We hear about data breaches on a daily basis, and it's no surprise. You do not need to be a large corporation or an oligarch to fall victim to a cyberattack. By understanding what cyberattacks are, you'll be able to detect and prevent common cyberattacks and protect your devices and online accounts from hackers.
What hackers are stealing most often?Hackers steal what they can make money on. Advanced cyber groups have analysts who try to monetize any hack. They will sell information, they will take money out and cash it in, and if there is a service from a company, they will paralyze it and blackmail it.
Who are the most common victims of cybercriminals?
According to statistics, all leaks of privacy information occur either due to the actions of the people themselves, or due to mistakes or malicious violations of the employees of the service that people use to store private information: clouds, social networks, and etc.
Today there is a huge mass of attack vectors and ways to steal people's personal information and money. The more operations a person performs over the Internet with a smartphone, laptop, computer, the more vulnerable he is to attacks. If a person is an online seller, there will always be scammers and competitors coming in to profit to ruin his business. If a person works from a computer, it becomes routine for them to receive daily spam and phishing emails.
How phishing works and how to protect yourself from it?
Phishing is the creation of a copy of a certain site in order to trick a user and obtain their data, be it a bunch of username/password or credit card details. Phishing always plays on people's feelings: fear, curiosity, and greed. Be careful and be as careful as possible when opening links from emails and messages from colleagues and friends in social networks - they may have been hacked. Check the correct spelling of sites - (hackers register similar spelling) and attachments sent in emails and messages through virustotal.
To understand that it is better not to click on a link, it is worth evaluating the context in which it is located: promises of incredible financial gain are already a "red flag" for the user. It also matters how the link looks. Suspicious links include abbreviated ones and those that visually resemble legitimate sites. For example, the domain appie(.)com is not used for quite ethical purposes, because the capital “i” is practically indistinguishable from “l”, which allows people to be misled.
The rule of thumb is not to enter personal information on the websites that led from a link clicked from an email or messenger.
What protection technology is most effective for smartphone security?
Smartphone theft has now gone by the wayside, so attackers don't have physical access to the device. Since approximately 99% of intruders are on the other side of the screen, protection must be built from actual vectors. You have to minimize the possibility of being tricked. Therefore, the most effective smartphone protection technology is information security awareness and antivirus. To protect smartphones from remote hackers, you need antivirus on the device, and a certain level of knowledge to protect yourself. This will help not to fall for the tricks of an intruder in the form of phishing links, attachments, and other things.
Why biometric security systems are better than classic password?
The personal cost of smartphone security has been reduced by the widespread availability of biometric authentication. Not everyone use passwords to access the phone precisely because it was time-consuming and reduced usability. It is much more convenient to unlock a smartphone using a fingerprint or face recognition. At the same time, biometric systems are much more technically complex, which means both a higher entry threshold for their analysis and more opportunities for error on the part of the developer. Fingerprint recognition attacks do exist but require a lot of time and financial investment. Also, there have been a few instances of facial recognition technologies being bypassed due to software errors which later patched. For this reason, the password or biometric alone may not fully protect your device and Two factor authentication will protect you further.
What a strong password should be?
The burte force attack starts by combining words and numbers that are associated with the victim. Birthdate, favorite sports club, names of the children, and anything that a user can easily remember. We shouldn't make life easier for the attacker to guess our password, and make the passwords stronger. Do not use the same passwords everywhere. Don't memorize all your passwords or keep them in notepad, but in a secure vault or password manager. Compose passwords from upper and lower case letters, numbers and special characters and better yet use the strong password generator.
Where to store your passwords?
It is a common practice to not store "clear" passwords, but use hash sums of passwords so having access to the database does not mean having direct access to the passwords. Obtaining a password from a hash sum requires a lot of computing power, and the difficulty of cracking grows exponentially with the length of the password. A random 8-character password will take about five hours to crack, and a 16-character password will not be cracked for the foreseeable future.
But it all comes down to usability. No one wants to use a random set of 16 symbols, and it is different for each service. The solution is password managers, applications that store all your long and random passwords. Vendors who build password managers are also targets of cyberattacks, and there have been a couple of instances of compromise. However, the password managers do not store clear-text passwords, so the compromised data must be decrypted to determine real "random" passwords which requires huge processing power.
Antivirus software protects your device from malware and software viruses with some degree of inconvenience to the user. Cybercriminals develop new malware and viruses to break into newer machines, and antivirus software does not protect your device 100% of the time. To protect your device continuously, you must update your antivirus software with a new definition file to detect and quarantine newly introduced viruses.
Using security mechanisms is always a tradeoff between security and usability. This is why it all starts with building a threat model. The threat model answers the questions such as "What are we protecting?", "Who and what poses a threat to us?", "What will be the loss of this resource is compromised?", "How much are we willing to spend and lose inconvenience while implementing the security features?". There is no foolproof way to protect your infrastructure 100% of the time. We must protect ourselves by following best practices such as using the strong password and 2FA as well as detecting phishing and other cyber attacks.
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.