October is Cybersecurity Awareness Month and we are doing a PSA on the types of cyberthreats you might encounter as an internet user. Yes, the Internet provides us with countless benefits as well as threats.
According to CISCO's 2021 Cybersecurity Threat Trends report, Crypto jacking, Phishing, Ransomware attacks, and Trojans are the most active threats with around 100 million queries each month.
Of course, there are other cyber threats that potentially harm internet users and these threats keep evolving every second. So, here are some of the most common cybersecurity threats and what you can do to protect yourself from them.
1. Crypto jacking
About 69% of organizations experienced some level (at least one end-user instance) of unsolicited crypto mining. This happens as malicious scripts or software gets installed onto a victim’s system that is able to use its processing power to mine a cryptocurrency coin. Cryptomining is known to slow down and reduce the life of hardware, clog bandwidth, and drive up businesses' AWS computing costs.
Ways to detect and prevent Crypto jacking
Phishing is the most common way to deliver malware hence, refrain yourself from clicking!
Install an ad-blocking or anti-cryptomining extension on web browsers. Most crypto jacking scripts are delivered via web ads hence the ad blocker will be able to stop them.
Phishing actually accounts for 90% of data breaches. Phishers set up links and websites that closely resemble a trusted entity's website domain. Once users click on the links, malware may be installed on their devices without the users' knowledge. Another way is to create websites that closely follow the design of the trusted entity and ask for personal information such as credit card numbers.
How to prevent phishing
Click only trusted sites and avoid clicking links on random emails or instant messages. For more protection, you can install an anti-phishing toolbar. If you stumble upon a malicious site, the toolbar will alert you about it. Check these 10 guidelines to know more about how to prevent phishing.
3. Ransomware Attacks
Ransomware refers to malware that uses encryption to lock a victim's data and prevent it from being accessed. A ransom usually has to be paid in return for restoring access. Ransomware attacks people or companies in many ways, such as through insecure websites, spam email, and software downloads.
Protection against ransomware attacks
In order to prevent ransomware attacks, you need to make sure your devices’ security is not vulnerable to cyberattack. Keep your operating system and software updated and always be aware of every email, software, and links you click or downloaded.
To keep your data safe when accessing public wifi, use a trustworthy Virtual Private Network (VPN). If you need extra protection, you may consider buying antivirus for Mac or Windows and a firewall.
A Trojan is a type of malware that is disguised as legitimate software. Once installed, attackers can use it to modify and delete data, slow down performance, or gain remote access to the system.
Protecting your devices
Here is the tricky part. Trojan most likely disguises itself as harmless softwares or trusted links. For example, you may encounter a fake antivirus program as a pop-up and tell you that your device is compromised or infected. Don’t buy it!
Only download or install software from official sources to avoid cybersecurity threats, including antivirus for Mac, Windows, or any other OS for your devices.
What is Botnet? It is a network of internet-connected devices which are controlled by a hacker. These devices usually stay dormant until the hacker activates them to launch malicious cyber attacks.
To protect yourself, always remember to stay safe on the internet by keeping your software up-to-date, scanning all downloads before running the download files, and refraining yourself from clicking anonymous email, messages, or links.
Man-in-the-Middle is a network attack where communication between two devices is intercepted. The attacker can read/modify your data and possibly impersonate you. The potential threat will be more dangerous when you use public wifi.
Therefore, you need to be extra careful when opening personal data using public networks. It would be preferable to use your mobile data or use your phone as a wireless hotspot. If mobile data isn’t an option, use VPN to make your connection safer, well at least makes it harder for cyber criminals to target you.
7. Denial of Service and DDoS
A Denial-of-Service (DoS) attack is a cyber-attack that aims to disrupt a machine or network by swarming it with requests, making it unavailable to its intended users. Think of it as having one person repeatedly calling a phone number and causing that number to be unavailable.
A Distributed-Denial-of-Service (DDoS) is largely similar to its DoS counterpart. In this case, the swarm of requests does not come from a single source, but rather from multiple sources, making it harder to trace or block.
Prepare for the worst
If you run a company website or app, make sure you have a mitigation plan to prevent this attack in advance since DDoS attacks are the most difficult to contain. Protect your network, applications, and infrastructure, as well as regularly perform assessment to spot network vulnerability.
You could also utilize cloud providers services who offer high levels of cybersecurity, including firewalls and threat monitoring software. They can help protect your assets and network from DDoS attacks.
Bloatware is a common name for unwanted--and most of the time useless--apps that are pre-installed on the device we buy. It takes up a lot of space on our devices which leads to reducing the amount of data, even running in the background and slowing down devices.
When a bloatware connects to the internet, it opens the devices to malware by introducing a host of applications designed to exploit computing power and personal information, including financial information.
How to get rid of bloatware
Some bloatwares are manufacturer-made, therefore cannot be uninstalled easily. The best option you can do is to disable the app. However, you can try anti-bloatware apps that can completely remove it. Just make sure that your devices are compatible with the app.
9. Computer Worms
What’s nasty about computer worms is that this can replicate itself--without any human interaction involved--in order to spread to other computers, typically through the computer network or removable storage devices shared between systems. It could also arrive as attachments in spam emails or instant messages!
Worms can consume bandwidth and overload web servers. Moreover, computer worms are able to modify and delete files, as well as inject additional malicious software onto a computer.
How to prevent it
Just like other cyberthreats, the best prevention from computer worms is to keep ourselves safe while connecting to the internet. Don’t open email or attachments from unknown sources and do not click pop-ups ads while browsing.
Use VPN when accessing public wifi and regularly update and strengthen your passwords. Click here for more tips.
A rootkit is like a “stealth mode” software that is able to secretly breach the areas or systems that would not otherwise be allowed. While you might not notice, rootkit actively accesses your computer on an administrator-level (almost unlimited access).
The best defense
Rootkits are hard to detect because of their stealth program. So, prevention is the best defense. Keep yourself updated on the latest information about cybersecurity threats, so that you will be more alert if your devices suddenly change behaviour. Keep all your systems up to date and add more protection from a rootkit scan tool.
Backdoor works as quietly as a thief. It’s a malicious code that exploits system flaws and vulnerabilities to gain remote unauthorized access to a computer system or program. Backdoor gives total freedom to file copying, modification, data stealing, and additional malicious injections, just exactly like a thief would do.
How to prevent backdoor attacks
Performing digital hygiene (meaning: safe practices we talk about so far) is effective to prevent you from almost all kinds of cyberthreats, including backdoor attacks.
You also need to be very careful with free download websites. Some developers upload malicious apps that can create backdoors. It will cost more, but it’s safer to download paid apps.
12. DNS Attack
Domain Name System or DNS works as “the bridging” between humans and computers since we have different language codes. While computers only know numbers, humans speak names. So when cybercriminals undertake a DNS attack, they intercept the communication between these two.
The attackers leverage the DNS vulnerabilities to divert people to malicious web pages. They do this to exfiltrate data from compromised systems, including personal data.
Well, this cyberthreat will not directly be your concern unless you run a website or apps. But, as an internet user, you still need to be aware of this cyberthreat to prevent yourself being the object of the victims.
For instance, you have an account in a marketplace. If this marketplace is attacked, your personal data will be threatened. That’s why we need to be well informed about current issues related to cybersecurity. If this happens, you have to promptly change your password as well as secure your financial or banking code.
This cybersecurity awareness month is the moment to increase people's understanding that cyberattacks will keep happening as long as the internet's around. Protecting ourselves from cybersecurity threats needs some effort to keep updating knowledge about how to stay safe on the internet.
The best way to understand cyberthreats is to learn exactly how the internet works. Don’t take a step back just yet, there is a more exciting way to do it, even less complicated than reading this article.
Check out Potato Pirates: Enter The Spudnet, a board game specifically designed to teach cybersecurity and computer networking. You can learn about the internet with deeper understanding, without feeling stressed out :)
If you want more interesting information on other topics, click here to find our blog.