The world of cyber crime is an endless game of cat and mouse. Each time security experts discover a vulnerability and develop ways to protect against it, hackers find another loophole and exploit it. However, despite all of the new tricks cyber criminals have up their nefarious sleeves, many times they resort to a few common methods of accessing and stealing data — with only a few adjustments. If you understand these tricks and how you’re vulnerable, you can protect your valuable data against theft more effectively.
When unsuspecting users believe they are downloading something safe, but it is actually malware, that’s bait and switch — and it’s surprisingly common. For example, a cyber criminal could purchase advertising space on a popular website, purporting to promote something benign, but when the ad is actually placed, it contains malicious code that spreads malware. Another common hacker trick is to offer something “free” to users, such as widgets for a website or blog, that are not malicious when added to the site. However, once the code is installed, the criminals make changes. Suddenly, the malware starts to spread. To avoid this, install robust antivirus software that will detect and block malicious code, and only download content from trusted sources.
Clever File-Naming Conventions
Hackers have long tricked unsuspecting victims by giving their malware names that will entice people to click on the link, or that are virtually identical to legitimate programs. They often exploit a common operating system default of hiding known file extensions – including.exe, which is commonly used in malware – meaning that users may click on the incorrect link because they don’t see the difference and launch malware. This can be avoided if you take the time to check on the full file name before opening, and avoid clicking on unfamiliar links even if they look enticing.
Fake Wireless Access Points
Creating fake wireless access points is one of the easiest — and most effective — methods for hackers to gain access to other people’s computers. Using a wireless network card and some software, the hacker sets up shop in a coffee shop, library, airport or other public area where people commonly get online, and creates a fake wireless point that looks like it’s the official wireless network, but is actually connected to their machine. An unsuspecting user then tries to access the Internet through the fake access point — which is generally named something that looks “official,” like “Logan Airport Free Wireless,” and begins working. The hacker can then intercept everything sent over that connection, including passwords and sensitive data. In some cases, the hacker even requires “guests” to register for an account; because most people use an email and password combination they use elsewhere, all the hacker then needs to do is try that combination on other popular sites. To avoid falling into this trap, always confirm you’re accessing a legitimate access point; do not send sensitive data over unsecured or public networks.
Watering Hole Attacks
Watering hole attacks are one of the latest trends among hackers — and many people who fall victim to these attacks aren’t even the intended targets. When a hacker launches a watering hole attack, he or she may create a fake wireless access point at a place where employees of a certain organization gather, such as a coffee shop near the headquarters. Or, the hacker may inject malicious code into a website many people from the company visit regularly, such as a social media site. When someone accesses the site and the code installs on their machine, the hacker then gains access to the target network — and all the data it contains. Watering hole attacks can be avoided by only logging in to secure networks, using firewalls and antivirus software, and educating employees about their dangers.
Hackers have long known that if you can access the cookies on a user’s machine, you can access websites as if you were that user — and steal valuable data. That’s why cookie theft is one of the most common tricks they use, often in conjunction with a fake wireless access point and a browser add-on that makes it easy to locate and take over cookies. Encryption can help deter the criminals. If you’re using a public access point, disable cookies on your machine to prevent them from being stored and potentially stolen.
While hackers will resort to almost any tactic to gain access to your data, these are among the most common, and most easily prevented, means of attack. Click here for more information from Trend Micro on network security, and keep your virus protection up to date, avoid unsecured networks and know what you’re clicking on. This way, you can avoid many of the security landmines that lead to data breaches.