For the past 32 years, Computer Security Day has been held every November 30 to remind internet users of the importance of protecting all internet-connected devices, and personal and business information from malicious attacks and unauthorized access to data.
This year we’re celebrating a bit early, as a means to raise awareness and provide meaningful insights on how to maintain online security for future digital endeavors.
There’s never been a better time to catch up on good cybersecurity practices, as malware attacks and data breaches makes headlines on a daily basis, serving as a constant reminder of the active role users play in computer security.
Bitdefender is constantly monitoring the state of cyber-threats and malware, which have adapted to suit the events surrounding the ongoing health crisis.
Phishing attacks and spam
From coronavirus-themed spam and malspam to fraudulent offers and charities, bad actors continue to trick victims into providing sensitive information or installing malware on their devices. Spikes in coronavirus-themed spam were noticed in March, and the focus on phishing emails has not diminished over time, with an average of 60% of all emails received between May and June marked as fraudulent, according to Bitdefender telemetry.
Malware attacks and ransomware
Spikes in malware attacks across all platforms were also noticed, as cybercriminals exploited fear and misinformation alongside the increased number of employees working from home.
Although the attacks focused more on social engineering and less on sophisticated types of malware, the 2020 threat landscape shows cybercriminals’ versatility in deploying their schemes.
Ransomware families continue to rise and fine-tune their attacks, with Sodinokibi (also known as REvil or Sodin) Maze, DoppelPaymer and Nemty continuing to pose risks for business and consumers worldwide. Fileless malware, exploits and banking Trojans also made this year’s threat list. Throughout April, May and June, info-stealing banking Trojans such as Emotet and Trickbot acounted for 64.52 percent of all banker reports during the first half of 2020.
During the health crisis, internet use surged, with recent studies finding that seven in 10 internet users spend more time on mobile phones and laptops than in 2019. Moreover, work-from-home and social distancing measures seem to have bolstered cybercriminal activity targeting Android devices. Restrictions brought on by the pandemic show that users started downloading more and more applications from untrusted sources, including a malicious version of popular video-conferencing app Zoom used to infect devices with malware.
Internet of things at risk
Suspicious IoT incidents have also increased 46% between January and June, proving the relentlessness of bad actors exploiting lockdown conditions. Although smart devices and gadgets such as smart TVs, security cameras, baby monitors, smart locks and thermostats add comfort and convenience to our lives, the advent of internet-connected devices has also created new attack vectors for cybercriminals. 55.73% off all identified network incidents within household were port scanning attacks to find vulnerable devices that could be used to compromise a network. Additionally, 22.62% of attacks involved password-stealing attempts via HTTP, where bad actors aim to catch plaintext credentials sent over unencrypted connections.
How to protect against phishing attacks and scams
- Check the sender’s address before opening the email
- Never download attachments from unsolicited messages that create a sense of urgency
- Examine the message closely and check the grammar before clicking on any links with offers and deals
- Don’t give personal or financial information to individuals who contact you via email, social media, phone or text messages
- Use strong and unique passwords for all of your online accounts
- Use a security solution with an antispam filter to block phishing attempts
- Delete and report any unsolicited or suspicious email with your service provider
How to protect against ransomware
- Back up your data periodically in the cloud or on a local storage device that is not directly connected to your system. If your system gets infected with ransomware, you don’t have to worry about losing precious data or paying ransom for a decryption key.
- Monitor your email activity for unsolicited emails and never click on suspicious links or ads. Most ransomware is delivered via email attachments with carefully crafted spam messages that entice users to click on or download malicious files on their devices. Thus, screening Inboxes for phishing emails becomes one of the most important steps you can take to prevent ransomware infections and financial loses.
- Keep your systems and applications up to date to avoid infections exploiting vulnerabilities in third-party plugins or apps
- Stick to trusted sources when downloading a new app to avoid corrupt applications that steal and encrypt your data
How to protect IoTs and secure your smart home
- Secure your router by using a strong encryption method such as WPA2 that uses encryption and strong passwords for your Wi-Fi network.
- Change default credentials on all of your smart devices to avoid cybercriminals from accessing your IoT devices by choosing strong and unique passwords
- Change and update the default settings for smart devices and disable features that you don’t need
- Keep software up to date and enable two-factor (2FA) or multi-factor (MFA) authentication for your smart apps and online accounts, where possible
Even the most cyber-savvy individuals can have a hard time fending off cyber threats. On top of adopting good-cyber hygiene practices, running a security solution that can detect emerging ransomware and block malware, and filter spam can help you create a safe ecosystem for all of your internet-enabled devices.