You know that hackers will find any way possible to get your company’s financial records, intellectual property or sensitive data about your employees or your customers. Hopefully, your network is prepared to be one step ahead of the bad guys because they will always try to come up with new ways to attack your system.
Now hackers are targeting the photos you have stored on your computers and smartphones. Trend Micro reported a new malware that steals image files from your computer drives and then sends them to a remote FTP server. According to the Trend Micro blog:
Detected as TSPY_PIXSTEAL.A, this particular malware opens a hidden command line and copies all .JPG, .JPEG, and .DMP files. Both .JPG and .JPEG files pertain to file formats commonly used for images, while .DMP files are memory dump files that contain information on why a particular system has stopped unexpectedly. Information theft routines have been mostly limited to information that are in text form, thus this malware poses a whole new different risk for users. Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high.
Thanks to digital cameras and camera phones, we have become a picture-happy society. I know I have thousands of photos stored on my computer and more on my phone and tablet. Now, just as we have to think about the text-based information stored and shared via the network, we have to start considering what kinds of images we are storing.
Blackmail has been the concern mentioned most often since the emergence of this new malware. On the ESET Threat Blog, Stephen Cobb mentions the rise of sexting among young people and the number of sexually explicit photos taken with digital cameras. But young people aren’t the only ones participating in this activity. It would be good for everyone to take a moment to consider what images are on your computer and/or phone and ask if it is something you would want someone else to see. Could it put your job or other relationships in jeopardy?
I admit, I didn’t think of blackmail as a primary threat; I was thinking more along lines of intellectual property theft. Are you storing images of unreleased product designs or prototypes? Do you have inside images of your building that is otherwise a secure facility? What could a hacker have access to if he stole your stored images? I could see this new malware as a tool in cyber espionage cases.
And thanks to this new malware, we now have to consider security for photos in the same way we consider security for documents.