Internet Threats Amidst & After COVID-19
Garner’s worldwide forecast of $124 billion spending on information security in 2020 and Twitter’s hacked accounts of celebrities like Bill Gates, Elon Musk, Joe Biden, and Barack Obama are all evidence of existing and permanent online threats.
Cybersecurity investments slowed down, but this has not been the case for internet threats, which are still wreaking havoc with the increasing adoption of remote working by firms around the world. There exist many online threats, and new ones emerge every day. However, there are several ways to avert them.
What you will learn from this article:
- The most common internet threats
- Consequences following the attack of an online threat
- Some of the platforms they often target
- How individuals and businesses can prevent them
1) The most common internet threats
Inappropriate content for kids
You might not have expected this one on the list of web-based threats, but your kids are as exposed as you. The thought of them being exposed to pornography, violence, or of a predator hidden behind social media while you are too busy running meetings on Zoom or Skype in another room is disheartening.
Thus, monitoring them as they have become savvier at running the gamut of devices Apple, Google, or Microsoft has to offer becomes imperative.
According to Ryan Olson atUnit42, a hundred thousand domains containing the terms ‘corona', ‘virus,' or ‘COVID' have been registered in 2020.
Moreover, several malicious emails have claimed to be from the U.S Department of Treasury, with luring subject lines telling you that you received a grant or stimulus payment owing to COVID-19, often with attachments in the form of a .doc extension.
Even though you may still call it phishing (discussed below), it is worth a paragraph on its own, because people, unfortunately, fall for it and always will.
There are numerous types of malware, such as computer viruses, spyware, worms, adware, botnet, rootkit, cryptocurrency miner, ransomware, keylogger, and Trojan horses, etc. They damage computers and networks and create access to other threats such as information theft and financial losses.
For example, the malware case that infected an official Covid-19 tracing app initiated by the Canadian government. It corrupted data provided on the app by the COVID-19-infected victims.
Phishing, spoofing, spear-phishing
They are slightly different, but they mostly come in the same form. Emails. They happen when the attacker disguises as a legal person or business to steal sensitive information through fraudulent emails (phishing or spamming).
For instance, someone asks you to provide your personal information to claim a lottery prize or the likes that many of us might have received in the past. Other examples include emails with subject lines such as ‘COVID-19 updates' or UNICEF COVID Aid.
If you’ve heard of Kevin Mitnick, a legend in hacking, then you probably know what social engineering is. If not, a simple explanation can be illustrated with the twitter hack, which saw many high-profile accounts compromised.
During social engineering, an attacker takes control of a computer and its user’s credentials, then publishes messages from the user’s devices, usually intending to create chaos or pull off a scam, or run another malicious program.
Distributed Denial of Service Attack (DDoS)
It is an attack created to shut down a network or system, making it inaccessible to its users. It causes a network to crash or restricts access to a page they expected to see. They rose by over 278% in Q1 2020, according to NexusGuard via CPO Magazine.
For example, when you are trying to log in to your online banking account or check the latest Nike sneakers, you may have messages of this sort — "Error 5XX, service unavailable", "the connection has timed out," "error 4XX", which might also be the result of a server going through maintenance.
SQL Injection attack
Many cybersecurity experts consider SQL injections to be among the most dangerous internet threats. They could affect any website or web application with a database using SQL.
For instance, imagine that you went to the office one day and tried to enter your office building but got your access card denied. Then you called the IT department of your firm to fix it, and at your big surprise, told you they were not able to see your credentials in the database. What would you do?
If that were a SQL attack, it would be less painful to have your ID wiped than those of all your customers!
Wi-Fi eavesdropping, bluesnarfing, man-in-the-middle attacks
Wi-Fi eavesdropping is an electronic attack whereby a cybercriminal intercepts digital communications that are not intended to him/her.
Whereas during bluesnarfing, the attacker sends anonymous messages to Bluetooth-enabled devices to steal information from those devices. In both cases, the intention is the same. To steal data or compromise a system/network.
2) Consequences following the attack of an online threat
Potential consequences vary depending on whom the victim is, and the desired outcome cybercriminals have in mind; they may include the following:
- Abduction, kidnapping, trauma due to violent/sensitive content, bullying others or replicating violent acts.
- Release of sensitive information to the public.
- Suicide, not only on the hacker’s side as in this story featured on BBC, but yours too.
- Payment of loads of cash following a ransomware attack
- Resignation following negligence or public scandal tarnishing your image
- Future attacks if no immediate action is taken
- Intempestive pop-up messages on your screen
- Computer or device sluggishness and uselessness from time to time
- Deleted or missing files without your awareness
- No control over your devices
- Issues opening files on your computer
- And the list goes on…
3) Some of the platforms often targeted
Internet threats will use any weakness within your operating system or application on your devices. Some of the most targeted platforms are:
- Windows: some malware still targets weaknesses that were detected ten years ago. As a result, the age of your device and software/hardware might be the passageway for an attacker to load the threat.
For example, during the Covid-19 pandemic, many institutions have been attacked by malware called HiddenTear due to a Microsoft vulnerability (CVE-2012−0158).
- Java: Well, this is not surprising, as Java runs on more than three billion devices connected to various operating systems, most of which are rife with potential vulnerabilities.
- Android: It is often targeted to use root privileges, which will then give full control to the attacker over the infected devices. Like Java, it is also widely used, making it more prone to be attacked.
- Adobe Reader: Despite a lower frequency of attacks, Adobe Reader is still the subject of some online threats, though it’s getting harder for cybercriminals to establish active exploits on the application owing to security updates from Adobe.
4) How individuals and businesses can prevent them
If you’ve ever been the target of a phishing scam, information, and money theft, you know how painful this is. God knows you might have wanted revenge, but without success. But at least you can combine some of the following to prevent future attacks:
- Multi Factor Authentication which combines three or more methods of security.
- Don’t blend work and personal life. As an employee or employer, you should use your work devices just for work and personal ones just for personal things.
- Avoid downloading free software unless it is from a trusted source.
- Install a parental control cloud-based web filter with content categorization for your family.
- Send your employees to cybersecurity training.
- Install and regularly update your antivirus software on every single computer run by your business or home.
- Unified threat management(UTM) firewall that provides a one-in-all package with web filtering, anti-spam, anti-virus, and content filtering.
- Continually change your passwords. Let’s be honest, when was the last time you changed your password? Avoid anything relating to you (birthdays, names, etc.).
- Leverage your capabilities of blocking exploits by using real-time intelligence internet security solutions
- Update your software or operating systems and applications as soon as its newest version is available.
- In case you use a Wi-Fi network for your office or home, make it secure and hidden.
- Create a backup for all your business information and other sensitive data
As pointed out by Accenture, humans are still the weakest link. That is partly because most of us have a narrow idea of what the ebbs and flows of internet threats are. We often (in)voluntarily ignore their spectrum of attacks, which can destroy our lives, businesses, and finances.
Online threats will always lurk around, for it is people, not computers, who create them. Other than that, be aware that there isn’t an all-in-one security software solution tackling all of the threats mentioned above.
For businesses, training about cybersecurity will be essential, but the process might be complicated. Especially in remote settings, as highlighted by the Washington Street Journal, a trend to monitor, and perhaps it won’t be so detrimental for your type of business if you have already got the right security tools.
Are you currently looking for protection against internet threats? If yes, SafeDNS provides web filtering solutions for homes, religious congregations, nonprofits, schools, libraries,MSPs, and public Wi-Fi hotspots. Start with a free trial.
Otherwise, please, share this article or follow us on Facebook, Twitter, Instagram, and LinkedIn.