It’s been a tough month for the internet. This past week’s global WannaCry ransomware attacks, last week’s Distributed Denial of Service attacks at the Federal Communications Commission’s website, and the spear phishing attacks through Google Docs three weeks ago have made the internet feel less safe. These attacks disrupted personal and business activities and, in some cases, put lives in danger with the attacks on hospitals. However, we continue to expect the networks that support the internet, the digital economy, and our digital lives to go on unaffected; this assumption has to be dropped to better defend oneself from cyber threats.
Ransomware, email scams, and social network attacks are part of a toolbox for hackers to cause major interruptions to how the internet operates. It disrupts the tools we depend on for the improved productivity in our daily lives, the delivery of information, and transactions on a global scale. These recent attacks can be created by digital communication, emails, instant messages, and social media posts, which impersonate a trusted source, such as someone you have listed in your contacts. Raising the level of awareness about the existence of these types of attacks is the best defense that helps one become aware of the harms these attacks cause and learn how to be a safer internet user.
While many attacks are perpetrated in email scams, they can also take place on a social messenger platform. These are referred to as “phishing attacks,” and they happen when an online hacker gains access to a victim’s contacts and then sends a spoofed message that appears to be from one of the names stolen from the contact list. Once the attacker has access to the victim’s contacts, they download them and repeat the “phish.” When a phishing victim opens the infected email, it spreads the virus to the victim’s computer (or mobile device) and gives the hacker access to contacts, files, and systems applications in that computer. The hacker now has regular access to the computer to create more malware using the victim’s identity as cover.
Some hackers take the time to construct personal phishing attacks by monitoring social media feeds. The hacker would include details that are familiar to the victim to entice him or her to click on a link or to take another permissive action to allow the attacker into the victim’s system. The hacker does not always take immediate advantage of the access he or she has gained; they may wait to give themselves distance from the initial breach and eventually steal or modify files and information later to be less detectable from the initial breach.
Ransomware is also becoming a more prevalent tool, as we learned this past week. This attack involves the hacker gaining access to an individual’s or corporations’ computers, taking control, and locking the users out until a fee is paid to the hackers. Ransomware can also evolve into an Internet of Things hijacking in which connected devices will be rendered unusable until the system is released from the attackers. This past week, the Wannacry cyberattack temporarily locked up files on computers and demanded Bitcoins for their release. The next attack may temporarily take over your security system and lock you out of your building.
We need to be cognizant, as both technology users and citizens who depend on the digital economy, of how to protect these devices and the networks that make our everyday life more productive and enjoyable.
All who use a computer or mobile device should back up their devices daily; it’s the first defense to recover from an intrusion. If a hacker does gain access to your computer or mobile phone and locks you out of your physical device, you may lose one day’s worth of information, but you can rebuild quickly if the device has been recently backed up. Using cloud computing allows a device user to reconstruct access to lost files and applications quickly, even if it means re-creating them on a new hardware device, such as a new computer or mobile phone.
Keeping an operating system up-to-date is also an important, proactive protection for any device. It is difficult to launch or spread an attack when the devices being targeted have systems that are updated and operate with the newest software. Patches are an engineer’s way of fixing the bugs inherent in software design. A patch can solve a software problem in a matter of seconds once it’s installed. Network operators constantly scan systems for bugs and patch programs as part of their commitment to maintaining a safe and secure network for their users. Microsoft issued a patch this past month to the products that they stopped selling years ago and stopped supporting until this past week. These recently updated patches are attempts to stop the malware madness with Windows 10 and Window XP. Those users who harbor pirated versions of Microsoft’s software will not receive the patch notices since their software is illegally obtained, yet Microsoft has offered software to patch those systems too to help mitigate the malware problem.
We have become digital citizens, and while we enjoy the dividends of a digital economy, we also need to understand the margin of safety and how to protect our digital assets. The best way to plan for a more secure environment is to know your vulnerabilities and risks and be prepared to recover from trouble quickly. In addition, think about your online habits, the applications or the services you use, and what these applications have access to on your computers and mobile devices. Prevention and proactive capabilities will help you and your business avoid a major setback and defend your digital existence.