While most trends are short-lived (there was a very questionable period of my life circa 2004 which proves that this is a good thing) malware seems to be one that’s here to stay. Good security practices will see you through to an extent, but staying up to date with the ones that are most common at any time is important to make sure you’re on top of the best defences and are protecting yourself as much as possible.
No matter how experienced you are, or how safe you feel, malware will always be one step ahead. With businesses big and small hitting headlines, the ‘head in the sand’ approach adopted by many no longer cuts it. Luckily with a bit of street smarts and with a few additional precautions you can take away some of the worry.
Here are the top 5 threats to look out for this year.
Ransomware is a type of malware that encrypts your data, freezes it so that you can’t access it, and then demands money for the decryption key.
It usually can’t be reversed, unfortunately, so the only way to save yourself is to keep a backup of your files so you can be all ‘JOKE’S ON YOU SCAMMERS, I DON’T NEED MY FILES BACK’. If you don’t have a clean, separate backup of your files then avoid giving into their demands if you can; like any bully, it only encourages them.
Malware refers to a whole mess of malicious software threats, from Trojan horses to adware, scareware, spyware…you get the idea. It can come in a whole bunch of different forms too, so make sure you’re updating your security software regularly, monitoring and scanning systems and not going on obviously dodgy sites which could increase the risk of picking up something undesirable.
Phishing scams impersonate legitimate emails to try and get you to click on links. They often look legit and either take you to a fake website that asks you for personal details, or deploy malware like ransomware.
The other day I had an email invoice from ‘Apple’ telling me I had bought a karaoke app (highly possible, I love karaoke) for £29.99 (less likely, I can get karaoke for the cheap price of my dignity down Chinatown on a Saturday night). It had a link telling me to click if I wanted to cancel the purchase, which obviously was my first reaction, assuming my account had been hacked. Then I stopped myself and checked the email address it was coming from, which was blatantly not Apple. I nearly fell prey to a phishing scam and I write about cyber security on roughly a weekly basis. For shame.
Social engineering involves an element of psychological manipulation; phishing scams are a form of social engineering but they’re becoming so prolific now they needed their own section. Other examples are ‘pretexting’ – where attackers might try and convince the victim that they’re a trusted source and need them to confirm certain system details so that they can confirm their identity – and ‘baiting’ scams, where attackers try and get users to download something, like a film or music file; which is why people streaming or downloading from illegal sites are so vulnerable to attack.
To protect against these don’t open files or emails from people you don’t know – and be extra vigilant even with people you do as scammers are getting good at impersonating trusted sources (you can get ‘link expanders’ that will help you check if links are what they say they are before you click on them). Keep your antivirus up to date, and half the battle is recognising social engineering scams and staying one step ahead, so educate yourself on what’s out there. Educate your team too; you’re only as strong as your weakest link!
Zero day exploits are weaknesses in a system which the vendor hasn’t created a patch for, and may not even be aware of, so they are vulnerable until a patch is applied. Zero days can be out in the wild for years until they are discovered and reported.
Unfortunately zero days aren’t picked up by vulnerability scanners, because they work by searching for known flaws, and obviously these are, as yet, unknown. Once a zero day has been discovered it becomes an N day, which then gets picked up by the vulnerability scanners. In this case, we just have to hope that someone in the online community notices and reports them before attackers get their hands on them.
These are just a flavour of what’s out there at the moment – attacks are getting increasingly sophisticated and increasingly devastating to businesses. If you’re in any doubt seek expert advice – our security arm Secarma are a pretty dab hand at that – and ask your hosting provider for additional security solutions too.
Find out more about our security arm, Secarma, and the solutions on offer at UKFast.