The IT Nerd

Norton 360, one of the most popular antivirus products on the market today, has been caught installing a cryptocurrency mining program on its customers’ computers reports security researcher Brian Krebs:

Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?”

So the product installs a crypto miner and takes a commission? That’s beyond low. An antivirus program should be trying to find and kill crypto miners. Not install them. And the fact that it is opt-in is irrelevant. Norton should be ashamed. The best way to deal with this is for everyone not to ever by another Norton product as that will send a strong message that this is unacceptable.

For a second year, Norton by Symantec surveyed consumers around the world about their public Wi-Fi behaviors and perceptions – finding consumers continue to willingly put their personal information at risk despite security gaps in public Wi-Fi networks.

Yet, what’s astonishing is the false sense of security consumers feel while using public Wi-Fi – the 2017 Norton Wi-Fi Risk Report found 64 per cent of Canadians feel safe when using public Wi-Fi, yet only 16 per cent of people use a VPN to secure their Wi-Fi connection. And while online, Canadians admit to some questionable behaviors:

• 12 per cent of Canadians admit to viewing adult content on public Wi-Fi.
  • Of those who admit to using public Wi-Fi to watch adult content, the top five locations where they’ve done so were:
    • Hotel/Airbnb (48 per cent)
    • At a friend’s place (31 per cent)
    • Café/Restaurant (28 per cent)
    • Work (23 per cent)
    • Airport (17 per cent)
  • Eighty-eight per cent of Canadians have taken actions on public Wi-Fi that potentially put their information at risk:
    • Sixty-six per cent of Canadians have logged into a personal email account over public Wi-Fi.
    • Thirty-one per cent of Canadians have checked banking or financial information over public Wi-Fi.

Here’s are some things that you can do to protect yourself:

• Take Protective Measures: One of the best ways to protect your information online is to use a Virtual Private Network (VPN) from a trusted vendor. VPNs provide a “secure tunnel” that encrypts data being sent and received between your device and the internet.
• Do HTTPS: Many companies use secure websites — HTTPS (Hypertext Transfer Protocol Secure) — to provide online security. You can tell if a website is secure if it has “https” in its URL and has a small lock symbol next to it. However, even though the website itself might be safe, your personal information could still be vulnerable if your network connection isn’t secure.
• Sharing Less Is Best: Think twice before entering any type of personal information – from passwords, to financial details and photos – over public networks. Even if you’re not actively sharing the information, your device may be doing so for you. Many devices are programmed to automatically seek connections to other devices on the same network, which could cause your files to be vulnerable. Be sure to disable sharing on your devices to ensure what’s yours stays yours.

For Canadian specific insights, you can read the Norton WiFi Risk Report on Canada [Warning: PDF].

Canadian consumers have grown complacent about cybercrime and even past victims of cybercrime continue to practice risky online behavior online like sharing passwords and falling for phishing attacks.

This is particularly notable given the recent DDoS attack powered by connected devices that shut down many popular websites. As we saw from coverage of the attack, a good amount of consumers never changed the default user names and passwords for their connected devices, making it easy for bad guys to orchestrate this type of attack again. 

Norton by Symantec has released the Norton Cyber Security Insights Report, a global study that sheds light on consumer attitudes regarding cybercrime, including identity theft and phishing attacks. A few interesting Canadian findings:

• Phishing scams are still commonly used by cybercriminals – 92 per cent of Canadians said they may have experienced a phishing incident.
• One in 4 Canadians cannot detect a phishing attack with confidence, while another 15% have to guess between a real message and a phishing email, meaning 4 in 10 are vulnerable.
• Consumers believe they are more at risk when entering financial information over public Wi-Fi than reading their credit card details aloud.
• 26% of Canadians personally experienced cybercrime within the past year, compared to 31% of people globally. The most commonly experienced cybercrime in the Canada is credit card fraud.

Given the rampant rates of cybercrime the complacency in consumer behavior is concerning. Within the past year, 689 million people in 21 countries were victims of cybercrime, an increase of 10 per cent across the 17 countries that were measured in 2015.

Overconfidence in Connected Devices Leaves Consumers Vulnerable

With every connected home device purchase, consumers are unknowingly giving hackers a new avenue to launch attacks. In some instances, poor consumer security habits and vulnerabilities in connected devices are letting hackers into consumers’ homes.

• One in five connected home device users don’t have any protective measures in place for their devices.
• Over one third of Canadians (36 per cent) surveyed don’t believe there are enough connected device users for them to be a worthwhile target for hackers. Yet, just as hackers learned to benefit from targeting social media and financial accounts, they are on their way to learning how access to connected home devices can be lucrative.
• Nearly six in 10 (57 per cent) consumers said they believe connected home devices were designed with online security in mind. However, according to Symantec research, in 2015, criminals compromised TVs, toys, refrigerators, doorbells and even medical devices. Symantec researchers also identified security vulnerabilities in 50 different connected home devices ranging from smart thermostats to smart energy management devices, and even security cameras.

Consumers Admit the Risks Are Real

The prevalence of cybercrime has merged with peoples’ perception of real-world risks. Many now see cybercrime dangers as equivalent to risks in the real world.

• More than half of Canadians (54 per cent) said that over the past five years, it’s become harder to stay safe online than in the real world.
• Six in ten (60 per cent) said they believe entering financial information online when connected to public Wi-Fi is riskier than reading their credit or debit card number aloud in a public place.
• More than half of parents (54 per cent) believe their children are more likely to be bullied online than on a playground.

Bad Habits Are Hard to Break – Online or Otherwise

Experiencing cybercrime is a potential consequence of living in a connected world, but consumers still remain complacent when it comes to protecting their personal information online.

• Millennials exhibit surprisingly slack online security habits, and are happy to share passwords that compromise their online safety (45 per cent). This is likely why they remain the most common victims of cybercrime, representing 32 per cent of Canadians who experienced cybercrime in the past year
• More than half (54 per cent) of Canadians never connect to a Wi-Fi network using VPN, which can potentially allow a hacker to steal data as it travels on the network.
• Consumers are still willing to click on links from senders they don’t know or open malicious attachments. Nearly one in four people cannot detect a phishing attack, and another 15 have to guess between a real message and a phishing email.
• Thinking about cyber security doesn’t mean you’re secure. Canadians who experienced cybercrime within the past year were more likely to be concerned about the security of their home Wi-Fi (51% vs. 40% non-victims), but are just as likely as non-victims to not password protect their home Wi-Fi network (11% for both victims and non-victims).

To learn more about the real impact of cybercrime and how you can protect your digital information, please go here for more information.

Norton is releasing a new documentary today called “Where Cybercrime Goes to Hide,” exposing hacker hideouts. It explores the implications of legitimate data havens and the cybercriminals seeking refuge within them.

Every day, nameless and faceless cybercriminals are carrying out large-scale attacks, and getting away with it by covering their tracks. Privacy measures such as cyberbunkers and bulletproof hosters help cybercriminals stay anonymous, but we know the impact on the consumer is significant.

Quick Facts about “Where Cybercrime Goes to Hide”:

• The new documentary was directed by Academy Award-winner Daniel Junge and is approximately 24 minutes long.
• In June 2015, Norton released the first episode called “In Search of The Most Dangerous Town On the Internet” – you can find it here.
• The film was shot in 6 countries and 7 data centers.
• Interviewees include large-scale hackers, cyber-crime authorities, bulletproof hosters and more.
• Bulletproof hosting can be secure bunkers which provide connectivity and physically store your data to hosters that continue to ignore abuse complaints and claims of illegal activity. Whether you’re a legitimate business or a criminal, you pick the hoster that best suits your needs.
• Criminals need bulletproof hosting because they need to be able to keep their website operational.

This is an eye opening documentary that you should look at. I’ve posted it below:

With the boom of the Internet of Things, mobile devices have become vaults for all personal information – but how would people feel if their Internet of Things “control centre” was compromised?

Norton by Symantec just released new research that explores perceptions of mobile security with a focus on the mobile device as the epicenter of the Internet of Things.

Here are some key findings:

• 60 per cent of Canadian consumers use at least one mobile app to manage connected devices.
• Canadians are mostly using mobile apps to control their personal finances, but are also most weary of getting these apps hacked – 59 per cent of Canadians would be more upset if their financial information was compromised, as opposed to only 10 per cent if their pictures and videos were hacked.
• Canadians feel insecure about app-controlled home entry, which is aligned with global findings. In fact, Canadians are 12 per cent more comfortable using personal finance apps than home entry apps.

You can find further details about the study here which includes how to protect yourself.

Norton has released its findings from the Norton Cyber Security Insights Report, which sheds light on the ugly truths of online crime and the personal impact it has on consumers.

The report found that globally, consumers’ fear of online crime outpaces their physical-world fears with 62 per cent of consumers more worried about their credit card information being stolen online than 38 per cent concerned about the loss of credit card information from their wallets. Additionally, 47 per cent reported they have been a victim of cybercrime. In Canada:

• More than 7 million people have been victims of online crime in Canada in the past year
• Seven in 10 believe identity theft is more likely than ever before
• More than half of parents believe online bullying is more likely for their children than physical bullying at school

There’s more. You’d think that Baby Boomers wouldn’t be as savvy when it comes to being safe online. But you’d be wrong. The report highlights safer online habits for Baby Boomers versus Millennials who show they throw caution to the wind with 35 per cent of Canadian respondents admitting to sharing passwords and other risky online behaviour.

Across the 17 countries surveyed, consumers lost an average of 21 hours over the past year dealing with the fallout of online crime and nearly $358 per person – totaling roughly $150B. On top of this loss, cybercrime takes a true emotional toll with 40 per cent of consumer cybercrime victims in Canada reporting feeling furious after becoming a victim. Further, in Canada:

• 85 per cent of respondents said they’d feel devastated if their personal financial information was compromised
• Seven in 10 consumers would rather cancel dinner plans with a best friend than have to cancel their debit or credit card due to cybercrime
• 60 per cent would rather go on a bad date than have to deal with customer service after a security breach

Despite concern and awareness of cybercrime, consumers are overconfident in their online security behaviours. When asked to grade their security practices, they consistently award themselves a solid “A.” But in reality, most are not passing the most basic requirement of online security: password use.

• More than one in four Canadians do not have a password on any device
  • Of those using passwords, one quarter (24 per cent) have shared them
• Canadians are sharing passwords to sensitive accounts. Of those sharing passwords, more than one quarter shared the password to their banking account, and more than half (52 per cent) shared their email password.
• Ironically, seven in 10 believe it is riskier to share their email password with a friend than lend them their car, yet half of those sharing passwords do just that.

To learn more about the real impact of cybercrime and how consumers can protect their digital information, go here for more information.