User Awareness: Baiting, Vishing, and Social Engineering Attacks.
By David Pierre
Firewall, Antivirus, Patches, Intrusion Detection System (IDS), Intrusion Protection System (IPS) are not helpful if a user is not trained. Therefore, it is good to have a clue of the basic ways to protect yourself against the above mentioned attacks.
With Baiting, Vishing and Social Engineering an attacker does not need any computer knowledge. Below is the definition of these attacks.
Baiting is when an attacker leaves an infected device such as a USB thumb drive, a cell phone, or a memory card somewhere on purpose. If you find one of these devices you may think that you got lucky or you might be curious to know what is inside them. When one connects the device to their computer, tablet, or phone… BOOM! …the device becomes infected.
To thwart this attack, a person needs to be careful with unknown devices. When it comes to computer security and everything else in life, if it is too good to be true then it is probably not true.
Vishing is one of the most common attack nowadays. It is a type of Social Engineering. It happens when an attacker calls you and pretends to be from your bank or other seemingly legitimate place. For example, you may get a phone call from someone pretending to be from your bank and the person tells you there is an issue with your bank account and they need your account number to verify and fix a problem.
We have been taught to respect authority, so many attackers will call and pretend to be from the US Government or IRS.
An attacker might say that your identity may have been stolen and that they need your Social Security Number to see if you were a victim of identity theft. The IRS will never call you if there is a problem, they will mail you.
To thwart this kind of attack, hang up the phone and do not provide ANY information to the caller. Keep in mind that if the call is truly legitimate, the caller will not ask you to verify information that they already have on file. Never give away any Personal Identifiable Information (PII) on the phone.
Social Engineering is a strategy an attacker can use to gain unauthorized access to a computer or an organization. It is designed to get employees to opens the doors to your organization. The process often begins offline and the attacker can process it later through vishing, email, and so on. Nowadays, it is still relatively easy for criminals to successfully use Social Engineering because many people are too friendly and often don’t know the danger behind posting on the Internet.
Imagine if you put everything about yourself on Facebook. An attacker can use your posts to attack you or the organization that you are working for. I frequently see people on Facebook posting where they and their family are currently located or posting pictures while they are on vacation many miles away from their home or office. An attacker can use this knowledge to breach your home or business, knowing that no one is there.
To prevent this type of attack, users need to limit what they post on social media and be careful about what is share in their Facebook profiles.
Types of Malware: An Overview
By Victor Joel Harvey
For Cyber Protection Group
In today’s world, Cyber threats are a rising concern for computer users. Cyber threats affect not only businesses and governments, but also the average computer user. As such, it is important for even the casual user to understand the different types of Cyber-attacks, any vulnerabilities or risks they create, and how best to prevent them.
The term “malware” is a catch-all word that defines a variety of software that is malicious in nature. Malware is any type of software that is intended to damage or disable computers or networks. This article focuses on defining the types of malware, their dangers, and some simple steps to prevention.
TYPES OF MALWARE
While not necessarily malicious in nature, adware creates non-solicited advertisements that usually show up as pop-up windows that are often difficult to close.
An armored virus uses complex code, encryption, and/or hides a virus making it difficult to locate. These methods make detection by antivirus software complicated.
A backdoor provides an unauthorized way to access a system. They are most often installed by Trojans.
Multiple computers working together to launch a Distributed Denial of Service (DDoS) attack, send spam, or download additional malware. The computers that make up a botnet may be located anywhere and often become part of the botnet as a result of undetected or unintended installation of malware. Bot herders are criminals that manage botnets.
Distributed Denial of Service (DDoS)
A botnet or group of computers that simultaneously send an overwhelming number of Internet Control Management Protocol (ICMP) ping requests to a specific network address in order to slow down or crash a network or website.
A webpage that, when visited, automatically downloads malware to your machine. This may be a untrustworthy website specifically designed to deliver the download or a trustworthy website that has been hacked to deliver malware.
The police virus displays an FBI or police window accusing the computer user of a crime for which a fine must be paid.
Malware that changes itself whenever it is replicated or executed making it difficult for antivirus programs to recognize it using a virus signature (pattern based recognition).
Malware embedded in an application that will execute in response to an event. The event could be a date or time, execution of a specific program, or any other event.
A Trojan that encrypts the infected computer’s files and demands payment of a ransom amount (usually in bitcoins) to decrypt them. CryptoLocker is the most popular Trojan used by Cyber criminals.
Malware that can evade antivirus software by hiding its running processes. Rootkits can modify registry entries and administrative authority providing system level access to the criminal. Rootkit malware frequently replaces the computer’s Master Boot Record (MBR).
Spyware is an especially malicious Trojan designed to monitor activity on infected computers. Monitoring may include things such as screen captures and keyloggers (keystrokes) that can capture passwords and/or other confidential information.
A Trojan (like the Trojan Horse in Greek mythology) appears to be a useful program but has malicious code embedded within. Trojans frequently create Backdoors and are normally delivered by “Drive-by Downloads.”
A virus is code that attaches itself to an application. The application must be executed for the virus to work, and once activated, tries to find other applications to infect. After replicating themselves, viruses eventually deliver their “payload.” The payload may include things like deleting files, causing random reboots, and creating hidden entry points into the infected computer.
Self-replicating malware that makes its way through a network by a host application or human intervention. Worms normally do not deliver a “payload”, but rather quickly replicate themselves causing systems and networks to slow down or crash due to overload.
As Benjamin Franklin once said, “An ounce of prevention is worth a pound of cure.”
When it comes avoiding the malicious intent of Cyber criminals, there could be no truer statement. It is much easier to prevent malware infection than to deal with it when it happens. Malware infection can cause the theft of confidential information, loss of data, system slowdown, and many other serious complications.
As a general rule, the best way to prevent malware from entering your system or network is to follow the below steps:
- Ensure that your router’s firewall is turned on and set to deny any incoming ICMP requests.
- Ensure that Window’s firewall is turned on.
- Install reputable Antivirus software on your computer.
- Make sure that Antivirus software and signature definitions are always up-to-date.
- Always backup your system on a regular basis.
- If you notice something strange with your system (such as your cursor moving around on its own), immediately disconnect your network connection or turn your computer off as someone is likely remotely in control of your system.
- A cybersecurity professional can normally find and remove any of the aforementioned malware by using special tools that prevent infection.
Although there is no way to guarantee that you are 100% safe from malware attacks, following the above steps can significantly mitigate your chances of being the victim of these type of