What do the big names Home Depot, Sony, and eBay have in common?
All of these companies have been hit by major cyber-attacks in one way or another! Cyber-attacks are a real-world threat that companies face every single day. These attacks, if successful, are no different from a person stealing company property and robbing these companies/banks/individuals. This blog will discuss the common threats that web users are exposed to and how we can mitigate them.
In May of 2017, there was a big Ransomware that hit the internet named “WannaCry”. WannaCry infected more than 230,000 computers globally starting in Europe and spread globally to Asia and Americas, hitting big companies and organizations such as UK’s National Health Services and it’s costed $5 Billion USD in total damage. Ransomware is a software normally disguised as an important Flash update on your browser when a victim visits an infected site. Once the victim downloads the “important update”, they unknowingly install the Ransomware and now the virus encrypts the victim’s hard drive, and the hackers would ask for bitcoin money to “release” your computer from the encryption (much like when bad people asks for money as ransom, thus the name Ransomware). All files including important documents, confidential documents, personal data, etc. are now encrypted. The victim will then be presented with two ways to resolve this issue, either pay a ransom amount to release the computer or format the hard drive completely, losing all data (remember those important documents?). Just last October of 2017, a new ransomware emerged named as Bad Rabbit which is starting to infect various machines globally.
Additionally, phishing threats are also very common attacks happening globally. These phishing threats are sent through emails disguising themselves as email reminders from legitimate companies. These emails have a link going to a malicious site, which is also made to look like a legitimate site. Once you’re in their fake site, it would ask you for your login details so that the attackers can get into your account and do damage from there.
The image below is a sample of what a Phishing email looks like:
This email came from a legitimate domain which is a local bank in a country. However, there’s a link below that redirects victims to a malicious site where it would ask you to log in using your details. Once a victim enters their username and password, it will be saved to the attacker’s database and the attacker would have free access to your bank accounts and credit cards (something that you might not want to happen for your bank account). Of course, there are strategies that can be done to prevent this from happening. Let’s begin with small steps to fight back these attacks because prevention is always better than cure.
A simple update on your antivirus (I urge you install an antivirus ASAP if you don’t have one!) and ensure that your Operating System has the latest patch from the vendor (so do not skip those “important update do not turn off your PC” alerts, they update the OS regularly to ensure you’re safe). In addition to this, only visit websites you know are legitimate. If a site asks for a Flash update, it’s best to doubt if you really need to be in that site as most of Ransomwares are disguised as an important Flash update. However, if you still get infected with a ransomware, do not pay the ransom. Reports have shown that people who paid the ransom did not get a key to unencrypt the hard drive.
If you get infected, the best thing to do is unplug your PC from the network to stop its spread in your local network and format your hard drive (sorry important documents). Furthermore, when you receive an email, always double check EVERYTHING (domain of the sender, does it have a link going to a different site, do you even know this person?). One tip is that if for example an email you received looks like a legit email (iTunes, Amazon, etc.), what you can do is not to click on the links/button provided in them. Instead, go directly to the site and login from there and do what the email asks from you. This way you’re sure you’re not to be redirected to a different site.
In conclusion, cyberthreats are happening globally around the clock and its damage can cost millions of dollars for companies and individuals. However, with small steps, we can mitigate these threats and fight off cybercrime.
Always remember to think before you click and remember that safety always starts with you.
This post was written by Jonathan Martin, COO at Evolution Business Systems.
His expertise extends to software development, support, implementations and project management, he can envisage potential problems and identify them to improve the client experience and outcomes, like a mad scientist, behaviour, statistics and data are where he gets his insights from and lives by a golden rule to always start at the beginning as there are no shortcuts. Jonathan’s passion is to make a difference by assisting clients with their business problems.