2014: An online year reviewed at NetSafe HQ

550023_10151198124371945_425821055_nChristmas 2014 is rapidly approaching and that means it’s time for us to review the year almost gone and identify the (anonymous) visitor trends and traffic patterns to our three most popular websites again.

Unsurprisingly – and perhaps somewhat depressingly – many of the common concerns from 2012 and 2013 are still making the top ten charts at NetSafe this year: ransomware, phishing attacks and comprised email and social networking accounts still make it to the top of the most visited pages on NetSafe.org.nz, Security Central and our blog.

2014 in numbers

We’ll publish a more in-depth, full year review in early 2015 but looking at data for the year to date, more than 230,000 people have visited these three websites so far this year.

We’ve also logged almost 8000 incidents via all our communication channels and recorded close to $7.5m lost by Kiwis to a wide range of digital challenges across the realms of cyber safety, cyber security and cyber crime.

Read on for an insight into NetSafe visitor trends for 2014:

NetSafe.org.nz

Just over 200,000 people visited the main NetSafe website during 2014 from an amazing 215 countries, states and territories. As the mobile internet revolution roars on, 1 in 3 visitors were using a mobile or tablet device to access our online content. We plan to release a new NetSafe site on Safer Internet Day 2015 (10 February) to make the mobile experience more fulfilling and hope to source funding to revisit some of our older resources next year too.

Talking of mobiles, interest in parental controls for phones being used by young people remains strong. Concerns about fake profiles on Facebook moved up 4 spots suggesting use of the social network remains strong (despite new challengers ) and as a result, the bad guys continue to develop ways to exploit trusted network connections.

The most obvious new entry to the NetSafe top ten is interest in securing Mac and iOS devices – the Californian company has seen some major media stories this year around iCloud hacks and other security concerns and with the company’s products selling well this makes these operating systems a more high profile target.

NetSafe’s Top Ten Website Pages for 2014:

  1. How can I put parental controls on my child’s mobile phone?
  2. Can I download music and videos from YouTube? Am I breaking copyright law?
  3. Facebook: reporting fake and imposter profiles
  4. Cyberbullying: advice for young people, parents and teachers
  5. How can I complain about ask.fm?
  6. The Copyright (Infringing File Sharing) Amendment Act: What schools should know
  7. How do I protect my Apple Mac or iOS devices?
  8. How can I security check my computer?
  9. What does anti-virus and anti-spyware software do?
  10. Help! My email account has been hacked

Visitor technology explored

Our anonymous statistics service helps identify what browsers and operating systems visitors are using offering us an important insight into current tech being used by consumers.

Overall, Windows powered PCs remain the computer of choice for NetSafe visitors. But challengers including iOS, Android, Macintosh and even Linux are now making up 42% of market share.

What computer operating system do NetSafe visitors use?

  1. Windows – 55%
  2. iOS – 16%
  3. Android – 13%
  4. Macintosh – 10%
  5. Linux – 3%

It was reassuring to see that 87% of Windows users were running a supported version of Microsoft’s operating system. Encouraging the remaining one in ten to make the jump to a newer OS will be a challenge for 2015

  1. Windows 7 – 68%
  2. Windows 8.1 – 12%
  3. Windows XP – 10%
  4. Windows 8 – 7%
  5. Windows Vista – 3%

Drilling down into the data shows some different numbers for New Zealanders when it comes to their operating system of choice.

What computer operating system do Kiwi NetSafe visitors use?

  1. Windows – 63% (55% globally)
  2. iOS – 12% (16% globally)
  3. Macintosh – 12% (10% globally)
  4. Android – 7% (13% globally)
  5. Linux – 5% (3% globally)

Interestingly, Chrome OS is the system of choice for 1% of Kiwis, perhaps reflecting the use of Chromebooks in NZ schools.

When it comes to web browser use, the duopoly days of the 90s browser wars are long gone and Google’s Chrome takes a large chunk of the pie:

  1. Chrome – 40%
  2. Safari – 20%
  3. Internet Explorer – 18%
  4. Firefox- 12%
  5. Android Browser – 6%

Internet Explorer use has declined over the years but we still counted 100+ stalwarts using the ancient IE6 browser. Support for IE8 will continue until early 2016 but we’d still encourage all web users to improve their computer security by upgrading to a modern browser in this age of drive by downloads and malicious malvertising.

Security Central Top Ten

Visits to our computer security site continued to focus on the ongoing threats around ransomware, and Adobe Flash and Reader vulnerabilities. Our cyber security advice will be migrating to the main NetSafe site in 2015.

  1. Dealing with CryptoLocker ransomware
  2. How to check and update Adobe Flash
  3. Dealing with ransomware
  4. Dealing with ransomware and remote access hacking
  5. How to check and update Adobe Reader
  6. An Introduction to Cybersecurity
  7. Phishing, social engineering and online scams
  8. NetSafe Computer Security Checklist
  9. Reporting cybercrime in New Zealand
  10. Phishing and social engineering

The NetSafe Blog Top Ten

.nz websites continue to be cloned and 2014 saw some nasty employment scams enacted against both job seekers and Kiwi businesses. And again, advice for securing Mac devices made it into the charts:

  1. Help my website has been cloned – Bad robot! Defeating website scrapers
  2. Is Jenny Wilson from Reclaim Expert calling you?
  3. How to spot a suspicious email attachment
  4. I’m the king of the castle, get down you dirty rascal – Defence in Depth explained
  5. Anti-Child Porn Ransomware hits New Zealand businesses
  6. Don’t want your iPhone or iPad ‘hacked’? Why unique passwords are so important for online security
  7. Scamwatch reports bring total losses reported to NetSafe’s Orb website to $4.4m in third year of operation
  8. Phishing, smishing and how a casual click can deliver a nasty surprise
  9. Smartphones and public wi-fi ‘Evil Twin’ attacks
  10. Going Phishing: how to spot a fake banking website

The NetSafe office and telephone helpline will be closed between 24 December and 12 January but we will continue to triage reports made to our cyber incident site over this period. Stay safe and secure in 2015 and enjoy the Christmas break.

Kiwis, what floats your digital boat?

I was lucky enough to spend some time in Sydney this week attending a Google for Non Profits training day and catching up with a range of cyber safety organisations in Australia who are looking to take advantage of a whole host of Google tools to help their organisations tackle digital challenges affecting a wide range of audiences.

In between coping with the muggy Australian weather (an impressive lightning storm shut Sydney airport briefly last night) and taking in the beautiful surroundings of Darling Harbour, I couldn’t help but be amazed by the resources the Californian company is making  available for non-profits.

NetSafe has been lucky enough to receive a Google AdWords grant that will seriously improve the way we market our educational services to New Zealanders in 2015. We already have pretty good organic search engine optimisation and some highly ranked pages on popular online issues, but a monthly grant of $10,000 to spend on Pay Per Click advertising couldn’t have come at a more exciting time as we refine our content marketing strategy for the next twelve months.

I’ve used the PPC AdWords system for several years and am qualified to boot. Revising our website and the content within to cover new and evolving cyber safety, cyber security and cyber crime topics to assist New Zealanders is going to be a priority for 2015.

NetSafe’s Communications Survey

Over the last few weeks we’ve been asking Kiwis to review how NetSafe communicates and the responses to date have been interesting. If you want to take the brief survey, it’s not too late to respond.

Although the total number of responses to date have been small when compared with the volume of people we speak with each year, the results have been positive – more than 4 out of 5 of those taking the survey have taken action to improve their online safety and security based on NetSafe email newsletters, Facebook posts and tweets.

When we asked what issues Kiwis are interested in keeping up to date with, the graph below shows the response to the limited range of choices we originally suggested. We didn’t even touch on emerging threats such as the spying dangers of wearable technology:

Click to see a larger image

One survey taker said: “IT is such an integral part of our lives that it benefits all of us to stay ahead of the game.

What were the top five topics?

  1.  Computer security
  2. Online scams and fraud
  3. Online safety
  4. Microsoft Windows
  5. Malware

I’d somewhat assumed that specific topics such as BYOD and Android would rise to the top, especially when so many of us are now using mobile devices to connect online. It turns out there are still plenty of NZ PC users wanting up to date advice and guidance.

What areas are you interested in when it comes to tech challenges? Take the brief NetSafe survey and give us your feedback.

Meet the NetSafe Team: Stephen Denniston

Stephen Denniston is almost at the end of a three year degree course studying cybersecurity at Unitec in Auckland and will graduate in 2015 with a qualification that will increasingly be in demand by both New Zealand and overseas employers. As part of his course he is studying operating system vulnerabilities and malicious software designed to infiltrate networks and devices.

He joined NetSafe in October on a part time basis to work in our contact centre team. NetSafe handles an average of 700 incident reports each month submitted by home internet users and small businesses alike. The non-profit records upwards of $500,000 lost each month to online scams and fraud and cyber security threats ranging from phishing emails to ransomware.

Stephen tells us about his experience to date and offers his opinions on the digital challenges that affect so many New Zealanders:

  1. Why did you want to study cybersecurity?

It is a completely, utterly, fascinating field. In effect I get to break down computer systems, the hardware, the software and the network communications into their smallest parts. Dissect each seeing how they work and fit together in the system as a whole, look for gaps where vulnerabilities may exist and speculate on ways in which they may be used.

It’s like Lego with electrons.

But that’s only part of the equation, people are the oft forgotten computer component, not to gloss over the complexity of computers. But I challenge you to find a computer that doesn’t need a human to interact with it in some way, people are an important component in the computer systems feedback loop.

This is where social engineering comes into play, with the view to leverage people’s instincts to gain advantage counter to their beliefs or expectations. No matter how secure or how much money you spend on a system’s security, response teams, penetration testers, red-teams, if the users aren’t aware of the implications of their actions, it only takes a single USB stick, a single unfiltered link, a single attachment and it all comes crumbling down.

  1. Which areas of study are you particularly interested in?

Malware analysis for the insight it gives into the minds of the malware authors, the tactics and ideology of their pursuit. These guys are the foundation that the deep-web black-markets are built on and around.

Although malware is largely aimed and involved in financial crime, when an Advanced Persistent Threat (APT) comes along, the insights gleamed off of nation states is of the highest interest and typically yields new or unknown zero-day vulnerabilities as well as new coding and obfuscation patterns.

Although these things tend to be in an evolving pattern themselves, it piques my interest to see what or if government funding can have an impact on the nature of malware. As the turnaround from reverse engineering the APT wares to seeing them used by non-APT entities (deep-web black-market types) is shrinking at a rate something akin to Moore’s Law.

Social engineering for my interest in people and understanding what makes them tick, although we are all individuals with our own hopes and dreams. We all fall into patterns of behaviour and as with any pattern, if observed for long enough weaknesses can be exploited for malicious purposes. The taken for granted fact about all the internet enabled devices we carry with us, without thought, is the ease of which we can be observed but take minimal or non-existent measures to mitigate or prevent.

  1. Do you have a background in computing?

I’ve had a long held interest in computer security, cryptography, social engineering and malware. In one of my part time jobs I worked as a technician/diagnostician and system builder.

Having studied computers one way or another at various levels, I initially started studying with the intent of being a programmer, as I found networking too easy and less dynamic, but found my interest in operating systems a larger pull.

I ended up playing with Linux and the various distributions and flavours that it comes in. Which in-turn lead me into security as this is the middle ground between hardware, software and networking and human intent which allows me to push and test my knowledge. The best way of learning how something works, is to break it apart and put it back together.

  1. What previous work experience or life skills do you think add to what you study at Unitec?

I have a background in customer service from the retail sector mainly through part time jobs working while studying. I tried my hand at sales, and have limited exposure to marketing in that I ran a research project for a client into bottled water, created surveys and ran focus groups.

Which all feeds into my interest in social-engineering. But also puts me in a unique position in that I understand computers and am not afraid to communicate about them. When giving a presentation or talk with a group I’m the one who ends up doing all the talking, switching between fine technical detail and sounding like a sales pitch for the fountain of youth.

  1. Do friends and family expect you to be able to fix their printer?

I worked previously in a hardware diagnostic role so I get that lot, their Wi-Fi, the internet, the printer, you name it.

When I login to their router without looking up the password (admin:admin) to fix the Wi-Fi, instantly I’m labelled a hacker and quizzed on my hacker knowledge and if the neighbour can do the same to the house phone.

95% of the time I’m turning it off then on again. The 5% of the time that doesn’t work then I become interested. Friends and family are split into two groups, techies and non-techies. If a techie has a problem it’s either really interesting or endlessly frustrating. Else if a non-techie has a problem it’s usually down to neglect and their computer is about to (or has already) died.

  1. What kind of work would you like to do once you graduate?

Penetration tester. To me this sounds like an endlessly evolving, challenging role where you’re paid to hack, what’s not to love.

  1. What have been your first impressions of working at NetSafe?

Gob-smacked. The variety and quality of the work created by such a small team to encapsulate the breadth of the country is astounding.

But also a growing awareness of a triple disconnect

  • a disconnect between legislation and malicious users – what can be done to punish/pursue online criminals, particularly across state lines.
  • a disconnect between the public and malicious users – a lacking of awareness of how criminals operate and how to protect the legitimate users from the malicious users (hackers/scammers), and;
  • a disconnect between legislation and the public - what protections can, should and do the public expect from their protectors.
  1. After talking with people on the phone and answering a wide variety of email queries and ORB reports what would be your ‘top tips’ for Kiwis wanting to protect themselves online?
  • Keep your anti-virus updated and scheduled to run when you’re not using the computer (i.e. when you’re asleep).
  • Keep your computer updated, allow it to download and install updates automatically, it’s not worth having an unpatched system connected to the net.
  • Get street smart, keep up to date on how hackers and scammers operate.
  • Don’t run your PC in administrator mode, create a separate user in user mode and use that day to day.
  • Change any default passwords, especially ones for administrator, such as those found on routers.
  • Macs aren’t safe anymore, treat them like a PC and install an anti-virus software.
  • Don’t click on unknown links. Especially from email. Especially when you’re not expecting them.
  • Don’t open attachments you’re not expecting (or disable JavaScript in Adobe Acrobat if you’re intent on opening them)
  • Install a browser extension that disables JavaScript on all sites except the ones you choose [NetSafe suggests NoScript for FireFox users].
  • Install a browser extension that blocks advertisements as this is a popular way of distributing malware [NetSafe suggests Adblock Plus or Disconnect].

Meet the NetSafe team: Jesse Greenslade

JesseNetSafe staff have between them more than 30 years experience of internet safety and security issues. Jesse Greenslade is the latest full time member of staff, joining us back in June 2014 as Office Manager.

Jesse has worked for six years in the education and health sectors and is tasked with everything from day to day admin and finance to managing NetSafe’s member relationships and investigating new funding sources.

He was recently awarded an AMP Regional Scholarship to go towards the funding of his debut children’s book titled ‘First Week Blues’ which looks at the impact of bullying on young people. Learn more about Jesse’s story and pre-order your own copy at www.beyourhero.nz.

- – - – - – - – - – -

How has the impact of bullying affected your own life?

If we go back for a minute and look at the “social norm” society puts on young people in New Zealand and around the world it creates an image of what one must be.

When I was at school, and even more so now, society gives the impression that boys should like sports, PlayStation, Xbox. They must be tough on the inside and out. Girls should like dolls and playing netball etc. When children age and become teenagers they begin to drink and go to parties. These are all stereotypes that society puts on young people. Because I did not fit within the “social norm” I was ostracised from my peer group – I was bullied because I was different. One of the main impacts bullying had on me was my self-confidence, because people questioned my appearance and who I was.

At 25, you’re the youngest member of the NetSafe team – was cyberbullying an issue for you at school?

Cyberbullying did not have a huge impact on me at school. I didn’t have Facebook until I was seventeen and I wasn’t bullied via text messages. I think it is harder for young people now because unlike me I had an escape from bullying when I was at home. I had a break, now young people are getting bullied in the privacy and comfort of their own home. They have no escape

What inspired you to write First Week Blues? And what has been the response to date?

The idea of writing First Week Blues came from wanting to help young children, to teach them strategies to cope to give them inspiration that they can get through it.

Everyone can relate to Blue, at some stage in our lives we have felt vulnerable or excluded in way or another. The response has been great, the book has been reviewed by Chief Human Rights Commissioner David Rutherford which I never thought would happen. I have support from other organisations in New Zealand that deal with children who are different and who don’t fit in with the social norm.

Hairy MacLary, the Gruffalo or the Cat in the Hat. What’s your favourite storybook character?

I loved Hairy MacLary. Hair MacLary had a group of friends who all came from a different walk of life. It goes to show that no matter how small or big you might be you can be accepted into a friendship group.

What would you say to a young person experiencing bullying today?

To all the young people out there who have been bullied or are being bullied, you are not alone.

Stand strong and fight for what you know is right. You are not alone and you will get through this, be proud of who you are.

What you are experiencing is only temporary. Talking to someone and being honest about what is going on can change the situation you are in. And to the bullies, next time you judge someone or stick a label on that person think about their situation and about what you are about to say or do. Your next action could have an impact on their life forever. Some scars do not heal.

Young people reading this who have had a hard time at school with bullying or who may be fighting with depression need to push on. Asking for help or talking about your feelings is the best things you can do for you. Don’t respond to the bully it only ignites the ammunition.

What made you want to work at NetSafe?

NetSafe is an organisation that supports people dealing with digital challenges. What drove me more to NetSafe as an organisation is its work with young people who are getting bullied online. I have a passion and desire to help young people like me who have been bullied and working for an organisation like NetSafe enables me to do that.

What have been your first impressions of the work we do?

The work NetSafe does is amazing; it offers a listening ear as well as support and guidance to help people get through what they are experiencing. NetSafe is an amazing team and I am proud of working with such an excellent organisation.

What would be your ‘top tips’ for Kiwis wanting to protect themselves online?

  • Never give out your password to anyone even if you trust them.
  • Before you post something online ask yourself would I be happy for this post or image to be shared around the world? You never know who might share it.
  • If you are adding someone on Facebook only add them if you know them.
  • Always have a strong password and ensure it is something nobody can guess.

Related Links:

Securing the human: iWatches and online porn

My morning commute was made particularly exciting today by something I hate – a texting driver. As I negotiated Auckland’s ferocious rush hour traffic, it became increasingly obvious that the driver in front of me - bumbling along at 30km/h in a car with a prominent yellow P plate – was typing a lengthy reply to a friend or family member as they continually glanced up and down between the road ahead and the contents of their smartphone.

Texting whilst driving is without doubt one of the few things I can’t stand in our continuously connected world.

Ten years of motorbiking around London taught me that texting drivers are a road safety nightmare as they fail to observe fellow road users whilst updating their social status. The law, both here in New Zealand and in other countries around the world, has thankfully been updated to reflect this menace and has been matched by a range of road safety campaigns targeting texters. Even the mobile operators have tried to offer services that divert calls to voicemail to block the temptation to take a call whilst at the wheel.

It’s this combination of Engineering (voicemail services), Enforcement (fines and policing) and Education (shocking video campaigns) – the three E’s – that has shaped modern awareness programmes. When the three are combined, some good can often be seen to result.

How do you change behaviour?

Dick Tracy multi-tasks using his antique smart watch (Wikipedia)

This morning I read an interesting story in the UK media suggesting that iWatches and smartwatches may be the next range of devices to tempt us mere mortals into bad behaviour behind the wheel.

“An iWatch has the potential to be just as distracting as any other smartphone device – indeed more so if you have to take your hand off the wheel and your eyes off the road to interact with it.”

You can already hear car horns blaring when the motorist waiting for a green light at the front of a queue of traffic is too engaged with their mobile, reading the contents of their email before pulling into the work car park.

Just imagine what it will be like when we’re all wearing Dick Tracy style smart watches that are coupled to in-car entertainment set-ups rivalling the cockpit of a 747?

Stephen Turvil from motoring.co.uk makes an important point though when discussing this ‘threat’:

despite the wealth of technology at their fingertips the majority of motorists recognise it is their primary responsibility to look through the windscreen. Pressing buttons and staring at screens is secondary. To these people, smart watches and smartphones pose no threat. Okay so a device beeps and flashes. So what? Ignore it. Simply concentrate on staying safe. If a motorist lacks self control a device can be switched-off or locked in the boot. Drivers – once we exclude the actions of others and/or rotten luck – are as safe as they want to be.

Responsibility thus lies with the individual to take adequate steps to ensure their own safety and the safety of others sharing the road.

The same could be said of online safety and security – an individual’s response to digital challenge which eventually becomes the social norm could see many of the current issues affecting Kiwis resolved.

Returning to the motoring analogy, remember back to the days when nobody wore seat belts? A generation later and the three E’s have played their part in driving society’s adoption of the seat belt as a compulsory preventative measure to increase safety. Imagine then if internet users (and network owners and device manufacturers) were equally compelled to adopt similar simple and easy steps to protect computers against malware?

The Most Popular Time for Online Porn?

Mondays at NetSafe are always busy. Being a non-profit we don’t offer a 24/7 service and calls to our free helpline are diverted to voicemail over the weekend, usually resulting a large backlog by the time 8am Monday comes.

Over the last year, ransomware has always reared its ugly head on a Monday morning as many ‘recreational surfers’ browsing adult content sites find their unpatched computer is infected, locked up and/or the data encrypted after a quick visit to a decidedly dodgy website. That’s not to say, of course, that ransomware is delivered only by adult websites and putting in place security controls is key.

Downloading that video codec or browser plugin to watch the clip of your choice is always a bad idea and some adult websites can harbour nasty ‘droppers and downloaders’ (malware attack kits) just waiting to infect your computer using one of many potential security vulnerabilities.

Porn it would seem, according to statistics just released from one of America’s most popular adult video websites, is popular all year round, whatever the season.

Before giving in to that desire for 9 minutes and 53 seconds of carnal pleasure, checking your computer is secure and upgrading your browser to the latest version (never mind switching to private mode) could well pay dividends. And potentially cut the number of calls to NetSafe on a Monday too.

Advice and guidance for dealing with digital challenges