COMMON CYBER SECUTITY THREATS
1. Malware: Software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system.
2. Phishing: An email-borne attack that involves tricking the email recipient into disclosing confidential information or downloading malware by clicking on a hyperlink in the message.
3. Spear Phishing: A more sophisticated form of phishing where the attacker learns about the victim and impersonates someone he or she knows and trusts.
4. “Man in the Middle” (MitM) attack: Where an attacker establishes a position between the sender and recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and recipient believe they are communicating directly with one another. A MitM attack might be used in the military to confuse an enemy.
5. Trojans: Named after the Trojan Horse of ancient Greek history, the Trojan is a type of malware that enters a target system looking like one thing, e.g. a standard piece of software, but then lets out the malicious code once inside the host system.
6. Ransomware: An attack that involves encrypting data on the target system and demanding a ransom in exchange for letting the user have access to the data again. These attacks range from low-level nuisances to serious incidents like the locking down of the entire city of Atlanta’s municipal government data in 2018.
7. Denial of Service attack or Distributed Denial of Service Attack (DDoS): Where an attacker takes over many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand.
8. Attacks on IoT Devices: IoT devices like industrial sensors are vulnerable to multiple types of cyber threats. These include hackers taking over the device to make it part of a DDoS attack and unauthorized access to data being collected by the device. Given their numbers, geographic distribution and frequently out-of-date operating systems, IoT devices are a prime target for malicious actors.
9. Data Breaches: A data breach is a theft of data by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass an institution (e.g. Edward Snowden or the DNC hack) and espionage.
10. Malware on Mobile Apps: Mobile devices are vulnerable to malware attacks just like other computing hardware. Attackers may embed malware in app downloads, mobile websites or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts and more.
How to Protect Yourself from Cyber Attacks?
The internet has seen a massive rise in usage over the last decade. Thanks to smartphones and highly efficient yet cost-effective computers. Another reason is the hardworking developer community that has made development and use of the software more and more easy with the requirement of lesser and lesser technical sophistication. The capabilities of software programs have also enhanced exponentially. The need for distributed computing and connectivity to the world for staying updated on current trends is the reason for businesses to increase their online presence. Some of these businesses are completely online with no offline element in their service or product.
With all the emphasis on usability, an aspect has been mostly ignored since it has been a hurdle in usability. The security of online assets is a factor that was getting less attention than it deserved until the last four years. Cybercrimes were not that frequent before 2013. The rise in internet usage has resulted in rise of cybercrimes. The rise in cyber crimes resulted in an increased awareness of the importance of cybersecurity. But, a single successful attack can be enough to cause a loss of multi-billion dollars. Companies know it and hence are working towards making their products safer.
However, you as an end-user can not fully rely on the security measures taken by the companies that sell you the products you use. There are a lot of ways you can commit mistakes and render all the security measures futile. But there are certain habits which when developed can be of great benefit to the internet security of an average user.
These habits are simple practices that are easy to adaptable.
How to Protect Yourself?
- Use an Internet Security Suite: If you know anything at all about a computer and the internet, the chances are very high that you might be using an antivirus already (And if not then do not take the risk unless you are seasoned cyber security professional with data backups in place). An antivirus program combined with an internet security program set helps you in:
- Avoiding malicious downloads done by mistake.
- Avoiding malicious installs done by mistake.
- Preventing from being a victim to Man In The Middle Attack(MITM)
- Protection from phishing.
- Protection from damage that trojan horses may cause. Some Trojan Horses are built in a way that the majority of the code is for doing useful and seemingly innocent things while a small portion does something nasty like acting as a backdoor or escalating privileges.
- Use Strong Passwords:This can’t be emphasized enough. If you have “qwerty123” as your bank’s password and a lot of money in the account, you must be ready for a surprise transaction. You should not fully rely on the rate-limiting measures used by websites that you visit. Your password should be strong enough to be practically unbreakable. A strong password is one that is 12+ characters long and contains a diverse use of alphabets(both cases), numbers and symbols (and spaces). Setting a really unbreakable password should not be difficult specially when there are help available as random password generators. You can use this oneor this one.
- Keep Your Software Up-to-Date:Despite the developer’s best intention to create secure software and thorough reviews from the security teams, there are unfortunately many zero-days that are revealed once the software is being used by a large user base. Companies are well aware of this fact and that is why they release frequent updates to patch these vulnerabilities. This is the reason why those updates, however annoying they may be, are important. They help in preventing attacks that can easily skip the radar of the antivirus programs on your computer.
- Avoid Identity Theft:Identity theft is when someone else uses your personal information to impersonate you on any platform to gain benefits in your name while the bills are addressed for you. It’s just an example, identity theft can cause you to damage more serious than financial losses.
The most common reason for identity theft is improper management of sensitive personal data. There are some things to be avoided when dealing with personally identifiable data:
- Never share your Aadhar/PAN number(In India) with anyone whom you do not know/trust.
- Never share your SSN(In US) with anyone whom you do not know/trust.
- Do not post sensitive data on social networking sites.
- Do not make all the personal information on your social media accounts public.
- Please never share an Aadhar OTP received on your phone with someone over a call.
- Make sure that you do not receive unnecessary OTP SMS about Aadhar (if you do, your Aadhar number is already in the wrong hands)
- Do not fill personal data on the website that claim to offer benefits in return.
- Take appropriate actions if you have been a Victim:There are few things that should be done as soon as you realize you have been hacked:
- File a formal complaint with the police and inform the other relevant authorities.
- Try regaining access to your compromised accounts by utilizing secondary contacts.
- Reset the password for other accounts and websites that were using the same password as the account that was compromised.
- Perform a factory reset and proper formatting of your devices that are affected(assuming you have your data backed up already).
- Stay aware of the current data breaches and other incidents of the cyber world to prevent such incidents from happening again and staying safe online.