Cyber Security: Protect Against Cyberattacks

People often have a false belief that only big organizations are cybercrime targets. Consequentially, we fail to protect ourselves adequately against cyber security threats.

What’s Cybercrime?

According to the Oxford Dictionary, cybercrime is any criminal activity carried out by means of computers or the internet. Kaspersky one of the computer antivirus companies publishes some specific examples of the different types of cybercrime:

• Email and internet fraud (e.g. Phishing)
• Identity fraud (where personal information is stolen and used).
• Theft of financial or card payment data.
• Theft and sale of corporate data.
• Cyberextortion (demanding money to prevent a threatened attack).
• Ransomware attacks (a type of cyber extortion).
• Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
• Cyberespionage (where hackers access government or company data).

Most cybercrime falls under two main categories:

• Criminal activity that targets
• Criminal activity that uses computers to commit other crimes.

While big businesses are most likely to be targeted, nobody is safe online! Targets range from big corporations to individuals. Each year, businesses’, governments’, and individuals’ monetary losses reach new heights. With covid-19 and the increase of remote working, this number has exploded and cyber security is an ever-recurring challenge. On average here at Neuwelt, we receive over 5-8 phishing or spam emails while our Virtual Private Server – VPS records a daily average of 20+ virus or hack attempts.

According to Check Point’s research, in 2021, cyberattacks saw a year-to-year increase of 50%. Businesses also saw a weekly attacks increase of 50%. In terms of geography, Africa was the most affected by cyberattacks and saw an increase of 13% in weekly attacks. It should also be noted that Africa invests the least in cybersecurity and has the loosest data security laws.

Cyber security attacks take multiple forms, and it is essential to be aware of the most common to be prepared in case of any threats.

Malware Attack

Malware, or malicious software, encompass all kind of software designed to harm and exploit your devices. It ranges from viruses to ransomware, as well as Trojan horses.

What they do is steal your data (financial, identity or security data like passwords and usernames, etc.), delete your files, and overall impede you from using your devices. The malware can seep into your devices without your knowledge by many various means. Most commonly, if you download an infected program, click on an infected link, or connect an infected USB drive, malware can easily infiltrate your devices.

Malware has been thriving since the beginning of the covid-19 crisis. Indeed, by using people’s fear of the virus, cybercriminals have extorted enormous amounts of money from people.

Ransomware Attack

Ransomware is one of the most common cyberattacks in 2021 and one of the fastest evolving cyberattacks. In 2021 one of our network computers was infected by a remotely controlled SSPQ virus.

It is a type of malware that asks for a ransom, as indicated by the name. It holds the victim’s sensitive data and asks for a certain amount of money in exchange for the data. However, even when the victim pays the ransom, the data is sometimes never fully or even partially recovered. In the absence of a multi-level data security or backup system, such attacks can cost any business, organization, or individual dearly since they tend to encrypt computer files and render systems inoperable.

Phishing Attack

Is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers (Oxford Dictionary). Phishing is one of the many existing “password attacks” which is a malicious attempt to enter password-protected accounts.

This kind of attack is when cybercriminals impersonate someone to extort personal information from the victim. They pressure them to give sensitive personal information using a forged “trusted” identity. These types of attacks have been widely known to target isolated individuals and are responsible for over 80% of reported security incidents according to spanning.com

Cybercriminals can use phishing attacks to implement malware or freeze the system as part of a ransomware attack.

How to recognize phishing attacks?

It is sometimes tricky to identify a phishing attack. Education, awareness, and sometimes experience are the best weapons against phishing attacks. According to CrowdStrike, there are seven characteristics to recognize a phishing threat:

1. Asks for sensitive information
2. Uses different domain
3. Contains links that don’t match the Domain
4. Includes unsolicited attachments
5. Is not personalized
6. Has spelling and grammar errors
7. Tries to cause panic to the recipient

Picture credit SecurityMetrics

Man-in-the-Middle Attacks

During a MitM attack, the cybercriminal intercepts a transaction between two parties and basically “eavesdrop” to get sensitive information (passwords, account credentials, etc.). They can also impersonate the other party to get the information.

How does it work?

The cybercriminal creates a free unsafe Wi-Fi network publicly available and waits for someone to connect. When the user is connected, the cybercriminal can see all their online data exchanges. After intercepting the transaction, the hacker decrypts the information without the user’s knowledge. The criminal then uses the hacked information for identity theft, illicit password change, unapproved bank transfers, or online transactions.

Other

There are many more cyberattacks, and it would be impossible to document them all as new attacks appear regularly. However, here are some other cyberattacks that are commonly reported:

• Denial-of-Service (DOS) Attack
• SQL Injections
• Zero-day Exploit
• Cross-site Scripting
• Rootkits
• Internet of Things (IoT) Attacks
• …

Protecting against cyberattacks

As you can see, many attacks exist, and it is impossible to be aware of all of them however you can always reduce the risk or severity of attacks.  Being aware of and educated on cybercrime is the first step, however not enough to prevent attacks. We share below a few tips on how you can improve your protection against such attacks.

Update

Keep an eye out for new software updates for your connected devices. Indeed, updating your system frequently will allow the software to bridge the security holes that have been found. It also removes and fixes bugs. Serious software or computer systems vendors are always on the lookout for trending threats in order to proof their systems against such attacks besides, such updates come along with new and improved functionalities.

Avoid clicking or visiting suspicious links/websites

Almost everyone owning an email address has in time received a couple of suspicious emails. Despite all the measures, email server companies employ to mitigate spamming and phishing attacks, still so many hackers have evolved along with and have continued tricking their way into other people’s email inboxes. It, therefore, remains a personal responsibility to inform oneself about such emails and links. Based on the common characteristics of phishing above, always avoid clicking on any links.

Similarly, always avoid responding to obtrusive and suspicious alerts while online. Have you received an alert while visiting a website? Do not enter. Usually, these inform you that you have won a certain prize for just visiting a certain website. No one on the internet let alone in the world is simply that nice and generous to give gifts effortlessly without a giant catch. On a side note, it’s always those interested in receiving free gains that mostly fall victims here.

The above sometimes apply to certain ads. Did you see an ad? Avoid clicking on the banner. Generally, websites that host free online resources like films, songs, software, adult content, sports live streaming, etc. are the primary base for such “click baits”.

What is the source?

Certifying a source is not always easy, especially on the internet, but with careful examination of such email or any other form, you can always gain certain confidence as to the origin of a communication. Many organizations and businesses have a standard communication structure or guidelines as to how sensitive or secure data can be exchanged. Always be ready to ask yourself: Who is sending this email? Is the email address conforming to the company/organization website domain? The contact info from any institution or organization should be publicly available. In case of any doubt, quickly check if the person sending you a suspicious email REALLY works where they pretend to be working.

Some of the simple hacks we’ve employed at Neuwelt include doing a google search to identify any social media platforms such a person might be on. In many cases, you will be able to see traits of where someone works or if they even exist at all. Also, it’s always wise to note that you may not be the only one receiving such communication, so be sure to research online if there is any other person that ever received such a suspicious communication.

The importance of passwords

If your account is a treasure, the password is both the lock and the key. It is indispensable to create a strong password; to keep away cybercriminals from opening your safe. It is then safe to ask, what are the properties of a good password? Well, good enough, we work online and over the years we’ve picked up a few tips and tricks on how to create a strong and secure password.

What is a “strong password”?

A strong password has the following characteristics:

• Length: min 12 characters, but the more, the better.
• Variation: Alternate between upper and lower cases, numbers, and symbols.
• Uniqueness: Do not use a password for more than one account, and do not reuse past passwords.
• Not obvious: Do not use recognizable patterns (keyboard patterns such as qwerty, 12345, etc.). You however always endeavor to keep it memorable.
• Impersonal: Do not include personal information that is known to people close to you or available on your social media handles (thus avoid using your pets’ names, your birthday, etc.)
• Nonsense: avoid using simple short words as your passwords. The more sense a password makes the easier it gets to be cracked, always obscure your passwords in sentences that do not make sense, and you can include voluntary typos and random letters to make it even stronger. Bruteforce attackers based on common dictionaries, encyclopedias,s and common names, dates, or words to feed their attack databases.

How / Where to keep my passwords?

Having a unique password for each account becomes hard to manage. Luckily, there exist safe ways to keep your passwords away from cybercriminals but accessible to you.

• Pen and paper, It is a safe practice to jot your password somewhere safe. This however can prove risky if physically unauthorized people can get to your stuff, therefore be cautious.
• Password Manager, of late there are various on/offline tools that can provide good storage for your many passwords. This however relies on the secure storage of your master password. Keeping a piece of paper with all your password can be tricky. The risk of losing it is high. A trusted password manager can help you keep your passwords safe and available at any time.

2-factor authentication

It is advised for organizations to implement a 2-factor authentication policy. With this measure, when identifying sensitive accounts, it will ask for (1) something you know (password) and (2) something you have (smartphone, tablet, etc.). This way, cybercriminals cannot use your password to access your account easily.

Avoid Unsecured Networks

Unsecured networks, such as public Wi-Fi, are susceptible to cybercriminals’ attacks. The best way to protect against them is to avoid using them, or if unavoidable, steer clear from using sensitive information (banking app). Using a VPN is also a good way of protecting against the risk of cybercriminals attacking your devices when using an unsecured network.

Protection Software for Cyber Security

At the slightest suspicion of cyberattack, the best is to use protection software to defend your devices.

Of course, most offer paid services, but free options are also available (although more limited). Below, you can find a selection of protection software (with free and paid options):

• Malwarebytes (not available for iOS)
• Windows Security (for Windows platforms)
• Bitdefender
• AVG Antivirus
• Norton 360 (no free possibility but 30-days trial available)
• Kaspersky
• Avira
• …

In conclusion, it still falls back to you as an individual to watch your step online and inform yourself about keeping what is precious to you safe. The internet is full of such great articles like this one providing good content which if well-read and implemented can increase your security online.