Federal Agency Outlines Common Cyber Threats and Risk
While cybersecurity threats are constantly evolving, many cyber criminals use variations of the same methods of cyber attack. Specifics of these attacks may differ, but the nature of the attacks stay the same. Cyber criminals take advantage of a user’s lack of technical expertise and trusting natures.
The Stop.Think.Connect. Campaign, with assistance from the United States Computer Emergency Readiness Team (US-CERT), encourages everyone to understand these common threats and risks, and to take steps to protect themselves.
Malware: Malware is a general term to describe malicious code or software. There are many types of malware, including viruses, worms, trojan horses, ransomware, and spyware to name a few. Malware can disrupt your computer’s operations and destroy files or run quietly in the background, tracking what you type or what sites you visit, and sending this information from your computer to cyber criminals. In the case of ransomware, the malicious code locks your computer or encrypts certain files on your computer and threatens to delete files or keep your computer locked until you pay a monetary fine.
What you can do to protect yourself:
- Keep your anti-virus software updated. New viruses are continually being written and deployed. Updating your anti-virus software helps you fight against the latest malware.
- Back up your files. If you are a victim of malware, such as a virus or ransomware, you may risk losing files and data on your computer. Regularly back up your computer to the cloud or an external hard drive to protect your work, your photos, and your documents.
If your system has already been infected:
- Contact your IT department. If your work device has been infected, contact your IT department so they can investigate and clean your machine.
- Change your passwords. The malware may have given attackers access to the data on your machine, including information to help them access sensitive accounts. Change passwords for all banking, social media, and other accounts as soon as possible.
Outdated Software and Operating Systems: Don’t be complacent about cybersecurity when you purchase a new computer or mobile device, or install new software. Even after their release, operating systems and other software may have or develop security vulnerabilities that cyber criminals can exploit. Software vendors will release patches or updates for their software when security vulnerabilities are discovered.
Computer and mobile device manufacturers will also release updated operating systems that provide increased security.
What you can do to protect yourself:
- Install patches. Some software programs will automatically check for updates; it is recommended that you turn this feature on when installing the software. Otherwise, visit the vendor website to see if there are patches or updates available, or sign up for automatic email alerts from the vendor to be notified when patches are released. Only download patches from legitimate vendor websites. Do not trust a link in an email message, which can actually link to malware instead of the software patch.
- Update software and operating systems. The method for updating operating systems differs based on the type of device you have (i.e., Mac vs. PC computers or laptops, or Apple vs. Android phones and tablets). Many computers or smart phones will alert the user when an operating system update is available.
Phishing: Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques, or tricking them into thinking that the activity is legitimate or necessary. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or from someone the person actually knows. These emails often entice users to click on a link that takes the user to a fraudulent (or “spoofed”) website that appears to be legitimate. The user may be asked to provide personal information, such as account usernames and passwords.
Additionally, these fraudulent websites may contain malicious code. Attackers sometimes take advantage of major events – such as a natural disaster, sporting event, etc. – and pretend to be legitimate charities or retailers to entice users.
What you can do to protect yourself:
- Be wary of unsolicited emails asking for personal information. Do not provide personal information or internal company information unless you have verified that the sender is legitimate.
- Think before you click. Do not click on links in unsolicited emails.
- Check URLs. Confirm that a site is legitimate before visiting or entering sensitive information. Many fraudulent sites have URLs that are “off” in some manner – misspellings or ending in something other than .com, .org, .edu, or .gov.
- Report suspicious emails. Either forward the email to your company’s IT department, or report it to US-CERT by emailing phishing-report@us-cert.gov.
For more information on cyber threats and risks, and how to protect yourself, visit https://www.us-cert.gov/ncas/tips.
Source: US-CERT