Weekly Security Roundup #51: The Unsuspecting Victims of Cyber Attacks
Experienced or not, we could all fall for a well-designed cyber criminal trick
No matter how long you’ve been using the Internet for, you can still fall for a cyber criminal trick. If you solely rely on your ability to detect cyber threats and stay away from potentially dangerous “neighborhoods”, you’re setting yourself up to become a victim. You can’t be protected without basic cyber security, just as you can’t be safe by using only technology and not paying attention to your Internet usage habits.
To help support this idea that we need both these elements to ensure our online security, we gathered 12 true stories from users like you and me who experienced cyber attacks and their consequences. The techniques used and their complexity may surprise you and hopefully they will also make you care a bit more about your online protection.
And because the past days have also been filled with news about all types of threats and dangerous situations, the weekly security roundup below summarizes the main happenings that can help you enhance your safety on the web.
Security articles of the week
We’ll kick off things with a great news: in massive operation that unfolded earlier this week, the U.S. Federal Bureau of Investigation and Britain’s National Crime Agency along with other partners have managed to take down Dridex, the notorious banking malware that has caused financial loss of over $40 million around the world.
More details about the operation show how important it is to infiltrate and destroy cyber criminal infrastructure as a means of significantly reducing criminal activity on the web.
Currently, however, Dridex malware infections and related botnet command-and-control activity are being redirected to sinkholes run by the U.S. FBI and Britain’s National Crime Agency, thus disrupting the attackers’ ability to infect new PCs, steal people’s online banking credentials, or rent out the botnet to anyone who wants to send spam or launch distributed denial-of-service attacks.
Social engineering scams are all over the Internet and that’s because they work. Only this week we read about a scam involving free flights from Virgin, the infamous tech support scenario or fake LinkedIn profiles. Cyber criminals use our weaknesses against us and they don’t lack motivation or creativity, so it’s good to know how you can protect yourself against them. For example, here’s how to get rid of spam connections on LinkedIn, a favorite platform that attackers leverage for their malicious purposes.
This article clears up some common misconceptions about cyber threat intelligence, its role and its benefits for organizations worldwide. This is especially important because knowledge sharing is key for better incident response and successfully implementing proactive actions.
Email is one of the most effective attack vectors that cyber criminals have ever used, which is why they go through the trouble of accessing your account or acquiring your email address so they can send you all sorts of messages packed with malware, ransomware, phishing attempts or other threats to your cyber security.
Cyber criminals are getting alarmingly good at disguising their attacks into legitimate web locations. Take this recent example: attackers have actually purchased SSL certificates for their phishing websites to make them look trustworthy. It’s easy to see how a normal Internet user, with little or no background or knowledge of cyber security can easily fall into this trap.
That’s why I have to emphasize that infosec education should be a priority, so we can learn how to stay away from trouble and choose the right tools to protect us from threats we can’t identify.
Malicious actors on the web are no strangers to business and technology trends. Au contraire! They follow them and fine tune their tactics to follow suit. So when companies started adopting the cloud and set about integrating it as part of the corporate environment, cyber criminals started deploying attacks targeting this segment of the infrastructure.
The trend is likely to grow as more companies move their activity in the cloud, so adequate security measures should not be delayed.
This particular infographic really suited our tastes because it highlighted an important issue when it comes to cyber attacks: the increased sophistication in delivering malware.
In the past, it used to be easy to know when you’re browsing a legitimate website and when you stumbled across a malware-laden web page. But nowadays, attackers are making it almost impossible for the user to escape compromise attempts by infiltrating safe websites and turning them into a malware trap. Malvertizing is at the center of all this, of course, and it’s worth learning how it all goes down.
Sometimes, attackers don’t even need malware to do damage. Cyber attacks with physical consequences are not gone, and this example if proof. So let this be a lesson and remind you to NEVER plug in an USB stick whose origins you don’t know well.
Besides the tenths of vulnerabilities patched earlier this week, Adobe Flash now has another one and it’s a Zero Day too! So while Pawn Storm is unfolding, millions of users are exposed to attacks because of this critical flaw that could allow attackers to get hold of a system.
Windows, Macintosh and Linux users are targeted, so no one is exempt. If you don’t need Flash, just uninstall it t be safe. However, if you do need it, take every precaution you can to protect yourself.
Passwords are a model that doesn’t work for us anymore. We all know the reasons, but we haven’t yet found a viable solution that can be deployed for improved security. However, some are trying to come up with something new and more effective.
On Thursday, Yahoo announced Yahoo Account Key, a password-less method of logging in to Yahoo Mail that will roll out to other Yahoo services in the coming months.
Two factor authentication will certainly become the norm until we progress to a better and more secure model of authentication, and we’re happy to see that Yahoo is giving this subject the attention and thought it deserves.
I bet you never thought of it like this, but you can actually do something to help the good guys who fight cyber crime. By educating yourself and learning what you can do to keep safe (and actually doing it, of course) can be a big help because attackers will have less vulnerabilities to exploit.
So keep your software updated, take a quick and actionable course, use the right security solutions and make it a bit more difficult for the bad guys to get to you. You’ll make the Internet a safer place to be.