The internet has given us so many great things – it’s made the world smaller, it’s allowed us to do business with virtually anyone on the planet, and it’s broken down many of the barriers that used to exist with communication.
However there’s a much darker side to the internet, and I’m not talking about seedy adult content sites. I’m talking about cyber security – a very real and growing threat to everyone. It’s not only big businesses at risk, but also small to medium businesses, and even individuals at home.
In this article I’m going to share the 6 most common cyber security risks you can face today. After all, awareness is the first step to prevention!
Common Cyber Security Threat #1: Phishing
Phishing, which is a homophone of fishing, is a high-tech fraud that uses email, IM or other communication channels to deceive you into disclosing personal, company and/or financial info such as account IDs, passwords, and credit card details or account credentials. The attacker usually disguises as a person from a position of authority or reputable company.
The message that a victim receives may appear to have been sent by a familiar contact or organization. The enclosed links or any attachment in the message may install malware on a victim’s device or direct him to a suspicious website set up where he is tricked to provide confidential information.
Nowadays, high-end cyber criminals rely mostly on phishing as it is much easier to trick someone into clicking a malicious link in a polished email than to break through a computer’s security. They can now quickly identify the nature of the messages that goes viral even in Facebook – breaking news stories whether true or fictional. This is what they use as phishing “hooks“. Phishing campaigns are also rampant on the holidays.
Common Cyber Security Threat #2: Malware
Malware is a short term for “malicious software” which is considered very annoying and harmful to your computer. This is a software which was made to secretly access a device without the knowledge of the user. It is said that this began as a prank but gone are the days when teenage pranksters created malware for this purpose.
Malware has evolved a lot up to this day, and has even been known for its various types depending on the intent of the software creator. In fact, some were named depending on its purpose – spyware and phishing which are both used to steal information, adware which is a forced advertising, ransomware which is used for extortion, a spam for spreading email, worms, trojan horses, viruses, rootkits and browser hijackers.
Malware, just like any other viruses, gets access to your device via email and the internet, game demos, music files, free subscriptions or just anything you download from the web. One symptom you may notice, if in case yours got infected by malware, is when your computer starts to frequently crash and slows down in its performance.
Common Cyber Security Threat #3: Insider Threat
An insider threat refers to a hacker who happens to be an employee of an organization, agency or a business. It can also apply to an outsider who poses as an employee by having fake credentials. The person or the hacker who does the crime is also known as a cracker or a black hat. This threat typically happens in 4 stages:
- The cracker gets access to the network or system.
- Thorough investigation on how the system or network works in order to learn where the sensitive points are and where the most damage can be applied to easily.
- The workstation setup.
- Actual disastrous activity takes place.
Insider threats are displeased or angry employees or ex-employees who believe that the business has ruined their lives and revenge is the only thing that will make them feel justified. We have actually seen this type of story in some power cast Hollywood action movies where the villain usually makes an exemplary plan to make the vengeance possible.
The damage would take many forms such as ushering in of viruses (worms or trojan horses), stealing of confidential info or money, corrupting or erasing pertinent data, altering data for false evidence or just to produce inconvenience, and stealing of the IDs of some individuals in the company.
Common Cyber Security Threat #4: Denial of Service (DOS)
DoS or the Denial of Service is a cyber threat wherein the intruder attempts to block legitimate users from their access to information and services online. The attacker usually targets your computer and its network connection, and sometimes targets the network connection and system of the sites you are trying to use. This can prevent you from using email, online accounts like banking etc., websites or other services that is connected to the affected system.
Typing a URL of the site on your web browser means sending a request to the site’s network for an access. Whilst the computer network can only grant certain number of requests at a time, it can result to a denial of your request once the DoS attacks since it usually floods the network with information. The attacker sends massive messages asking the network or server to authenticate requests that contain invalid return addresses. The server will not be able to locate the return address of the attacker upon replying for the authentication approval, so it still has to wait before it can close the connection. Once it closes the connection, the attacker again sends more messages, and the process keeps the server busy.
The same goes with your email when DoS starts to send spam messages, it tries to use up the maximum memory of your email storage, which leaves no space in memory and not receiving legitimate emails and messages. There are different ways on how DoS attacks, but below are the basic ones:
- Flooding the network with information preventing legitimate traffic
- Interrupting connection of two computers which prevents access to a service
- Blocking a particular user from accessing a service
- Disrupting a service to a specific user
- Ruining the state of information like resetting the TCP sessions
Although it doesn’t involve stealing of money and information, ID theft and such, it can still put your time and money in an inconvenient state when dealing with ineffective and inaccessible services due to massive network traffic and connection interference.
Common Cyber Security Threat #5: Spam
Spam is generally considered to be electronic junk mail which intends to flood the internet with the same message in huge number of copies. Spam tries to force the message on internet users who would not otherwise prefer to receive it. The term can also be associated with unsolicited or unwanted emails. Spam contains mostly of commercial advertising, suspicious products, money schemes and etc..
Spam does not only waste your time but also consumes most part of your network bandwidth which can give you poor net performance.
Common Cyber Security Threat #6: Keystroke Logging
Keystroke Logging is a process of monitoring every keystroke a user presses on a keyboard. It uses a device or a program which is commonly called a keystroke logger or a keylogger (short term). As a hardware device, it appears as a small plug that connects keyboard and computer. This type of device collects every keystroke and saves it as a plain text in its own tiny hard drive. It should be physically removed in order to access the information gathered. As a small program, it can be downloaded to monitor a specific activity on a computer. It can also be a spyware or a part of a RAT (rootkit or remote administration Trojan horse). The keylogger program, in the same manner, records each keystroke and uploads the information over the internet.
These programs are promoted for parents in monitoring their children’s activity on the internet and allowed for employers to put an eye on their employees during working hours. However, as these can be embedded in spyware, your information such as passwords, PIN, banking and personal information can also be transmitted to an unknown third party. This makes it unsafe and one of the cyber threats you need to be aware of.
We are living in a digital world and most of our important information are being transferred online. It only means that all of us are prone to meeting one of the above most commonly known cyber threats.
The best advice: be very careful in opening email attachments and be mindful when surfing the internet. You may want to be cautious about suspicious websites you may open or may be asked to be directed to. Make sure you install and update a quality antivirus program. If you run an organization, there is no harm in finding a quality managed services firm who can help you, like Seccom Global, Australian cyber security company. Lastly, never try to use public computers when you need to access your personal or financial information online.
It might save you a huge headache in your busy and active life.