How Well Do You Know Cyber Threats?
“It is important to have a basic amount of knowledge about cyber threats to protect your personal information, prevent financial loss, secure devices, avoid being locked out from your own account, and promote safe practices.”
Cyber Threats are becoming more common as technology evolves around us.
What exactly are Cyber Threats? In the digital world, Cyber threats are methods hackers use to either steal, damage, or disrupt your computer system. It is important to have a basic amount of knowledge about Cyber Threats to protect your personal information, prevent financial loss, secure devices, avoid being locked out from your own account, and promote safe practices. There are many more reasons, so it is important to have some basic knowledge to act as a first line of defence in the digital world.
But along the line of defence there are people who specialize in Cybersecurity who protect the three factors known as confidentiality, integrity, or availability (CIA). Confidentiality aims to protect sensitive data from unauthorized users, Integrity ensures your data remains accurate, consistent, and does not change unless it was authorized, and lastly availability ensures data, systems, and resources are accessible to authorized users. Cybersecurity plays a very important role in the virtual world by creating defenses to secure you from any potential threats.
We live in a world where technology has expanded to every part of our life, and new methods of hacking and cyber threats have emerged. There are several reasons for this occurrence due to the vulnerabilities in new systems, increased connectivity between other hackers, and advanced tools like AI. It is important to understand and spread awareness to this problem to hopefully prevent people from attacks they can potentially face in the future. With this article we hope to spread awareness on the types of cyber-attacks and interview people who have experienced some type of attack to gain further insight to help people understand these threats and prevent them from happening to you.
In addition we will be reviewing Cyber Threats listed below:
Malware
Ransomware
Distributed denial of service (DDoS)
Spam and Phishing
Corporate Account Takeover (CATO)
Automated Teller Machine (ATM) Cash Out
Malware:
Malware is known as malicious code or malicious software. This is because they tend to be inserted into a system to compromise three factors which are known as confidentiality, integrity, or availability of data operating systems. It is done secretly and can affect your data, applications, or operating system. Malware has become one of the greatest external threats to systems because of the widespread damage and disruption. There are many different types of malware like viruses, worms, trojans, adware, and these are just some from many.
Ransomware:
Ransomware is a type of malware that locks or encrypts your files, making them unusable. The unauthorized/hacker user that attacks you would then demand money or bitcoin to unlock or fix your files. If the user who got attacked refuses to pay this amount then the unauthorized user would either keep your files locked or delete them. Ransomware is normally targeted toward businesses, individuals, and even the government.
Let’s say you receive an email that looks like the ones you get from the bank. This email will contain content saying there was a type of problem with your account then it asks you to click this link to fix it right away. You click on the link thinking this email from your bank, but in reality this link leads to a malicious website which secretly is downloading ransomware onto your computer. Once it is downloaded it will start locking up files, like photos, documents, and spreadsheets. It will then pop-up a window asking to send money or bitcoin to a specific address. If this is not done by the time they want it they will threaten to delete all your files. So now you have to contemplate whether to either pay or risk losing everything in your files.
Distributed Denial of Service(DDoS):
DDoS also known as Distributed denial of Service is a Cyber Threat where multiple devices flood a targeted system causing excessive traffic, aiming to overwhelm it and make it slow or unavailable to users. The attack starts with a massive amount of botnets being sent to a system which sends a massive amount of requests, and disrupts services. This causes downtime or damage, which leads to loss of revenue.
Picture a popular online store that sells products through its website. Then a hacker decides to launch a massive amount of botnet which is a group of devices that are controlled by hackers, these devices are infected with malware that allows the hacker to send commands and make devices do things, like spam emails or attack the website. These botnets are then assigned to request pages from the website constantly. As the amount of requests increases it floods the website making the website overwhelm and cannot handle the amount of traffic. This finally leads to the goal of the hacker which is making the website slower or causing it to crash, leading to users not being able to buy anything from that website.
Spam & Phishing:
Spam is when you receive unwanted, unsolicited, or unwanted messages and emails. Phishing is a form of social engineering, which includes the attempts to get sensitive information. Phishing attempts will usually appear to have been sent from a trustworthy person or business.
Cyber criminals would pretend to be an official representative sending you an email or a message with a warning related to any account information. The message will often contain a link to a fake website in which you will have to click to give a response, where you will provide confidential information. The format of the message will typically appear real and legitimate using proper names and logos. Any information provided after clicking this false link will go straight to the cyber criminal.
Corporate Account Takeover(CATO):
CATO is a business based theft where cyber thieves would impersonate the business and send unauthorized wire and ACH (Automated Clearing House) transactions. The unauthorized funds would go into accounts that are controlled by the cyber criminals.
Many businesses are vulnerable to this type of attack. Institutions with weaker computer safeguards and minimal controls over their online banking systems are easy targets to these cyber criminals. This type of cyber crime can result in large losses to these institutions. Cyber criminals use malware to infect a computer through email, websites, or malware disguised as software.
Automated Teller Machine (ATM) Cash Out:
ATM Cash Out is a type of large dollar value ATM fraud. Cash-outs involve simultaneous large cash withdrawals from several ATMs in many regions. It may also include large withdrawals at one ATM.
The Cash Out usually affects small to medium sized financial institutions. The attack involves changing the settings on an ATM using web-based control panels. Cyber criminals change the ATMs dispense function control to "Unlimited Operations." The “Unlimited Operations" setting allows withdrawal of funds over the customer's account balance or beyond the ATM’s cash limit. Stolen ATM or debit card information is often used to withdraw the funds. As a result, your financial institution can suffer large dollar losses.
We interviewed someone who we thought would have some knowledge and information on this topic: Mr Gouede.
What do you perceive as the greatest cyber threats we face at this moment?:
“There are different types of cyber threats at different levels. So I like to think of it this way. They're just like regular cyber criminals, those people just want money, so usually they'll look for your personal information.
They'll do like fishing emails. Just like different ways to get personal information, personal information is worth something it can be sold. It's bought and you can sell and buy large quantities of personal information on the dark web. They're worth maybe like $30 each, So if I have 1000 identities, that will make a lot of money, but then there's people whose motivation is not really money. APT are known for advanced persistent threats, so they basically have hackers that are working for the government and doing things to people in other countries to gain power. It happens, in social media a little bit too , like these things called influence campaigns where they basically influence elections and public consciousness for different reasons.“
As technology evolves, what do you believe is the best method to keep yourself protected from any of these cyberthreats?:
“So the first thing is password safety. Use good passwords. Don't reuse passwords if you have, let's say your TikTok password shouldn't be the same as your Instagram password or like your Gmail password shouldn't be the same as any other password, just use different passwords. Password complexity should be in your passwords, because hackers can use brute force which is a tool where it guesses, every possible combination of letters, numbers and symbols to guess a password, so if your password is “password” The program will guess it, in less than a second like a decimal of a second. If you have a question mark, and like all these different things, it'll take a long, long time. So password the complexes based on the characters and the link, so have a good strong password that has a lot of different symbols.
Try to include your identity from the internet. Like, remember how I was saying, how your data is like bought and sold all the time.
In social media, we love to post personal information, so it's just the very fact that it's popular and we’re all adapted to media is the problem like I love being social, obviously, that's a good thing, but keep in mind we are asking for privacy, but if we're very public on the internet with our information, we're volunteering to put our information out there. So it's about managing your expectations about what you actually want, but there's things that you do not choose to put out there that are out there about you. So for stuff like that you gotta use a service that can take this information off the internet.
There's a site called delete me.com, you sign up for them, and then they basically delete your information for you from any website that still has it. Let's say you sign up for Ticketmaster or something like that. Ticketmaster unfortunately might use your information like your address, your credit card and all these things they might take that information for themselves. There are people called data brokers, data brokers are literally here to buy and sell information and they might make a sight. Then you can find somebody's info.
For example, my mother called me last night because she was concerned about this very exact thing. So I'm going to put in my mom's name, and when you put in her name, you know, you see that she's a professor at Queen's college. So you see her and her name on read my professor.com. You see education related stuff ,but then you see stuff like her salary information, and you can see her home address, but there are specific sites that are there just to display the information, so a service like delete me will go to sites like that, and make sure that they take it off.
To answer your question, just keep strong passwords, control what you put out there, and use a service to clear out your name and first information from different websites. After you sign up for something, they keep your information even if you delete your account.”
Brief Review
While going through Mr. Gouede’s response to our questions, he talked about cyber criminals who mostly focus on financial gain like stealing information to sell it through the dark web, and APTs who are state-sponsored hackers that aim to gain political power through methods like hacking and influencing campaign, which is often seen in social media to manipulate election and public opinion. So it is important to have strong defenses to protect your information like having strong passwords, limiting digital information you put out there, and taking advantage of services that can remove information out there that you did not put. With the evolution of technology, having a fundamental strong password habit, being careful in sharing too much information, and utilizing tools that can erase personal information throughout the internet is crucial in protecting against common and advanced Cyber Threats.
Cyber threats are all around us as technology advances, and are probably occurring at this time. We wanted to make sure that the most common types of attacks are known so that people are aware of these methods and hopefully won’t fall for them.