The very first commandment is not to use a password that is too simple
Hacktivists, stealers and phishing… I became acquainted with these and other new neologisms from the world of the online environment last week in Krasnoyarsk, where the cyber weekend took place. Whatever one may say, the world is digitalizing, and in order to get only the best from this process, you need to know not only its advantages in the form of quickly obtaining information and communicating in networks, but also its pitfalls. Alas, many of us have become familiar with them: these are fraudulent schemes for “diversion” of funds from bank cards, theft of personal data and then their appearance on the darknet…
Photo: unsplash.com
According to experts, in 2023, industrial enterprises surpassed the financial sector in the number of cyber attacks carried out on them. This doesn't mean that cyberattackers targeting organizations aren't interested in money anymore. Material enrichment is still the prevailing goal for them, but they can get it in a roundabout way, for example, by selling stolen data on transactions or technological secrets. In other words, they steal in order to later resell to interested parties, and maybe the owners themselves (or blackmail them). But this does not give the latter a guarantee that their data will not be published online. There are, of course, unmercenary hacktivists with an ideological or political bent who hack other people’s resources, guided, for example, by the motives of fighting injustice. Remember Anonymous? This group, which opposed censorship, persecution and surveillance and hacked government websites, is also a typical example of hacktivists.
As practice shows, attackers are no less interested in the personal data of individual users of laptops and smartphones than they are in the secrets of various companies. Firstly, knowing the credentials from their personal accounts, attackers can gain access to accounts in financial services, and secondly, resell their personal data to those who are interested in them for subsequent blackmail or, again, for subsequent extortion of money.
Whose data do you think is most often “leaked” onto the darknet (a virtual network built “on top” of the regular Internet)? Most often on shadow resources you can find advertisements about data leaks of e-commerce and retail users. The first quarter of 2024 also showed the active attention of attackers to user data of microcredit organizations, medical centers and pharmacies. In total, experts recorded 41 publications of significant databases containing more than 102 million rows of user data. And the number of compromised passwords from various devices in the first quarter of 2024 increased 6 times compared to the same period a year ago. Users daily encounter fraudulent schemes and are subject to phishing attacks (types of attacks to gain access, for example, to logins and passwords) based on social engineering.
In general, online security experts recommend not using dubious resources to purchase goods and services. For example, you need to pay attention to the level of security of sites (do they use encryption); if possible, choose the most well-known companies with a good reputation. Whether a resource uses encryption can be determined visually. The presence of an SSL certificate (it guarantees that the data transferred between the user and the site cannot be accessed by strangers) is indicated by “https” at the beginning of the link to the site — with an “s” at the end. The absence of the letter “s” should already alert you user.
To reduce the risk of becoming victims of financial fraudsters, blackmailers, and cyber spies, you also need to think about how high a digital “fence” you put in front of them. The very first commandment for such protection: . Moreover, do not use the same passwords for different Internet services. The fact is that users may be attacked by stealers — malware that, after penetrating the device, can gain access to all passwords. Protective solutions will help prevent them from reaching your device. Another risk here is who stores user data. Let's say you set the same password for an important email and for a cat lovers forum. Nobody needs the forum, but if the owners did not protect it well, then attackers can leak the database to the darknet much easier, and from it those interested can get the necessary passwords if they wish.
“We conducted an open source study in 2023 and identified more than 10 million infected devices,” says cybersecurity analyst Igor Fitz. – After all, just one stealer that gets into a user’s laptop, on average, “opens” 50 accounts of its owner at once. According to statistics, in Russia last year 2.5 million user accounts were compromised in this way, which belong to sites in the .ru domain zone.
By the way, if there had not been a request for such data, they would not have tried If only they were hacktivists or simply robbers from a large… network. Is it possible to identify multiple users of secret databases? Yes, this is quite possible, Fitz answers, — after all, everyone who opened this database leaves behind a digital trace…
The head of the Russian research center of one of the large companies, Dmitry Galov, exposed one of the weaknesses of modern man:
– Many of us (on our phones) love to mine minerals and valuable minerals. After all, they gather three in a row and… burst! This makes us childishly happy! (Smiles). Few people think at this moment that, even under the guise of simple gaming applications, malicious programs can penetrate our smartphones, the purpose of which is logins, passwords to different accounts, credentials from financial services, personal information.
It is worth noting that 52% of Russians, according to the survey, and this is wrong. After all, with each update, developers improve protection and close detected vulnerabilities.
– People mistakenly assume that after downloading an update, they may be blocked by a Western program developer. Firstly, such cases have not yet been recorded, and secondly, the harm from vulnerabilities in the operating system can be much more serious than from stopping the operation of a particular application, explains Galov.
By the way, according to the expert, in addition to the theft of money and personal data, device users may encounter another problem: their devices may be secretly used to organize DDoS attacks (the purpose of such attacks is to make the information system of the victim enterprise inaccessible to users (for example, a web website or database)) or cryptocurrency mining. Do not be surprised! Of course, one phone doesn’t have that much computing power, but if you collect thousands of them… Computing power can also be used in computers, routers… You will be surprised, but you can mine cryptocurrency even on a smart washing machine!
And finally, cybersecurity experts note that attackers can use other people's devices for so-called traffic proxying.
“When attackers want to be difficult to track, they use your device as a “transfer point,” explains the expert. – If this is done along a long chain, then it will be more difficult to restore the entire path of information back.
Many people are sure that they will immediately guess that malware has been introduced into their phone, for example, by the strong heating of the device. But this is a false idea. The phone may heat up during normal background updates or in fast charging mode, and, conversely, when hacked, it will behave “calmly”, without “signaling” in any way to its owner that intruders have penetrated. Modern hackers have learned to do this quietly in order to remain in the system undetected for as long as possible.
Another type of cyber threat. In 2023, the proportion of users in Russia who encountered stalker programs that were secretly installed on smartphones increased by 20 percent. In this case, those interested must be sought among people close to the victim, since initiating this type of digital surveillance requires direct access to the device. By installing a stalker program, a husband can spy on his wife or vice versa; your movements can also be of interest to business partners.
I'm interested in Trojans (a type of malware masquerading as legitimate software) that were widespread in the early 2000s. It turns out that they are also alive. In particular, in the first quarter of 2024, more than a hundred thousand attacks were recorded on Russian users from just one such program – the SpyNote spyware Trojan. How do different Trojans penetrate mobile devices? For example, through advertising by criminals on TikTok, which offers all kinds of clicks on links, under the guise of applications for adults, programs with a radar detector function, and more.
Speaking of various dubious applications, many still use the services of a well-known caller identification service, through which you can find out how you are recorded in people’s address books. Don’t do this, experts advise, if you don’t want your phone book to one day end up “hung” on a virtual “fence.”
One of the most common requests lately concerns the “hijacking” of Telegram accounts. And in most cases, their owners unwittingly put their “efforts” into this, experts say. For example, they buy into the free distribution of access to Telegram premium or participate in dubious polls or vote for someone’s “competitor niece.” As a rule, in all of the above cases, you need to follow the link and enter your credentials from your Telegram account on the authorization page (in these cases, a fake, phishing one). This should not be done under any circumstances.
They are checked for malicious code (for iOS this is the App Store, for Android — Google Play). You can also use the store from the smartphone manufacturer or other official stores.
When installing new applications, you need to pay attention to the requested permissions. Reject those that are not necessary. For iOS: Go to Settings > Privacy and check permissions for each app. For Android: Go to Settings > Apps and Manage Apps.
(Smartphones too).
For iOS: Turn on Touch ID or Face ID for quick and easy access. secure access to the device. For Android: Use the fingerprint scanner or facial recognition feature for authentication. It is advisable to set complex passwords.
It's also a good idea to enable automatic data deletion after multiple incorrect password attempts.
For iOS: Go to Settings > Apple ID > Password & Security > Two-Factor Authentication. Next, for each account (Apple ID, instant messengers, social networks, etc.), find the “Security” section and enable two-factor authentication. For Android: for each account (Google, instant messengers, social networks, etc.), find the “Security” section and enable two-factor authentication.
For iOS: Use iCloud to automatically back up your data. Go to Settings > [your name] > iCloud > Backup and turn it on. Use iCloud Drive to store your data by setting up two-factor authentication. For Android: Use Google Drive or other encrypted cloud storage to back up your data. Go to Settings > System > Backup and select the data to save.
For iOS and Android: Install the Find My iPhone (iOS) or Find My Device (Android) apps to remotely manage your device via the web interface.
Why is this feature needed? If your phone is stolen, you can track its current location and even remotely block the device. If you simply lose it, you can display information on it about how the finder can contact you.
You do not need to remember all your 10 or 20 complex logins and passwords. To remember them, you need to install a program — a password manager (on a PC or smartphone), which itself will come up with complex “locks” for your information and encrypt them. You will only need to remember one password – the master password itself. Open it, and it will automatically open all your instant messengers, social networks, and banking applications. It will also check whether you have duplicate passwords (if you decide to come up with them yourself), and point out weak or compromised ones, that is, those that have already been discovered by someone.
Свежие комментарии