What is Cyber security?
Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorised access. In a computing context, the term security implies cyber security.
What is Cyber criminals?
A cyber criminal is an individual who commits cyber crimes, where he/she makes use of the computer either as a tool or as a target or as both.
– – – – – – – – – – – – – – – – -Top Cyber Security Threats of 2016 – – – – – – – – – – – – – – –
These are boom times for cyberthreats, cyberattacks and cybercrime. From identity theft to the retail hacks, these attacks are dominating the news cycle. On average, fraud victims will spend $776 of their own money and lose 20 hours trying to fix the mess that identity thieves made. Here are the seven ongoing threats that showcase today’s challenges in keeping your data protected.
Retail Data Hacks
Retail hacks are a serious danger because they can impact virtually anyone. 2014 saw a rise in cyberattacks against large companies like Target, with hackers stealing 40 million customer credit and debit card numbers. Cybercriminals steal and sell this personal information on the black market, which can easily lead to identity theft. While much of the responsibility falls on the retailer, such as keeping their payment methods up to date and secure, keeping a close eye on your bank account and credit card statement is a good way to stay safe during retail attacks.
Mobile Security & Smartphone Vulnerability Threats
Cybercriminals can easily exploit vulnerabilities in your mobile phone to obtain private data. These vulnerabilities sometimes come from the apps you use or within your smartphone itself. Mobile phones are also vulnerable to malware, which can log keystrokes and capture screenshots. Protect yourself by researching the apps you download, being careful with what emails you open, and which pictures you decide to upload.
Phishing Attacks & Social Engineering
When cybercriminals trick people into revealing sensitive information such as passwords and social security numbers, it’s called phishing. One of the most common ways phishing happens is when a person receives an email, purportedly from a bank or government organization, and are lured to authentic-looking sites. Once there, the person is asked to enter their password, social security numbers, and financial data.
Cybercriminals take this information and use it for their own purposes. Phishing is part of a larger problem called social engineering, which is essentially manipulating emotions in order to gain access to sensitive data. Don’t fall for these tricks. Be skeptical of every email you receive, especially those requesting you reenter private information. Remember, real banks and government organizations never ask you to verify any potentially sensitive info.
One of the fastest growing online crimes is identity theft. Many of the points previously covered in this article can lead to identity theft, phishing emails and data breaches. However, your identity is also at risk through everyday materials such as your resume, home address, social media photos and videos, financial data, and so forth. Identity thieves will steal your personal information and open credit cards and loan accounts in your name. While some of this is out of the average person’s hands, there is still plenty you can do to keep your identity safe.
Healthcare Data Hacks
Early in 2015, Anthem experienced a massive data breach by hackers and impacted 78.8 million people. In July 2015, hackers broke into the UCLA Health System’s computer network, potentially gaining access to the personal information of 4.5 million patients. Healthcare records contain important and sensitive information and are prime targets for cyber criminals which can easily lead to identity theft. Often times this information is used for health insurance fraud, such as buying and selling fraudulent prescriptions. Always monitor the news for any reports for healthcare data breaches.
Targeting of Children by Sexual Predators
Users looking to exploit children lurk in dark corners of the internet to trade illegal, lewd photos of children. This is done over email, peer-to-peer programs, or, increasingly, through the dark web, an area of the internet that is inaccessible with standard search engines. While these are disturbing trends, it is best to leave these sites to law enforcement officials and for the average person to avoid them entirely.
Another online danger aimed at children is when sexual predators try and lure them into meeting off line, as well as either sending or asking for lewd, pornographic images. Make sure your children are well aware of the dangers of talking to strangers online and never to share personal information with people they’ve never met.
Attacks on Banks
In the 21st century, bank robbing has gone digital. A famous example is when a criminal gang stole up to one billion dollars in about two years from a variety of financial institutions across the world. Cybercriminals targeted bank employees and officials with a malware called ‘Carbanak’ through emails. Once they had successfully infected the targeted computers, the cybercriminals were able to successfully mimic the employees’ behavior and transfer money to themselves, direct ATMs to dispense money at certain times, and used e-payment systems to filter money. Some experts like Ben Lawsky, say that a major attack on the banking system could be the equivalent to a “cyber 9/11”. Always research a bank’s security history before choosing them, don’t click on any strange links from emails, shred financial documents, and consistently monitor your account for any irregularities.In a world of ever-evolving cyber threats, what can you do to protect yourself? Security awareness is the first line of defense. There are powerful security tools available to help, but remember that you also need to use common sense to protect computer, your information and yourself.
Following the Sony hack in late 2014, we predicted that hacker shakedowns would increase in 2015. By shakedown, we were referring not to standard ransomware attacks, whereby malware encrypts or otherwise locks access to a victim’s computer until the victim pays a ransom. We meant extortion hacks where attackers threaten to release sensitive company or customer data if the victim doesn’t pay up or meet some other demand. With these attacks, even if you have backed up your data and don’t care that hackers have locked you out of your system, public release of the data could ruin you and your customers.
There’s just one problem with tracking such attacks. If the victim caves and does pay, the public may not know extortion occurred. We do, however, have at least two extortion hacks on record for 2015: the Ashley Madison hack, which took down a CEO and exposed possibly millions of would-be cheaters to public ridicule and worse; and the hack of InvestBank in the United Arab Emirates, which resulted in the exposure of customer account information. Extortion hacks play to the deepest fears of companies and executives—if not handled well, company secrets are exposed, customers file lawsuits, and executives lose their jobs. Expect such attacks to become more prevalent in 2016.
Attacks That Change or Manipulate Data
In testimony this year, James Clapper, the director of national intelligence, told Congress that cyber operations that change or manipulate digital data in order to compromise its integrity—instead of deleting or releasing stolen data—is our next nightmare. Mike Rogers, head of the NSA and US Cyber Command said the same thing. “At the moment, most [of the serious hacks] has been theft,” Rogers said. “But what if someone gets in the system and starts manipulating and changing data, to the point where now as an operator, you no longer believe what you’re seeing in your system?”
Data sabotage can be much more difficult to detect than the kind of physical destruction caused by Stuxnet. That’s because data alterations can be so slight yet have enormous consequences and implications. Anyone remember the Lotus 1-2-3 bug back in the 90s that would produce accounting miscalculations in spreadsheets under certain conditions? That was an unintentional error. But attackers could get into financial and stock-trading systems to alter data and force stock prices to rise or fall, depending on their aim.
Certain types of data manipulation could even result in deaths. In 1991 a Patriot missile in Saudi Arabia during the first Gulf War failed to intercept an incoming Scud missile due to a software glitch in the weapon’s control computer, allowing the Scud to hit an Army barracks and kill 28 soldiers. Again, this was an unintentional bug. But Chinese spies have invaded numerous US defense contractor networks in the last decade, raising concern among US military officials that they’re not just stealing blueprints to copy weapons, but might also alter or insert code to sabotage the integrity of weapons systems and change how they operate.
Any time the security community closes one avenue of attack, hackers adapt and find another. When retailers stopped storing customer credit card numbers and transactions in databases, hackers sniffed their networks to grab the unencrypted data live as it was sent to banks for authentication. When retailers encrypted that live data in transit to prevent sniffing, attackers installed malware on point-of-sale readers to grab data as the card got swiped and before the system encrypted the numbers. Now banks and retailers have begun rolling out new chip-and-PIN cards to thwart hackers once again.
The cards contain a chip that authenticates it as a legitimate bank card and also generates a one-time transaction code with each purchase, preventing hackers from embossing stolen data onto fake cloned cards to use for fraudulent purchases in stores. But this won’t stop fraud altogether; it will simply shift from brick-and-mortar stores to online retailers. In the UK, where chip-and-PIN cards have been used since 2003, card-present fraud—transactions done in person—has dropped. But fraud for card-not-present transactions—those completed over the phone or online—increased from 30 percent to 69 percent of total card fraud between 2004 and 2014, according to the UK Payments Administration. Neither a PIN nor a signature is required when customers use their cards online, so simply stealing card numbers is sufficient for this kind of fraud. Expect those online fraud numbers to rise in the US as well.
The Rise of the IoT Zombie Botnet
There are many who say that 2015 was the year of the Internet of Things; but it was also the year the Internet of Things got hacked. Connected cars, medical devices, skateboards, and Barbie dolls, were just a few items shown to be vulnerable to hackers this year.
If 2015 was the year of proof-of-concept attacks against IoT devices, 2016 will be the year we see many of these concept attacks move to reality. One trend we’ve already spotted is the commandeering of IoT devices for botnets. Instead of hackers hijacking your laptop for their zombie army, they will commandeer large networks of IoT devices—like CCTV surveillance cameras, smart TVs, and home automation systems. We’ve already seen CCTV cameras turned into botnet armies to launch DDoS attacks against banks and other targets. Unlike a desktop computer or laptop, it can be harder to know when your connected toaster has been enlisted in a bot army.
The year ended with a startling revelation from Juniper Networks that firmware on some of its firewalls contained two backdoors installed by sophisticated hackers. The nature of one of the backdoors—which gives an attacker the ability to decrypt protected traffic running through the VPN on Juniper firewalls—suggested a nation-state attacker was the culprit, since only a government intelligence agency would have the resources to intercept large amounts of VPN traffic in order to benefit from the backdoor. Even more startling was news that the backdoor was based on one attributed to the NSA.
There’s no evidence yet that the Juniper backdoor was installed by the NSA; it’s more likely that an NSA spying partner—possibly the UK or Israel—or a US adversary installed it. But now that companies and researchers know for certain what such a backdoor would look like in their system and how it would operate, expect more backdoors to be uncovered in 2016 as companies closely scrutinize their systems and products. And despite the fact that the Juniper incident shows that backdoors intended for US law enforcement and intelligence agencies can be subverted by others for their own malicious use, don’t expect the FBI and NSA to give up on their quest for encryption backdoors in 2016.
-Use strong passwords for your accounts that include numbers, lower case and capitalized -letters, and are not easy to guess, e.g. password, 12345, etc
-Don’t open suspicious emails requesting that you reenter sensitive data
-Destroy sensitive documents
-Use a VPN to secure your Internet connection if you need to use public Wi-Fi
-Keep your antivirus software up to date.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– Judems G. Daub BSIT III