2018's Most Common Cyber Attacks You Should Know About
Cyber attacks are more common that you might think. We have quite a few months to go before the year is over and we can start assessing cyber attacks of 2018; however, we know for a fact that 2017 was the worst year for cyber-criminal activity, and there is a good chance that 2018 will top that. According to the data produced by the Online Trust Alliance, attacks targeted at businesses alone had doubled in 2017 in comparison to those recorded in 2016, from 82,000 to 159,700 incidents. According to the same report, 7 billion records had been exposed within the first 3 quarters, and 93% of all data breaches could have been prevented. Needless to say, this is not a joke, and it is pretty obvious that cyber attackers are finding ways to attack both businesses and individual users. While there are tons of different methods cyber criminals can employ to exploit vulnerabilities, invade systems, breach data, and cause security problems, patterns exist. In this report, we discuss the most common cyber attacks in 2018.
Table of Contents
Social Engineering Malware
You might be familiar with the term social engineering scam, but this term does not exactly fit the malware we are talking about. While social engineering scams are usually linked to social media, social engineering malware can be used in different ways. Currently, for example, ransomware takes the lead in social engineering malware. In their attack, cyber criminals successfully take over a website and embed malicious code to expose unsuspecting visitors to dangerous malware. Attackers usually exploit legitimate and trustworthy websites because that increases the chances of malware being propagated more successfully. Once the visitor lands on a corrupted page or website, they are introduced to a warning or a notification that calls for action. For example, a threat could hide behind a fake Java or malware scanner installer. If the visitor is tricked into believing false information that appears to be delivered by a trusted source, they might let in malware that can then cause serious problems.
What to do? It is most important to stay vigilant and informed. Uninformed users are the first to get affected by malware and cyber attacks in 2018. Keep up with virtual security news and learn ways to recognize fake alerts and compromised websites. Needless to say, implementing reliable anti-malware software is crucial too.
Social Media Scams
If you have a profile on Facebook, Twitter, Instagram, or another popular social media platform, you might have faced scams already, and you might be capable of recognizing them too. Unfortunately, that is not always easy. For example, if you find a strange message with a link or attachment sent by someone you do not know via Messenger, we should tell you that opening it is a bad idea. The same goes for random links in the feed. But what if a malicious link or file is sent to you by someone you know? This is where things might get tricky. If cyber attackers successfully hijack social media accounts, they can impersonate your friends, family members, colleagues, celebrities, and others you follow to expose you to malicious content.
What to do? First and foremost, whenever you receive a link or an attachment unexpectedly via your social media account, think if it is outside of the ordinary. If a colleague you normally do not communicate via social media platforms sends you a link that, allegedly, opens a funny picture or a scandalous video, consider the possibility of a scam. At least, message the person asking them to confirm if the sent link/attachment is real. Second, if you discover a hijacked social media account, report it immediately. For example, if you want to report someone on Facebook, you can find your options here.
Outdated Software and Software Vulnerabilities
Users do not update software. That's the simple truth. Updating software seems like such a hassle-free thing, but users still fail to take care of it because they do not want anything interrupting whatever they're doing. Unfortunately, vulnerable operating systems are a prime target for cyber criminals, and most cyber attacks are successful BECAUSE of un-patched software. Whether it's your Windows/Mac/Android/iOS operating system, your web browser, your browser extension, or another piece of software, you are putting yourself at risk by postponing a released update. Some security vulnerabilities are discovered by cyber criminals, but, for the most part, they exploit vulnerabilities that are already known and patched. This means that users can blame no one but themselves when malware invades using un-patched vulnerabilities.
What to do? The answer is so simple, it hurts: INSTALL ALL UPDATES and PATCH ALL VULNERABILITIES.
Man-in-the-middle (MitM) Cyber Attacks
The man in the middle within the MitM attack is a cyber attacker who operates between the client and the server. An attacker can hijack a session between the network server and the client. In an attack like this, the server is tricked into thinking that communication with the client occurs, but the client is actually disconnected from the said server, and the IP is replaced. An attacker can also perform IP/DNS/HTTPS spoofing, email hijacking, WiFi eavesdropping, SSL hijacking, and replay. The purpose of any MitM attack is to intercept communication. This could be used, for example, to take the unsuspecting user to a webpage that is built by the attacker. Let's say, the page is identical to the login page of your online bank account. If you are tricked into entering login data, it is recorded by the attacker, and they can gain access to the account.
What to do? Always look at the URL address of the page you are visiting. You want to see the S in the HTTPS part within the address of every single page you are visiting. You should also avoid connecting to public WiFi networks, as those are always less secure. It is also a good idea to install reliable, up-to-date security software that provides Internet security features. Overall, it is most important that you stay vigilant yourself.
Phishing Email Cyber Attacks
According to the most recent statistics, spam accounts for 48% of all email traffic worldwide. Technically, that means that about every second email message you receive is considered to be spam. Of course, this depends on where you live, what your email provider is, how careful you are about disclosing your email address, and whether or not your email is personal or work-related. Spam emails are often used as tools of phishing, which means that cyber attacks can be conveyed directly via your email inbox. Phishing emails are often clearly misleading, but, in some cases, they can be quite sophisticated. The email addresses created by attackers can look legitimate, and the messages might include familiar logos and highly specific information. If users click links or attachments sent via such emails, they can become victims of malware, scams, and even MitM attacks, which we have discussed already.
What to do? Obviously, you should not open phishing emails if you do not want to become a victim of a cyber attack in 2018. Even if they appear to be real, you can usually tell when they are fictitious because they are unexpected. Also, note that no one should ever ask you for personal details over email or phone. For example, if your bank needs you to update personal information or passwords, you would be asked to do that via your account. Overall, it is best to delete spam emails without even opening them, especially if they are sent straight to the SPAM folder. Click HERE to learn more about phishing scams and how to evade them.
Password Cyber Attacks
Your password is your key to the World Wide Web. You probably need a password to enter your computer or mobile device. Then, you need passwords for email, social media, bank, insurance, and all other virtual accounts you own. Because they grant access to personal information and provide attackers with countless possibilities, passwords are a hot commodity. Cyber criminals can use malware (e.g., keyloggers) to obtain passwords without the user's knowledge. In other cases, phishing scams (e.g., phishing emails) and social networking scams are used to trick users into disclosing personal data themselves. Using brute-force attacks, criminals can also guess passwords and gain unauthorized access.
What to do? Install anti-malware software to protect yourself against password-stealing malware. Beware of scams and phishing cyber attacks that could be used to trick you into disclosing personal information too. It is most important, of course, that you create strong passwords that no one could guess and that you do not reuse/recycle passwords. The problem with strong passwords is that they are always complex and, therefore, hard to remember. The good news is that you do not need to create or remember them at all if you employ a reliable password manager that can do it for you.
In conclusion, if you do not want to become a victim of cyber attacks in 2018, you need to take a few simple security measures. You might be overwhelmed right now if you are inexperienced or uninformed, but we can promise you that you will never regret taking care of your virtual security.
