Last weekend, Singapore woke up to news of a worldwide cyberattack that had spread to over 150 countries including Taiwan and the UK. By Saturday evening, the attacks had hit home, counting digital directories at Tiong Bahru Plaza and White Sands shopping centres among its victims.
It’s no longer news that cybercrime has become a major problem for businesses, governments and citizens all over the globe. The WannaCryptor attacks – or WannaCry – were halted by a kill-switch, but we have definitely not seen the last of ransomware. In fact, new variants of the malware have already been discovered, while the world is still recovering from the first wave of attacks. How are we supposed to keep ourselves safe against these mysterious cybercriminals and their nefarious tools?
We consulted with researchers at ESET, an antivirus company and they have highlighted the following areas for a start:
Email: This ruse is nothing new
Social engineering tactics are as old as the day is long, yet people keep falling for them. Today, phishing via email has become incredibly commonplace.
Although criminals are improving the ‘quality’ of these emails, with some targeted – known as spear phishing – emails looking incredibly authentic most do not (telltale signs include poor spelling, random email addresses and far-fetched claims that you’ve won millions).
Keep yourself safe by carefully checking the recipient, the request, and use some common sense – search via Google rather than using the enclosed website address. Also, be cautious of attachments, as they may be malware-infected. It’s important to check file extensions and to only open files deemed safe and from legitimate sources.
Social media: New hunting ground
Social media has become the go-to-market for cybercriminals eager to compromise people. It’s no surprise, as many users still fail to adequately look after their social networks (for example, a 2016 survey showed that 58% of people do not know how to update their privacy settings).
As with email, always check the authenticity of the sender (do they look credible?), the message and the link (which will likely be shortened). Beware of trending hashtags too as many are now using them to trap unsuspecting Twitter and Facebook users trying to catch-up with the latest breaking news.
Attitude: It won’t happen to me
Forget technology for a second, culture is arguably the biggest issue with security right now, and this has been the case for 20 years. CEOs think they won’t be targeted and citizens think much the same (i.e. it won’t happen to me).
This complacency is misguided, as everyone is a potential target. Accordingly, this attitude can often result in poor security habits, with individuals and organisations treating, for example, password and Wi-Fi security not as seriously as they should.
This is despite the fact that good cybersecurity can be achieved relatively easily, through good password hygiene, regular software updates, anti-virus and even password managers, VPNs and secure encrypted messaging apps.
Passwords: The easy way in
Generic, guessable passwords can be easily cracked, and they can open a can of worms if you use the same password across several accounts. Brute-forcing passwords are increasingly fast and easy for criminals today equipped with either huge computing power, or access to buy such expertise on the dark web.
Weak passwords, such as 123456; password; 12345678; and qwerty remain commonplace, with many people failing to see how these ‘low-hanging fruit’ are an entry point for cybercriminals. According to Forrester, 80% of all attacks involve a weak or stolen password.
Some web providers now force you to generate random passwords or create complex ones. Regardless of whether you face such password policies, you may want to consider a password manager, as well as passphrases.
Software updates: A lack of
Whether on desktop, laptop or mobile, there’s always another software update for our apps, operating systems or security solutions. Interestingly, the constant pop-ups irritate us, with many people failing to understand just how important they are.
If we fail to update, we’re effectively leaving our software and devices vulnerable to attack, as cybercriminals look to exploit out-of-date flaws. This was the case with the recent WannaCryptor ransomware worm that so publicly compromised Britain’s National Health Service (NHS) and Spain’s telco Telefonica, and spread to countries throughout Asia, to the United Arab Emirates and to at least a dozen more countries in Europe. Had the affected organisations properly configured automatic operating system updates for all their PCs, they may not have been featured on WannaCryptor’s victim list.
These basic errors are a good place to start if you don’t want to lose all your precious data to cybercriminals. If you woud like to make sure the next cyberattack doesn’t make you WannaCry, make sure to take the first step against cybercrime today.