REVIEWS

Being cyber-educated is more important than ever. Let’s put it this way. The less you know about the dangers of cyber space, the more susceptible you become to malicious attacks. And vice versa, the more acquainted you are with attackers’ booby traps the less likely it will be for you to become “trapped”.

It’s a widely known fact that cyber criminals and fraudsters are after users’ personal and banking information. Data gathering and aggregation is a major privacy problem. However, not enough users realize the potential of their information becoming vulnerable to exploits. Let’s take the prevalent malware attacks on the healthcare industry.

Not only are hospitals spending thousands of dollars on ransom money and recovery of damages but also patient information becomes accessible to threat actors. If you really think of all the entities that have (or can) obtain access to some or all of your personal details, you may get the feeling that you’re right in the middle a “1984” nightmare. It’s that bad.

Considering everything we just said and adding the sophistication of malicious software and fraud techniques, it’s evident that we should be prepared. Prepared to avoid victimizing ourselves, or if it’s too late, prepared to minimize the consequences and prevent future exploits.

So, let’s begin our cyber education 101. We give you five hot computer security issues that you should get acquainted with, and then pass the knowledge on to other users.

As we have already written, many users believe that they’re too smart to fall victims to social engineering’s various schemes. But crooks don’t sleep and they constantly come up with new ways of getting what they want. New attack vectors such as vishing and smishing appear and prove that no one is too smart to avoid scams.

To sum it up, phishing is any attempt to obtain users’ sensitive information, including credit card details and banking information, by disguising as a trustworthy entity in an online communication (email, social media, etc).

Vishing, or voice phishing, is any attempt of fraudsters to persuade the victim to deliver personal information or transfer money over the phone. Hence, “voice phishing”. You should be very careful with any unexpected calls from unknown numbers. Fraudsters have learned how to be extremely persuasive, as they have adopted various techniques to make their scenarios believable.

Smishing, on the other hand, comes from “SMS phishing”. Smishing is any case where sent text messages attempt to make potential victims pay money or click on suspicious links. Smishing scenarios may vary. Scammers can send a text message to a person and ask them to call a particular phone number. If the person actually calls the number… smishing may just turn into vishing!

Pharming

Another member of the phishing family is pharming. Shortly said, pharming is a cyber attack meant to redirect a website’s traffic to another, bogus one. Pharming can be done either by changing the hosts file on a victim’s machine or by exploiting a flaw in DNS server software.

Pharming is extremely dangerous because it can affect a large number of computers simultaneously. In pharming, no conscious user interaction is required.

For example, malicious code received in an email can modify your local host files. Host files are used by an OS to map hostnames to IP addresses. If the host files are compromised, the user will go to a fake website even when he has typed the correct URL in the address bar.

There’s hardly a person who doesn’t know what ransomware is and what it does to a victim’s data stored on a computer. Even though encryption has been around for quite some time, it’s not until recently that ransomware infections became so damaging and nightmarish. Cyber criminals manipulate the very same cyphers used by governments to guard secrets – cyphers, part of the Suite.B category:

RSA (Rivest-Shamir-Adleman).

SHA (Secure Hash Algorithm).

AES (Advanced Encryption Standard).

ECDH (Elliptic Curve Diffie–Hellman).

Unlike a year ago when most ransomware pieces used only one algorithm (usually RSA) to encrypt the victim’s files, now we see a tendency where ransomware has gotten smarter. Cyber criminals not only employ defenses, such as self-deletion and obfuscation to prevent researchers from investigating their code but they also combine different types of encryption algorithms. At a first state, the file may be encrypted via symmetric encryption process. As a second layer of defense, the size of the file may be changed by adding a second algorithm in the header of the already encrypted code. Complicated, eh?

Ransomware is perhaps the most vicious of all computer viruses. Unfortunately, not enough users are aware of the fact that they can employ anti-ransomware protection on their machines. Several big vendors in the anti-malware industries have already developed protection apps. It’s good to know that security engineers are constantly seeking ways to improve their products and deliver adequate shields against today’s most active threats.

Even though the anti-ransomware tools available at this time serve to protect against certain ransomware families, it’s still better than no protection. Here is a list of the currently available and free anti-ransomware tools (for more details, click on the link in the subtitle):

CryptoPrevent

Malwarebytes Anti-Ransomware

BitDefender Anti-Ransomware

HitManPro.Alert

TrendMicro AntiRansomware

Kaspersky WindowsUnlocker

First, let us also tell you about CVEs, or common vulnerabilities and exposures. Basically, a CVE can be referred as to a catalog of known security threats. As visible by the name, the threats are usually divided into two big sub-categories:

Vulnerabilities

So, how do we understand vulnerabilities? Basically, vulnerability is nothing but a software mistake that enables a bad actor to attack a system or network by directly accessing it. Vulnerabilities can permit an attacker to act as a super-user or even a system admin and granting him full access privileges.

Exposures

Exposure is different than vulnerability. It provides a malicious actor with indirect access to a system or a network. An exposure could enable a hacker to harvest sensitive information in a covert manner.

Many attack scenarios involve particularly the exploitation of zero-day flaws. Basically, zero-day vulnerability is a hole in a software product of which the vendor is unaware. The unpatched hole enables attackers to exploit it, before the vendor is notified of the issues and patches it. Hence the name “zero day”.

A notable zero-day attack that recently put a large number of US companies at risk of credit data theft is CVE-2016-0167. It’s an escalation of privilege vulnerability that allows local users to gain privileges via a crafted application. Luckily, the vulnerability has been fixed in recent Microsoft updates. However, if a system hasn’t applied the fix, it may still be vulnerable. So, make sure your Windows is up-to-date, and don’t give attackers a way to exploit you and your finances.

Interestingly, the believed-to-be invincible OS X was also “granted” a zero-day flaw. The vulnerability allows local privilege escalation. It could even bypass Apple’s latest protection feature – System Integrity Protection, or SIP. According to researchers, it enabled an attacker to deceive the security feature without a kernel-based exploit. The flaw was described as a non-memory corruption bug which allowed the execution of arbitrary code on any binary. The issue was disclosed in the beginning of 2015 but was reported to Apple in 2016. It has been patched in El Capitan 10.11.4 and iOS 9.3.

For Better Computer Security…

Needless to say, constant anti-malware protection is a necessity nobody should underestimate. However, installing an anti-malware program is not always enough. That is why we need cyber education to be a priority topic discussed not only in specific cyber security forums but also in schools and companies

Consider the following tips, too:

Use a reputable VPN service, like Keep Solid VPN, and make sure to learn what VPN is and how it works.

Make sure to use additional firewall protection. Downloading a second firewall (like ZoneAlarm, for example) is an excellent solution for any potential intrusions.

Make sure that your programs have less administrative power over what they read and write on your computer. Make them prompt you admin access before starting.

Use stronger passwords. Stronger passwords (preferably ones that are not words) are harder to crack by several methods, including brute forcing since it includes pass lists with relevant words.

Turn off AutoPlay. This protects your computer from malicious executable files on USB sticks or other external memory carriers that are immediately inserted into it.

Disable File Sharing – recommended if you need file sharing between your computer to password protect it to restrict the threat only to yourself if infected.

Switch off any remote services – this can be devastating for business networks since it can cause a lot of damage on a massive scale.

Make sure always to update the critical security patches for your software and OS.

Configure your mail server to block out and delete suspicious emails containing file attachments.

If you have a compromised computer in your network, make sure to isolate immediately it by powering it off and disconnecting it by hand from the network.

Turn off Infrared ports or Bluetooth – hackers love to use them to exploit devices. In case you use Bluetooth, make sure that you monitor all of the unauthorized devices that prompt you to pair with them and decline and investigate any suspicious ones.

And once again, don’t forget to employ a powerful anti-malware solution to protect yourself from any future threats automatically.