At the most basic level, we all know that we need to regularly change our passwords and never use the same password for multiple accounts but who really does that? I certainly don’t – it’s a hassle. But we really should start caring given how so many companies have been hacked that hold our personal information.
In March 2018 around 150 million Fitness pal accounts were breached and who could forget the Yahoo data breach of 3 billion accounts. This is all our personal information being stolen for ill-use and we need to instill ways of keeping our information safe from cybercriminals.
In this post you are going to understand what Cybersecurity is, the type of Cybersecurity threats that exist, and the practical strategies you can take to prevent yourself falling victim to these malicious attacks.
What is CyberSecurity?
According to Cisco “Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.” We are all vulnerable to attacks now more than ever since most of our personal information is online, it’s quite frightening when you think about the damage a digital attack could do.
The Cybersecurity Threats You Need To Know
Social engineering is used to deceive people to obtain personal information from them, this can happen from just a simple conversation. It’s easy to picture cybercrime as someone sitting in a blacked out room with only the glare of the computer screen for light. Ferociously typing code that no one can understand, but it’s not always the case.
One example of a threat like this is a hacker calling an internet service provider pretending to be you to steal your confidential information. It only took an hour for this to happened to Mat Honan. You’ll be quite shocked to find out how quickly his Amazon and Apple accounts were compromised by a hacker calling Apple support pretending to be him. In his case, I put more of the blame on customer services support since ultimately they were the ones who gave the hacker access to his information.
This got me thinking about the personal data we disclose freely without thinking about how easily it could end up in the wrong hands. Personal information like emailing passwords or sending account information on WhatsApp chats. The Verizon DBIR 2018 report shows that approx 45% of personal data breaches were social engineering attacks. So it’s good advice to think twice before giving away personal information freely and resist clicking that suspicious looking link you receive from an email like firstname.lastname@example.org! Unless you want malware installed on your machine or worse.
It’s worth remembering that these types of attacks start with us letting our guard down and not exercising common sense. Having all the latest cybersecurity tech won’t save you from digital attacks, question everything that involves you giving up your personal information. Webroot goes into great detail about social engineering attacks and how we can protect our information not to fall victim to these type of attacks.
In essence, malware is software written for malicious acts. It is a program or file created to steal personal data such as email accounts, debit/credit card information and monitor users on their computer without consent. Research from Panda security states that an incredible 230,000 new malware samples are created daily and what’s more, a user is twice more likely to encounter malware through email.
Email is the perfect gateway for these samples to reach you via attachments or links! Have you heard of BEC? It stands for business email compromise that targets corporations, it can be said approx 8000 companies a month are targeted by these scams. These scams generally ask for ‘urgent’ wire transfers for bills that have not been paid, sent by someone impersonating an executive in a company.
Trojans, computer viruses spyware, adware, spam bots, and worms all come under the malware umbrella. Let’s find out more about what some of these things are and the damage they can do.
First, let me address the name of this malware because it sounds strange. In fact, it comes from an ancient Greek mythological horse at the battle of Troy. A Trojan is a virus, and a virus always gets into your computer through a downloaded file via an attachment to an email for example. These files can mask themselves as ‘authorized’ updates to your mac/laptop through social engineering – be aware of suspicious emails sent to you. Trojans can be pretty nasty, once in your computer, the viruses seek to steal, spy, copy, modify, block or delete your confidential data!
A computer virus by Search security definition is “malicious code that replicates by copying itself to another program, computer boot (hard disk or another storage device) or document and changes how a computer works.” These viruses are able to spread through emails, file downloads, SMS text, infected websites, peer 2 peer file sharing site to name a few. Signs that your computer is infected can be:
1. Computer performance is laggy
2. Continuous computer crashes
3. Strange computer behaviour
4. Data loss
Like the name suggests spyware ‘spy’ on your computer activity without you knowing what is going on. The method at which It gets installed without your consent is typically through ‘drive-by’ downloads (unintended downloads), clicking suspect sites or deceptive popups. After spyware gets into your machine, your personal data such as your passwords and credit information can be stolen via a keylogger program. This data can be easily passed onto a person to exploit you with their criminal acts.
Adware (advertisement software) is a program that displays unwanted advertisements on your browser but in an aggressive, annoying way. These ads can be displayed in a popup, on a toolbar or a browser window that you need to keep clicking constantly to close. Kaspersky states that adware can also “redirect your search requests to advertising websites and collect marketing-type data about you.” Keep in mind that not all adware is used in this way, online ad campaigns are used to market products and services to potential customers to generate income for companies.
A computer worm is a program you really don’t want in your machine, it is a “self-replicating malware that duplicates itself to spread to uninfected computers” as defined by Search security. Worms can get into your system through downloaded files, USB devices, and music sharing sites to name a few. Also, vulnerabilities in computer networks can be exploited if software is not updated regularly, the effects can be devastating to companies. Did you hear about the “WannaCry” ransomware cyber attack that crippled the National Health Service (NHS) computer systems in 2017? The attack locked computers, demanded ransom money and caused havoc across hospital operations.
As you may have guessed, ransomware holds people to ransom through the action of denying them access to data on their system unless a certain amount of money is paid. Your computer can get infected in the same ways I have mentioned previously – strange looking links and attachments to emails that when downloaded contain malware. The law authorities discourage victims paying cybercriminals to release files, they say it continues to fund criminal activity. However, for victims, I think the loss of data is far worse than then the loss of money hence why they continue to pay.
Spambots are programs designed to spam you. By definition, Spam is “irrelevant or unsolicited messages sent over the Internet, typically to a large number of users…” These emails tend to make their way into customer inboxes, with the aim of coaxing customers to send money, clicking on a link or downloading a file. Spambots are web crawlers, gathering email addresses in bulk from the internet with the intention to create mailing lists to send mail that nobody asked for – junk mail. Internet Service providers do offer some filtering of these unsolicited messages in your inbox but sometimes warranted emails can be found in the folder too.
Distributed Denial of Service (DDoS)
A Distributed Denial of Service attack (DDoS) sounds dangerous, and it very much is. The purpose of an attack like this is to put an online service offline by bombarding it with numerous traffic which eventually causes the service to become unavailable. Online services such as websites and banks can be targeted by “hacktivists, cybervandals, extortionists and anyone else looking to make a point or champion a cause.” As mentioned in Incapsula’s DDoS article. Verisign research shows that around ⅓ of downtime issues are attributed to DDoS attacks, but how do these attacks happen? They happen through a botnet.
The words robot (computers) & network together give the name botnet. Hackers build up a network of ‘botnets’ by infecting computers with malware, which can now be controlled (by botmasters or bot herders) remotely without the user knowing.
As a result of a botnet, traffic is sent to a website that cripples the server since it’s unable to handle the extreme number of request concurrently.
How you can protect yourself from these Cyber threats?
It ultimately starts with humans, having all the latest antivirus software protection is redundant if you’re not vigilant about what links you’re visiting, attachments you are downloading or people calling asking for personal information. It’s worth taking a step back to think about why that email looks suspicious, and better yet use Google to research if the email is from a scammer.
Get Protected for Free
Yes, you can get antivirus software for free. A simple Google search for ‘antivirus software free’ brings up companies that provide basic protection – of course, you won’t get the full works but its antivirus protection nonetheless. Some providers are AVG, Avast, Kaspersky etc.
Don’t Skip OS Updates for PC/Mac/phone
We all do it – put off installing updates on our machines time and time again. Putting this off can give cybercriminals a way into your phone or computer because you miss the latest OS security updates. Pewresearch states “one-in-ten smartphone owners report they never update their phone’s operating system (14%) or update the apps on their phone (10%).” Hopefully, you don’t fall into this category, installing updates protect you against hackers looking to exploit vulnerabilities.
Set Up 2-Factor Authentication (2FA)
Enable this everywhere if you can – do you remember Mat Honan? If he had 2-factor authentication then his epic digital life cyber takeover probably would not have happened. A US survey conducted by Duo Security found that only 28% of people use 2 Factor Authentication – not even half of the respondents in that survey. 2FA is an extra step in a login process, you receive a text that contains a code to enter online to verify that you are trying to login to your account. It might be a nuisance at first but it protects you against malicious attacks! If someone is trying to use your account in this way then they won’t get very far since you’ll receive a notification of this activity and the attacker won’t be able to login to your account.
Refrain from using Public Wi-Fi for online transactions
Costa, Pret, Starbucks and whoever else nowadays offer Wi-Fi in coffee shops, it’s pretty much expected. In London – UK you can also get Wi-Fi on some underground stations. So what’s the big deal with accessing Wi-Fi publically? It’s unsecured, you don’t need a password to get access so it’s free for anyone to use. Anyone with ill-intent can easily steal your private information through a common basic technique called “Man in the middle”. Verizon’s Data Breach Report revealed that 89% of cybercrime involve espionage or financial reasons – all the more reason to not log in to your bank online or use banks apps while on public Wi-Fi.
A lot of us look down at our phones while walking down the street, not really paying attention to what is going on around us.
One day I witnessed a snatch theft right before my eyes, it was the most shocking thing I had ever seen for a long while. The attacker was on a moped that he was driving on a pavement, he swerved past me – it was so bizarre. He then quickly stuck his arm out and grabbed the phone out of a bystanders hand!
Be aware of your surroundings when using your devices and at the very least there should be a screen lock pin code that only you should know. Pewresearch states that Around 28% of owners with a smartphone have no screen lock (pin code) or pattern on their phone, which makes stealing personal information very easy for criminals.
Upgrade to Full Antivirus security
Upgrading from Free antivirus software to one you are paying for comes with additional features that guard you against spyware, trojans and other malware. Below is a comparison table from AVG that lists more features of it’s paid version as an example
According to Which? Antivirus software can cost around £20 – £70 depending on how many devices and the type of security package.
Keeping your identity safe online is becoming more of a challenge in the world we live in today. It’s harder to keep up with the latest threats and protection so that you’re safe online and know what to look out for. Stay ahead of the game and check out my other posts!