Cybercriminals

Individuals vs. Cybercriminals: The New Reality

Cyberattacks during COVID-19 have challenged many preconceived notions about online safety, such as believing that only users from major cities are at risk, or that a password provides sufficient protection.

When we speak about how individuals can stay safe during COVID-19, we wouldn’t immediately think of cybersecurity, and sextortion would be the last thing on our minds – but that is one way that individuals are being targeted today.

Individuals were targeted by cybercriminals even prior to the outbreak of the coronavirus, but the payoff from attacking a common man, compared to targeting a large business or public institution, was low. That changed once everyone began working from home, because

Individuals became a conduit to access business data when they were not protected by hardened enterprise IT infrastructure

Individuals significantly increased their online activity such as banking, shopping, and various other tasks that involve transactions, which made them a target for scams

Individuals are now spending a lot of their time at home online, which allows the attackers to use their devices to launch attacks(e.g., DDOS) on others

The coronavirus outbreak has meant that there is money to be made by targeting any individual – that’s our new reality. Cyberattacks during COVID-19 have challenged many preconceived notions about online safety, such as believing that only users from major cities are at risk, or that a password provides sufficient protection.

Neither of these is true. K7 Threat Labs has observed that users from Ghaziabad have suffered almost 6 times the number of attacks as users from Bengaluru, and passwords can be described as necessary but not sufficient as they can be guessed or even stolen using a keylogger.


What Gives Cybercriminals
an Advantage Over Individuals?

Cyber attackers are often portrayed as criminal masterminds in the movies. In the real world, they may just be buying readymade exploit kits from the dark web and deploying them against unsuspecting and unprepared users. These off-the-shelf malware work because

Individuals have limited awareness of cyberthreats and are likely to click on any attachment or link, launching the malware
Personal devices are not protected by effective cybersecurity
Personal devices often use weak passwords, or may not even have a password
Social engineering can be used to target the user instead of the device


How Individuals Can Protect Themselves
against Cybercriminals

Cybercriminals can unleash very sophisticated attacks against individuals, such as attacks that don’t need specific actions from the user to launch, but that doesn’t mean they have the advantage. Individuals can protect themselves by following a 3 pronged approach: Knowledge, Discipline, Tools.

 

Knowledge

 

Once we understand the impact a cyberattack can have on our lives, we can appreciate that learning about cybercriminals’ methods gives us the power to protect ourselves. Once we know about social engineering and how it can be used to gain our trust, we will be able to identify a scam even when the message seems genuine. Similar to physical hygiene, cyber hygiene largely involves following sensible precautions to keep threats at bay.

Check if a website supports HTTPS before entering personal or confidential information, especially if it is a banking or shopping website
Do not open email attachments from unknown senders. Check if the email domain (the portion after the ‘@’ symbol) is the correct domain if you know the sender, and verify unusual requests over the phone
Beware of messages with a sense of urgency
Use Two-Factor Authentication (2FA) where possible to protect your accounts even if your password is stolen
Be sceptical. If a message sounds too good to be true, it is most probably a scam

Discipline

 

We all wish we had more discipline – to eat right, exercise more, read a book. Digital discipline is very similar – we know what is good for us, but we find reasons to avoid practising them. Luckily, maintaining digital discipline is a lot easier than sticking to a fitness programme when working from home.

Avoid easy-to-remember passwords that can be easily guessed. Do not leave any device or application with the default password
Allow your operating system and all installed applications to update with the latest patches and fixes. Only install apps from the official app store. Uninstall apps that you no longer use
Check the app author’s website before installing to avoid fake apps. Avoid installing apps that require permissions unrelated to their purpose
Avoid disclosing sensitive information on social media. Don’t accept friend requests from people you don’t know
Check bank statements regularly for unfamiliar transactions

Tools

A good craftsman knows which tools to use, which to avoid, and how to get the best out of them. It is the same with cybersecurity. The same digital technology that cybercriminals use against you can also be used to defend yourself against them. Use your technology tools wisely to stay cyber safe.

Install a good cybersecurity product and keep it updated to stop the latest cyberthreats. This applies to mobile devices as well, which are also vulnerable to malware. Check the ratings or awards received to avoid installing fake antivirus
Mobile devices should be additionally protected with remote wiping tools that will erase data if the device is stolen
Use a good password manager to make generating, remembering, and using passwords easier. Use a virtual keyboard to enter passwords if your password manager cannot enter the password for you
Bluetooth, Remote Desktop Protocol, or any other transmitting feature should be turned off when not in use. Your laptop’s webcam should be covered until you need to use it
Backup your data regularly. Automated backup tools can ensure you never miss a backup

These steps are fairly simple but users who are not very comfortable with digital devices and services, such as senior citizens, may still find them challenging. Once we understand the Why and how of cyber security, we should help others be cybersafe. Everyone should be able to enjoy cyberspace. No one should be a victim of cybercrime.

  • By Mr Sudarsan Ranganathan, President & Chief Strategy Officer, K7 Computing

Leave a Reply

Your email address will not be published. Required fields are marked *