Corona goes Digital #Cyber threats amidst Lockdown
So, it's just another day of the global lockdown against COVID-19 and finally, we are where nobody had expected us to be.
The planet is finally healing itself. You can now wake up to a peaceful morning sun and breathe in a lungful of fresh morning air. This time might not return in another hundred years - cherish it to the fullest!
With Dolphins back at Marine Drive most of us locked up and restricted to digital space, the world gears up to face another threat: Cyber Crime.
What is igniting this?
The high internet usage and lack of proper know-how on part of the users has emboldened hackers and cyber criminals into encroaching upon your territory.
Just another case, Mr. Srivastav being victim of Sextortion
A few days ago, he used to be a happy go lucky man who ran a small business dealing in computer parts. Although the business was not as good, things were still under control as he had saved up enough for himself and enough to help the not so fortunate(s) around him. His world however, turned upside down when he received this email, one fine day.
Mr. Srivastav overlooked the warning and you can guess what happened next. The poor man’s social life was ruined and today he has no option but to regret what happened. He approached the authorities but the mail had been redirected through multiple relays and could not be traced back to the hacker.
Yet another case, Mr. Rawat being victim of Crypto-locker
An architect by profession, woke up to an encrypted laptop last Sunday. Whatever he had given his time and labor to, was now held ransom by some guy sitting an ocean away. All of his personal data - sketches, maps, files were now locked down by a strong encryption tool and if he wanted to see it again, he would have to shell out a hard earned $1000.
Mr. Rawat, having few options at disposal, reeled into the hackers’ demands to save his blood and toil from getting washed away.
But you don't have to...
There are certain security measures that you can take to prevent something similar from happening to you, and as you proceed, you will find we have discussed some most important of those are:
- Not opening suspicious Emails or Instant Message Links
- Not visiting pages, sites or blog posts that appear doubtful, happen to be promoting paid services- dating, streaming, other SaaS for free
- Not visiting websites offering free downloads especially for otherwise paid software
Let's park them here for a while and...
Understand, this struggle is not new and follows a vicious cycle:
- A new software or service is released
- Hackers try to breach its security
- A patch/update is released to tackle that
- Hackers exploit that patch too
- Yet another update is released to address that
And this game continues till the developers are finally tired and decide to release a newer version and this entire game begins all over again.
These days, hackers and cyber scammers are taking advantage of the coronavirus pandemic by sending fraudulent email and WhatsApp messages with an aim to trick you into clicking on malicious links or opening attachments.
Can you guess what is common among all these attacks?
Of course, it is not the machine that is at fault, but us.
Cybersecurity is a human problem: the person at the keyboard is always the weakest point in any technical system.
Attackers will use a set of techniques broadly described as social engineering to trick us into divulging sensitive information. They cannot penetrate into your system, unless you YOURSELF explicitly allow them to.
Circling back to security measures in detail, you can disallow hackers from penetrating into your system by:
1. Not opening suspicious Emails or Instant Message Links-
Claiming you have won a lottery or some other prize such as a car or house, when you hadn't bought a ticket in the first place.
Or maybe a known e-shopping website and claims to be selling something extremely cheap, maybe an iPhone for 10k, all the while disguising it to be an offer of some sort, or maybe promoting some voucher out of turn and season.
They seem to be coming from genuine sources but you can notice a stark difference between the original design/URL and the one you received.
2. Not Visiting Websites that appear doubtful, happen to be promoting-
Free porn or adult related content:
Of course it is an industry and has several aspects to it, but most of the adult entertainment websites that are actually secure, require you to pay. Those that don't are extremely insecure.
You can be targeted via a multitude of methods available to the hackers once you are there.
Even something as small and apparently insignificant as allowing popups or notifications can compromise your browser and your system in addition to it. Your browser stores much information such as passwords, your browsing history, account information, etc, any of which if stolen could land you in trouble.
Addiction is the new evil
Free movie or TV show Streaming:
With the rise of web streaming giants like Amazon Prime, Hulu and Netflix, the number of websites offering their shows and services for free has also risen. While some of them like FMovies and Putlocker are actually genuine, there are two major concerns even with them:
One is that they go against the copyright laws and Secondly to keep the stuff free, they have to rely heavily on advertisers and the developers there don't quite care whether or not the advertisers are authentic (kind of how much they must be caring about stealing intellectual property of others).
Some of these sites would not allow you in unless you disable your ad-blocker and will make sure you see an ad as soon as you toggle the play pause button. Some of these ads are unavoidable and just one wrong click at the wrong place and you are compromised.
Free matchmaking & dating sites:
One of the easiest ways to swindle people and eventually strip them of cash is through honey trapping. Sites offering free matchmaking and dating services are something you should be more than careful of.
While some of them are actually genuine, what you should know is, they won't be free of cost. Their secure systems require regular upkeep and their policies are straight, hence you can rest assured.
3. Not visiting websites that offer free downloads especially for otherwise paid software:
Nothing worth having, ever comes free in life.
Free PC Video Games:
PC gaming is a dimension in its own right, and only those who are completely into it know the bounds. It's unfathomable and addictive. But, just like anything else worth having, it is not free. PC Video games require lots of time and effort on part of developers to reach the market shelf.
While it is not necessary every free Game Download site is virulent and every game you download is infected, it is certainly true that most of them are. Sometimes the websites don't host the game setups themselves and rent servers for the same. It is pretty much possible for a hacker with the wrong intent to infect the files behind the backs of hosts themselves.
Even if you manage to download a game and install it, it will still require a crack (a piece of software designed to bypass game security) to run. Cracks are also sort of viruses that don't infect your system or replicate. However your Antivirus Software will surely detect and try to delete it. In order to have a functional crack on your system, you need to either add it to exceptions or lower the security of your device by disabling your runtime protection.
Free paid software:
Issues with free software are similar to the predicament with downloading free games as we have discussed above. Paid software cannot be free since there is a reason they are paid. In addition to using them as a means to launch any of the critical attacks we have been talking about for now, there is another issue we tend to overlook. That is updates.
You cannot update an ingenuine software, if you try you will be caught. This leaves your system vulnerable to newer risks since the software is not equipped to deal with them.
Also, since you are not downloading from the official authentic source, you never know whether the software is genuine or a carefully counterfeited malware.
Technically:
A large number of attacks like IP Spoofing, Cross Site Scripting, Drive By, Eavesdropping, Honey Trapping, MITM, Birthday and packet capture attacks are carried out via these websites, that further led to a virus, trojan, spyware, ransomware installed in your system unknowingly.
Takeaway from this?
Remember, any genuine source will never:
- Ask for your username or password to access safety information
- Send email attachments you didn’t ask for
- Ask you to visit a link outside of parent website
- Charge money to apply for a job, register for a conference, or reserve a hotel
- Conduct lotteries or offer prizes, grants, certificates or funding through email
Conclusion
That concludes our intent for the Corona going Digital, but before we wind up, we would like to reiterate, just like protection from coronavirus, your online security too, is in your own hands exclusively. Practice social distancing from all flash-points mentioned above and you will never be in trouble. Happy Browsing. Be Safe.