Over the last several months, the media has repeatedly reported on the exploits of cybercriminals using their malware to shut down equipment and networks or take data as hostage with ransom demands.
In the second quarter of 2017, more than 184 billion exploited variants were identified from nearly 6,300 unique exploits, a 30% jump from the previous quarter. While the majority of these attacks were targeted towards large corporate networks, the equipment and data of individual users were not spared.
Some of these attacks, such as those that lead to the hacking of your Facebook page, are frustrating, but without more consequences as a priority, such attacks can collect personal information or that of your relationships for the purpose of identity theft.
At the same time the number of malicious applications mimicking legitimate sites or applications (such as a bank or service provider) has also increased, with the intention of stealing your financial and personal information.
Most of the Ransomware attacks targeted hospitals and financial institutions. But those aimed at the general public also follow this trend. The majority of Ransomware attacks are initiated via an email containing a malicious file. The execution of this file makes it possible to encrypt the hard disk of the user and to take his data as hostage (photos, videos, email, passwords, banking information, etc…) with ransom demands.
A new type of attack has emerged to attack various connected devices within a residential space, such as game consoles, media boxes, connected TVs, digital surveillance cameras, Wi-Fi network, and other intelligent devices connected to the network.
Cyber-attackers take advantage of known vulnerabilities in these devices to take remote control of them, collect your data, or install malicious software to integrate the hacked device into a botnet network made up of millions of other devices.
This botnet can be used to generate massive data traffic that can slow down internet traffic or overwhelm a network or online site, making it unavailable. In the latest “Threat Landscape Report”, Fortinet’s security researchers reveal that more two-thirds of the companies analyzed have suffered “severe” to “critical” severity attacks in the second quarter of 2017.
The recent online cybercrime activities highlights a greater proportion of “severe” criticality attacks compare to the past. Surprisingly, 90% of organizations have identified attacks targeting system vulnerabilities or existing devices for three years of more.
More worryingly, 60% of organizations have identified attacks targeting known vulnerabilities for more than 10 years. An increasing proportion of these attacks also target residential network devices, such as routers or wireless access points.
Finally, it is an attack that targets mobile devices, such as Android smartphones and tablets. Of course, the burning question is what can be done in this context. A lot of things, thankfully!
Here are four tips to help you secure your online experiences and your home networks,
Control Your Social Networks
For many users, it’s easy to set strict privacy settings to allow only selected people to access your pages. Except that, of course, this is not how many people use social networks. For those who want a more public profile, it is better to select those that you consider to be “friends”. Cybercriminals often have fake accounts on social networks and ask you as a friend.
You can protect yourself from these malicious requests by following these guidelines:
- Always check the page and profile of the person who is asking to be your friend.
- Check how long the account has been active
- Are the presentation elements coherent?
- Do the photos show a normal activity or is it rather glamorous photos?
- If you do not know the person who is asking to be your friend directly, you can also refuse the request. Quite simple.
- If you know the person who is asking as a friend, check to see if he/she already has friends. Check personal information, analyze whether mentioned information seems correct to you.
- If in doubt, contact the person directly and ask if they have a profile/page. If not, their account may have been hacked or duplicated.
Check Your Online Transactions
An important reminder: your bank will never ask you to check your account or demand your login credentials online. Such requests, online or via email, should be ignored and removed. If you receive an email with an attacked link or visit a web page, be interested in the URL before clicking.
- Just hover over the link to display the address at the bottom of window or near the link. Does this address seem legitimate to you?
- Does the email address seem legitimate to you?
- Does it look like a real email address of your bank?
- Do not hesitate to take a look at the concerned page.
- Is the logo presented the correct one?
- What about spelling and grammar?
- In case of doubt, you can log in to the indicated site by entering the address mentioned rather than clicking on the provided link, or you can contact your bank to ensure the legitimacy of the request.
Inspect Your Emails
A malicious file attached to an email is the most common method for encouraging users to run malware. These phishing attacks are generally well thought out. The email often indicates that the attached file is a receipt or invoice for a fictitious transaction, a false document that must be treated urgently (for example, a tax notice), information relating to a financial gain or a sum you would have inherited, or just a message from a friend or family member.
Of course, you should not open this attachment or click on a link in an email from someone you do not know.
- To check the validity of an email, take a look at the sender’s address by double clicking on the sender’s name or by analyzing the its headers (for example: in outlook > click on “File” > Check “Properties”)
- Check whether the email address is consistent with the organization that is supposed to have sent it to you.
- Is the address long and does it refer to an organization or place different from what you expected?
- Or does it contain suspicious or unusual chains of letters and numbers?
If this is the case, you can delete the email with confidence!
Update Your Equipment
This task is essential, although time consuming, given the number of your home devices that connect to the Internet (TV, multimedia recorder, surveillance camera, router, etc…)
List the name of the manufacture and model of each one. Once the inventory is established, search for these devices online to identify any vulnerabilities and patches/updates available, and ensure that these devices and applications have the latest patches and versions for their operating system, their firmware and their software.
If the device or application is obsolete and is no longer supported by its manufacturer, you should consider replacing it for security reasons. We live in a digital world and the fight against cybercrime is a priority.
We have all learned to lock our cars, secure our doors and windows, look both ways before crossing a road, and avoid dark, bad streets at night. It becomes important to develop these same reflexes within the digital universe.
Just like in the physical world, you cannot be 100% safe. But if we are all cautious, if we look more closely at the tools and applications we use, and if we use a little more common sense online, the digital world we live in will quickly become safer.