With Cyber Crime the fastest-growing crime, Paul Johnson from Logicalis emphasises that businesses and individuals need to be aware of the risks to avoid becoming the next victim. Here are 12 things he says you should watch out for.
Malware (viruses, Trojans and worms) is one of the biggest threats. Criminals trick users into installing malware by making it look like a legitimate update from a site you trust. Good firewalls help, although hackers can outsmart anti-virus programs which leaves education of end users, and good training, the best forms of defence.
When malware encrypts your files, so you cannot access them, you might receive a ransom demand to pay criminals in Bitcoin. However, some attacks are designed to destroy data and cause disruption. Avoid using administrator or high-privilege accounts to check email. Back up files and store them separately (off network).
· PASSWORD PHISHING
Up to 70 per cent of email is spam, much of which contains phishing attempts to trick you into revealing passwords. Sophisticated spam looks like the real deal — the only difference will be a subtly-different URL, taking you to the cyber criminal’s site. Check a URL before clicking, and use two-factor authentication, instead of a password and username to mitigate risk of revealing your password.
· UNPATCHED SOFTWARE
Cyber criminals exploit security gaps in software. Manufacturers create and release patches to bring your software up to date, so it’s vital to install them quickly and frequently.
· SOCIAL MEDIA THREATS
Social media is a common way for cyber criminals to introduce malware, perhaps by sending you a connection request taking you to a fake site that steals your social media credentials. Once cyber criminals get one password, it may help crack others.
· SOCIAL ENGINEERING
Criminals exploit information they find about you on social media to create targeted phishing attacks, guess passwords and get into accounts, or commit ID fraud. Social media activity may reveal more than you think. Check what you put online, think before posting anything sensitive, and check privacy settings.
· DENIAL OF SERVICE (DOS) ATTACKS
These attacks disrupt service to a network by bombarding it with high volumes of data or traffic. As more household appliances become connected through the Internet of Things (IoT), criminals can hijack them to mount attacks. Change the password from the default setting and monitor your system for unexplained spikes in data use.
Online adverts may contain malicious code that infect your device when you click on them. Although this can happen to all sorts of ads hosted on sites you trust, if something sounds too good to be true, don’t click on it.
· MAN IN THE MIDDLE (MITM)
If criminals access the content of your emails through non-encrypted Wi-Fi, they can intercept messages and correspond with contacts pretending to be you. When a financial transaction appears, they can send an email from your account, asking for payment to another bank account — theirs! Check websites you connect to use HTTPS or consider using a Virtual Private Network (VPN).
· FAKE WI, FI HOTSPOTS
Criminals create Wi-Fi hotspots in public places, masquerading as legitimate Wi-Fi. If you log on to their network, they can intercept communications and even hack into your laptop camera to snoop on passwords, files, and anything you view. Create a secure internet connection using your own mobile data — use a local SIM if travelling.
· INJECTION ATTACKS
Hackers can insert code into web app data and take control of your database leading to data leaks and breaches. Use Input Validation to ensure input into apps is from authorised end-users and enforce the least-privilege principle to reduce damage if hackers get in.
· MISCONFIGURATION / DATA HACKS
An error configuring data online can lead to data breaches, with company or client data being revealed. A data leak by a disgruntled employee can have the same effect, with confidential information published online e.g. through WikiLeaks or by the media. Use 24/7 monitoring of systems to detect data leaks and identify where a breach occurs.