CHALLENGE_OF_INTERNET_PRIVACY_2014.pdf

Trends for 2014

The Challenge of Internet Privacy

Trends for 2014: The Challenge of Internet Privacy

Introduction 2

Loss of Privacy and Mechanisms to Protect Information on

the Internet 2

The NSA and the Privacy Debate 4

Greater Concern of Users about Privacy in the Cloud 5

The Cloud and Information Storage in Other Countries 8

Greater Legal Regulation and Clearer Privacy Policies 9

How to Protect Information on the Internet 10

Data Encryption (Cryptography) 12

Information Theft and Mitigating Attacks

with Two-Factor Authentication 13

Cybercrime 14

Android: Market Leader and Most Attacked 15

Computer Threats for Android Keep Increasing 16

Malware Versions also increasing 19

Vulnerabilities in Mobile Platforms 19

NFC Technology 20

Other Trends in Cybercrime 21

Vulnerabilities – Java and Latin American Sites 21

Botnets 24

Ransomware in Latin America 25

Malware Evolution for 64-Bit Systems 26

Bitcoins 27

Malware Diversiication: Computerization of all Kinds

of Electronic Devices which Allow Internet Connection

and Data Sharing 28

Automobiles 29

Smart T V 29

Smart Homes 29

Smart Toilets 30

Smart Lighting Systems 30

Refrigerators 30

IP Cameras 30

Digital Lock 30

Google Glass and Other Intelligent Accessories 31

Android in Other Devices (NVIDIA Shield Portable Games

Console, Clocks, Home Appliances, Among Others) 31

Conclusion: Is Internet Privacy Possible? 31

References 34

Author:

ESET Latin America’s Research Team

Trends for 2014: The Challenge of Internet Privacy

Introduction

complexity of malicious code designed for the Android operating

system Cybercriminals are applying classic attack methodologies

of attacks to newer, mobile platforms On this basis, the discovery

of critical vulnerabilities and their later exploitation through

malicious code represent an evolution of cybercrime afecting mobile

technology On the other hand, an increase in complexity of botnets,

64-bit threats and malicious codes which try to obtain proits

by stealing electronic coins, are all topics that have lately gained

prominence Finally, a variety of non-traditional devices such as smart

cars, game consoles, smart TVs and others, introduce the possibility

that in a future, threats for this kind of technology may be seen

As usual for the end of the year, ESET Latin America’s Research

Laboratory has written ESET‘s annual threat trends report, which

addresses several subjects in Information Security the aim of this

report is to make the community aware of the present computer

threat landscape and, accordingly, attempt to predict its possible

evolution in the coming years On this basis, in 2011, a growing trend

for botnets and malware for proit was noticeable 1 In 2012, the main

trend was directly related to threats designed for mobile platforms 2

One year later, our main topic was vertiginous growth of malicious

codes for mobile devices 3 and at present, although these threats keep

growing and evolving, the main topic focuses on the growing concern

expressed by users regarding Internet privacy

Taking into account the abovementioned topics, will privacy on

the Internet be possible?

In this sense, cases such as the revelations by Edward Snowden

concerning the National Security Agency (NSA) of the United States

had inluence on the growing concern about Internet security

Nevertheless, this trend has not meant a decrease in cases of people

afected by any malicious code or other kind of computer threat It

can be asserted that concern about privacy is a good starting point

on the user side; however, it is essential for people to be aware of

all aspects of Information Security Otherwise, it is not possible to

mitigate the impact of computer threats This situation is equivalent

to a person being worried about the safety of his home, but not

actually installing an alarm system, so that he is still just as likely to

become the victim of some incident

Loss of Privacy and Mechanisms to Protect

Information on the Internet

Over the last few years, cloud storage technology has grown

considerably in terms of the number of individual users and

companies using it Previously, it was normal to share information

through diskettes, optical media (CD/DVD), USB removable storage

devices and so on; it is currently possible to note a clear trend towards

a massive use of the cloud to the detriment of other “traditional”

means the advantages that the cloud ofers are considerable: for

example, it provides easier to access information since iles are

available from almost any place and device connected to the Internet

Thus, in case of backups, it isn’t necessary to choose a physically

safe place to save the backup media All these advantages have

Another trend noted during 2013 and which we expect to trend

upwards in the coming years is related to the increasing number and

Trends for 2014: The Challenge of Internet Privacy

caused the cloud to become more popular among all kinds of users

In this respect, Gartner stated that in 2011 only 7% of inal user’s

information was stored in the cloud However, it is expected that

by 2016 this percentage will increase to 36% 4 On the other hand,

publication of the “ Global Cloud Index ” from Cisco, estimates that in

2017 Latin American users will have stored a quantity of 298 exabytes

of information in the cloud (1 billion gigabytes) 5 the following chart

shows the projected cloud growth in several regions of the world and

the quantity of stored data (expressed in exabytes):

The chart above indicates a growth in cloud storage in every region,

i e , the use of this technology by the users is growing over time

In the case of Latin America, the percentage growth expected for

2017 is 31%, compared to previous years Despite this growth and its

advantages for users, it is important to consider that this technology

is not exempt from the risks associated with information security

This trend of “going to the cloud” has many information security

implications, but there is another subject which has sufered some

changes due to the use and misuse of technology; that subject is

privacy In this sense, it is necessary to understand that humans

are social beings who use diferent means to communicate with

others such as speech or sign language, among others the aim of

communication is to share emotions, opinions and other points of life

in society If this case is applied to the technology environment, it is

possible to relate it to social networks, services which make personal

interaction easier through an online platform However, despite this

social and / or public human activity, there is another dimension with

the same importance related to privacy At this, the Internet is not

an exception In the same way that you would keep a professional

or personal secret, in the virtual world there also exists conidential

information which should not be available to unauthorized third

parties If a person needs to protect legal documents or any valuable

object, he is more likely to think about a safe or any other secured

place

Although Internet users face the same scenario, mechanisms to

adequately protect data are not always known or even when they

are, used correctly Although this subject arose decades ago with

Chart 1 Traic growth in the cloud by region (expressed in exabytes)

Trends for 2014: The Challenge of Internet Privacy

the growing availability of information technology, cases such as that

involving the National Security Agency (NSA) in the United States have

caused, in a way, increased user interest in protecting the information

stored in the cloud

and the United States, which considers this as an action justiied by

the need to prevent terrorist attacks

Beyond ideological, legal and moral debates created around this

subject, there also exist incompatibilities dealing directly with

Security of Information From this point of view, it is important to

understand that the security measures a user should take do reduce

the impact and occurrence of several computer attacks such as

hacking, malicious codes, information theft, etc but they are not so

eicient at the moment at preserving the privacy of the individual in

scenarios of determined intrusion, such as those popularly associated

with the NSA In this sense, if a technological provider company

establishes in its privacy policy any clauses that mention possible uses

for the stored information, “traditional” protection mechanisms set up

by users do not prevent such information from being used with some

purpose established in the agreement For example, some providers

still keep users iles even if the service is cancelled; thus, even former

customers‘ data could be jeopardized in the event that the company is

victim of any computer incident

The NSA and the Privacy Debate

As an aspect of Internet and some value-added services such as search

engines, social networks, and webmail, among others, privacy of

information started to gain more signiicance for the community in

general as opposed to security-conscious companies and experts in

computer security In 2004, it was noticeable at the time of the launch

of Gmail, Google‘s web-based email service, some users were worried

about their privacy 6 the reason for this is that the company analyzes

the contents of email and shows users advertisements based on that

On the assumption that actions performed on the Internet may

have tangible consequences (whether positive or negative), several

countries have applied regulations to address activities the results of

which may cause damage related to aspects of social interest such as

hacking, electronic fraud (malicious codes, phishing, etc ), pedophilia,

and national security, among others This last item was precisely

the main subject of the incident and media debate created from public

disclosures by Edward Snowden Snowden was born in United States,

he worked as an NSA technician through a contractor company

until June 2013 when he leaked massive quantities of intelligence

information related to the control exercised by US government over

data privacy of citizens of the world in general 7 This caused a global

debate between countries which do not support this kind of control

Regarding “traditional” protection mechanisms, a security solution

protects the user from diferent malicious codes, a irewall defends

against hacking, two-factor authentication defends against

password-stealing attacks, and so on However, in the case of user

data that is stored in a system whose use depends on the acceptance

of the privacy policy, it is the company rendering the service itself

which may make use of such information; thus, other measures are

required to strengthen security In this context, it is crucial to read

thoroughly the Terms and Conditions of Service agreement and

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: