3 cyber threats to know about: Ransomware, Phishing & End Point attacks.

There is no doubt, we are becoming increasingly reliant on digital devices and an internet connection to go about our everyday lives. Both from personal devices at home, and work devices within an organisation.

As society has developed a liking for quick and simple processes, automation has also become a key feature in our digital activity and devices. For example, to save you time at the checkout your device will automatically complete your delivery details, email address, credit card information, and other personal data such as passwords.

We all appreciate this technology, as it speeds up laborious tasks and remembers information on our behalf. However, as so much valuable personal data can be stored on a single device, normal people and as well as businesses have become prime targets for hackers and targeted criminal schemes.

Because of these online threats, it is important to know what digital dangers are out there. Here, we will discuss the top 3 most common cyber threats, explain what they could look like, and suggest how to avoid them.

 1. Ransomware: What is it?

Ransomware is a type of malicious software that can infect your laptop, mobile, or tablet with a virus. Generally, you will be come locked out of your device until you make a payment to the attacker.

How could you encounter it?

Sometimes, this type of malware is embedded into hyperlinks which you may receive in an email, or a direct message through social media. By simply clicking on the link, you can grant the hackers access to your system.

Why is it a threat?

As the name suggests, ransomware schemes often will use scare mongering and intimidation tactics to get their victims to pay sums of money. Should a hacker gain control of your system through this deceptive software, you may not only loose control of your device, but also could encounter a significant financial loss.

Individual people could be bullied into paying sums of a few hundred pounds. Whereas larger companies and corporations could be held ransom to thousands. Furthermore, there is no guarantee that once the money is paid, that your system will be released from the hacker’s control or work again.

An example of Ransomware:

One example of ransomware is ‘scareware’, where criminals frighten their victims into paying them.

For example, a pop up may appear on your screen to inform you that your computer has been infected with a virus, with a link provided to resolve the issue. Once clicked the ransomware has gained access to your system, taken control, and will proceed to demand a payment.

How to avoid Ransomware:

If you are on a computer or laptop, always ensure your firewalls are switched on. Also, investing in some well-known, anti-virus software is essential for protecting yourself from cyber threats.

If you receive an email from an unknown sender, avoid opening the email or clicking on any links contained within it. It is also wise to avoid clicking around on suspicious or poorly constructed websites.

 2. Phishing: What is it?

Phishing is a cyber crime where the victims are tricked into handing over personal details to a system that is impersonating a legitimate company or organisation.

How could you encounter it?

Phishing can be a very serious kind of cyber threat as it can be difficult to spot. Usually, criminals will encourage people into handing over sensitive data or passwords via an email, on the phone, or in a text message.

By posing as a recognisable or legitimate company, victims are lured into a false sense of security, and may not realise at the time that they are handing over their details to a hacker.

Why is it a threat?

Should you reveal any of your personal detail’s through one of these schemes, the long- and short-term consequences can be damaging.

You could incur a significant financial loss should your bank details or account information be shared. Or, from sharing personal information have your identity stolen, and further crimes committed in your name.

An example of Phishing:

A common form of Phishing is those too good to be true emails, often claiming that you have won a large sum or money or an extravagant prize. Emails of this nature often have a sense of urgency about them, perhaps stating that you have only a limited amount of time to redeem your prize.

Putting pressure on the email receiver, while dangling an attractive prize in front of them can lead to people missing the tell-tell signs of a phishing scam. Sometimes these emails will also contain hyperlinks, or attachments which contain a virus or ransomware.

How to avoid Phishing:

Spam filters are good at shifting through your online mail, removing anything that looks suspicious. However, the filters can on occasion be a little over thorough and will put emails from legitimate people in the junk folder, so be careful when you check.

Changing your browser settings can put blocks in place to stop fraudulent websites, allowing you to only visit trustworthy websites. Also, if you ever are required to input any personal information to a website and you are unsure, contact the company directly to validate its legitimacy.

When it comes to links in an email, figure out if it is a safe website by hovering over the URL to see if it begins with ‘http’. This shows the website is secure with a valid Secure Socket Layer (SSL) certificate.

3. Endpoint Attacks: What is it?

Endpoint security is essential for large organizations or companies, where many devices form a perimeter to the company’s digital network. An endpoint attack involves hackers targeting one of these devices to gain access to the entire network. Mobile phones, laptops, and other devices connected to a single corporate network can act as entry points for hackers.

How could you encounter it?

Often an end point attack begins with a phishing scam to try and uncover user’s credentials. To gain this information threat actors may create a convincing looking subdomain with an authentication form, imitating a cloud service.

From a successful phishing scam, the hackers may gain credential information, or even get a remote access trojan running on the computer. Malware can also be used to target end points.

Why is it a threat?

Should a hacker gain access to one device, it is very likely they will then be able to hop around the entire network. Not only could this cause damage to the company and devices, but it could also mean criminals gain access sensitive company information.

This can put a company at risk of huge financial loss, have sensitive and prohibited documents leaked, or have ransomware and other viruses released into their system.

An example of an End Point Attack:

One example of an end point attack is the Norsk Hydro ransomware attack, where a large number of the companies computer systems became locked down following an infection in their system. They found the initial breach happened three months before the ransomware was initiated, and so highlighted that the company’s security system was not sophisticated or layered enough to prevent the attack.

How to avoid an End Point Attack:

Every device connected to a corporate network is a gateway for hackers, and so a layered endpoint security system must be in place. This will ensure every device connected to a network is adequate, and consistent security measures are present. The system is monitored from one centralised location, so companies can easily and remotely monitor all endpoint devices.

Also, having multifactor authentication and advanced Endpoint Detection and Response engines integrated into a layered security strategy can make all the difference when preventing hackers from attacking end points.

While cyber threats are a prominent issue for individuals and larger corporations, taking the right preventative steps in terms of anti-virus software, VPNs, and firewall protection are easy to implement solutions. Moreover, ensuring you are educated and up to date on the latest cyber threats will make them easier to spot, and avoid.

White Paper: How to strengthen IoT security

Want to learn more about IoT security? Download our whitepaper and and take a deep dive into further security aspects to consider.

Download now!

Read More:

5 IoT solutions that went wrong – and why

Simple ways to increase the security of your IoT solutions

5 tips for more effective building operations