October is a big month for two reasons: firstly, the spooky season starts, a.k.a. Halloween; secondly, everyone speeds up on last year’s resolutions to make them happen in time. So, if getting your devices secured and protected wasn’t on that list before, we advise adding it as October is the cybersecurity awareness month – a perfect time to update those old passwords and get your anti-virus in check. Why should you do this? Well, because the cyber universe has its own boogeymen to spook you out.
Just to give a better picture of what we’re talking about – the digital world is attacked by hackers every 39 seconds, 2244 times a day on average. In 2019 that resulted in 4.1 billion records exposed due to data breaches, each resulting in losses of approximately 500k dollars. And if that doesn’t scare you one bit, have in mind that the vulnerabilities in your devices may lead to your employer’s accounts getting emptied. Are you spooked now? Don’t fret – in this week’s blog we’re going to go over the most common types of cyberattacks and how to protect against them.
Beware of Malware
How common is that the most innocent looking thing proves to be the most malicious. It may not apply to everything, but in malware’s case – that’s definitely true. How many of us have clicked that link for a new non-stick pan that looked totally legit?! If you did, hello – you’ve got malware: in fact, in 2019 94% of malware attacks were carried out via emails alone. To get a better understanding, malware is a malicious software that once installed can wreak all sorts of havoc on your computer, from collecting your personal data to cutting you off from it completely. Here are the most common types of malware attacks:
- Ransomware – basically what happens here is that once your device is infected, you’re blocked from accessing your files unless a ransom is paid (kidnapping databases in other words). Sounds incredible, yet, very real – the average cost of a ransomware attack on businesses is $133,000.
- Spyware – software that infiltrates your computer, tacks, and collects your data without you knowing it. Usually, spyware is used to track and sell your internet usage data, in other cases to collect your financial info or login credentials and sell them for financial gain. The most staggering thing here is that usually, 38% of devices have no protection against spyware installed.
- Drive-by attack – one of the cybercriminals’ favourites. The attacker looks for an unprotected website and plants a malicious script into one of the pages, which means that once you visit the website, you get some unwelcome additions, too. It’s that easy, however, what kind of software you install depends on the goal of the criminal – could be a trojan or spyware, as well as, any other harmful piece of software.
Tip to protect yourself. The thing with malware is that usually you can’t get it without letting it through your firewall, unless it’s the mentioned drive-by attack. So be wary and don’t go clicking everything or it may come with serious consequences. Keep those fingers in check.
Don’t Get Hooked on Phishing
You probably have heard of incidents where people had been tricked into giving up their credit card information, social security numbers, or transferring money to other people’s accounts directly over the phone, app messages, or email. You also may have rolled your eyes at the time and thought that you wouldn’t get tricked so easily. Sorry to burst your bubble, but actually it’s estimated that about 70% of cyberattacks are due to phishing or social engineering, where criminals pose as relatives, third party organisations, or even colleagues and get you to disclose sensitive (personal or company) information. They usually exploit people’s ignorance, emotions, or absentmindedness. They can gather data directly or push you to install malware into your device. And sometimes that phishing can end into major hacks – that’s what happened on Twitter on July 15th, 2020, when an employee gave up his credentials over the phone and it ended in the takeover of 130 OG Twitter accounts.
Tip to protect yourself. Always assume that you can’t trust anyone and double-check who you’re giving your information to.
Never Trust the Man-in-the-middle
The attack that’s otherwise known as digital eavesdropping happens when the attacker intercepts a two-party transaction (machine to machine). Usually, it’s done covertly, but there are cases when the users are aware. These attacks happen in two phases: first, the communication is interrupted to collect and read the data, secondly, the communication contents are changed or malware’s installed into the user’s device. When can it happen? Whenever you connect to an unsecured network, e.g. public Wi-fi in your cafe. If that happens – all your information will go through the attacker and they may install software to gather it further.
Tip to protect yourself. The main thing to keep in mind here – practise social distancing on Free Wi-fi, if connection is a must, slap on VPN for masking.
Other CyberBoogeymen to Be Aware of
The 3 most common cyber threats are just the cherry on top of what’s happening in the cybercrime world. As most of our lives are moving to the internet due to the pandemic and the IoT device count is fastly growing, there are numerous different threats that everyday users and companies are in danger of:
- SQL Injections – when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally wouldn’t.
- Denial-of-service attacks – attacker floods systems, servers, or networks with traffic to exhaust resources and basically shut them down from carrying out their functions.
- Cryptojacking – cybercriminals hijack third-party homes or work computers to “mine” for cryptocurrency
- IoT attacks – similar to man-in-the-middle, just carried out on other smart devices.
And many more. As the world delves deeper into the digital realm, the number of dangers and ways to exploit vulnerabilities within the network and devices grow. So what to do next?
Here’s a list of measures to take to ensure you’re cyber secure at all times and no boogeymen can spook you even when venturing into dark digital waters:
- Keep vigilant – only open, click or download trusted links, websites, software, or files. Don’t know it? Google it’s legitimacy first.
- Get antivirus and keep it up-to-date. And once you get it – get your money’s worth and use it regularly.
- Keep your OS and apps up-to-date. Updates come with security gap fixes.
- Always backup your data, so no one can keep it for ransom.
- Be password smart – use a password manager and never reuse the same password twice.
- Don’t go browsing on a free Wi-fi or if you must, slap on a VPN for security.
- Don’t go blabbing your personal data over the phone to anyone even if they pretend to be someone you know.
- Go through your device permissions, software, and apps – delete everything that is suspicious or you aren’t using anymore.
- Go through this checklist of every smart device that you use.