5 cyber threats to be aware of every time you go online

Vigilance is the watchword in thwarting common attack methods

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Com­put­er infec­tions con­tin­ue to pose a major threat to every one of us. Dis­tin­guish­ing between the most per­va­sive types of threats is the first step in pro­tect­ing your par­tic­u­lar device. Here is a quick run­down of what lurks out there:

Mass mailed phish­ing cam­paigns. A mass mail­ing you and thou­sands of oth­ers may receive could be part of a wide-scale phish­ing attack. The attack­er may know or guess that you patron­ize a par­tic­u­lar com­pa­ny, and send you an authen­tic look­ing email.

That’s what hap­pened in a recent phish­ing cam­paign tar­get­ing Delta Air­lines cus­tomers. A vari­ety of social engi­neer­ing tricks were used to get vic­tims to click a link. Need­less to say, the link dropped malware.

Spear phish­ing and whal­ing. Phish­ing attacks craft­ed to trick a spe­cif­ic indi­vid­ual at a tar­get­ed com­pa­ny con­tin­ue to be very dam­ag­ing for vic­tims, and lucra­tive for the crim­i­nals. Pay­days in spear phish­ing cam­paigns can involve huge amounts.

Relat­ed sto­ry: Hack­ers use per­son­al phish­ing emails to hook employees

Whal­ing, as its name sug­gests, tar­gets very big fish, in a high­ly cus­tomiz­ing attack, mak­ing use of plen­ty of per­son­al data col­lect­ed before­hand. Even Google and Face­book have been scammed as part of an elab­o­rate whal­ing cam­paign that net­ted $100 mil­lion.

Iden­ti­ty theft. Fraud­u­lent use of a stolen pay­ment card account con­tin­ues to be a per­va­sive form of iden­ti­ty theft, like­ly affect­ing many thou­sands of indi­vid­ual con­sumers each year. This is dif­fi­cult to quan­ti­fy. How­ev­er, one recent esti­mate places the aver­age price of a sin­gle stolen pay­ment card record at near­ly $30. That rep­re­sents plen­ty of incen­tive to com­pel cyber crim­i­nals to con­tin­ue hack­ing into net­works of retail­ers, finan­cial com­pa­nies and oth­er online ven­dors in hopes of steal­ing large caches of fresh records.

Clear­ly, breach attacks continue—and many are suc­cess­ful. One telling met­ric is the suc­cess rate of data breach­es. Risk Based Secu­ri­ty esti­mates that over 4 bil­lion records were stolen dur­ing data breach­es in 2016. Most of those leaks involved stolen mes­sage con­tents, with­out any pass­words. On the oth­er hand, the actu­al loss of sen­si­tive per­son­al infor­ma­tion, includ­ing account data, may be even more dev­as­tat­ing, as many busi­ness­es just refuse to dis­close any rel­e­vant statistics.

Ran­somware. Last fall, Pan­da Labs issued a report describ­ing 18 mil­lion vari­ants of infec­tions designed to encrypt files in sup­port of a ran­somware attack. The forum I help run, Privacy-PC.com, makes avail­able a detailed time­line that gives you a sense of how vir­u­lent ran­somware has become.

Ran­somware typ­i­cal­ly uses phish­ing tac­tics to get installed. Once ran­somware gets inside a host device, vic­tims suf­fer a loss of access to near­ly every bit of data onboard.

Ran­som for indi­vid­ual vic­tims can range from $500 to $10,0000. Cor­po­rate vic­tims get hit with ran­som demands rang­ing from $10,000 to $40,000, and a recent IBM study shows that 70 per­cent of busi­ness­es pay up.

And even if the vic­tim pays, a suc­cess­ful decryp­tion results only 42 per­cent of the time.

Brows­er flaws. The over­all secu­ri­ty of web browsers, which we all depend on, is high. But browsers are full of vul­ner­a­bil­i­ties and, there­fore, heav­i­ly attacked. Some 900 brows­er flaws were report­ed in 2016, and some of those secu­ri­ty holes enabled hack­ers to install mal­ware on the host PC.

Fur­ther­more, the cool func­tion­al­i­ties of browsers tend to rely on use of Flash and Java, and hack­ers keep spot­ting and using new secu­ri­ty flaws in those appli­ca­tions. Mean­while, users typ­i­cal­ly do not keep cur­rent with secu­ri­ty patch­ing. DUO’s 2016 Trust­ed Access Report indi­cates 25 per­cent of users run out­dat­ed ver­sions of Inter­net Explor­er, while 60 per­cent do not prop­er­ly update Flash and 72 per­cent stick to old Java.

To sum up, this list is far from exhaus­tive. It does high­light a few of the most com­mon and active threats you face every time you use the inter­net. So stay vigilant.

More sto­ries relat­ed to thwart­ing com­mon online threats:
Look to human nature for con­tin­ued suc­cess of phish­ing attacks
Exer­cis­es can help orga­ni­za­tions train for wide range of cyber threats
As threats mul­ti­ply, cyber insur­ance and tech secu­ri­ty indus­tries start to merge