With news sources suggesting the likelihood of getting hacked is increasing this year, it’s interesting to consider the landscape of dangers that face us as computer users.
Many of 2017’s threats are evolutions of what’s gone before, with hackers enhancing and developing their methods to stay ahead of the game. The cyber criminals are also being inadvertently assisted by poor security and training at major companies, some of which have suffered security breaches. Yahoo endured a stream of breaches last year, as did the likes of the NSA, now that some of their own hacking techniques have been revealed by WikiLeaks.
So, what particular hack attempts does it make most sense to be aware of? Here are three that could catch you out if you’re not careful:
1. Creative phishing
We are reaching a stage now where most people have heard of phishing, with government advice sites even handing out advice on avoiding it. However, this doesn’t mean cybercriminals have given up attempting to trick people into handing over their personal details or installing keyloggers on their computers; the hackers have just had to refine their methods and become a little more sneaky.
One new technique that’s become popular this year is making image links masquerade as attachments in Gmail emails. Thanks to how easy it is to send out thousands of emails, only a tiny proportion of people have to “bite” to make these scams worthwhile. Hackers aren’t scared to take to the phones either, cold-calling and pretending to be from Microsoft, for example, in an attempt to convince people to allow them to remotely access their machine and install malware.
2. Web Server Attacks
Now that most of us interact with multiple online services every single day, we’re trusting web servers with an awful lot of personal information. Ultimately, this means that we’re trusting the people who manage those servers to keep them secure. However, the relentless stream of data breaches we all read about in the press goes to prove that security safeguards like web application firewalls aren’t always a priority.
One hack that doesn’t seem to go away is SQL injection, which is implicated in numerous high-profile hacks. The curse of poor security practises, a SQL injection hack involves sending maliciously crafted queries to online databases, in order to reveal, manipulate, or steal the private information held within. As a consumer, you can go some way to protecting yourself by only dealing with companies you trust to safeguard your data, and following their advice to secure your online accounts (by doing things like using secure passwords and two-factor authentication, where available).
It also makes sense to stay on top of IT security news, to make sure that you’re ready to quickly respond with a password change if any company you do use is ever affected.
Ransomware attacks have been around for years now but they went truly mainstream in 2017 when an attack spread quickly across the UK’s National Health Service. Ironically, the vulnerability exploited was one that security agencies seem to have known about, as it was included in the WikiLeaks revelations referenced above. For people who have good backups, ransomware needn’t be much more than an inconvenience. However, even recent surveys suggest that as many as one in five people never back up their systems. The simple way to avoid becoming a true victim is not to be one of these people without a “plan B.”
Ransomware, phishing, and web server attacks are just three of the tactics used by criminals to steal data. Yet, despite growing public awareness of them all, attacks seem to be on the rise. In many cases though, cybercrime is an avoidable problem, especially on a corporate level, with resources and software available to prevent it.