Ransomware, spear phishing, exploit kits. These are just a few of the threats targeting one of the most vulnerable links in any cybersecurity architecture – the unaware human. Security software and tools can help to mitigate even this risk, but without at least basic security awareness it is difficult to avoid all the pitfalls.
However, European Cyber Security Month offers a great opportunity to remind people of some of the practices that can keep malicious actors at bay and show that following even a few simple rules can help decrease the cybersecurity risks.
The best way to stay safe from this type of data-encrypting and money-extorting malware is to regularly back-up all your sensitive information and use a regularly updated security suite that protects your device on multiple levels.
However, ransomware operators are creative and often try to circumvent protective measures by convincing users to run infected executables. To achieve their fraudulent aims they often send communications pretending to be a tracking notification from a delivery company (such as FedEx), a banking email, or an ‘intriguing message’.
Making users aware of this technique lowers the probability that they will open and click on any unknown or suspicious email attachments (e.g. with double extension such as “.PDF.EXE”), links or files. In this way, the risk of infection can be decreased.
Excessive use of shared network folders can also contribute to the spread of ransomware infections. Having a common drive might be convenient for data sharing, but if not limited correctly, it can offer a channel for malware to target other devices connected to the same network and encrypt their contents as well. As well as limiting privileges for individual network members, users should also be trained not to use such spaces for storing sensitive, valuable or irreplaceable files.
Here is the most common phishing scenario: you receive an email with the logo of your bank or PayPal at the top. It asks you politely to check the settings of your account and, via the link provided, provide your credentials and further information. But it is not your bank that will receive your personal details – it will be the cybercriminals behind this attack.
Authorities in the UK receive a report about an attack like this every five or six minutes. This translates into an astonishing 96,000 attempted attacks every year in just one country of the EU. It is important to note that this method works regardless of the operating system or platform that victims use on their devices, as cybercriminals only need your inbox to get to you.
Without training, many people are likely to fall for the scam. But by being aware of how phishing works, any ‘weird’ email that your best friend, boss or even ‘bank’ sends you can be verified. And honestly, in a world where almost two-thirds of the global population have a mobile phone, it only takes a short call or an SMS message to check the authenticity of such a message.
A cyber infection can be just one click away. Some malicious websites contain exploit kits that are designed to scan your device for vulnerabilities. If the software kits discovers one, it will exploit it and upload malicious code onto your computer or mobile phone, often with destructive consequences.
There is one simple rule that can help: never go on a clicking spree. If you receive an offer that sounds too good to be true, it probably is. Also, not every funny or otherwise interesting content is worth the click. Make sure you know where your browser will take you next and avoid any suspicious sites that you don’t recognize.
This approach is easy enough, but it cannot provide you with the level of security of an updated and reliable security suite, one that is able to identify and block dangerous websites and navigate your clicks to a safer location.
by Ondrej Kubovic, ESET We Live Security