We hear about hugely costly cyber-attacks on a near daily basis but what may surprise you is that many of those incidents aren’t the result of some international hacker crew using vastly complicated techniques aimed at bringing down the ‘man’. Instead the vast majority are simply the result of something as mundane as clicking a link in an email or on a dodgy website.
What’s the worst that could happen?
Jeff is a night-shift operator working at a hydroelectric plant and he is bored out of his mind. The plant pretty much runs itself and in a moment of sheer tedium he decides to kill some time by looking at some dubious websites on his work computer. He hits a bad link, which unfortunately for him means that something bad is about to happen. You see the plant’s IT staff were sloppy and had failed to patch the system or keep it up to date. As a result, the malicious link manages to infect Jeff’s computer with malware, a remote-access trojan in this case. This then allows terrorists to hack into the plant’s network and jam shut the sluice-gates. Panic sets in but because Jeff is working at nights there’s nobody on call to assist him and the sloppy IT team are not available. It also doesn’t help that the plant leadership never bothered to put into place an incident response plan or procedures. Within a few hours the water level rises, the dam overtops and fails, resulting in massive flooding and the drowning of entire towns.
Ok, so this scenario is definitely one of the worst things that could ever happen by clicking a malicious link. Thankfully, its also highly unlikely as (hopefully) organisations that deal with such important infrastructure are a bit more on the ball when it comes to network and cybersecurity than Jeff’s employers.
A Typical Pwnage
Meet Barry a copywriter at a marketing agency based in London. He loves nothing more than to serve the internet on his lunch breaks and read about the latest marketing strategies, he’s also a bit of a sucker for the latest gizmos. Whilst checking his emails one afternoon a message from his favourite website titled ‘WIN THIS GREAT PRIZE, JST LOGIN TODAY’ arrives in his inbox. The email looks a bit odd and there’s a spelling mistake in the title, but it’s from his favourite website so it must be legit, it has the logo and everything!
Due to his nature Barry naturally opens the email and is confronted with a fairly bland looking message with some wording and a link to see more. Now, as Barry has little to no cyber awareness he doesn’t hesitate to click the link. At first it appeared as though nothing had happened but eventually the link takes him to the login page of his favourite site. Barry types in his login details in eager anticipation and nothing happens. He clicks the refresh button in his browser a few times but still nothing happens. Frustrated, he quits the webpage and continues on with his day. Little does he know but he was just on a phishing website that has logged his username and password. Unfortunately for Barry he uses the same credentials for pretty much everything he does online including his banking.
Within a few days he gets a call from his bank asking him why he’s been spending so much money. Barry has no idea what they’re talking about until he tries to log onto his online banking account. He can’t, it says the password has been changed. Panic sets in and what follows is a week of stress in which he struggles to regain access to his accounts and get back the money that’s been stolen and all this as a result of clicking one little link.
Common Sense
For the average person at home, the consequences of clicking a malicious link tend to not be so dramatic but nonetheless a security breach can be hugely disruptive and stressful. Clicking on a dodgy link might result in you being infected by ransomware, a piece of malware that will encrypt all of your documents and photos so you can’t read them unless you pay the attackers. If you’re really unlucky and you’re working from home then the malware may spread to your employer via a VPN. If they don’t have proper backups and the source of the infection leads back to you, then you might get fired. If you’re on dodgy websites whilst at work and the worst occurs, well the consequences probably won’t be pleasant.
It’s easy to point the finger at someone whose clicked on something they shouldn’t and call them an idiot but that’s not exactly fair. Anyone can fall victim either through stupidity or via bad luck. Some malicious links and websites are disguised exceptionally well and many people (even the professionals) get caught out by them.
Avoiding becoming the latest cybercrime statistic often comes down to basic common sense. On the stupid side of the coin, if you seek out and download something that is obviously dubious then more fool you. Anything that claims to be free or seems too good to be true should be avoided. And then of course there are the downright dodgy websites that are crawling with malicious links.
Having an antivirus installed on your system is likely to protect you from 99% of older malware and a fair few of the latest releases. Keeping your antivirus and machines operating systems patched with the latest updates is one of the most effective ways of countering the threat.
Keep your operating systems (OS) up-to-date, or upgrade if you are still running XP or other legacy systems that are no longer supported. Keep your browser of choice up-to-date. Keep your public-facing applications (things that open files in email and web downloads, like Office up-to-date. Disable Flash and Java in the browser, or at least keep them patched. Don’t go online as an administrator, use a non-privileged account which limits the scale of any potential damage. If you are knowingly doing risky stuff, run a virtual machine, and when it gets infected, just restore a good snapshot.
In short, the best way to avoid being that person who ‘shouldn’t have clicked the link’ is to use common sense and always keep your devices patched against the latest vulnerabilities.
Want to learn more about how CyberScore™ can help secure your business? Visit our website at www.xqcyber.com/cyberscore and if you want to give yourself the very best protection against cyber security threats try our CyberScore™ software for free now.
Follow us on Facebook, Twitter and LinkedIn or sign up to our mailing list at https://www.xqcyber.com/signup
