Posted on

Fortnite: Why Kids Love It and What Parents Need to Know

Fortnite: Battle Royale

 

Fortnite: Battle Royale is the hottest video game for kids right now. More than 125 million people have downloaded the game and it’s estimated that 3.4 million play it monthly. But while the last-man-standing battle game is a blast to play, it also has parents asking a lot of questions as their kids spend more and more time immersed in the Fortnite realm.

Why kids love it

A few hours on Fortnite and you can easily see why kids (and adults) love it. The game drops up to 100 players onto an island, where they try to find weapons to defend themselves and try to eliminate other players. The battlefield gradually shrinks, forcing players into encounters with each other until just one player remains and becomes the winner.

Even though it’s a battle, the Fortnite characters and interface are colorful and cartoon-like and there’s no blood or gore. The game itself possesses an inherent sense of humor and personality that’s lighthearted yet still competitive. The app is free to download, but players can outfit their characters (for purchase) in an array of battle fashions and any number of fun dances.

Ultimate gaming mash-up

Fortnite: Battle Royale

One reason kids love Fortnite: Battle Royale is that it’s the perfect survival mash-up of several popular media titles: The Hunger Games movie, Call of Duty video game, the first Fortnite (Fortnite: Save the World) video game, and the game PUBG (PlayerUnknownBattlegrounds). Fortnite: Battle Royale takes elements from all of these favorite storylines and game interfaces.

The game has a lot of fun attached for sure. Fortnite’s interface and hilarious character moves can be just as much fun to watch as it is to play. However, as with any other wildly popular, multi-player video game, there are some red flags families need to be aware of.

Fortnite: What to look out for

Excessive screen time. Because of the way Fortnite is structured, kids can easily burn through hours a day if left unmonitored. Some parents have reported their kids becoming Fortnite obsessed, even addictedSuggestion: Pay attention to the amount of time your kids spend playing. If your child is playing on Xbox, PlayStation, or Switch, you can turn on parental controls to limit gaming sessions. Another option, for PC, tablets, and mobile devices, is monitoring software that allows parents to set time limits for apps and websites.Fortnite: Battle Royale

Chat feature. Fortnite is a multi-player game, which means kids play against other gamers they may not know. So, Fortnite’s chat feature carries some potential safety issues such as foul language, potentially befriending an imposter, and cyberbullying. Suggestion: Talk to your child about this aspect of the game and the dangers. Spend time and sit in on a few games and listen to the banter. Then, make the best decision for your family. To turn chat off, open the Settings Menu in the top right of the main Fortnite page, go to the Audio Tab and turn it off.

In-app purchases. Fortnite is free to download but can get expensive quickly. Kids can use virtual currency (purchased via credit card) to access animations, weapons, and outfits for their characters. These items aren’t needed to win the game, but they allow a player to express his or her personality within the game, which is especially important to kids. Some parents have reported finding hundreds of dollars in unauthorized purchases on their credit cards due to Fortnite’s array of in-app purchases. Suggestion: If you know your child is passionate about Fortnite, take away the spending temptation by blocking his or her ability to make in-app purchases. Or, set a weekly limit on purchases.

Fortnite: Battle Royale

Increased anxiety/stress levels. Fortnite’s game structure is a highly-competitive, fast-moving game that renders only one winner. This means, as a solo player, the odds are stacked against you. Play Fortnite enough, and lose enough, and rage can surface. If your child is prone to anxiety or stress, Fortnite may not be the best environment. Suggestion: Monitor your child’s mood. Discuss the emotional highs and lows potentially associated with Fortnite and put some healthy parameters — that address both the types of content and time limits — around gaming habits.

Unsure about allowing your kids to play (or continue playing) Fortnite? Talk to them about it. Join in or watch your child play. Find out what your child loves about the game and if his or her demeanor changes during or after playing. Monitor the amount of time as well. Once you’ve gathered the facts as they pertain to your child, decide how much (or how little) of the Fortnite world is best for your family.

Want to connect more to digital topics that affect your family? Stop by ProtectWhatMatters.online. Also, join the digital security conversation on Facebook.

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post Fortnite: Why Kids Love It and What Parents Need to Know appeared first on McAfee Blogs.

Posted on

‘McAfee Labs 2018 Threats Predictions Report’ Previews Five Cybersecurity Trends

This report was written by members of McAfee Labs and the Office of the CTO.

Welcome to the McAfee Labs 2018 Threats Predictions Report. We find ourselves in a highly volatile stage of cybersecurity, with new devices, new risks, and new threats appearing every day. In this edition, we have polled thought leaders from McAfee Labs and the Office of the CTO. They offer their views on a wide range of threats, including machine learning, ransomware, serverless apps, and privacy issues.

The Adversarial Machine Learning Arms Race Revs Up
The rapid growth and damaging effects of new cyberthreats demand defenses that can detect new threats at machine speeds, increasing the emphasis on machine learning as a valuable security component. Unfortunately, machines will work for anyone, fueling an arms race in machine-supported actions from defenders and attackers. Human-machine teaming has tremendous potential to swing the advantage back to the defenders, and our job during the next few years is to make that happen. To do that, we will have to protect machine detection and correction models from disruption, while continuing to advance our defensive capabilities faster than our adversaries can ramp up their attacks.

Ransomware Pivots to New Targets, New Objectives
The profitability of traditional ransomware campaigns will decline as vendor defenses, user education, and industry strategies improve to counter them. Attackers will target less traditional, more profitable ransomware targets, including high net-worth individuals, connected devices, and businesses. This pivot from the traditional will see ransomware technologies applied beyond the objective of extorting individuals, to cyber sabotage and disruption of organizations. The drive among adversaries for greater damage, disruption, and the threat of greater financial impact will not only spawn new variations of cybercrime “business models,” but also begin to seriously drive the expansion of the cyber insurance market.

Serverless Apps: New Opportunities for Friend and Foe
Serverless apps can save time and reduce costs, but they can also increase the attack surface by introducing privilege escalation, application dependencies, and the vulnerable transfer of data across networks. Serverless apps enable greater granularity, such as faster billing for services. But they are vulnerable to attacks exploiting privilege escalation and application dependencies. They are also vulnerable to attacks on data in transit across a network. Function development and deployment processes must include the necessary security processes, and traffic that is appropriately protected by VPNs or encryption.

When Your Home Becomes the Ultimate Storefront
As connected devices fill your house, companies will have powerful incentives to observe what you are doing in your home, and probably learn more than you want to share. In 2018, McAfee predicts more examples of corporations exploring new ways to capture that data. They will consider the fines of getting caught to be the cost of doing business, and change the terms and conditions on your product or service to cover their lapses and liabilities. It is more difficult to protect yourself from these issues, and the next year will see a significant increase in breaches and discoveries of corporate malfeasance.

Inside Your Child’s Digital Backpack
Perhaps the most vulnerable in this changing world are our children. Although they face an amazing future of gadgets, services, and experiences, they also face tremendous risks to their privacy. We need to teach them how to pack their digital backpacks so that they can make the most of this future. The world is becoming very public, and though many of us seem to be OK with that, the consequences of an ill-considered post or thoughtless online activity can be life altering for years to come.

The Adversarial Machine Learning Arms Race Revs Up

Attackers and defenders work to out-innovate each other in AI

Human-machine teaming is becoming an essential part of cybersecurity, augmenting human judgment and decision making with machine speed and pattern recognition. Machine learning is already making significant contributions to security, helping to detect and correct vulnerabilities, identify suspicious behavior, and contain zero-day attacks.

During the next year, we predict an arms race. Adversaries will increase their use of machine learning to create attacks, experiment with combinations of machine learning and artificial intelligence (AI), and expand their efforts to discover and disrupt the machine learning models used by defenders. At some point during the year, we expect that researchers will reverse engineer an attack and show that it was driven by some form of machine learning. We already see black-box attacks that search for vulnerabilities and do not follow any previous model, making them difficult to detect. Attackers will increase their use of these tools, combining them in novel ways with each other and with their attack methods. Machine learning could help improve their social engineering—making phishing attacks more difficult to recognize—by harvesting and synthesizing more data than a human can. Or increase the effectiveness of using weak or stolen credentials on the growing number of connected devices. Or help attackers scan for vulnerabilities, boosting the speed of attacks and shortening the time from discovery to exploitation.

Whenever defenders come out with something new, the attackers try to learn as much about it as possible. Adversaries have been doing this for years with malware signatures and reputation systems, for example, and we expect them to do the same with the machine learning models. This will be a combination of probing from the outside to map the model, reading published research and public domain material, or trying to exploit an insider. The goal is evasion or poisoning. Once attackers think they have a reasonable recreation of a model, they will work to get past it, or to damage the model so that either their malware gets through or nothing gets through and the model is worthless.

On the defenders’ side, we will also combine machine learning, AI, and game theory to probe for vulnerabilities in both our software and the systems we protect, to plug holes before criminals can exploit them. Think of this as the next step beyond penetration testing, using the vast capacity and unique insights of machines to seek bugs and other exploitable weaknesses.

Because adversaries will attack the models, defenders will respond with layers of models—operating independently—at the endpoint, in the cloud, and in the data center. Each model has access to different inputs and is trained on different data sets, providing overlapping protections. Speaking of data, one of the biggest challenges in creating machine learning models is gathering data that is relevant and representative of the rapidly changing malware environment. We expect to see more progress in this area in the coming year, as researchers gain more experience with data sets and learn the effects of old or bad data, resulting in improved training methods and sensitivity testing.

The machines are rising. They will work with whoever feeds them data, connectivity, and electricity. Our job is to advance their capabilities faster than the attackers, and to protect our models from discovery and disruption. Working together, human-machine teaming shows great potential to swing the advantage back to the defenders.

Ransomware Pivots to New Targets, New Objectives

Swings from the traditional to new targets, technologies, tactics, and business models

McAfee sees an evolution in the nature and application of ransomware, one that we expect to continue through 2018 and beyond.

The good news about traditional ransomware. McAfee Labs saw total ransomware grow 56% over the past four quarters, but evidence from McAfee Advanced Threat Research indicates that the number of ransomware payments has declined over the last year.

Our researchers assert that the trend suggests a greater degree of success during the last 12 months by improved system backup efforts, free decryption tools, greater user and organizational awareness, and the collaborative actions of industry alliances such as NoMoreRansom.org and the Cyber Threat Alliance.

How cybercriminals are adjusting. These successes are forcing attackers to pivot to high-value ransomware targets, such as victims with the capacity to pay greater sums, and new devices lacking comparable vendor, industry, and educational action.

Targeting higher net-worth victims will continue the trend toward attacks that are more personal, using more sophisticated exploitation of social engineering techniques that deliver ransomware via spear phishing messages. These high-value targets will be attacked at their high-value endpoints, such as their increasingly expensive personal devices, including the latest generation of smart phones. Cloud backups on these devices have made them relatively free from traditional ransomware attacks. McAfee predicts that attackers will instead try to “brick” the phones, making them unusable unless a ransom payment is sent to restore them.

McAfee believes this pivot from the traditional is reflected in the slight decline in the number of overall ransomware families, as criminals shift to a smaller number of higher-value technologies and tactics, more talented purveyors of techniques, and more specialized, more capable ransomware-as-a-service providers.

New ransomware families discovered in 2017. On average, 20%‒30% per month of new samples are based on Hidden Tear ransomware code. Source: McAfee Labs.

The less sophisticated, mostly well-known, mostly predictable, one-to-many technology, tactics, and providers are simply failing to deliver the rewards to justify the investments, even modest ones.

If well-understood ransomware families survive and thrive, McAfee believes they will do so in the hands of trusted service providers that continue to establish themselves with more established, sophisticated backends, as is currently the case with the Locky family.

Where the digital impacts the physical. Every year, we read predictions about threats to our physical safety from security breaches of industrial systems in transportation, water, and power. We are also perennially entertained with creative depictions of physical threats brought about by the imminent hacking rampage of consumer devices, from the car to the coffeemaker.

McAfee resists the temptation to join the cybersecurity-vendor chorus line to warn you of the danger that lurks within your vacuum cleaner. But our researchers do foresee digital attacks impacting the physical world. Cybercriminals have an incentive to place ransomware on connected devices providing a high-value service or function to high-value individuals and organizations.

Rather than seize control of your grandmother’s automobile brakes as she drives along a winding mountain road, our researchers believe it more likely and more profitable for cybercriminals to apply ransomware to an important business executive’s car, preventing them from driving to work. We believe it more likely and more profitable for cybercriminals to place ransomware on a wealthy family’s thermostat in the dead of winter, than to set the homes of millions ablaze through their coffeemakers.

In these and other ways, we believe cybercriminals will see greater return in orchestrating digital attacks that physically impact individuals for profit, rather than fatal damage.

Beyond extortion to disruption and destruction. The WannaCry and NotPetya ransomware outbreaks foreshadow a trend of ransomware being applied in new ways, in pursuit of new objectives, becoming less about traditional ransomware extortion and more about outright system sabotage, disruption, and damage.

The WannaCry and NotPetya campaigns quickly infected large numbers of systems with ransomware, but without the payment or decryption capabilities necessary to unlock impacted systems. Although the exact objectives are still unclear, McAfee believes the attackers could have sought to blatantly disrupt or destroy huge networks of computers, or disrupt and distract IT security teams from identifying other attacks, in much the same way DDoS attacks have been used to obscure other real aspects of attacks. It is also possible that they represented spectacular proofs of concept, demonstrating their disruptive and destructive power, intending to engage large organizations with mega-extortion demands in the future.

In 2018, McAfee expects to see ransomware used in the manner of WannaCry and NotPetya. Ransomware-as-a-service providers will make such attacks available to countries, corporations, and other nonstate actors seeking to paralyze national, political, and business rivals in much the same way that NotPetya attackers knocked global IT systems out of commission at corporations around the world. We expect an increase in attacks intended to cause damage, whether by unscrupulous competitors or by criminals trying to mimic a mafia-style protection racket in cyber form.

Although this weaponization of ransomware at first seems to stretch the definition of the technology and tactical concept, consider the incentive of avoiding a WannaCry or NotPetya specific to your organization, complete with rapid, wormlike propagation and a demonstration of material disruption and damage, but with a demand for payment to make it all stop.

Of course, this raises the biggest, unavoidable ransomware question of 2017: Were WannaCry and NotPetya actually ransomware campaigns that failed in their objectives to make significant revenue? Or perhaps incredibly successful wiper campaigns?

Finally, McAfee predicts that these shifts in the nature and objectives of ransomware attacks, and their potential for real material financial impacts, will create an opportunity for insurance companies to extend their digital offerings with a range of ransomware insurance.

Serverless Apps: New Opportunities for Friend and Foe

Serverless apps attempt to match the security of a container or virtual machine

“Serverless” apps, the latest aspect of virtual computing, enable a new degree of granularity in computing functions. Some providers have recently reduced the billing iteration to seconds, which will have a substantial impact on growth. Billing for functions in seconds, instead of using containers or virtual machines that require minutes or hours, can reduce costs by a factor of 10 for some operations.

But what about the security of these function calls? They are vulnerable in traditional ways, such as privilege escalation and application dependencies, but also in new ways, such as traffic in transit and an increased attack surface.

Let’s start with the traditional vulnerabilities. Serverless apps that are quickly implemented or rapidly deployed can use an inappropriate privilege level, leaving the environment open to a privilege escalation attack. Similarly, the speed of deployment can result in a function depending on packages pulled from external repositories that are not under the organization’s control and have not been properly evaluated.

Then there are the new risks. By looking at the URL, we can tell if the request is going to a serverless environment. As a result, it might be possible for an attacker to disrupt or disable the infrastructure from the outside, affecting a large number of organizations.

Another risk is the data included in the function call. Because the data is not on the same server that executes the function, it must transit some network and may be at risk of interception or manipulation.

We predict the increased granularity of serverless apps will lead to a comparable increase in the attack surface. More functions, transiting to one or more providers, means more area for an attacker to exploit or disrupt. Make sure your function development and deployment process includes the necessary security steps, and that traffic is appropriately protected by VPNs or encryption.

When Your Home Becomes the Ultimate Storefront

Without controls, you might surrender your privacy to corporate marketers

Corporate marketers have powerful incentives to observe and understand the buying needs and preferences of connected home device owners. Networked devices already transmit a significant amount of information without the knowledge of the overwhelming majority of consumers. Customers rarely read privacy agreements, and, knowing this, corporations are likely to be tempted to frequently change them after the devices and services are deployed to capture more information and monetize it.

In 2018, connected home device manufacturers and service providers will seek to overcome thin operating margins by gathering more of our personal data—with or without our agreement—as we practically surrender the home to become a corporate virtual store front.

With such dynamics in play, and with the technical capabilities already available to device makers, corporations could offer discounts on devices and services in return for the ability to monitor consumer behavior at the most personal level.

Rooms, devices, and apps are easily equipped with sensors and controls capable enough to inform corporate partners of the condition of home appliances, and bombard consumers with special upgrade and replacement offers.

It is already possible for children’s toys to monitor their behavior and suggest new toys and games for them, including upgrades for brand-name content subscriptions and online educational programs.

It is already possible for car manufacturers and their service centers to know the location of specific cars, and coordinate with owners calendars and personal assistants to manage and assist in the planning of their commutes. Coffee, food, and shopping stops could automatically be integrated into their schedules, based on their preferences and special offers from favorite food and beverage brands.

Whether this strikes you as a utopia for consumers and marketers, or a dystopian nightmare for privacy advocates, many aspects of these scenarios are close to reality.

Data collection from the current wide range of consumer devices and services is running far ahead of what most people believe.

Although there is certainly a legal argument that consumers have agreed to the collection of their data, even those of us technically knowledgeable to know this is taking place do not read the contracts that we agree to, and some corporations might change them after the fact or go beyond what they promise.

We have seen numerous examples of corporate malfeasance in recent years. A flashlight app developer’s license agreement did not disclose that the app gathered geolocation data. Three years ago, a video game hardware company pushed an update with no option to refuse; users had to agree to new terms or stop using the product they had purchased. In many agreements, users “agree” to all future changes that the company makes unilaterally to the terms: “Continued use of the service after any such changes shall constitute your consent to such changes.”

In July, the US Federal Bureau of Investigation warned parents to be wary of connected children’s toys that could be capable of collecting their children’s personally identifiable information.

Businesses will continue to seek to understand what and how consumers consume in the privacy of their homes, certainly requiring more user data than consumers will likely be comfortable sharing. McAfee asserts that a substantial number of corporations will break privacy laws, pay fines, and still continue such practices, thinking they can do so profitably. But the FBI’s recent toy warning to parents might suggest that such approaches could result in regulatory and even criminal legal consequences.

Next year will provide new examples of how well, and how badly, corporations are able to navigate the temptations and opportunities presented by connected homes.

We thank the Electronic Frontier Foundation for their assistance with this article.

Inside Your Child’s Digital Backpack

Protecting your children from corporate abuse of their user-generated content

It seems that every product, service, or experience we interact with today creates some type of digital record, whether or not we like it. As adults, we are gradually coming to terms with this effect and learning to manage our digital lives, but what about our children? Employers are already making hiring decisions influenced by search results. Could this extend to schools, health care, and governments? Will children be denied entry to a school because of how much time they spent binge-watching videos, or find it difficult to run for office because of a video made when they were seven?

Online information, or digital baggage, can be positive, negative, or neutral. As our children go on their increasingly digital journey through life, what are they packing for their trip? Likely, it will be a combination of mostly innocuous and trivial things, some positive and amazing ones that will help them on their journey, and some negative items that could weigh them down. Unfortunately, we predict that many future adults will suffer from negative digital baggage, even if it comes about without their intention.

As parents, our challenge is to help our children navigate this new world, in which they can be tracked almost from the moment of conception. Remember that story from 2012 about a girl who received coupons from a retailer for pregnancy-related items before she acknowledged that she was pregnant?

To help our children, we need to understand the kinds of digital artifacts that are being captured and stored. There are generally three types: explicit, implicit, and inadvertent.

Explicit content is all of those things that happen after you click the “I Agree” button on the terms and conditions or end user license agreement. Given recent breaches, it seems that anything stored online will at some point be hacked, so why not assume that from the beginning? If they really want to, a prospective employer may be able to find out what content you created, your social habits, and a host of other data points. This is an area that parents (at least initially) have a lot of control and influence over, and can teach and model good habits. Are you buying “M”-rated games for your 10-year-old, or letting your teens post videos without some oversight? Sadly, what happens online is not private, and there could eventually be consequences.

Implicit content is anything you do or say in an otherwise public place, which could be photographed, recorded, or somehow documented. This ranges from acting silly to drinking or taking drugs, but also includes what people say, post, tweet, etc. in public or online. We do not think that childlike behavior (by children) is going to be frequently or successfully used against people in the future, so we can still let our kids be kids.

Inadvertent content is the danger area. These are items that were intended to remain private, or were never expected to be captured. Unfortunately, inadvertent content is becoming increasingly common, as organizations of all types (accidentally or on purpose) bend and break their own privacy agreements in a quest to capture more about us. Whether with a toy, a tablet, a TV, a home speaker, or some other device, someone is capturing your child’s words and actions and sending them to the cloud. This is the most challenging part of the digital journey, and one that we must manage vigilantly. Pay attention to what you buy and install, turn off unnecessary features, and change the default passwords to something much stronger!

Our children face an amazing potential future, full of wonderful gadgets, supportive services, and amazing experiences. Let’s teach them at home to pack their digital backpacks so that they can make the most of it.

In the corporate world, McAfee predicts that the May 2018 implementation of the European Union’s General Data Protection Regulation (GDPR) could play an important role in setting ground rules on the handling of both consumer data and user-generated content in the years to come. The new regulatory regime impacts companies that either have a business presence in EU countries, or process the personal data of EU residents, meaning that companies from around the world will be compelled to adjust the way in which they process, store, and protect customers’ personal data. Forward-looking businesses can leverage this to set best practices that benefit customers using consumer appliances, content-generating app platforms, and the online cloud-based services behind them.

In this regard, the year 2018 may well best be remembered for whether consumers truly have the right to be forgotten.

To find out more about the data protection opportunity for businesses, visit McAfee’s GDPR site.

For more on how to protect your children from potential user-generated content abuse and other digital threats, please see McAfee’s blogs for guidance on parenting in the digital age.

Contributors

  • Christiaan Beek
  • Lisa Depew
  • Magi Diego
  • Daren Dunkel
  • Celeste Fralick
  • Paula Greve
  • Lynda Grindstaff
  • Steve Grobman
  • Kenneth Howard
  • Abhishek Karnik
  • Sherin Mathews
  • Jesse Michael
  • Raj Samani
  • Mickey Shkatov
  • Dan Sommer
  • Vincent Weafer
  • Eric Wuehler

 

About McAfee Labs

McAfee Labs is one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. With data from millions of sensors across key threats vectors—file, web, message, and network—McAfee Labs delivers real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks.

The post ‘McAfee Labs 2018 Threats Predictions Report’ Previews Five Cybersecurity Trends appeared first on McAfee Blogs.

Posted on

3 Lies Parents Tell Themselves That Can Put Their Kids at Risk

shutterstock_284183372Trying to keep up with your kids online feels a bit like patching holes in a sinking boat at times doesn’t it?

A recent Intel Security study reveals a gap in what parents perceive kids to be doing online, and what’s actually taking place in behaviors such as cyberbullying, creating aliases, and the amount of time spent online. The study, “The Realities of Cyber Parenting: What Pre-teens and Teens Are Up To Online,” examines the online behaviors and social networking habits of American pre-teens and teens ages 8 to 16 years old.

But rather than get overwhelmed or discouraged when we hear the latest stats, we can use this new information to restart reality—and refuse to let denial run the show.

Here are 3 common lies parents tell themselves and some realities to help you recalibrate your thinking.

1. I can trust my kids online. This is a favorite, bliss-painted lie parents tell themselves. While it may be true that you can trust your kids in general, the online world poses temptations and threats that even the savviest parent—and the most trustworthy teen—can’t begin to anticipate. Predators, scammers, and bullies are part of life and only amplify their tactics in the online arena. Social networks, texting, and now live streaming apps have transformed parenting priorities and establishing a new kind of trust.

Another reality check: Kids’ brains are not fully formed until they are about 21 years old. So even the most predictable kids can and will make surprising decisions.

Truth: Yes, trust your kids in general but don’t trust the Internet. Take the same precautions you would take if you let your kids hang out in a big city. Educate them. Coach them. Know their favorite digital hangouts and guide them along the way just as you would if you were teaching them how to drive.

Talk candidly and openly about relevant digital issues. Keep up on technology, slang, and trends as they affect your kids. Find common ground and communicate often. Don’t wait for your kids to tell you, stay informed about popular technology and ask your kids if they are using risky apps.shutterstock_165358493

2. Been there, done that. We’ve had the online safety talk already. This lie is one that is not only naïve, it’s dangerous. While you may have reviewed the basics of online safety, it’s not enough. Technology moves too quickly, new temptations arise, and simply put—kids forget the basics all the time (like brushing their teeth or taking out the trash)—so they need a parent’s guidance as part of everyday conversation.

Truth: Talking about online safely with kids and teens is pretty much like making them eat their vegetables. You can bet if you weren’t around they’d likely be eating Captain Crunch! Internet safety is a topic you need to visit often. Keep the conversation lighthearted but real when it comes to the potential dangers online. This game plan is a great place to start.

3. My kids understand this tech stuff better than I do—they will be fine. Many parents feel disconnected and out of touch with their digital children; so much so, they throw their hands up and simply hope for the best. But having tech skills does not equate to having tech wisdom, which is where you, parent, come in. 

Truth: Yes, your child’s online life is a lot to keep up with but making a hero’s effort to stay informed is far better than sticking your head in the sand. Your kids need you now more than ever. Be aware of your kid’s digital paths—where they go and with whom they converse. Pour into them the integrity and awareness it takes to become a strong—and savvy—digital citizen.

You are right. Technology is moving too fast. You spend hours a week keeping up with, monitoring, and guiding your kids in the digital realm. However, by staying involved, you can prepare them for making the best digital decisions as they mature in this vast digital space.

What’s your biggest challenge as a parent of a digital tween or teen? Do you believe you are in touch with your child’s online life?

 

ToniTwitterHS

 

 

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @IntelSec_Family. (Disclosures).

The post 3 Lies Parents Tell Themselves That Can Put Their Kids at Risk appeared first on McAfee.

Posted on

2014 Threats Predictions: Social Media Changes Keep Users Off Balance

This post is one in a series of articles that expand on the recently released McAfee Labs 2014 Threats Predictions. In this and related posts, McAfee Labs researchers offer their views of new and evolving threats we expect to see in the coming year. This article was written by Aditya Kapoor.

In order to maximize profits, cyberattackers quickly adapt to popular forms of communication; they go where their victims go. Sometimes they even seem to get there first. Every time a new medium gains popularity, fast-moving attackers find the new medium’s flaws and take advantage of its new users. This tactic works because many new services haven’t fully worked out security measures even as their popularity skyrockets.

Email and traditional Internet messaging (Yahoo, Google Talk, MSN, and others) have seen plenty of malware attacks. When we use these “old” systems, most of us know to not open attachments or click on links from strangers. But new systems often seem fresh and different when we first use them.

A survey by McKinsey’s iConsumer report (published by Forbes) confirms the obvious: email usage has been declining for years (36% of users in 2012, down from 42% in 2008), while social media usage rose to 26% in 2012 from a meager 15% in 2008. Overall, people are still communicating primarily by email, but its use continues to drop. More and more people now connect and interact via services such as Facebook, Twitter, Snapchat, Instagram, LinkedIn, WhatsApp, and others. These services are available on any device.

As we flocked to Facebook, it was new and seemed safe. But starting in 2008 and peaking in late 2009, Koobface malware was one of the primary threats against Facebook users. Until it lost steam in 2011, Koobface employed a lot of advanced features in its botnet: using URL-shortening services to send malicious links, hijacking users’ accounts, autoresolving CAPTCHAs, and other methods. Many of these features are still present in similar but much smaller threats.

Three categories of attacks on social media are the most prevalent: data theft, money theft, and profile and network-identity theft. This triumvirate isn’t likely to diminish because its appeal is fundamental to the goals of cybercriminals.

Data theft: malware installation

Social media features change rapidly; many users have a hard time determining what is legitimate versus what is not. Attackers take advantage of the confusion of ever-changing applications and policies. Recently we have seen numerous social-engineering tactics that trick users into installing an application for a service that does not exist. These campaigns use a similar tactic: Users receive an email purportedly from a social media company with a link to a “new” app. After clicking the link, they are asked to download a plug-in, which installs malware and steals information. For example, one recent attack sent an email with a “voice message notification” apparently from WhatsApp. Listening to the message, however, added the user’s machine to a botnet. These methods are not new, but mixing the malware message with social media often confuses users who don’t know what the norm is.

Money theft: spam and scam

Scammers also use fake notification systems that masquerade as updates from social media sites. A notification email apparently from a social media site claims there are unread messages. Clicking the message redirects users to fake pharmaceutical items, for example. Some users buy these items, sending money to crooks.

Scammers are quick to use new communication mechanisms and abuse them to generate money or steal personal information. Recently criminals used Snapchat in a pay-per-install affiliate model: Users received nude pictures and in order to see more snaps, they had to download an application, which in turn paid the spammer money for the installation.

Snapchat has become very popular for the wrong reasons—such as sending explicit images—because the service promises to delete the images after a set time. Recently scammers used Snapchat to show “leaked” pictures; users had to enter their Facebook login credentials to access the information. You can guess where the login information went—to the scammer’s server.

Profile and network-identity theft: Spearphishing on social media

Social media sites like Facebook have done a lot of work to keep their users safe. It is difficult for scammers to pose a malicious link to another user who is not in the friend network. But a social network is only as strong as the weakest link, which can compromise the entire friend network because we tend to trust our friends and what they post. (Security blogger Dancho Danchev writes about one example in “Continuing Facebook ‘Who’s Viewed Your Profile’ Campaign Affects Another 190k+ Users, Exposes Malicious Cybercrime Ecosystem.”)

LinkedIn has become fertile ground for attackers. By watching for the updated status of executives or sales people and their new connections, online spies might gain a competitive edge or knowledge of unannounced products.

What’s coming

The social media landscape is changing rapidly, with new services being introduced faster than they can be secured. Scammers and malware authors abuse these services and make the most of them while people are still learning about the new security risks. When the security bar is raised high enough, these scammers move on to newer mass communication methods. Their methodologies and motives remain largely the same.

In the coming year we are likely to see an increase in corporate espionage via social networks such as LinkedIn. It’s a good idea to verify a message even when a known person tries to contact you on social networking sites. A simple IM or email to verify identity is enough to keep scammers at bay.

Scammers will use apps like Poke and Snapchat to prompt victims to “win a free iPad,” for example, by visiting a website within 10 seconds. Some unsuspecting users will give out their information as fast as possible, succumbing to rush tactics.

A continuing worry about social media services is the false sense of privacy they encourage. We will continue to see children and adults become complacent and share private pictures and other information. Parents need to talk to their kids who use social media about safe sharing practices.

In the coming year social media attacks will continue and mature, as attackers find new ways to craft their attacks. We expect spam and phishing attacks will gain momentum. In the corporate world, stealing data related to business social networks and contacts will become a greater target than passwords or credit card information.