Internet Threats Increasing Daily

According to an article by CNN, 868,500 new pieces of malware – computer viruses and other malicious software – were released everyday last year.  This is up drastically from the paltry 86,000 new daily releases in 2013.  In total, an absolutely staggering 317 million new malware threats were created last year.

Of equal concern is the severity of the new threats.  Ransomware attacks from programs such as CryptoLocker and CyrptoWall are on the increase and present a nightmarish scenario for those infected.  Ransomware encrypts (essentially locks) personal data on an infected computer using a key that only the virus programmer has.  Users must pay a ransom (usually $400+) to the programmer in order to unlock the files.  And it is not uncommon for the programmer to take your money and not unlock the files.

So how do you reduce the risks of being infected?  Most malware attacks today do not target your computer and devices directly, but target your behavior while using your devices.  Let’s look at some of the ways you may be inviting malware onto your devices.

Phishing, Spear Phishing
Phishing is a method in which an attacker designs a legitimate looking email that tricks you into doing something.  The email may have you click a link that infects your computer with malware, or ask you for personal information such as passwords, SS number etc.  Phishing scams can be very real looking and take the form of an email from Apple, eBay, Amazon, banks etc.  They have been around for a long time for good reason – they are effective.

Spear Phishing uses personal information someone has collected to craft a personalized message to you.  This information can be collected by apps on your mobile devices (see my last article about data mining), purchased on the Internet, collected from malware already on your computer or account hijacking (below).

Preventative measures: Use spam filters.  Most online email services such as Gmail and AOL have spam filters built in. Never open unrecognized emails.  Don’t open email attachments that you are not expecting.  Never click a link inside an email to access an online account (open your web browser and go to the site directly).

Account Hijacking
Account hijacking is when an attacker takes control of (hacks) one or more of your online accounts such as email.  Once an attacker has control of your email account they can gather additional information about you via your emails and try to hack your online banking/commerce accounts; send spear phishing attacks to your friends/contacts; and lock you out of your account(s).  I have seen cases where hackers changed the user’s password, security questions and answers, and recovery phone/email address.  It can take days to regain access to such accounts.

Preventative measures: Use strong unique passwords for every site.  A strong password is a minimum of eight characters, alphanumeric upper and lowercase letters (and special characters such as # if permitted).  Use two-factor authentication when available.  Two-factor authentication requires both a password and a one-time passcode sent via text to the user’s phone.

Social Media Scams and Harassment
Social media scams are designed to trick you into clicking a web link embedded with malware, downloading malicious apps or software, or providing personal information.  Social media scams can be carried out through account hijacking or by friending someone you don’t know. Kids are especially at risk in the latter case, as the attacker’s objective maybe harassment or embarrassment.

Preventative measures: Social media scams are typically targeted toward children.  Talk to your kids about who they trust online and if they experience harassment to contact an adult.

Search Scams
Attackers use Search Engine Optimization to rank malevolent sites at the top of search results.  By using common search terms, attackers can reach potentially anyone.  Common ploys include how-to sites, recipes, and photos.

Preventative measures:  Most search scams target vulnerabilities in outdated versions of Java or Adobe Flash Player.  Make sure you have the latest versions of each (if you have them installed).  Consider using Google Chrome instead of Internet Explorer.  Chrome has a built in Flash plugin that is updated automatically.