In many cases, the only thing needed for the success of a malicious campaign is a single person clicking on that suspicious link, or opening an e-mail attachment from an unknown sender.
Cybercriminals tend to exploit the weakest link in the system. Make yourself familiar with the most popular ways non-tech people become victims of malicious attackers.
Third Party Apps
Statistics show that more than 80% of the time users spend online on their mobile devices, is through apps. Online content is distributed to mobile users mainly by Google’s Chrome Store and Apple iTunes. Mobile apps are slowly replacing the internet we used to know.
A useful piece of information is the fact that 97% of mobile malware are targeting Android. Most Android users are unaware of that. The Mobile Threat Report for Q1 2014 by F-Secure revels that the attacks on everyday users are extremely pervasive, and they can easily spread through apps into businesses.
This practice is quite popular among hackers and has become even more used in attacks targeting regular people (not only celebrities) in the past few months. Many users are completely uninformed about the whereabouts of their personal information and how cyber crooks have pieced it together in order to compromise accounts or for the purposes of identity theft campaigns. Personal information such as names, phone numbers or addresses are often available for purchase on numerous “people-finder” websites, which are the perfect source for digital social engineering. How the data got there is unclear for most users.
The scandal with the malware-infected ads served to Yahoo! visitors in January set a rather unpleasant start of the year. Reportedly, there were malicious ads distributed to approximately 300 000 visitors per hour. As the users clicked on the malicious ads, hey were redirected to a “Magnitude” exploit kit with the help of an HTTP redirect. Unsuspecting users have been increasingly attacked with poisoned ads that were specifically designed to match their browsing habits. The social networking giant Facebook has recently doubled the reward for ad-related flaws in an attempt to familiarize the public with the many ways malicious ads can be used in hacker attacks.
Cracking the victim’s password is still in the top ten of hacker’s favorite practices. Sadly, most computer users have the same password for more than one account, do not set password on their mobile devices and phones or use a password manager.
The public was reminded quite painfully of how important it is to set strong passwords by the recent Dropbox credentials leak.
The reason why phishing is so popular among cyber crooks is quite simple – because it works. The most phishing attacks these days are smartly disguised email messages that lure the unsuspecting user into clicking on a link or downloading an attached file. The links usually lead to infected webpages. The attacks have many faces – they can be presented as a friendly email from someone the victim knows, an innocent newsletter or notification from an institution like a bank or an insurance company.
Bottom line – do not open any email attachments you are not expecting. If it is from an official institution, you should check their webpage or contact them directly instead of clicking any links provided in the email.
The list is quite long – JP Morgan Chase, Home Depot, Verizon…. According to security experts 606 major breaches were registered, and 77 577 208 records were stolen in the past ten months.
The Financial, Credit and Banking sectors have suffered 24 breaches so far; 1 172 320 records were compromised. The Business and the Healthcare sectors are following them.The stolen records can be used by the cybercriminals in many ways – identity theft, spear-phishing and all sorts of targeted attacks.