An Ever Growing Digital Security Crisis

Over the last few weeks the digital world has seen a rapid increase in security threats across all platforms. Attacks have ranged from coordinated global attacks, malicious collection of payment information at payment terminals in stores across the country, and an ever expanding black market of personal information from data dumps. It seems as if innovation is trumping user security, but if security continues to take a back seat there will not be many users comfortable using the products on the market today.

Most recently, data servers across the globe were held ransom by a malicious piece of malware that infiltrated systems and locked users out of their personal and customer data. It was discovered that although the attack has been stopped for about a week and a half, Windows 7 and 8 machines are facing a new threat. First reported by Ars Technica UK, a new bug that is spreading online is able to crash Windows 7 and 8 machines outright. The process of the bug is very similar to annoyin\g quirks of both Windows 95 and 98. Some users have encountered the problem, and have reported a simple reboot fixed their problems, however, others have reported their machines were damaged to a greater extent. It is fascinating that variations of the bug have been in the Windows Operating System since `95, and Microsoft has neglected to rework the core OS filesystem to try and avoid this exploitation.

On Friday, Chipotle announced that “most” of its restaurant’s payment terminals had been infected with malicious credit card stealing malware. When asked, by The Verge, how many stores had specifically been infected, a number was not given. The food chain claims the malware looked for data from the magnetic stripe on a payment card, which can include the cardholder name, a card number, expiration date, and even the internal verification code, but the company did note that no indication that other customer information had been stolen. At that point, hackers probably would not have any other information to collect if in some cases all of the data was stolen. Even worse, Chipotle does not have to offer any credit protection, and is not liable for any out-of-pocket costs that may be associated with filing reports with law enforcement and the Federal Trade Commission (FTC). The announcement comes days after the FTC announced that hackers had used fake stolen identity information that it had posted online as a test in as few as 9 minutes to make purchases.

Staying safe online is a never ending task. Hackers are always getting smarter and changing their attack strategies. Here are a few tips to keep your digital life safe:

  • NEVER give out any of the passwords to any of your accounts
  • NEVER use the same password twice
    • If you do not like remembering passwords, use a password manager like 1Password
  • NEVER give any person claiming to be technical support your account password or remote access to your computer
  • NEVER click on any links you might receive in your email or through social media messaging services, even if it is from somebody you know
  • NEVER call 1-800-xxx-xxxx numbers that claim to be technical support
  • ALWAYS update your computer with any available security patches as soon as possible
  • ALWAYS have a antivirus program installed on any computer that is connected to the web
  • ALWAYS keep a regular, up-to-date, separate back ups for all of your machines
  • ALWAYS be aware of ongoing attack schemes to stay informed and to make sure you do not fall for any scams or fill out information that could put your online accounts at risk

These security breaches just continue to add to the ever expanding list of attacks this year alone. However, it begs the question, why aren’t more regulations being put into place? Why are businesses not held accountable for their payment terminal security? Why are these terminals not checked frequently for malicious software or hardware? Why are software developers not updating and modifying their code for known bugs or security weaknesses? The simple answer, money. All of these solutions requires a front of money, either to pay for human labor or added security, or research, etc. New technology doesn’t mean much if the data it depends on is not secure. If new legislation and regulations are not put into place, the security of your digital and personal data is at a high risk of being stolen, by both internal and international threats.