Daily Archives: June 7, 2016

5 cyber security mistakes that might make you vulnerable to hackers

Posted on June 7, 2016 | Leave a comment

 

cyber_security_2Very few of us fall for the old Nigerian prince email scam these days, and even fewer will click on a pop-up ad inviting us to “win $1 million” by playing a simple game. We’ve come a long way in terms of learning the do’s and don’ts of cyber security, but that doesn’t mean our days of online vulnerability are completely behind us.

Over 6 million internet users were attacked by malware in 2015. As we become savvier to the tricks they’ve pulled in the past, hackers begin to up their game by catching us where we least expect it. Although we’d like to assume that all of those users who were attacked in 2015 were prime targets, or perhaps people who are a bit less tech savvy than the rest of us, the fact is that many of them were normal internet browsers like you and me who actually know a thing or two about online safety.

There are additional risks these days, and even some of the tech-savviest internet users create cyber security risks without knowing it. To help avoid online attacks, here is a list of some of the top cyber security mistakes internet users are making in 2016.

1. Storing passwords in a browser

According to a recent survey, 59 percent of millennials store passwords in their browsers on a regular basis. It may be convenient to easily access your most-used accounts without typing in a username and password each time, but it also puts you at serious risk for an online attack.

The first step in keeping your passwords safe is to create a strong password that uses numbers, symbols, and both capital and lower case letters. You’ll also want to use a different password for each site. Once you’ve got a solid password for each of your online accounts, avoid storing them in your browser! If you’re like me and tend to forget things easily, try using a secure password storage system or software such as “KeePass, LastPass, Dashlane, 1 Password, RoboForm”  to keep track of your logins.

2. Purchasing locked devices

Prices for phones, laptops, and tablets can be high these days. The good news is that the market for selling used electronics online is getting bigger and more easily accessible. The bad news is that scammers have begun to use this second-hand marketplace as a means for duping consumers into paying more for devices that they’ve already paid for.

If you’re looking into purchasing a used device online, it will be important to ensure that it is unlocked. There will be different processes for checking iOS and Android devices.

For iOS devices, you’ll also need to ensure that the former user’s iCloud account is taken off of your device. If it’s not, you’ll need to take the necessary steps to remove their account from your device before they have a chance to lock the phone.

3. Connecting to unencrypted Wi-Fi networks

The ability to hop onto free Wi-Fi at your local coffee shop or the university library sure does make working on projects or simply browsing much easier on the go. The problem is, hackers are starting to take advantage of society’s reliance upon public Wi-Fi connections.

Do your best to avoid Wi-Fi connections that don’t have password protection when you’re out and about. Checking for the password of the official Wi-Fi at your location of choice will also help you avoid logging into a network set up by hackers looking to view your online activity.

To be extra secure on public Wi-Fi, stick to HTTPS sites while you’re browsing and look into using a virtual private network. It’s also best to avoid installing new software while using a public Wi-Fi network.

4. Ignoring security software updates

We’re all guilty of clicking out of software update notifications when they pop up on our screens. Although taking a few minutes to update your device’s security software may seem like a burden in the middle of a big project, it will be worth your while when it prevents an online attacker from installing malware on your device.

Be sure to install security software updates each time you receive a notification. If you’re connected to a public Wi-Fi network or really don’t have the time to do it when the notification pops up, set a reminder to install the new software later. The longer your device runs without up-to-speed security software, the more vulnerable you become to cyber security breaches.

5. Clicking on links in emails

Most of us receive emails from banks, utility companies, and other organizations with links to view account activity online. Although these are typically from a trusted source, you can never be too sure. A well-written email from a seemingly credible source could send you a link that installs malware on your device when clicked.

Next time you receive a link in an email, leave your email account and look for the actual site in your browser to avoid clicking on a malicious link. For example, even if the link goes to your bank of choice, it’s best to leave your account and log in through a trusted portal.

Have you been making any of these common cyber security errors? If so, it’s about time to take action and implement the provided tips to protect yourself from online attacks.

Share your experiences in the comment section.

 

 

 

Leave a comment

Posted in Cyber Security, Data Breach, eDiscovery, Encryption, Hacking, Malware

Tagged

93% of phishing emails are now ransomware

Posted on June 7, 2016 | Leave a comment

ransomware-100646738-primary_idge
As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today.

As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today by PhishMe.

That was up from 56 percent in December, and less than 10 percent every other month of last year.

And the number of phishing emails hit 6.3 million in the first quarter of this year, a 789 percent increase over the last quarter of 2015

The anti-phishing vendor also counted the number of different variants of phishing emails that it saw. Ransomware accounted for 51 percent of all variants in March, up from just 29 percent in February and 15 percent in January.

The skyrocketing growth is due to that fact that ransomware is getting easier and easier to send and that it offers a quick and easy return on investment.

Other types of cyberattacks typically take more work to monetize. Stolen credit card numbers have to be sold and used before the cards are canceled, for example. Identity theft takes even more of a time commitment.

With ransomware, however, victims tend to pay quickly. Instead of hunting through company networks for valuable data, exfiltrating it, processing it, and monetizing it, ransomware criminals can just sit back and watch the money flow in.

“If you look at the price point of paying the ransom, it is rarely more than 1 or 2 Bitcoin, that’s $400 to $800, maybe $1,000 depending on the exchange rate,” said Brendan Griffin, Threat Intelligence Manager at PhishMe. “That’s a relatively low price point for a small to medium business.”

The amount is low enough that it’s often easier to victims to pay up rather than struggle to recover the data by other means.

And the new, easy-to-use ransomware tools and services are not just attracting criminals who would previously run other kinds of scams, but also bringing new players into the business, he said.

Locky and TeslaCrypt, two common varieties of ransomware have seen significant growth, but not all types of ransomware fared as well. CryptoWall, for example, seems to have fallen out of favor, PhishMe reported. In October and November of last year, CryptoWall accounted for 90 percent of encryption ransomware samples. In March, nearly 75 percent of all samples were Locky.

Soft targeting

In addition to the spike in the number of ransomware emails, one variant that’s seeing increasing popularity is the “soft targeted” phishing message.

It’s somewhere between a business compromise email or spearphishing attack, which is targeted at one specific executive, and the general-purpose spam email that goes out to everybody.

The soft targeted phishing email targets people in a particular job category, but may include some customization, such as the name of the recipient in the salutation.

“This has been a creeping trend for a while now,” said Griffin.

For example, a popular type of phishing email is the resume email, which supposedly has a resume from a job applicant in the attachment.

Recipients who don’t work in human resources or other jobs where they hire people would either ignore it, or forward it on to the appropriate person at the company. Other job functions can be targeted as well.

“For example, our vice president of finance received a message that said it was an important message for the vice president of finance, and had his name in the first line,” said Griffin.

Other common types of soft targeted phishing emails are billing, shipping and invoice-related messages.

According to Griffin, soft targeting increases the likelihood that someone will fall for a phishing email.

If you don’t know the person sending you the email take extra precaution.

 

Leave a comment

Posted in Data Breach, Encryption, Hacking, Security

Tagged ,