser and password, he still cannot technologies such as Microsoft BitLocker allow stored files to be compromise user privacy because he does not know thesecond encrypted in thelocal system (i.e. on theusers own device). Thus, authentication factor. to encrypt information locally as well as in thecloud considerably reduces thepossibility that anattacker might access and misuse data. Information Theft and Mitigating Attacks with Two-Factor Authentication As was already explained in thedocument Trends for 2013: Astounding Diagram 4 How two-factor authentication operates growth of malware for mobiles, cases of information leaks due to attacks by third persons have been taking place since 2013. Cases such as The next diagram simplifies and clarifies theway this system works: theBurger King breach, where theattacker compromised thefast food franchises Twitter password and used its Twitter account to publish A trend which became evident during 2013 is theincrease in advertisements for one of its competitors, as well as thedifferent thenumber of companies which have used two-factor authentication computer threats which tried to steal passwords (malicious codes, systems as away of reducing some computer attacks. Except for brute force attacks, attacks to servers and phishing), have proved that financial entities which have alonger history of working with this simple authentication through theknowledge factor (single-factor technology, this protection system has been adopted by organizations such as Facebook, Apple, Twitter, LinkedIn, Evernote, Google, and Microsoft, 13

15 Trends for 2014: The Challenge of Internet Privacy among others. Generally, in order to improve usage of this system, programs raising awareness of this subject. To this end, ESET Latin they just request thesecond authentication factor in theevent America published thedocument Is it theend of passwords? Simple that theperson uses anew or unknown device (one which has not authentication more and more threatened. In thecited text, there is more been previously added as asafe device). This prevents theuser from information about theoperation of this authentication method and entering thesecond authentication code every time he wants to how to activate it in thecontext of anumber of services. use theservice. Likewise, at present several services enable theuse of this kind of protection using Google Authenticator, anapplication, Cybercrime available for mobile platforms, which creates arandom code that As was already explained in theprevious pages, user awareness of may be entered as asecond authentication factor for accounts Internet information privacy issues has increased; however, certain with (for example) Microsoft, Google, Facebook, Amazon Web computer threats, such as malicious code, are still one of themain Services, and Evernote. Accordingly, ESET put on themarket ESET causes of information theft and loss of privacy. Although thelack of Secure Authentication, asolution created to implement atwo-factor user awareness plays themain part in thesuccess of these attacks, authentication system for VPN networks and corporate email servers. thecybercrime world constantly improves and updates its methods in While more companies are offering this kind of protection, lack of order to improve its profit margins. user awareness of this technology makes it difficult to make much As was already explained in thedocument Trends for 2013: Astounding impact on thetotal number of computer attacks. Even worse, two- 17 growth of malware for mobiles , theincrease of computer threats for factor authentication often comes deactivated by default; thus user Android devices as well as for themobile market in general has activation and manual set up becomes necessary. In order to measure evolved quickly. To this effect, and as happened in 2013, thenumber how aware users are with respect to two-factor authentication, of detections, families, versions, variants and of signatures to detect ESET Latin America carried out asurvey on this topic. According to malicious codes for Android will continue to accelerate. theinformation obtained, more than 64% of users in Latin America do not know what two-factor authentication is. There is evidently aserious lack Beyond thetrends stated in theprevious paragraphs, we have also of user awareness of this mechanism, certainly, at themoment as noticed thetechnical evolution of certain kinds of malicious code. regards taking advantage of atwo-factor authentication system. thefirst category relates to threats designed for botnets, that is, networks of compromised computers (zombies) which are operated Taking into account thefact that concern about enhancing Internet by anattacker for malicious purposes. In thesecond place, malware privacy is atopic of social interest, it is possible that in future we designed for 64-bit platforms, which has become increasingly complex will see users moving towards this kind of double protection; and and sophisticated lately. Finally, it is important to point out that 14

16 Trends for 2014: The Challenge of Internet Privacy blackmail using malware (ransomware) as amethod of making illicit profit has become more common in Latin America, being no longer atechnique executed exclusively in countries such as Russia and theUnited States. Android: Market Leader and Most Attacked In thedocument Trends for 2013, it became evident that theAndroid operating system from Google has consolidated its position as themost widely used mobile platform. In this sense, theleading trend regarding themarket segment occupied by Android is anaccelerating take-up rate; this might explain theincrease and consolidation of different computer threats affecting this platform, as we shall explain later. Going back to themobile market, it can be noticed that Apple iOS is still thesecond most popular operating system. thefollowing graphic shows theevolution experienced by different existing mobile 18 platforms. For that purpose, two Gartner research documents were used, which consider themarket statistics for thesecond quarter of 2011, 2012 and 2013 (see the chart on the right). According to theresults published by Gartner, in thesecond quarter of 2011 Android had 43.4% of themarket. One year later, that percentage increased to 64.3% and at present, it has reached 79%. This growth Sources: Smartphones sales to final users 2Q11 and 2Q12-13, Gartner goes hand in hand with adirectly proportional increase of thequantity of malicious codes developed for Android. Likewise, evolution of Regarding other operating systems, iOS keeps its position in spite some threats for this operating system and thediscovery of certain of some ups and downs as thesecond most popular platform on vulnerabilities show theincreasing interest that cybercriminals have themarket. Windows Phone experienced aslight increase while in attacking this segment. BlackBerry and Symbian suffered adecrease. 15

17 Trends for 2014: The Challenge of Internet Privacy The following pages explain thegrowth experienced by some threats for mobile platforms regarding thenumber of detections, their complexity and other factors. Then, in thethird section, thetrend for non-traditional devices will be explained i.e., devices which host Android and other operating systems and therisk for security and privacy this may entail for users. Computer Threats for Android Keep Increasing As was forecast in thedocument Trends for 2013, malicious codes for Android are rapidly increasing. thefirst number to corroborate this item is related to thequantity of unique detections. Comparing detections that occurred in 2012 and 2013, it is possible to establish that they have increased by 63%. It is important to mention that we are contemplating thewhole of 2012 and only part of 2013 (from January 1st to October 22nd). This is therefore asignificant increase. Countries with greater growth of thenumber of detections of New Families and Types of Malware for Android malware for Android are Iran, China and Russia. On theother hand, there are five Latin American countries, which also showed alarger Concurrently with thepercentage growth of detections of malicious percentage rate of detections in 2013 compared to 2012: Peru (150%), programs for Android, anincrease can also be noticed in thenumber Ecuador (142%), Bolivia (114%), Paraguay (94%) and Mexico (90%). of malware families for this operating system. It is important to point thefollowing graphic shows theaforementioned percentages more out that afamily is agroup of malicious codes which share some visually (see the chart on the right) characteristics. Next, there is adiagram reviewing families which appeared in thelast four years (2010-2013): Comparing numbers of this year and those expressed in Trends for 2013, Peru and Ecuador are still leading this ranking. Below them are Colombia (63%), Chile (17%) and Argentina (20%) making way for Bolivia, Paraguay and Mexico. 16

18 Trends for 2014: The Challenge of Internet Privacy 17

19 Trends for 2014: The Challenge of Internet Privacy The graphic shows that in 2010 there were only three families. As one year ago, it was usual to find spyware Trojans, SMS Trojans, and theyears passed, theaforesaid number increased so that in 2011, botnet malware that tries to turn thedevice into azombie. However, 51 families were reported; 63 families were reported in 2012; and 79 in 2013, four sub-categories of Trojans were reported that were only were reported in 2013 (up to October). thefollowing graphic shows related to Windows and other conventional platforms: thetrend: 1.Downloader Trojan: tries to find other threats from Internet to subsequently install them in thedevice. 2.Dropper Trojan: installs other threats that theTrojan itself includes in its code. 3.Clicker Trojan: intended to create traffic in asite or advertisement with theaim of artificially increasing thenumber of clicks. This allows theattacker to create agreater yield. 4.Bank Trojan: specifically tries to steal information related to financial entities and Banks. The prevailing trend is not only related to thegrowth of threats for theGoogle mobile platform but also to appearance of subtypes of Trojans which previously affected only traditional operating systems. It is probable that, in thefuture, thenumber of families composing each of these sub-categories will increase. Malware Versions also increasing It is important to point out that thegreatest number of malware Another figure which has increased again is thenumber of versions families for Android was reported in 2013, even though we are comprising each family; i.e., relatively minor changes to known considering only thefirst ten months of theyear. If we compare malicious code. Attackers usually develop new versions with thesame period of time (from January to October) in 2012, 55 families theaim of detecting security solutions and to add new malicious appeared and 79 in 2013. This represents agrowth of 43.6% during functionalities. It is important to point out that for every new version 2013. Another interesting aspect to our analysis regarding malware that appears, theESET laboratories assign anew letter as asuffix to families is thediscovery of new categories of Trojans for Android. Until thethreat name which increments according to alphabetical order. 18

20 Trends for 2014: The Challenge of Internet Privacy For example, two versions of anew malicious code would be classified versions were discovered and one year later, 324. thenext highest as Threat.A and Threat.B. In theevent of exceeding theavailable growth is shown by theSteek Trojan, whose first version was letters, thealphabet is repeated:.AA,.AB, etc. thefollowing graphic discovered in 2012. Nowadays, theaforesaid malicious code is takes into account four families of malicious codes for Android. For comprises 61 versions compared to thethree detected in 2012. Boxer each one, thenumber of versions which appeared in 2011, 2012 and and FakeInst also increased in 2013 with 45 and 48 new versions 2013 is included, as appropriate: respectively. Vulnerabilities in Mobile Platforms Vulnerabilities are programming mistakes that, under certain circumstances, may be used by attackers to compromise asystem and (for instance) steal information. Mobile technology is not immune to this problem, since mobile devices also use software and hardware, which may contain errors and bugs. Nevertheless, at present more cases are seen of vulnerability exploitations affecting traditional systems than affecting mobile platforms. However, in 2013 it has been very clear to us that cybercriminals are focusing on exploiting security gaps in operating systems for mobiles like Android. A piece of evidence confirming this assertion is thediscovery of theObad Trojan. This malicious code can be manipulated by athird person through SMS and it can download other threats and steal sensitive information, such as thevictims contacts. Although such Trojan characteristics do not amount to innovation, theexploitation of vulnerabilities unknown till thediscovery of theTrojan (0-day) does. thefirst one resides in theprogram dex2jar, software used by thesecurity industry to analyze malicious codes designed for Android Once again, thefamily which experienced thehighest growth in statistically. thesecond vulnerability exploited by Obad resides versions is TrojanSMS.Agent. thefirst version of this malware dates specifically in theAndroid operating system. from 2011 and, in that year, it comprised 31 versions. In 2012, 214 19

21 Trends for 2014: The Challenge of Internet Privacy Before clarifying this aspect, it is necessary to explain that Android NFC Technology has alist, visible to theuser, enumerating those applications installed Near Field Communication (NFC) technology allows interchange that request administrator authorization to function. This list can of information by putting together two devices. Although it can be accessed in some devices from Settings Securities Device be used for file transfers, some countries such as Chile are using Administrators. Based on this, asecurity vulnerability allowed this this communication protocol to pay services more easily, such as malicious code privileged execution within thelist of programs 20 restaurants and malls, amongst others . Its aim is to make everyday requesting legitimate authorization. In this way, it was impossible for life easier so that people do not have to carry credit cards or other thevictim to see Obad as anapplication that required administrator means of payment with them. However, it is important to consider authorization. Although this situation, where malicious codes exploit that any technology used for bank transfers is apotential target 0-day threats (unknown until that moment), is not new in platforms of computer attacks. In this sense, it is possible that as this means such as Windows, it is novel for Android. Obads discovery shows of payment becomes more popularly used, it will be easier to find that cybercriminals are looking for new vulnerabilities in operating malicious codes trying to steal information relating to such payment systems, such as Android, with theaim of carrying out computer transactions. attacks easily. In thecase of NFC technology, information theft could happen at On theother hand, Bluebox Labs researchers found anenormous themoment in which user makes thepayment. Thus, it is essential vulnerability affecting almost all Android systems (from 1.6 to 4.2). that payment data stored in theequipment as well as theprocess of Its discoverers named it Master Key: this fault makes it easier information transmission at themoment of payment are strongly for attackers to develop malicious codes which steal information encrypted. and turn devices into zombies and camouflage them as genuine applications. Exploitation of this vulnerability affects theway in which 19 Android corroborates anapplications cryptographic signature . In other words, every legitimate application has aunique key which allows its authenticity to be confirmed. In this way, if athird person arbitrarily modifies aprogram, Android prevents installation of software because thecryptographic signature is broken. However, by means of this vulnerability, acybercriminal could alter anapplication yet leave thecryptographic key intact. Thus, themalicious program would be executed without any warning by theoperating system. 20

22 Trends for 2014: The Challenge of Internet Privacy Other Trends in Cybercrime Vulnerabilities Java and Latin American Sites In thearticle Trends for 2013, one of themain trends analyzed was thespread of malicious codes using anintermediary such as aweb service which has been breached by attackers for that purpose At that time, it was clear that detection statistics related to that method of spreading showed asustained increase. Nowadays, this trend is still growing in Latin America, blogs being one of themost widely breached types of service in theregion. They represent 47% of total amount of affected sites according to alist of compromised pages. On theother hand, ESET Latin America Research Laboratory was able to determine that Brazil, Mexico and Peru have thegreatest proportion of official and education sites which have been compromised by third persons in order to spread malicious codes. From 4500 compromised sites which were studied, 33% belonged to Brazilian government pages, followed by Peru with 20% and Mexico with 12%. Of themalicious codes hosted in those sites, 90% belong to Trojan families and theremaining 10% was divided between worms and backdoors. As regards compromised pages belonging to educational entities, Mexico is leading with 33%, followed by Peru and Argentina with 17%, as can be seen in thefollowing graph. 21

23 Trends for 2014: The Challenge of Internet Privacy 22

24 Trends for 2014: The Challenge of Internet Privacy On thebasis of theinformation summarized in theprevious could be accomplished with little or no participation on his part. Next, paragraphs, it is notable that thetrend towards theuse of thestages which made both attacks possible are shown: anintermediary has kept on rising in theregion; however, these problems have also increased in technical complexity. This is due to theincrease of exploitation of different Java vulnerabilities and thedevelopment of new malicious codes designed to automate theexploitation of vulnerabilities in Linux web servers and thespread of computer threats. The first aspect of this technical evolution is related to exploitation of vulnerabilities in Java. It is important to consider that Java is amultiplatform technology (working on several operating systems) which has thecapacity to add new functionalities to websites. Thus, it combines two characteristics which are useful for cybercriminals. On theone hand, thefact that it works in different operating systems Diagram 5: Stages involved in attacks to Apple and Facebook makes it easier for attackers to compromise different environments; and on theother hand, as it is apopular technology, cybercriminals The second aspect of this technical evolution has to do with make sure they affect thegreatest number of users. thedevelopment of new malicious codes designed to breach Linux- hosted web servers. Where cybercriminals used to breach aserver The efficacy of attacks exploiting vulnerabilities in java was through theexploitation of avulnerability in order to use it to host empirically proven when companies such as Facebook and Apple were malware, nowadays, that manual operation is being replaced infected. Later investigations showed that thecause to be amalicious by theuse of malicious programs intended for that purpose, such program which could enter systems belong to both companies as Cdorked, Chapro and Snakso. In these three cases, malware is through exploitation of vulnerabilities in this software. To achieve specifically designed to compromise Linux web servers. Later, these that aim, theattackers breached awebsite that Apple and Facebook threats fulfill theaim of changing sites and spread other malicious employees used to visit. Cybercriminals installed amalicious applet codes designed for Windows, eventually successfully automating (Java application) which exploited asecurity hole on that page. thewhole attack process. Finally, and after avictim visited thecompromised site, infection 23

25 Trends for 2014: The Challenge of Internet Privacy Botnets data transmitted to and from abotnet allows us to determine what information is being stolen; likewise, it makes botnet disruption As was mentioned in thepublication Trends for 2010: Crimeware easier, and, potentially, tracing of thepersons responsible. However, Maturity, theauthors of computer threats started to develop when using TOR, attackers make all thepreviously mentioned aims malicious codes whose main aim is profit. This trend has been much more difficult to achieve, since this network was specifically constant over time and has been combined with malware which tries created to encrypt all transmitted data, making traffic capture to establish botnets. These are computer networks that once infected more difficult. Throughout 2013, it has also been established that (zombified see Net of theLiving Dead: Bots, Botnets and Zombies), are besides using several versions of malware families already known, at themercy of agroup of cybercriminals (botmasters) who use them cybercriminals also develop new families such as Napolar, apiece to steal information, attack other systems, and store illegal content of malware which has affected countries such as Peru, Ecuador without thevictims consent, among other malicious actions. and Colombia. This threat was spread through Facebook and has If we consider that themain aim is to obtain increase illegal profits, theability to create abotnet, make denial of service (DoS) attacks it is understandable that cybercriminals use their resources for (massive bulk sending of requests to aserver until it knocks websites thecreation of botnets. In this way, thelarger thenumber of offline), and steal information from thevictim, among other actions. infected computers, thegreater thechances of making money. On theother hand, proof of concept phenomena such as thecreation Apart from themalicious programs having this functionality that of abotnet net integrated by 1,000,000 surfers, as presented at have been observed, we also see techniques which try to increase theBlackHat 2013 conference, reaffirm thepossibility that in thecomplexity of this kind of threat to avoid disruption of thebotnet thefuture cybercriminals will use other techniques to use zombie by theauthorities or other organizations. thefirst case observed in computer networks to make illegitimate profits. As was already 2013 has to do with amalicious code detected as Win32/Rootkit.Avatar. mentioned, theuse of these methodologies not only adds complexity This threat uses Yahoo! Groups as ameans of controlling zombie and theconsequent difficulty in thestudy of these threats but also computers. Likewise, this malicious code has techniques used to increases by way of countering theeffectiveness of security solutions. avoid expert analysis, That is, to obstruct those researches performed In this sense, as proactive detection methods such as heuristics with theaim of determining aspects of infection needed for forensic and generic signatures evolve, so do threats. It is probable that in purposes. thefuture new cases of malicious codes and families destined to be Another trend in botnets is theuse of TOR as away to hide part of these kind of network will be detected and, at thesame time, theperformance of cybercriminals. Although this is not anew technique cybercriminals will establish techniques to make such threats more per se, in thelast months we have noticed anincrease in theuse of effective. this methodology for thefollowing reasons. Sometimes analysis of 24

26 Trends for 2014: The Challenge of Internet Privacy Ransomware in Latin America varies according to thecountry. thenext graphic shows theamount requested in various nations: Until fairly recently, malicious codes of theransomware kind i.e., theones which demand money for therecovery of systems and information they delete or encrypt mainly affected countries such as Russia. However, this attack methodology is becoming established in Latin America and there are already several users who have been affected. In thecase of themalicious programs referred to in theprevious sections, theprofit resides in thedirect theft of information. However, in thecase of ransomware, theprofit comes from theextortion of money from thevictim. When auser executes malicious code with these characteristics, it may happen that access to thesystem is locked. anexample of this behavior is presented by theLockScreen (Multi Locker) malware family, more commonly called thePolice Virus. In this case, aperson cannot have access to theequipment until thesystem threat is removed. In other cases, information is encrypted in thesame way that theFilecoder malware family operates. In both cases, cybercriminals As regards Filecoder statistics in theregion, Peru is shown to be demand money from thevictim in return for thecontrol of thecountry with thehighest rate of detections in Latin America thecomputer or for access to kidnapped information. during 2013, Russia being theworlds most affected nation. In relation Regarding theincrease of ransomware threats in Latin America, to thetechnical complexity of this malware family, it is important to Mexico stands out as thecountry most affected by Multi Locker. LockScreen mention that in some cases, its possible to recover encrypted files detection in this nation has increased almost three times compared to because theencryption algorithm used is so lightweight, or because 2012. Likewise, in 2012, Mexico occupied the37th world level position of thedecryption password is found within thethreat code itself. LockScreen detection; currently, it occupies the11th position. Likewise, However, as these malicious programs evolve, theimplementation Nymaim is another malicious code affecting that country which requests of more and more complex algorithms is precisely one of anamount of money (150 dollars approximately) for therecovery of theimprovements being added, and such algorithms make it difficult thesystem. It is important to mention that theprice of therescue 25

27 Trends for 2014: The Challenge of Internet Privacy or impossible to recover thefiles. There is more information about systems. In this context, cybercriminals are developing more threats encryption methods in Filecoder: money for kidnapped information. specifically designed for this technology and over time, they have evolved technologically. Expiro, for instance is anexample of this kind This kind of methodology arises from thepremise that users store of virus, which can infect 32-bit as well as 64-bit files; this makes it valuable information and do not make necessary backups; thus, when ahighly versatile and infectious threat. Expiros aim is to steal data confronted with adesperate situation thevictim may decide to pay entered by thevictim on various websites. for therescue as even aMassachusetts police force did. This action encourages and stimulates illegal business activity, so not paying and In consequence, detection rates for malicious codes designed for adopting thenecessary countermeasures contributes to preventing and 64-bit platforms have also increased in Latin America. Countries combating this kind of malicious code. such as Mexico, Peru and Argentina have experienced themost important growth in theregion according to this trend. Next, agraphic showing Malware Evolution for 64-Bit Systems thepercentage for each country is shown: 64-bit platforms are not new. In fact, in 2005 Microsoft already offered aversion of Windows XP designed to work on processors that use thex86-64 instruction set. Despite this, at that time this technology was not widely used, so it was not targeted by cybercriminals. This situation has been changing and computers with 64-bit architecture are now more frequently found. According to statistics published by Microsoft, in June 2010 46% of Windows 7 installations globally 21 were 64 bit versions . Likewise, according to information published by Digital Trends, Gartner predicts that for 2014, 75% of corporate 22 computers will be using some version of 64-bit Windows . The increase in theuse of 64-bit systems is logical if we consider that this technology allowed theuse of more than 4 GB of RAM; something that usually 32-bit versions of Microsofts desktop operating systems Mexico (23.9%) and Peru (23.7%) are thecountries in theregion most cannot natively handle (unless features like Physical Address affected by malicious codes designed for 64-bit Windows platforms. Extension, PAE are used). Besides, some complex applications are Meanwhile, Argentina (9.2%) is quite along way behind and other benefited in terms of profitability if they are developed for 64-bit 26

28 Trends for 2014: The Challenge of Internet Privacy countries such as Chile and Brazil are even further behind with 5.9% and 5.4% respectively. Among themost detected 64-bit malicious programs in Mexico and Peru, theWin64/Sirefef and Win64/Conedex families stand out. This trend will probably increase even more in thefuture. Likewise, launching of smartphones using 64-bit operating systems such as iPhone 5s suggests thelikelihood that, in time, we will detect thefirst computer threats designed for 64-bit mobile platforms. Bitcoins Bitcoins represent arelatively new electronic currency not controlled by any central authority. They also allow thepurchase of real assets and not necessarily just virtual ones. These characteristics make this currency anattractive target for cybercriminals. Consequently, more and more threats can take advantage of CPU and GPU calculation power of theusers computer to obtain Bitcoins. In this sense, and taking into account thefact that Bitcoins are electronic coins, system resources can be used to mine for such currency. However, thecomputation necessary to obtain aBitcoin is so complex that it requires substantial resources and processing Diagram 6: Use of zombie computers to obtain bitcoins time, so that cybercriminals use botnets to achieve this goal more The most widely used method profiting from these currencies is by easily. theadvantage of theuse of several computers in parallel is calculation of analgorithm used by digital coins. Among examples summarized in thefollowing diagram: of malicious codes used for this kind of processing are Win32/Delf. QCZ and theeven larger CoinMiner malware family. Although Bitcoin is themost widely used electronic currency these days, there are alternatives which have similar characteristics and which have also become targeted of attackers. anexample is MSIL/PSW.LiteCoin.A. 27

29 Trends for 2014: The Challenge of Internet Privacy There is asecond method by which attackers can obtain illegal phones but also diversification into other non-traditional devices earnings from users of these currencies. Generally, they use electronic using Android as operating system. In consequence, products such wallets to store this kind of tool for electronic transactions: hence as games consoles (NVIDIA Shield), smart glasses (Google Glass), thedevelopment of malicious code designed to steal exactly thefile refrigerators (some Samsung models), washing machines (Samsung Touch where this information is located. This methodology is not new, Screen washing machines), among others, are already available in some but theincreasing popularity of electronic coins leads us to expect countries. Although this kind of technology has not been massively that these threats will increase in number and complexity. For more adopted in Latin America and other regions, it is probable that this information about this subject, we recommend reading Bitcoins, will happen. This suggests that in thefuture there will be computer Litecoins, Namecoins and how electronic money is stolen in theInternet. threats designed for smart appliances and other equipment which are not strictly mobile devices. This likelihood increases if we consider Malware Diversification: Computerization of all that theoperating system of these devices is Android, which makes it Kinds of Electronic Devices which Allow Internet easier to develop malicious codes and other threats that target them. Connection and Data Sharing On theother hand, it must be considered that Android is not theonly Ten years ago, few would have thought that acell phone could operating system being used in smart devices. Other companies be infected with malicious code. At that time, these devices had have chosen to develop proprietary platforms, that is, systems only basic functions such as telephone calls and SMS. Thus, it designed specifically for agroup of smart appliances and not based was technically difficult or even impossible to discover computer on open source code. In this case, its harder for computer threats threats targeting these types of equipment. However, at present, to be developed. However, there is no case where thecreation of thesituation is radically different. theevolution experienced by this malicious code is inconceivable or impossible. Finally and bearing technology has been such that smartphones can perform actions in mind what happened in themobile market and thegrowth of similar to those performed by acomputer such as photo editing, threats targeting this equipment it is possible to deduce that latest- high speed Internet connection, bank proceedings, games, etc. This generation appliances and other non-traditional devices could be technological advance has been enabled by software (applications turned into targets for attackers, based on three factors. thefirst and more complex operating systems) as well as hardware (four core one is related to technological evolution; then, theuse of these processors, larger RAM memory, 64-bit architecture, etc.). devices; and finally, theways in which that use could be monetized by cybercriminals. Together with this technological evolution, there is atrend not only of growth of this market and of computer threats for mobile 28

30 Trends for 2014: The Challenge of Internet Privacy Next, some non-traditional devices which have evolved in computer capable of turning off theTV. Likewise, inclusion of afrontal camera, terms are considered. Likewise, thestate of computer security for which can film what happens in theresidence where theTV is kept, these devices is explained: increases thechance that, in thefuture, these devices will become target of cybercriminals. aresearch presented at BlackHat 2013 also Automobiles demonstrates it: Smart TVs have almost thesame vectors of attacks 24 as smartphones . Nowadays, some automobiles have more and more complex computer systems which allow manipulation of some parameters In fact, we have seen this year how one Smart TV manufacturer had through asmartphone and software. This includes measurement and issues with data collection from its users. It is possible that in monitoring of fuel and oil levels, of mileage or kilometers covered, on- thefuture, more threats designed for this equipment will be observed; board entertainment systems, geolocation technologies (GPS), and so however, it is also possible that theemphasis will be on invading on. As these are complex devices, there is anincreasing likelihood of theprivacy of thevictim rather than in theprocurement of direct theexistence of vulnerabilities that may be discovered and exploited profit. by attackers. Consequently, recent investigations show that computer systems Smart Homes in some latest-generation automobiles are vulnerable to computer The field that makes possible thedesign and implementation of attacks. As aresult, it has been proved, through proof of concept, that smart homes is called home automation. In other words, it is agroup it is possible to remotely manipulate acar and start theengine, open of systems which provide ahouse or aclosed area with efficient 23 thedoors and even deactivate thebraking system . It is important to energy management, comfort, and security, and so on. It could also mention that these proof-of-concept tests have been made possible be understood as technology integration within ahouse, building by means of aphysical link through awire, nevertheless, Internet or another kind of engineering construction. Taking into account connection capacity included in some automobiles could make such theprevious definition, there are several conventional devices which anattack easier. have evolved and nowadays are part of asmart home, for example toilets, refrigerators, lighting systems, and IP (Internet Protocol) Smart TV cameras, among others. In technological terms, televisions have evolved and some of them In thefollowing paragraphs, we mention some of these devices and already include theability to connect to theInternet to download how acybercriminal could make anattack against these technological content. Furthermore, there is already aproof-of-concept test devices: 29

31 Trends for 2014: The Challenge of Internet Privacy Smart Toilets on line, among other actions. Likewise, companies such as LG have launched onto themarket refrigerators which use Android to offer user Smart toilets are also vulnerable to security attacks. Some of them intelligent characteristics of added value. Such features give include cleaning, deodorization systems and even monitoring of athird party thechance to develop malicious codes to compromise pressure and glucose levels in blood, which are important for some theaccurate functioning of this kind of technology. anattacker could, health conditions, such as diabetes. Despite these characteristics, Trustwave investigators were able to alter thenormal behavior of for example, open thedoor of therefrigerator in thenight, change asmart toilet by making it spray water on theperson using it and thereadings for thestate and quantity of food and so on. 25 make theseat open and close . Although this may seem anaction which does not bring important consequences, these kinds of toilet IP Cameras are usually components of other smart systems: thus, if this element Other unconventional devices which may become targeted by of thehouse is compromised, it may mean that other components are cybercriminals are IP cameras. This kind of technology allows exposed to computer threats as well. thesystem owner to monitor asite in real time through theInternet and see what is going on there. Researchers from Core Security Smart Lighting Systems discovered several vulnerabilities in arange of IP cameras allowing Due to technological advances, lighting systems have also evolved to anattacker to obtain recordings without theconsent of thevictim, theextent that they can be controlled using anapplication installed and to execute arbitrary commands in theweb interface of these 27 in asmartphone connected to Internet. There is already in themarket devices . Vulnerabilities in this technology may have aserious impact aproduct with such functionality and which also allows theuser if it is considered that athird person could access private recordings to change theintensity and color of lights according to preference. which show access points at alocation, times when people are not at Despite thecomfort and enjoyment granted by such asystem, home, and so on. aresearcher showed that through anexploit he can steal victims credentials to manipulate their smart lighting system without their Digital Lock 26 consent . Such asituation can not only be troublesome but adanger It is also possible to find digital locks in themarket. These may include to thephysical security of theplace where thesystem is installed. aregister of people who go into theproperty, and make access easier due to theuse of electronic cards, among other authorization Refrigerators mechanisms. theincreased complexity of these devices makes Some refrigerators have Internet connection. This gives theuser possible attacks such as access card cloning, lock opening, etc. On thechance to check thestate and quantity of foods and find recipes this basis, research presented at Black Hat 2013 showed thefeasibility 30

32 Trends for 2014: The Challenge of Internet Privacy of anattack where athird party may capture transmitted packets Android in Other Devices (NVIDIA Shield Portable Games through Bluetooth when some wireless lock systems are used . 28 Console, Clocks, Home Appliances, Among Others) As was previously mentioned, many non-traditional devices use Google Glass and Other Intelligent Accessories Android as their operating system. This means that companies dont One of thedevices that certainly changed themarket during 2013 need to develop proprietary software, thus reducing thedevelopment was Google Glass. These are glasses which offer theexperience and production costs of such devices. Likewise, when using aknown of expanded reality and thepossibility to connect to Internet operating system, more applications are available than is thecase through voice commands. Regarding thesecurity of these devices, with aplatform whose development is focused on aparticular aresearcher discovered avulnerability which makes possible thetheft company. What is positive in terms of lower costs, accessibility and of information through aWi-Fi connection especially manipulated standardization may also have anegative impact when it comes to 29 for that purpose . If theuser employs Google Glass and sends user security. This is because theuse of thesame operating systems in unencrypted information, this could be obtained by aneavesdropping awide range of different devices makes it possible that theattacker third party. develops malicious codes with thecapacity to work across thewhole range of those devices. Likewise, another security gap (subsequently closed) allowed aspecifically manipulated malicious QR code to connect user device Nowadays, themarket offers clocks, refrigerators, automobiles, 30 automatically to amalicious Wi-Fi . photographic devices, fixed line telephones, games consoles and even mirrors which allow theuser to check content on line. All these In theevent that this device starts to enjoy massive user-adoption devices share one characteristic: they use Android as their operating 31 and is used to access banks, pay services, and so on, it is highly system . probable that it will be targeted by malicious code designed to steal information. This aspect is even more worrying considering that, at Conclusion: Is Internet Privacy Possible? themoment, Google Glass uses Android 4.0.4 as operating system and Throughout this document, we have proven how user concern about not amore recent version of that platform. security on theInternet has increased. Similarly, we have discussed theevolution of computer threats regarding thequantity, complexity and diversification of attacks. To this extent, it is probable that thereader experiences asensation of distrust regarding computer technologies, and indeed, we always advise that people shouldnt 31

33 Trends for 2014: The Challenge of Internet Privacy get too complacent about their online security. However, our theexecution of software. It cannot be disputed that asystem like this main objective is not to stop people using theInternet under any gives agreater level of security. However, it was such abothersome circumstances, but to help them use theInternet and other tools in experience for users that Microsoft found itself obliged to modify UAC 32 amore secure way. So is privacy possible on theInternet? in Windows 7 to make it less intrusive . If theprevious example is taken as aprecedent, it will be necessary to create measures which To anextent, it is, since there are measures people can take leading to can effectively protect users but, at thesame time, are not perceived enhanced security and privacy of information; however, no computer as obstructive or invasive. system is immune to attack. Something similar happens with automobiles: it is possible to have thelatest safety technology and Taking these points into account, thefirst effective measure to take care regarding cautious and safe driving, but thepossibility of maintain privacy of information is data encryption. In this case, and acar accident still exists. as was discussed in depth in thePrivacy section, there are programs which encrypt user files. Significant protection may be achieved In thesame way, security is also achallenge when employing by theinstallation of such programs: however, thesecurity value protection technologies and awareness-raising strategies to increase of this defensive mechanism varies according to therobustness of privacy levels and thesecurity of theInternet. For this reason, we theencryption algorithm. should adopt astrict protection methodology that asks theuser for confirmation when confronted with any action which could risk Another measure to improve privacy on theInternet is theuse of information integrity, as can happen with theexecution of programs, Tor, anapplication designed to enable anonymous surfing. As it surfing theInternet, and so on. asystem of this nature could be highly says on theprograms own site: Tor is free software and anopen effective if theuser reads every message in detail and answers in network that helps you defend against traffic analysis, aform of theappropriate way (yes or no, depending on theaction). However, network surveillance that threatens personal freedom and privacy, 33 due to thelack of usability and practicality of asystem like this, it confidential business activities and relationships, and state security. . would probably be deactivated by most users. Simply expressed, Tors functionality consists of anupdated version of Mozilla Firefox browser with certain parameters and extensions Something similar happened with theUAC (User Account Control) intended to give ahigher level of anonymity while surfing theInternet. implemented by Microsoft in Windows Vista. That security system Other functions included in theprogram allow theuser theability to was designed so that all programs executed by theuser did so with 34 surf through theDeep Web (Deep Internet or Deepnet). restricted privilege levels. Faced with applications which need administrator privilege, people are obliged to explicitly allow or deny 32

34 Trends for 2014: The Challenge of Internet Privacy Simply expressed, theDeep Web is all Internet content which is not In this case, thesolution to theaforementioned vulnerabilities is part of theSurface Web: that is, sites and content not indexed by theTor update. However, it is possible that other security flaws will mainstream search engines such as Google. Part of theDeep Web is be found in thefuture; thus, theuse of this tool, as with any other composed of pseudo domains like.onion which are used with theaim security measure, must be considered as away to increase security of making anonymous access to web pages easier. These pages but not as acomplete solution to invasion of privacy. Taking into include different topics such as abusive content, sales of narcotics, account all theinformation in this document, Internet privacy is cybercriminals forums and other generally illegal topics or those possible but only with some reservations: that is, to assume that it beyond conventional ethics and even legality. Even though Tor gives can be made 100% secure would be amistake which would actually ahigher level of anonymity and privacy than astandard browser, undermine user security. it is not aninfallible system either. Some documents revealed by Edward Snowden affirm that NSA have tried to exploit vulnerabilities found in theTor client (as opposed to in thenet), allowing in that way 35 disclosure of theidentity of certain users of this tool . In addition, Tor developers have warned thecommunity that some old versions of thesoftware are vulnerable due to asecurity flaw found in versions of 36 Mozilla Firefox prior to 17.0.7 . 33

35 Trends for 2014: The Challenge of Internet Privacy References 1 ESET Latin America. Trends for 2011: Botnets and Dynamic Malware 2 ESET Latin America. Trends for 2012: Malware Goes Mobile 3 ESET Latin America. Trends for 2013: Astounding Growth of Malware for Mobiles 4 Gartner Says That Consumers Will Store More Than a Third of Their Digital Content in the Cloud by 2016. Available at 5 Cisco: Global Cloud Index (GCI). Available at 6 Electronic Privacy Information Center Gmail Privacy FAQ. Available at 7 Wikipedia 2013 mass surveillance disclosures. Available at 8 Detail of DuckDuckGo traffic. Available at 9 New Research: Global Attitudes to Privacy Online. Available at 10 Big Brother Watch Online Privacy Survey. Available at 11 Diario El Pas, European Union and USA agree to research Google. Available at 12 Further information available at Wikipedia Edward Snowden. 13 ESET Latin Americas Security Report 2013. Available at 14 Gartner Says Worldwide Public Cloud Services Market to Total $131 Billion. Available at 15 El Financiero Mxico - Google and Facebook, in the object of attention of Dilma Rousseff. Available at 16 Pinterest Espaol.Net New privacy policy and more personal PINs. Available at 17 Trends for 2013: Astounding growth of malware for mobiles. Available at 18 y 19 Vulnerability information CVE-2013-4787. Available at 20 EMOL: They introduce pilot scheme of cell phone payment using NFC technology in Chile. Available at 21 Microsoft: 64-Bit Momentum Surges with Windows 7. Available at 22 Digital Trends: Most Corporate PCs to Run 64-bit Windows by 2014, Says Gartner. Available at 23 DEFCON: Hacking cars and unmanned vehicles. Available at 24 BlackHat: Is it time for SmartTV? Available at 25 Here's What It Looks Like When A 'Smart Toilet' Gets Hacked [Video]. Available at 26 Vulnerability discovered in Philips Hue,system. Is it sure Internet of things? Available at 27 CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities. Available at 28 BLUETOOTH SMART: THE GOOD, THE BAD, THE UGLY, AND THE FIX! Available at 29 Google Glass still vulnerable to Wi-Fi attack. Available at 30 Google Glass susceptible to poison-pill QR code. Available at 31 Android Everywhere: 10 Types of Devices That Android Is Making Better. Available at 32 Aol Tech: User Account Control to be less annoying in Windows 7. Available at 33 Tor. Available at 34 Wikipedia: Deep Web. Available at 35 The Guardian: NSA and GCHQ target Tor network that protects anonymity of web users. Available at 36 Tor security advisory: Old Tor Browser Bundles vulnerable. Available at 34

Load More