Cybersecurity - Cyber threats and how to increase your security - devopsity.io

Cyber threats and how to increase your security on the Internet when the cyber attacks are on the rise

Devopsity on 17-03-2022

In the fast-changing landscape of emerging new technologies and pace of digitalization of all aspects of life, we rely on the Internet in our daily routine, from online banking, shopping, medical care, education, professional life to chatting with overseas friends and family and watching favourite tv series on popular video-on-demand services. With the limitless possibilities, there are also digital risks. Breach data, destroy or encrypted data, compromised privacy, stolen money, blackmail, hacked home monitoring cameras, infected devices and more.

There are many cyber threats and it’s wise to stay cautious and develop good practices in daily habits. Read more about what you can do to stay secure.

Malware attack - don’t let your computer get infected

A malware attack is an attack during which a hacker sends a link or an email attachment that is aimed at damaging our system. It might come in a form of various attacks including the installation of dangerous software, viruses, trojans, worms, ransomware and spyware. Once the recipient clicks on the link or attachment and opens it malicious software gets installed and does the damage inside the system. The possible outcomes include sensitive data being collected, disrupted system or completely irremediable system.

In order to stay secure, it’s important to avoid clicking on the links that come from an unknown source and to avoid opening suspicious emails and entering suspicious websites.

Remember, protecting the device with security software and having the data backed up is crucial for every organisation and should always be in place, treated as a high priority.

Man-in-the-Middle (MitM) attack - secure your data in cyberspace

A MitM attack occurs when an attacker interferes in a transaction between two parties, placing themselves in the middle of the transaction, meaning they can steal the data. Increased danger of this type of attack may be present when using public WiFi, as it can present an opportunity for the attacker to put themselves in between the user’s device and the network.

In order to prevent a MitM attack, it’s essential to have strong WEP/WAP encryption and strong router login and password. Moreover, HTTPS should be used over HTTP. HTTPS protocol is especially important when sending data to a website.

Moreover, when accessing public WiFi it’s advisable to use a trusted VPN connection. VPN encrypts data in transit, which adds another security layer in case of intercepted data by any third party.

Man in the middle attack

Password Attack - stay strong and unique

Password attack is another form of cybercrime and it takes place when an attacker accesses an individual’s password and gains an entry to a personal sensitive information system, including a computer or the network, subsequently being able to control and amend the data or steal it.

There are various ways of identifying a personal password such as accessing a password database, social engineering, brute-force attack which is based on guessing the password by trying possible combinations for the password or a dictionary password attack in which a list of common passwords is used.

Two-factor authentication is a very good practice that should be in place in order to prevent a password attack. Additionally, an account lockout, which may happen after several invalid attempts, can be used as extra protection. In that case, the user needs to log into another account and use the provided code in order to unlock the account.

And very importantly, never use the same password in different services or applications - always use unique passwords. It is also worth storing passwords in a password manager.

Phishing attack - limit your trust

A phishing attack is an attack based on sending a message in which the cyber attacker impersonates a known to victim or generally reputable person or organisation. Those attacks are very common.

Phishing attacks might be made via various channels including emails, direct messages and social media communicators.

Such messages appear genuine, but the intention is to receive recipients’ sensitive data, cause damage or steal money. Such emails often ask the recipient to send the money to a different account number than usual and forward an account number, asking for sensitive data such as login details/passwords/credit card details. Damage might include hackers getting access to the device, dangerous files being installed and theft of money.

To stay secure, use security software and always have your software up to date. Use multi-factor authentication and back up your data in secure cloud space.

Email Spoofing Attack - how to detect forged email

Alike in the phishing attack, an email spoofing attack is based on impersonating another person, identity or organization in order for the recipient to believe that they have received the message from someone known or trusted.

Frequently email spoofing is combined with a phishing attack or a malware attack. Spoofed emails can contain malware in attachment files, for example, docs or pdf pretending to be an invoice or purchase order. Another way to trick the victims is to send links with infected files to download. Sometimes attacker asks for a money transfer for example by spoofing the company’s accounts email, business partner or other identities.

Another form of spoofing attack that has been popular, is when an attacker sends an email that appears to be sent from the recipient’s email account and convinces the recipient that they have gained access to the victim’s email account in order to demand payment (usually in bitcoin or other cryptocurrencies) to get off the email account and return it back to the victim.

The best way of preventing spoofing attacks is to verify headers of messages from message sources for indication who was a true sender.

Below we present a few examples of spoofed emails and a way of how to check if the sender is legitimate.

The following screenshot shows a message pretending to be sent from a legitimate bank (for the sake of this example we have used a fake address under our own domain pretending-your-bank-domain.twojadomenka.pl to not forged a real banking domain, but as you can see in this example, an attacker could forge any email address)

Example of spoofed email in from envelop form

To verify the real sender, look at message headers (in this case we are using popular email client gmail.com, so click on show original from message options).

Example of mail headers in source view

In the above screen we can see in the following header:

Received shows mail account from which mail was sent: authenticated user phishing@twojadomenka.pl

Other things worth checking in headers are Reply-To and SPF

Sometimes attacker sends messages from spoofed mail and sets his different suspicious email addresses for replay so he would be able to receive responses from the victim (for example to steal some information)

In the above header example you can notice that mail came from pretending-your-bank-domain.twojadomenka.pl and reply would have gone to phishing@twojadomenka.pl.

The last thing important to check is the SPF pass. SPF is a DNS text record that authorizes sending servers IP to send mails for the authorized domains. If the email would have been sent from an unauthorized address then the information that the SPF test failed would have appeared, which should be a strong warning flag.

Headers and values differ depending on the email server and its settings, email client and the way how the spoofed email was sent, nevertheless those are a great source of information and in case of doubts if mail is genuine it’s always a good habit to investigate them.

Rootkit Attack - verify install package

A rootkit is dangerous software installed inside legitimate software. The aim is usually for the hacker to gain access to the device or other software and have remote control over a system in order to manipulate it and have access to sensitive data including passwords, critical data and other credentials. It’s hard to identify rootkit malware as it most often hides in the legitimate software and therefore conceals its presence.

In order to prevent installing rootkits, it’s important to download only from trusted websites and assess the email attachments prior to downloading.

Additionally, by checking the hash checksum of the install package it is possible to verify if the package was not tempered.

Internet of Things (IoT) Attacks - avoid default settings

The IoT cyber attacks are based on the hacker gaining access to control IoT devices so they can damage the device or control it and use it to attack other devices in the network.

Despite the growing popularity of internet connectivity, most IoT devices do not incorporate adequate security measurements, meaning entry points for attackers to access, exploit and make damages to other devices. Therefore, IoT attacks are more and more common.

It’s important to have the software up to date and have strong passwords in place with additional authorisation measures in order to minimise the likelihood of this type of cyberattack.

When you bring a new IoT device it is recommended to change the password from the default one. It’s a good habit to change credentials to all home devices including routers, printers smart home appliances, cameras etc. Another thing is to set up a different private network without access to external Internet for IoT and other devices which don’t require connection with the outside world to work.

What can you do?

We guide you on how to put security as an absolutely top priority and help you and your business to be prepared for incidents by prevention and by backing up your secure files. If you would like to enquire about setting your company up to the highest security standard or simply get advice on any particular concern, let us know and request a meeting today. We’ll help you prevent cyber threats.