Imagine this, a dark and stormy night, and you are at home alone. Lurking among the shadows is the most dreadful hazards of modern lifestyle, the risks of cybercrime. But you are careful, and arm with antivirus software as well as backed up data, and you have updated your software regularly. Suddenly, you get a message from Microsoft confirming your worst fears.
You have been hit with ransomware.
A notification pops up and urges you to call tech support. You dial the numbers, the sound of your heartbeat pounding in your ears. Someone picks up and you explain the disaster.
The tech support on the other end puts your fears to rest. He is here to help. He walks you through setting up some anti-ransomware software for $400. It is a bit much but worth it to save your data.
Reluctantly, you fork over the fee and give him remote access to your computer. After a few minutes, he thanks you and assures you your computer is ransomware-free.
One week later, you have nearly forgotten the incident. During your morning coffee, you turn on the news and see a story about a local scam. Your eyes widen in horror.
That is when you realize you were never hit with ransomware. The tech support you talked to was not from Microsoft. He was a scammer. And you let him into your computer.
The first step to deal with this new array of threats is to know the different types of cyber-crimes and malwares, understand how they work and how we can protect ourselves, our businesses, and our clients.
Ransomware (Example – “WannaCry”): Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid. The name itself gives you a clue to how it feels like if you are hit by that malware.
Modern ransomware families are known as crypto ransomware. They encrypt certain file types on infected systems and force users to pay the ransom online to get the decryption key. Ransomware can be downloaded when unsuspecting users visit malicious or compromised websites. Ransomware can also arrive as a payload either dropped or downloaded by other malware. Some Ransomwares are known to be delivered as attachments from spammed email or downloaded from malicious pages. The rise of Bitcoins contributed greatly to the increasing popularity of ransomware among hackers.
Unless you agree to transfer the amount demanded, otherwise all your data is at risked.
Wiper (Example – “NotPetya”): This type of malware might walk like a Ransomware and quack like a Ransomware but is a Wiper. The intention of this malware is to wipe out all your data. In contrast to the Ransomware that is based on financial motivation of cyber criminals, the Wiper is focused on causing damage and chaos among its victims.
It can be used by government-led groups or terror organizations as part of a cyber warfare, or by ruthless competitors who are willing to use all means, including paying hackers to attack their rivals.
When hit by Wiper, there is not even the chance of any payment to make to evade the risk of losing your precious data.
Spyware (Example – “KeyLogger”): Spyware is malware that is designed to collect information and monitor the activity of the computer they are installed on. Spyware can collect any information that can benefit the attacker, such as passwords, bank account details, documents, browsing history, Emails, pictures and much more.
It can also be programmed to perform complicated actions, like recording keystrokes or take screenshots whenever you use a certain program. Some spywares can even activate the computer’s microphone and camera to record everything that is happening in the area around the computer.
Spyware can be used for harmful causes such as identity theft, credit card theft, fraud, blackmail, and industrial espionage. Usually, this kind of malware is developed by professional hackers who then sell the secrets on the black market for use in online fraud and other illegal activities.
With that stolen critical information, it is up to the hacker to use the information to cause maximum damages.
Adware (Example – “1ClickDownloader”): The term adware is frequently used to describe a form of malware that pushes advertisements and banners on your screen. The ads display format varies, from non-harmful banners implemented within a program to very harmful pop-up windows. Most users do not want to see ads, but Adware can be downloaded without the user being aware of it. It usually happens when you download free software or add-ons.
Some Adware programs have functions built in, such as analyzing the sites you visit to customize ads. In these cases, the Adware does more than show advertisements. It collects information about you. You are not even aware that information is being collected. Although some Adware’s do not have malicious intentions, the execution can be quite intrusive at times. For example, when the Adware observes your activities without your consent and sends the information to the software’s author.
Generally, these types of Adware are usually classified as spyware and are treated accordingly. However, some adware operates legally, and some adware developers have even sued antivirus companies for blocking their adware.
Botnets and DDOS (Example: “Ping of Death”): Web Robot, or simply Bot isn’t necessarily a bad thing, it’s a software application that can perform tasks over the internet, from web crawlers for search engines, to chat bots and other services.
The problem starts when our computers, servers or other internet devices are forced by a malware to become part of a Bot Network (Botnet). Once the device is infected, it can be controlled remotely by the hacker, to conduct other attacks. One type of a Botnet attack is the distributed-denial-of-service, also known as DDOS, when the infected devices generate malicious traffic to make a machine or network resource unavailable.
In many cases the users are unaware of the botnet infecting their system until the hacker choose to activate it and cause your system to go into overdrive mode and then “all hell breaks loose”.
- Financial theft
- Pure financial losses arising from cybercrime designed to commit theft of money or theft of other financial assets. It covers both pure financial losses suffered by the observed company or by related third parties as a result of proven wrongdoing by the observed company.
- Data and software loss
- Costs of reconstitution and/or replacement and/or restoration and/or reproduction of data and/or software which have been lost, corrupted, stolen, deleted or encrypted. Most of the time, Data loss can be difficult to recover 100% and it is a costly thing too.
- Intellectual property theft
- Loss of value of an intellectual property asset, resulting in pure financial loss.
The Cost of Preventing
The cost to preventing hackers from stealing your personal information is not very difficult or expensive. It is more about been cautious and proactive. Usually, hackers cannot do anything without the users clicking on their phishing emails or users opening any attachment leading in malware been installed into their devices.
Following simple guidelines like using strong passwords and avoid logging in private accounts to public computer can help to prevent been compromised by hackers.
As the saying goes, “Prevention is better than Cure”. It is usually too late when you realize that you should take Cybersecurity more seriously.
What can happen if you do not protect yourself.
Stealing your Money.
- Hackers can steal your money through many different methods. One example would be a ransomware scam. Where the hackers send a fake notification to you that you are been hit by a ransomware and demand that you give her remote access and pay them some money to setup some software to fix your ransomware. After this, the hackers have completed their objective which is to scam money from you. Imagine, the pain of losing everything you earn just because of a slight mistake you made.
Hijacking of Username and Password
- Hijacking of username and password are very common now due to too many phishing scams now. Hackers will create a website that look identical to the website that you use. They will usually target people by sending phishing emails to them, telling them to update their bank account if not the account will be deleted. Doing so, will force the user to key in their login credentials and after logging into their fake website. The hackers will have obtained the user login credential and begin stealing money or information’s of the person. Imagine, what could happen to you if your accounts are been hacked by the hackers and is been sold to someone who you do not even know to be uses for illegal purpose.
Tips to Stay Safe in the Digital World
How to Protect yourself
Anyone using the internet should exercise some basic precautions. Here are some tips you can use to help protect yourself against the range of cybercrimes and to stay safe in the digital world.
- Use Strong and Unique Passwords
Remembering passwords, especially complicated ones, is not fun, which is why so much work is going into finding better alternatives. For the time being, though, it is important to use unique passwords that are different for each site, and not easy-to-hack passwords like “123456” or “password. ”
Choose ones that are at least 14 characters long. Consider starting with a favorite sentence, and then just using the first letter of each word. Add numbers, punctuation, or symbols for complexity if you want, but length is more important. Make sure to change any default passwords for all devices, like those that come with your Wi-Fi router or home security devices.
A password manager program can help you create and remember complex, secure passwords.
- Keep Software Updated.
Many breaches, including the 2017 one at the Equifax credit bureau that exposed the financial information of almost every American adult, boil down to someone leaving out-of-date software running. Most major computer companies issue regular updates to protect against newly emerging vulnerabilities.
Keep your software and operating systems updated. To make it easy, turn on automatic updates if possible. Also, be sure to install software to scan your system for viruses and malware, to catch anything that might get through. Some of that protection is free, like Avast, which Consumer Reports rates highly
- Encrypt and back up your most important data
If you can, encrypt the data that is stored on your smartphone and computer. If a hacker copies your files, all he will get is rubbish, rather than, for instance, your address book and personal information. This often involves installing software or changing system settings. Some manufacturers do this without users even knowing, which helps improve everyone’s security.
For data that is crucial, like medical information, or irreplaceable, like family photos, it’s important to keep copies. These backups should ideally be duplicated as well, with one stored locally on an external hard drive only periodically connected to your primary computer, and one remote, such as in a cloud storage system.
- Enable multi-factor authentication
In many situations, websites are requiring users not only to provide a strong password but also to type in a separate code from an app, text message or email message when logging in. It is an extra step, and it is not perfect, but multi-factor authentication makes it much harder for a hacker to break into your accounts.
Whenever you have the option, enable multi-factor authentication, particularly for crucial logins like bank and credit card accounts. You could also consider getting a physical digital key that can connect with your computer or smartphone as an even more advanced level of protection.
Best way to protect you from hackers
Out of the 4 ways stated above, the best way to stay safe in the digital world, is to get a hardware security key and enable multi-factor authentication for any logins that support using 2FA. A very useful feature of using hardware security key is that if you fall victim of a data breach and your sensitive data is stolen, malicious hackers will not be able to get into your private account without your physical Yubikey. That is why there are zero Google credentials ever been stolen before after using YubiKey.
In short, be cautious, proactive, and informed. Of course, there is much more a person or organization can do to protect private data. Firewall software built into both Windows and Mac OS or downloaded separately can help stop viruses and worms from making their way into your systems.
To protect yourself against data breaches at places where your information is stored, you should consider freezing your credit, which blocks anyone from applying for credit in your name without your personal permission. It is free. If you have already received a notification that your data has been stolen, consider putting a free “fraud alert” on your credit reports.
There are plenty of other places to learn more about cybersecurity, too, including some very good podcasts.
No person, organization or computer can ever be 100% secure. Someone with the patience, money and skill can break into even the most protected systems. Imagine what the hacker could do to your accounts and the amount of financial loss could happen to you if you allow hackers to compromise your accounts. But by taking these steps, you can make it less likely that you’ll be a victim, and in the process, help raise the overall level of cyber hygiene in your communities and stay safe in the digital world, making everyone safer both online and offline.
To find out more additional information about YubiKey, please go to our Website at https://dtasiagroup.com.hk/yubikeys/ or if you have any enquire about Yubikey, please contact us and visit our DT Asia HK Facebook at https://www.facebook.com/dtahongkong/ to find out more.