James Lyne: Everyday cybercrime -- and what you can do about it

TED

16 Sept 201317:27

Summary

TLDRThis engaging presentation delves into the world of cybersecurity, highlighting the sophisticated and organized nature of modern cybercriminals. The speaker uncovers the growing threat of malware, ranging from data theft to the manipulation of critical infrastructure. Through real-life demonstrations, the risks associated with malware distribution, social engineering, and personal device vulnerabilities are revealed. Emphasizing the importance of cybersecurity education and simple protective measures, the speaker calls on everyone to take responsibility in safeguarding their digital lives. The message is clear: security starts with the basics, and collective efforts are needed to combat the ever-growing threat of cybercrime.

Takeaways

😀 Cybercriminals are highly organized and professional today, offering hacking services for various purposes, including business sabotage.
😀 Cybercrime is a growing issue, with 250,000 new computer viruses and 30,000 new infected websites appearing every day.
😀 The common myth that visiting adult websites is the primary cause of malware infections is false; small business websites are the main targets.
😀 Many malware distributors offer professional services, including testing platforms for cybercriminals to evaluate their viruses before release.
😀 Cybercriminals now have malware distribution kits, such as the Black Hole Exploit Pack, which includes guides, technical support, and business intelligence tools.
😀 Malware can be delivered in various ways, including malicious USB drives or infected websites that exploit vulnerabilities in a victim's system.
😀 Simple social engineering tactics, like pretending to need a resume printed, can lead to the spread of malicious code when USB keys are plugged into systems.
😀 Fake antivirus software is a common way for cybercriminals to scam users, tricking them into paying for fake virus removal services.
😀 Cybercriminals track their profits through various means, such as source code that sends them daily earnings reports, even using GPS data embedded in photos to identify their location.
😀 Social media and smartphones pose significant privacy risks, as users often unknowingly share location data and other sensitive information that can be exploited by cybercriminals.
😀 Cybersecurity is a growing challenge due to the rapid pace of technological change and a lack of individuals pursuing deep knowledge about technology and its inner workings.

Q & A

What are some common misconceptions about how computer viruses are spread?
-A common misconception is that viruses are mostly spread through adult websites. However, statistically, around 80% of malware infections come from small business websites.
What does the modern cybercriminal look like?
-Today’s cybercriminals are highly professional and organized. Many operate with advertising, offer hacking services, and even provide support for their malicious products, making the industry more commercialized and structured.
What is the Black Hole Exploit Pack?
-The Black Hole Exploit Pack is a leader in malware distribution, responsible for a significant portion of malware spread. It includes technical installation guides, video setup routines, and even customer support for cybercriminals to set up illegal hacking servers.
How are cybercriminals testing their viruses before releasing them?
-Cybercriminals now have platforms where they can test their malware before releasing it into the world. For a small fee, they can upload viruses and ensure they function correctly.
What is one way an attacker might gain access to a system in a business?
-One method is through physical access, such as by inserting a USB key into a computer. The attacker can then install malware and take control of the system remotely.
How can simple websites contribute to malware infections?
-Malicious code can be injected into websites through vulnerabilities. For example, a website with poorly implemented security can be exploited by attackers inserting scripts that redirect users to infected pages or fake antivirus programs.
What is fake antivirus software and how does it deceive users?
-Fake antivirus software pretends to scan a system and provides fake alerts about viruses. It then asks users to pay for registration to fix the supposed issues, tricking them into giving money while still allowing attackers to access personal data.
What personal information can be compromised through social media and mobile devices?
-Cybercriminals can gather extensive personal data via social media and mobile devices, such as GPS locations from photos, phone numbers, and even workplace details. This information helps them track down targets or exploit vulnerabilities.
How can attackers use wireless network data to track individuals?
-Attackers can scan for previously connected wireless networks, potentially linking them to specific locations such as a home, workplace, or hotel. This data can be gathered without any sophisticated hacking tools.
What are some essential cybersecurity best practices people should follow?
-People should ensure they update and patch their systems regularly, use strong and unique passwords for different sites, and adopt other basic security practices. Applying these measures significantly reduces the risk of falling victim to cyberattacks.