This year has been unprecedented for cyber-attacks. The past several months have seen the news full of reports about cyber-criminals, malware and data breaches. The theft of data or holding it for ransom has proven a compelling topic, writes Mark Weir, Regional Director UK and Ireland, Fortinet, a firewall and secure wi-fi product company.
Over 184 billion total exploits were documented, from nearly 6,300 unique exploits in the second quarter of 2017, an increase of 30pc over the first quarter. Most of these attacks targeted large commercial networks, but, there has also been a large spike in activities that target the devices and data of individuals.
To a consumer, some of these attacks, such as having your Facebook, Twitter or Instagram page hijacked, might seem harmless enough. However, often the purpose of these hacks isn’t merely to access the page, it’s part of an identity theft operation. Social media sites hold vast amounts of data on users and their friends.
Alongside this social hacking, we have also seen an increase in attacks using malicious applications. Hackers are mimicking legitimate websites, like those of your bank and your healthcare provider. Such malware is designed to steal your personal or financial information. Most ransomware attacks are delivered as a malicious file attached to an email. Once clicked on and activated, they can encrypt your hard drive and hold its data. That includes your family photos and videos, important email, passwords, and banking information – for ransom.
Fortinet’s recent second quarter threat report revealed that 90pc of organizations recorded attacks targeting system and device vulnerabilities that were at least three years old, even though updates and patches that corrected those vulnerabilities had long been available. Even more alarming, 60pc of organizations reported successful attacks that had targeted vulnerabilities that were 10 or more years old.
A growing percentage of such attacks also target home network devices, such as routers and wireless access points. And one in 20 of such attacks now targets mobile devices, such as Android-based smartphones and tablets. It all sounds bleak but, fortunately, there are a lot of options.
Many social media users choose to leave their pages completely visible to the public. However, the easiest way to protect yourself is to only allow pre-selected people to see your page. Nearly all social media sites make it simple to set up strict privacy controls, and by doing so you’re preventing potentially malicious parties from finding out more than you want them to know about you. For those that do choose to have a public profile, the best approach is to be extra careful about who you are “friending”. Cybercriminals have been known to set up fake pages or accounts and then request that you add them as a friend, hoping to steal data or trick you into clicking on links to infected sites. Always look at the home page of the person making the request, does it look suspicious, can you see normal photos or activity. If you don’t know the person making the request or anything looks out of place, just dismiss the request. If you do recognize the person, it’s still worth double checking the information. Are they already a friend, are their birthday and location correct? If not there’s a chance their account has been hijacked or duplicated.
Your bank will never ask for your login details or to verify your accounts. Such requests, either online, via email or even on the phone can be safely ignored or deleted. If you do receive correspondence with a link included, be sure to look at the URL before you click it. Just hover over the link and the address will show up. Is it the right address? Does it look legitimate? Also look carefully at the page. Is the logo correct? How about the spelling and grammar? If you have any suspicions at all, one good tip is to simply log into the site directly rather than use the link provided, or call your financial institution to ensure that the request is legitimate.
Examine your email
The most common way users fall victim to malware is through an email attachment. These attacks often claim that the attached file is of vital importance. Often that’ll be a receipt for a fictitious transaction, a fake document that needs immediate attention or the classic information about an inheritance. The best rule to follow is simple. Never open an attachment or web link in an email from either someone you don’t know, that you didn’t request or that doesn’t look right. The easiest way to check this is by reading the email address of the sender. Does the email match the organization? Is it especially long or a string of letters or number? If it is, chances are you should safely delete it.
Update your devices
Keeping your phone or laptop up to date is relatively simple, but some devices can be more challenging. Think about all the devices you own that connect to the internet, TVs, DVRs, speakers etc. Write down the names of the manufacturers and the model numbers in a big list. Once you have a complete inventory list, search for the devices online. You will want to query for known vulnerabilities or patches and make sure that these devices and applications are running the latest patches and the most current versions of their operating systems, firmware, or software. If the device or application is older, and no longer supported by the manufacturer, the safest thing you can do is to bite the bullet and replace it.
The world we now live in is digital, and cybercrime is part of that reality. In the physical world, we’ve all learned to lock our cars and look both ways when crossing the street. We all need to do the same in the digital world. If we all just exercised a bit more caution, imposed just a little more scrutiny on the tools and applications we use, and developed just a little more online common sense, the digital world we live in would quickly become a whole lot safer.
SOURCE: PROFESSIONAL SECURITY