By Codomo Singapore

How does your data get compromised on the internet?

Common cyber threats you should be aware of

“Security is always excessive until it’s not enough.” — Robbie Sinclair

Today, about 3.9 billion people are connected to the internet or about half of the world’s total population. Everyone in this pool is susceptible to multiple forms of cyber attacks for every second they remain connected to the internet. We are not even counting how many different devices each one of us owns...

10 MILLION! That is the estimated total number of cyber attacks happening globally every single day. As technology advances, more of our lives are connected to the cyber world. This opens up more avenues for attackers to breach, while security companies find new ways to prevent. Though it’s a cat and mouse game between the attackers and the ones trying to prevent it, the onus is upon us to be aware, informed, and protected. Just to give you some perspective, Global Sign has highlighted some of the biggest attacks that occurred in 2019 and what's ahead for 2020.

While most organised crimes target businesses and government organizations, as an individual, you can never be too vigilant in protecting yourself against cyber attacks.

Cyber claims by reported incident infographic

Breakdown of reported incident claims for insurance submitted to AIG

The number of cybercriminals globally are on a rapid rise, and whether they operate in highly organised networks or individually out of their home computers, these criminals know no geographic bounds. You can be watching Netflix on your laptop in Singapore, and be subjected to a botnet attack from a group in Russia. Or you might be lounging in your local Starbucks, and have the person sitting right next to you sniffing your phone for potential blackmail.

You have anti-virus software installed on your phone and computers. And your password looks like this: $bpr%L9qfg4! So what’s there to worry about? Well, lots. While we are not recommending you to become a digital hermit, you will definitely benefit from the knowledge we are supplementing here.

In this article, we will highlight some of the concerns in modern cybersecurity, the misconceptions surrounding them, and how you can be vigilant.

Potato Pirates are cyber army for cybersecurity

Yes, evil cyber armies are real and they are already here.

Types of Cybersecurity Threats

Potato Pirates explain social engineering as cyber attack

1. Social Engineering

Social engineering is an umbrella term for tactics used by adversaries to psychologically manipulate you into breaking security procedures to perform actions or revealing information. Everyone is prone to this form of attack, including ourselves. Social engineering can also be used as a carrier for other more threatening forms of attacks, such as downloading malware, installing botnets or mass sending out malicious emails.

Phishing attacks are the most common form of social engineering. Phishing attacks usually come in the form of a deceptive email that tricks the user into giving away personal information. One such example is a “password reset”, where you are linked a page that asks you to input your existing username and password. In the last section of this article, we will offer some advice on how to detect potential phishing attempts.

2. Malware

Malware is short for malicious software. Malware comes in various forms and it is often a software that is installed unconsciously by the user. Malware might be embedded in the installers of seemingly legit software, or you could have allowed its entry from infected USB devices. Nowadays, malware is not limited to computers anymore, it has evolved and spread to devices of all types, including your mobile phone.

2.1. Spyware

One of the most common forms of malware, spyware is a software that monitors your activities and steals sensitive information like bank details and password. In recent years, spyware has evolved to extract information that can be used to blackmail, such as capturing images from your webcam or incriminating chat histories from your messenger platforms.

2.2. Bloatware

Bloatware is type of software that is not particularly malicious, but if left unchecked, could open the doors to more damaging consequences. Bloatware is classified as software which uses large amounts of computing resources, thereby reducing the effectiveness of the device. A lot of modern gadgets are usually shipped with bloatware that you might not use, such as games or entertainment software. Remember the last time you bought a Windows laptop and the first time you clicked the Start button, there were a bunch of apps such as Candy Crush and Xbox? Not that they are malicious, but if you do not use them, you should uninstall them right away.

Adware is a common type of bloatware, where it periodically pops up on your screen with some enticing advertisement. It usually includes a link on the advertisement that takes you to a web page, and while these websites are not always malicious, you might let your guard down and grant permissions to allow the intrusion of other malware.

2.3. Ransomware

Ransomware is designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. This can range from encrypting your system to holding important data until a ransom such as Bitcoin is paid to the attackers. The notorious WannaCry worm in 2017 is a prime example of ransomware.

2.4. Botnets

A network of connected devices infected with malware, tasked to perform other malicious actions such as email spam or denial of service (DDoS) attacks. Simply put it, malicious botnets are automated hijackers. It could also consume large amounts of resources while operating, causing your system to slow down dramatically. Another usage of botnets are for cryptojacking, which is the unauthorized use of someone else’s computer to mine cryptocurrency.

3. Packet Sniffing

Packet sniffing can be simplified as the act of capturing data packets over a computer network. Normally, packet sniffers or protocol analyzers are used by network technicians to diagnose network-related problems. However, the same tool can also be used by hackers for ill intentions, such as spying on user traffic and collecting passwords. Vulnerabilities include connecting to unsecured Wi-Fi networks or browsing on unencrypted websites.

Top Myths on Cybersecurity

Potato Pirates explain cybersecurity myth you need to know

According to Moore’s Law, computing power would increase while relative costs would decrease, at an exponential rate. This means that as technologies evolve, our knowledge of the cyber world might not be kept up to date. Security threats from a decade ago might not be relevant today, while systems that are seemingly immune might now be a common target. Let’s debunk some of these myths.

1. Only Windows OS is susceptible to malware 

A severely outdated misconception! While Windows users remain on top of the list of victims for cyberattacks, this does not mean other platforms are immune. In the early 2000s, macOS had been frequently touted as safe from malware. We would not call it “safe”, merely less vulnerable due to the sheer percentage of users on each platform. Recognizing this common myth, cyber attackers have in recent years mounted their efforts into penetrating other systems, and unsurprisingly have managed to breach unsuspecting victims.

2. Mobile phones are perfectly safe.

Completely untrue. In the early 2000s, when the ubiquitous Nokia 3310 reigned supreme, phones were not exactly ‘smart’. You could definitely play games like Snake and conduct some operations akin to modern smartphones, but the computer chips in them did not face the same vulnerabilities as computers of that era. Today, phones are like mini-computers. They contain very similar components, run operating systems, and the software architecture is not too dissimilar from Windows or iOS. The most worrisome aspect of this is how much of our personal lives depend on phones. In there, we keep our photos, valuable data and login details of our social networking apps. Talk about putting all your eggs in one basket 🤔. In essence, your phone is vulnerable to threats such as malware, social engineering, and sniffing.

How you can protect yourself

Potato Pirates show cybersecurity game Enter The Spudnet

1. Use two-factor authentication on your inbox

Email is the skeleton of our cyber life. It can be used to reset passwords to almost any online service that we have signed up for or access emails that contain sensitive information. To dramatically improve the security of your inbox, turn on two-factor authentication. It adds an extra layer of security on top of existing login passwords, usually involving codes or one-time pins (OTP) sent to your mobile number or alternate email. For most of us who are on Gmail, you can enable this feature here. It only takes several minutes, so go ahead and do this right now if you have not already done so.

2. Use a different password for each service

Passwords are easily hackable. Even if you have complicated passwords, you might commit the mistake of using the same password for every service. That makes you extremely accessible to attacks once a single online service has been compromised.

Don’t feel burdened by the need to remember a gazillion passwords. Use a password manager for this. Look up the options here and pick one that suits you best. Popular ones include LastPass, Dashlane and Keeper.

3. Keep your software up to date

Most software companies regularly update their offerings to patch loopholes and protect against trending threats. Your computer is likely to receive updates automatically, but it never hurts to make sure of this.

Check out these guides for updating Windows and Mac respectively.

Another important aspect is to keep your security software’s definitions up to date. If you’re on Windows, do a simple check by following these steps.

In the bottom right corner of your screen, look for this icon:

Windows protection icon

Right click on it, and then click “Check for protection updates”

Click on check for protection updates

In this window, make sure to click “Check for updates” and follow the prompts if any.

Check for updates in Windows operating system

4. Use an encrypted messaging service

Many of us believe that confidential data shared via Facebook, Snapchat or Skype is safe. For most services, this is an illusion. The recent events in which Facebook shared users’ private information with Cambridge Analytica is considered one of the largest data breach in recent years, and it should jolt us to be more aware of how we share information. Without end-to-end encryption, your communication could be easily tapped by government agencies or cybercriminals.

Signal ranks at the top for secure messaging, endorsed by the infamous whistle-blower Edward Snowden. Another popular service with advanced encrypted features is Telegram. Of course, these services won’t be useful if your friends and family aren’t on board. Spread the knowledge and invite them to install it.

5. Search in private

Google actually retains your search history and uses it to track you or suggest ads. That is why you get personalised search results and somewhat relevant ads whenever you use the search engine. A service like DuckDuckGo allows you to search in private.

DuckDuckGo service allows you to search in private

Read this article comparing the 2 search engines.

No amount of protection can keep you safe unless you remain vigilant. It is important to recognize potential threats and not fall for the tricks.

Tip #1: Always check the URL of the link you have been sent

Tip #2: If you receive an email or message about an offer that sounds too good to be true, it probably is.

Tip #3: If you receive an email to reset your password, make sure you yourself made that request.

Tip #4: Take this quiz to see how cybersavvy you are and learn more tips!​

Tip #5: Educate yourself and your loved ones. Get Potato Pirates - Enter the Spudnet.