- Getting your info jeopardised in massive data leaks
As a user, there is no stopping this. Every month there is at least one data breach of a major company. Firefox has announced that they will implement a new tool in their browser, to check if your e-mail address has been leaked. But that is not enough. As a user, there isn’t much you can do. Things that you can do include:
- For non-important services like newsletters, promotions, different signups, you can create a few “burner” e-mails that you don’t use for important accounts and services.
- Secure your logins with two-factor authentications
- Rethink how much of your personal information you give away carelessly on social media
- Check from time to time if your e-mail shows up in Have I Been Pwned or Firefox Monitor
- Smartphones containing malware and malicious apps before shipping
Smartphones are becoming more and more powerfull each year, some even competing with computational powers of cheap laptops. Because of this, smartphones have been replacing computers and laptops for many people. By doing so, most of their sensitive information and documents lie inside their phones, making them more susseptable to hackers.
Although it goes without saying that you should never download apps from untrusted sources, some applications pass by the security checks of Google’s and Apple’s app stores. Some of the apps that promised “smartphone security”, that claimed to clean up storage space or optimise battery usage, contained malware inside, harvesting user data and location.
Some smartphones even shipped with malware on them straight from the factory! Cybersecurity experts from Checkpoint pointed out in 2017 that more than 30 high-end smartphones were infected with malware somewhere in the supply chain before reaching the customers. A few tips when it comes to smartphone security:
- Don’t buy a smartphone just because it is cheap if you don’t know the brand. Do a bit of research about the community of that smartphone company.
- Always update your apps and smartphones when they are available. Not applying the security patch on your device and apps might lead attackers to easily get access to your phone.
- DO NOT press accept on all of the app permissions! Check the permissions before you give a photography app access to your location.
- Before installing an app, stop and read some of the reviews. They might be a helpfull indicatior on whether the app does what it’s supposed to do.
- Back up your phone at least twice per month, just in case.
- Ransomware attacks
Ransomware is one of the biggest threats that a home user or an organisation could face. Attackers will encrypt data on your computer and demand a ransom to decrypt them, or else they would be lost forever. You would think that you would be safe backing up to the cloud, but no! There was a ransomware spread through an infected file in Dropbox, one of the most popular backup solutions.
According to MIT, ransomware is one of the six biggest cyber threats. As with data breaches, there’s nothing you can do to prevent your cloud provider from getting infected with malware. But there is a way to protect yourself from ransomware:
- Keep your valuable data backed up in the cloud and on physical hard drives or SSD’s. Keeping data in different places ensures that if one gets infected, you can do a backup from a different source.
- Don’t rely fully on antiviruses alone, as it cannot detect the newer types of malware.
- Always keep your software up to date, your browser in particular since browsers are targeted directly sometimes.
- Use a well known antivirus, and also an anti-malware software alongside with it that constantly scans traffic.
- Using an Adblocker that can detect and stop cryptojacking scripts is a big plus. uBlock origin is one of many that is able to block cryptojacking scripts.
- Financial and data compromises resulting from cryptocurrency trading
With Bitcoin reaching $20,000 at the end of 2017, cybercriminals had a huge incentive to take whatever actions needed in order to get access to peoples’ wallets. Attacks on cryptocurrency happen everywhere. Bithumb was hacked in June, losing more than $30 million, but fortunately, people who kept their coins there were reimbursed. Others didn’t have this luck, as in Febuary, BitGrail was hacked and lost around $195 million worth of cryptocurrency. Clients weren’t reimbursed initially as the company refused to refund the users. Steps you need to take in order to stay safer include:
- If you’re exchanging cryptocurrency, consider hiring a cybersecurity company to ensure that minimal losses occur during the transactions.
- Keep your investments in multiple wallets, as this creates a level of dificulty to the attacker.
- Try to secure all of your logins with two-factor authentication
- Don’t tell others about your investments in cryptocurrency, especially not on social media, as this makes you an easy target to focus on.
- Try to keep up with the latest news about different types of scams.
- Social engineering
Social engineering is a social manipulation in order to harvest information from people or gain financial benefits. There are different types of social engineering, and you can’t really name all of them, since even your friend sitting next to you looking at the keyboard as you type your password is a type of social engineering. These are the most common types of social engineering:
- Phishing – Sending e-mails with malicious links, designed to look like legitemate websites you usually visit.
- Vishing – Vishing involves the creation of an Interactive Voice Response (IVR) system, replicating that of a company. Then it gets attatched to a toll-free number and tricks people into calling the phone and filling out their details.
- Baiting – This involves leaving a usb or optical disk in a public place, hoping that someone might pick it up and curiously plug it in to see what’s inside. Then the malware designed to auto-execute once pluged in will then take effect.
- Tailgating – A type of social engineering where a person recieves help from an authorized person to get access to restricted areas where some form of authentication is required.
- Quid pro quo – It’s the type of social engineering that involves people posing as technical support, making random calls to employees of a company and making them do things they want.
Ways you could prevent yourself from becoming a victim of social engineering include learning how to successfully identify phishing links, installing traffic scanners on your PC, and just avoid posting unnecessary personal information on social media.
7. Internet of Things (IoT) devices are being hacked
It is estimated that by 2025 we will have around 80 billion smart devices on the internet. That’s 80 billion targets for hackers to try and exploit. Much of the firmware and software of existing IoT devices is allready vulnerable and insecure. Some camera manufacturers sent usernames and passwords as clear text over the internet. A group of Berkeley researchers even managed to attack Amazon’s Alexa. They demonstrated that they could “hide commands in white noise played over loudspeakers and through YouTube videos to get smart devices to turn on airplane mode or open a website.” Fortunately, not a single attack of this nature have been seen in the wild. You may approach this problem by:
- You should always have a debate with yourself about “Convenience vs. privacy and security”. Do you really need a voice assistant connected to every smart appliance you own?
- Don’t allow these devices to have access to your credit card. Once exploited, hackers could bring havoc to your life.
- If you own IoT devices, make sure they’re connected to a secure enough WiFi.
- Take note on who visits your home and what access they have over your IoT devices.
These are just a small list of attacks that happen worldwide. Many unmentioned attacks allready happened as you read this article. Hackers are constantly evolving their attack strategies and tools in order to be more efficient and stealthy in compromising valuable data. Follow these steps and you should be a step closer to security. If you’re feeling paranoid and think that you’re company might be a victim of any cyber attack, your best option is contacting a cybersecurity company to take care of your problems without you constantly worrying about threats.