Before delving into the CIA concept, let’s quickly refresh our memory. This 57-second video offers a concise overview of the Malwware, Phishing and Ransomeware .
Now, let’s dive into these concepts to better understand how they pose risks to our digital security.
Malware
Malware is short for “malicious software,” includes any software (such as a virus, Trojan, or spyware) that is installed on your computer or mobile device. The software is then used, usually covertly, to compromise the integrity of your device. Most commonly, malware is designed to give attackers access to your infected computer. That access may allow others to monitor and control your online activity or steal your personal information or other sensitive data (From Cybersecurity and Infrastructure Security Agency)
There are many unique types of malware that can infect your computer. Below is more information about a few of the more common types, according to the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT):
- Virus: a program that spreads by first infecting files or the system areas of a computer or network router’s hard drive and then making copies of itself. Some viruses are harmless, others may damage data files, and some may destroy files entirely.
- Ransomware: a type of malware that infects a computer and restricts access to it until a ransom is paid by the user to unlock it. Even when a victim pays the ransom amount, the stolen files could remain locked or be deleted by the cybercriminals.
- Worm: a type of malware that replicates itself over and over within a computer and network
- Botnets: networks of computers infected by malware and controlled remotely by cybercriminals, usually for financial gain or to launch attacks on websites or networks. Many botnets are designed to harvest data, such as passwords, Social Security numbers, credit card numbers, and other personal information.
- Rootkit: a type of malware that opens a permanent “back door” into a computer system. Once installed, a rootkit will allow additional viruses to infect a computer as various hackers find the vulnerable computer exposed and compromise it.
- Spyware: a type of malware that quietly gathers a user’s sensitive information (including browsing and computing habits) and reports it to unauthorized third parties.
- Trojan (Trojan Horse): a type of malware that disguises itself as a normal file to trick a user into downloading it in order to gain unauthorized access to a computer.
What are some tips to avoid viruses and lessen their impact?
- Install anti-virus software from a reputable vendor (at your home, probably Windows Defender can be a great choice for a free version). Update it and use it regularly.
- In addition to scanning for viruses on a regular basis, install an “on access” scanner (included in most anti-virus software packages) and configure it to start each time you start up your computer. This will protect your system by checking for viruses each time you run an executable file.
- Use a virus scan before opening any new programs or files containing executable code. This includes packaged software that you buy from the store as well as any program you might download from the Internet.
- If you are a member of an online community or chat room, be very careful about accepting files or clicking links that you find or that people send you within the community.
- Make sure you back up your data (documents, bookmark files, important email messages, etc.) on disc so that you do not lose valuable work in the event of a virus infection.
Phishing
Phishing: a form of social engineering (the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes) that uses email or malicious websites to solicit personal information or to get you to download malicious software by posing as a trustworthy entity.
Types of Phishing
There are many unique types of Phishing that can trick you. CK will cover more in-depth phishing attacks in another blog post and video.
- Spearphishing: targeted at an individual by including key information about them
- Whaling: targeted at a high-profile individual to steal sensitive and high-value information
- Vishing: Phishing via voice communication to entice the victim to engage in conversation and build trust
- Smishing: Phishing via text messages to get the victim to click on a link, download files and applications, or begin a conversation
What are some tips to avoid Phishing?
- When in doubt, report it out: If it looks suspicious, it’s best to mark it as “junk” and forward to your IT staff.
- Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for PII.
- Make passwords long and strong: Use a password manager to ensure you have unique, long, and strong passwords for each account.
- Use multi-factor authentication (MFA): Enabling MFA can help prevent adversaries from gaining access to your systems even if your password is compromised.
- Be wary of hyperlinks: Avoid clicking on hyperlinks in emails; hover your cursor over links in the body of the email—if the links do not match the text that appears when hovering over them, the link may be spoofed.
- Install and update antivirus software: Make sure all your computers are equipped with regularly updated antivirus software, firewalls, email filters, and antispyware
Ransomware
Ransomware: is an ever-evolving form of malware designed to encrypt files (make it unreadible) on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption (make it readable). Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent months, ransomware has dominated the headlines, but incidents among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations have been growing for years.
Here is an example of Ransomware below.
What are some tips to prevent ransomware?
.
Reference: CISA.gov: Cybersecurity and Infrastructure Security Agency website & NIST.gov: National Institute of Standards and Technology website
Blog
From Our Blog
Learn about OSI Model
This blog, we will shortly discuss The Open Systems Interconnection Model (OSI...
Navigating the Depths: Exploring the Surface, Deep, and Dark Web
The internet is like a big iceberg floating in the sea. You see only a bit of...
Cybersecurity 101: Phishing, Spear Phishing, and Whaling
Think of the internet as a huge playground where we all hang out. But just...
CK Cyber
To empower you with the knowledge for cybersecurity to protect the cyber-world.