7 Cyber Threats That Will Keep You Up at Night
For many years, online criminals have used cyber threats to target major corporations and companies in the world.
And the press did the best to emphasize and dissect every attack and spread out the leaked information, from company strategy details to dirty secrets that took place in the company.
For this reason, most users believe major cyber threats cannot affect them directly and take no immediate measure to protect their systems.
But cyber-criminals make no discrimination between a company’s valuable database and a user’s financial details. If an asset proves to have a financial value, there is no reason they would stop from reaching it.
To quote our CEO, Morten Kjaersgaard:
There aren’t many hackers left, who to do it for fun anymore, so…It’s all about scalability and profitability.
These are the cyber threats that can be launched against you in the online environment:
1. Financial and data stealing tools
According to this report provided by Kaspersky Labs in 2014:
- 22.9 million attacks involving financial malware were used against 2.7 million users
- 28.73% of financial attacks include targets, such as online banking accounts, online payment login pages and online shopping websites
- Trojan banking malware reached about 75.63% of all financial attacks in 2014
We have brought our good share of articles on the most dangerous malware that target your financial data and we have even tried to emphasize the danger posed by ransomware threats, the way it spreads and forces users to pay for their own data.
Bot networks
We cannot talk about financial and data stealing malware without emphasizing the most important element of the game: the Bot Networks.
Last year, when the major international action against Zeus Gameover took place, over 1 million machines were infected.
And this forced us to reach a few troublesome conclusions:
- cyber-criminals built a well made infrastructure for their threats, which is easy to deploy and support;
- we are dealing with large cyber-criminal groups that are interested in deploying their threats to a large number of individuals, private companies and public institutions;
- malware development is a business and crime as a service is the new norm;
- malicious code has a polymorphic nature: target sensitive data as a classic financial threat, block your system and demand a ransom in return or stay hidden on your system and be part of a large bot network, that is able to deploy large cyber-criminal activities, like spam campaigns and phishing attacks.
As Robert Siciliano sees it in Botnets Here, Botnets There, Botnets EVERYWHERE:
Needless to say, these attacks can occur without the user knowing it.
How do I protect myself from financial and data stealing tools?
To keep yourself protected, your antivirus product is not enough.
To defeat the best pieces of code developed by cyber-criminal minds, you need additional security tools, like back-up systems, encryption programs and solutions crafted to keep you safe from financial and data stealing malware.
2. Software vulnerabilities in unpatched software
Software vulnerabilities are on the rise.
We have already pointed out in a series of articles the main issues created by software vulnerabilities and what you can do to stay safe from them.
At the same time, we noticed that software vulnerabilities can be used by cyber-criminals to deploy web exploits in order to steal your sensitive information.
According to a study, the top applications reported in 2014 were:
By analyzing the data provided by National Vulnerability Database:
- 19 vulnerabilities per day were reported in 2014;
- 7,038 new vulnerabilities appeared in 2014;
- 24% of these vulnerabilities are rated as high severity;
- 3rd-party applications are the most important source, with over 80% of the total number;
How do I protect myself from software vulnerabilities?
First of all, you need to find out what are the 8 vulnerable software apps that put your computer at risk.
Second, you need a FREE tool to keep the vulnerable software up-to-date with the latest security patches.
3. Phishing spam campaigns
Phishing spam campaigns are another popular method to target users’ sensitive information and private data.
According to Get Cyber Cafe:
- 156 Million Phishing Emails Every Day
- 16 million make it through filters
- 8 million are opened
- 800,000 links are clicked
- 80,000 fall for a scam every day and share their personal information
Spear Phishing method
Another popular method to target important information is to deploy a spear phishing campaign.
Though this method is usually used against companies and organizations, and less on normal users, it is not something you need to ignore, especially if you bring your own device at work.
In such a phishing attack, online criminals gather personal and professional pieces of information about their target, in order to craft a customized e-mail they can use for a single individual.
This way, the chances for success increase. Once they find a vulnerability in the system, hackers are able to access and retrieve personal and work related data.
How do I protect myself from phishing e-mail?
To keep your data protected, follow a few simple steps:
- do not open and access mails from unkown people
- do not click links in the mail body
- do not download e-mail attachments
4. Identity Theft attempts
Identity theft is not related only to online dangers.
As you can see above, to operate something like this, criminals need to use the “good old” physical methods of stealing someone’s private asset.
According to some statistics on Identity Theft:
- 15 million United States residents have their identities
- financial losses reach $50 billion
- 7% of all adults have their identities misused
- 100 million additional Americans have their personal identifying information placed at risk
Social media threats
What could go wrong on a social media network? I can indicate many factors that pose a threat for us on such a network, but I will stop at 2 main ones:
- Online scams
- Identity theft threats
If we establish that online scams target and address our psychological needs for love, money and success, we realize that only by knowing how they function, we could stay safe.
But, how do we keep our data safe from identity theft, since we have so many “friends”? How do we know who is a friend and who is not?
By using your personal information, online criminals can gather enough information to launch an identity theft operation. And the problem is that you never know when you’ll be affected or how to defend from anything like this.
For this reason, you need to acknowledge that what you post online stays there forever and it can be used against you at any moment.
How do I protect myself from identity theft?
In our take on this subject, we put together 20 steps that you can use to keep your valuable data protected.
The first 10 steps cover the classical methods of online protection, the other 10 steps cover physical means that you can use against real criminals.
The Identity Theft danger gives us an important clue on the criminal shift from real physical crime to cyber threats, that can be used for the same final goal: MONEY.
To increase your online protection, Richard Bejtlich — Chief Security Strategist, FireEye — recommends:
Provision a separate PC for sensitive business functions, like banking.
5. Online scams
You can see above the most common types of online fraud reported to the IC3 in 2014.
Though you may consider that online scams are now old stories and cyber-criminals only depend on advanced weapons, you’ll be surprised to find out that is not true.
In our take on online scams, we have displayed only the main ones, but the tricks they use are so many.
The reason why these scams still work and people still fall victims to them happens for a very simple reason: people are people and criminals use not only advanced technical means against us, but they also use psychological tricks to fool the human mind.
To keep it simple, they address the basic human needs, like the need for love or money.
How do I protect myself from online scams?
Though the need for security tools is obvious, you also need something else and that is a bit of common sense:
- be careful when dealing with e-mails from unknown sources
- don’t click any link or online ad you see on the web
- do not reveal personal or sensitive information online
6. Cyberbullying
Cyberbullying is a real phenomenon and it’s something we cannot ignore.
Though you may find that dealing with people makes things easier to deal with than with a malicious software, you should know that people are still far smarter than a computer program.
If you wipe out your entire disk, you may get rid of a virus, but to escape a mean individual in the online it’s far more difficult.
But, let’s see a few statistics:
- More than half of adolescents and teens have been bullied online
- 1 in 6 parents know their child has been bullied via a social networking site
- 19 year old boys emerge as the biggest victims of online bullying, majority of which takes place on Facebook
- Well over half of young people do not tell their parents when cyber bullying occurs
- Girls are more likely than boys to be involved in cyber bullying.
- The most common type of cyber bullying is mean, hurtful comments and spreading rumors
How do I protect myself from cyberbullying?
It’s simple, just report it! To your parents, to your teachers, to the police. Don’t keep it to yourself. If you are a parent, do not hesitate to question your child on this. Such things don’t disappear, they need to be faced directly and will all the available means.
7. Spyware
First, let’s clarify a bit what we understand by spyware. Spyware is a type of software that monitors the Internet traffic in order to retrieve private browsing details and use them for commercial purposes.
Many times, this software sells the collected information to a 3rd party, which uses it to target users according to their online preferences.
Some time ago, we had a syware issue created by Webpage Screenshot — a Google Chrome browser extension — where more than 1 million users’ browsing details were collected in order to be sold to a 3rd party.
So, extensions in browsers are still pieces of code that can be used for malicious purposes.
In most cases, spyware threats become obvious creating slow-down issues, pop-ups in navigation, unexpected toolbars in the browser, hectic messages.
How do I protect myself from spyware?
To stay safe from spyware, we can use some popular anti-spyware solutions, like Spybot Search and Destroy or Malwarebytes.
To prevent a spyware infection on the system, we need to stop:
- clicking suspicious links in e-mails from unknown people
- clicking unexpected pop-ups, even if we navigate on legitimate websites
- disclosing private data to people we never met on social networks
- downloading every free product, because it may download spyware too
Conclusion
As I have tried to exemplify above, cyber threats make no discrimination between corporate money and user money.
According to a report from Kaspersky Labs:
Cybercriminals are less interested in “mass” malicious attacks on users, preferring fewer, more “targeted” attacks.
At the same time, they prefer to launch well crafted attacks and customize their malicious payload according to their target. That’s why, it is much more difficult for the user to protect against such well designed malware attempts.
To have an advantage over the cyber-criminal minds, users need to adopt a new defense strategy that includes multiple security solutions in order to cover any possible breach.
We exposed quite a number of security threats in this article. Are you prepared to face them in the online environment?
Originally published at heimdalsecurity.com on May 27, 2015.
