Facebook Twitter Instagram
    Trending
    • 42 States Added Construction Jobs During the Past 12 months
    • Fewer Adults are Planning to Purchase a Home
    • Top 10 Housing Markets Most Affordable for Renting
    • Zumper’s National Rent Report for January ’23
    • New Home Sales Up 2.3% in December
    • Pending Home Sales Up 2.5% in December
    • U.S. National Debt Surpasses $31 Trillion
    • Top 10 Real Estate Markets for First-Time Homebuyers in 2023
    Twitter
    Real Estate Investing Today
    • Home
    • RE Journal
    • ROI Magazine
    • National REIA
      • National REIA
      • Find a REIA near you!
    • Podcasts
    • Housing Data
    • Contact Us
    Real Estate Investing Today
    You are at:Home»technology»Common Cybercrime Techniques

    Common Cybercrime Techniques

    0
    By Brad Beckett on May 24, 2016 technology

    cybercrimeIt seems like everyday we hear about another cyber attack where customer data are stolen and/or a machine gets locked down until a ransom is paid to some unknown hacker, on the other side of the planet.  Recently, IT management site ManageEngine posted an interesting article on their PitStop blog entitled “What you ought to know about the common cybercrime techniques of 2016” that does a great job spelling out the cyber threats we face and how to address them.  The article was written by an Australian, so don’t let the Aussi references throw you off – they’re relevant for us here in the states too.

    Keep in mind; ransomware (in particular) is a large and growing issue.  If you think you’ve  been hit by ransomware or even a virus it is best to just power off your PC because the longer it is on the more damage it can do.  Once powered off, call a technician and ask them to take a look.

    Listed below are the 4 major cyber threats along with proactive measures companies can take to combat them:

    1. Malware, ransomware, spyware and mobile malware

    Malware

    Malware is typically code or a file that is delivered over the network to specifically infect your device, steal important information, or disrupt the normal functioning of your device. Malware attacks play to the deepest fears of companies and executives as critical company secrets are at the risk of being exposed.

    Recently, malware called ZeroAccess infiltrated the payment systems in 60 Pizza Hut stores across Australia, compromising 4,000 devices each day between October and December 2015.

    Various types of malware include viruses, trojan horses, spam, worms, rootkits, remote access tools, and spyware that is injected into a system through software that is otherwise safe.

    Ransomware

    One of the popular forms of malware is ransomware. Ransomware takes control of the administrator access and prevents users from accessing all or some of their systems. Attackers force victims to pay a ransom through various online payment methods, before releasing their vice grip on the victims’ systems.

    Charles Lim, a Frost & Sullivan cyber-security analyst, estimates that nearly 50-60% of the global ransomware attacks are regularly detected in Australia.

    Some of the popular forms of ransomware include CTB-Locker, CryptoWall, CryptoDefense, CryptorBit, and Cryptolocker. These forms of malware infiltrate operating systems via infected email messages or via fake downloads (for example, rogue video players or fake Flash updates).

    Spyware

    Spyware is another common form of malware. Hackers bundle spyware code as a hidden component in freeware or shareware applications that are available for download from the internet.

    Spyware can also spread through infected file attachments. The injected spyware code or application can then gather information about e-mail addresses, passwords, and credit card numbers. The hacker gains access to the victim ‘s device through the spyware and monitors the victim’s activity on the internet.

    Mobile malware

    With more people using smartphones alongside PC’s, hackers are using various techniques to spread malware through mobile apps and SMS text messages.

    If you happened to click links from unknown email senders or from an SMS message, you might actually end up downloading malware.

    Many sources suggest that one of the most common sources of malware on mobiles is spread by manually downloading software that claims to be a video player from websites other than Google Play and Apple’s App Store.

    How to protect against malware, ransomware, spyware and mobile malware:

    • Since a number of operations performed by crypto-ransomware require admin privileges, always keep the user account control settings(UAC) enabled. This can help you prevent unauthorized changes to your computer. UAC triggers notifications about certain changes that are made to your computer that require administrator-level permissions.
    • Ensure to schedule regular backups of your data. Store all your data on cloud or use an external hard drive. Check for all network shares and backup locations. Ensure to allow access or change permissions only by the administrator (and/or the backup service provider).
    • According to CERT many ransomware infections begin with a “.scr” file that is attached as part of a “.zip” or “.cab” email attachment. It is advisable to block “.scr” files at the email gateway and establish control policies for certain applications and device.
    • Implement group policies at computer, domain and domain control levels. These policies can block attackers from installing malware in their favorite directories.Although implementing and managing group policies can be cumbersome at times, this is a necessary step towards proactively preventing any ransomware or spyware attacks.
    • Ultimately be cautious while surfing the internet and avoid suspicious websites, suspicious SMSes and software download options. Remember to install and maintain an updated antivirus program.

    2. Phishing

    As one of the most common cybercrime techniques, phishing is an act of sending an email to a user in an attempt to steal private information from them by falsely claiming to be from a well-known, legitimate enterprise. Phishing email directs the user to visit a bogus website and update personal information such as username, password, or credit card details.

    In February 2016, Snapchat, a social networking platform of more than 200 million users, was the target of a phishing attack where the payroll information of its employees was revealed.

    Typical forms of phishing emails include:

    • · Emails that pretend to be from known and popular banks or other payment transaction platforms.
    • ·Emails that carry links to offer “free” gifts, goods, or services.
    • ·Work-at-home and other business or investment opportunity emails.

    Typical signs of phishing websites include:

    • Suspicious web addresses and misspelled websites of a popular company.
    • Use of “http” in the websites URL instead of “https” (which is used in the URLs of the genuine website).
    •  Websites where the pop-up window appears immediately once the user reaches the suspicious website. These pop-up windows tend to record your username, password and other account information.

    Below are five tips to protect against phishing attacks:

    • · Do not click on the links in emails from unknown senders.
    • · Type addresses directly into the browser or use the personal bookmarks.
    • · Check the website’s security certificate (SSL) before you enter personal or financial information into a website.
    • · Refrain from entering any personal or financial information in unknown pop-up windows.
    • · Ensure that the computer OS ,browser and other critical software (such as anti-virus protection software) are updated with the latest security patches.
    • · Include advanced sand boxing capabilities in your IT security solution to detect malware in phishing emails.

    3. Denial of service (DoS) and distributed denial of service attacks (DDoS):

    DoS and DDoS attacks take advantage of the vulnerabilities in the application protocols and communication protocols. According to a recent CSO article, Australian targets are increasingly hit by shorter, more intense DoS and DDoS attacks and these attacks are, on an average, the largest in the Asia Pacific region.

    Unlike other cyber attacks, DoS and DDoS assaults do not attempt to steal sensitive data. These attacks are instead used as a means to render the network, websites, and other online resources unavailable to users. DoS and DDoS attackers are capable of affecting the complete network and server infrastructure of an enterprise.

    In DoS attacks, attackers use a single internet connection to exploit software vulnerabilities. They flood the target systems with fake requests to exhaust the server resources such as the RAM and CPU.

    In the case of DDoS attacks, attackers tend to flood the systems with multiple requests from multiple connected devices distributed across the network. DDoS assaults tend to target large enterprises and flood their network with huge volumes of traffic. DDoS attacks are generally more devastating and difficult to tackle due to the sheer volume of devices involved.

    How to protect against DoS and DDoS attacks:

    • ·Since attackers can flood the enterprise with more data, periodically validate your network’s security performance. This is a critical step to ensure that your network solutions will hold up during the attacks.
    • ·Deploy intrusion detection/prevention tools to shield from unpatched vulnerabilities.
    • Use file integrity monitoring and log inspection tools to improve your situational awareness of unusual network behavior.

    4. IoT-based botnets

    As technology becomes more accessible, internet of things (IoT)-based bots have become the latest tools for cyber criminals. Various sources predict that by 2017, Chinese and Eastern European hackers are likely to control millions of devices and create a botnet army of these IoT-connected devices. This botnet army can be used for carrying out nefarious activities planned by the hackers.

    A conventional botnet is made up of computers that are remotely accessed by the hackers without the owners’ knowledge.An IoT botnet on the other hand (internet of things botnet) is a group of hacked devices, that include computers, smart appliances, and internet-connected devices, co-opted for illicitly transferring data from the victim’s devices.

    How to protect against IoT botnets:

    • Update your computer’s antivirus software.
    • Ensure that Microsoft Windows and certain main programs (MsOffice, Adobe products) on your devices have the latest version updates.
    • Configure your software settings to automatically update the security settings on your browser.
    • Never click on attachments from an unverified source.
    • Install a good firewall analyzer to block the network ports used by botnet controllers.
    • Install aggressive identification ,monitoring tools and devices. Preferably install a robust identity management system and validate account credentials at appropriate intervals.

    At the end of the day, there is no straightforward or easy way out to prevent cybercrime. All you can do is practice and implement certain robust PC and device security measures, keep up your firewall guard, and have a close eye on the network traffic logs for any unusual activity. Ultimately, the cybercrimes of the past have taught us that investing before a breach is far less expensive than recovering from one.

    Click here to read the full article.

    Share this:

    • Click to email a link to a friend (Opens in new window)
    • Click to print (Opens in new window)
    • Click to share on Twitter (Opens in new window)
    • Click to share on Facebook (Opens in new window)
    • Click to share on LinkedIn (Opens in new window)
    • Click to share on Pinterest (Opens in new window)
    • Click to share on Reddit (Opens in new window)

    Related

    Brad Beckett
    • Website
    • Facebook
    • Twitter

    Director of Education & Outreach, National Real Estate Investors Association

    Related Posts

    42 States Added Construction Jobs During the Past 12 months

    Fewer Adults are Planning to Purchase a Home

    Top 10 Housing Markets Most Affordable for Renting

    Comments are closed.

    Emergency Rental Assistance
    Action Alert HR 5013 – Seller Finance
    https://youtu.be/WP-IAtGnPsQ

    Click here to visit the National REIA Legislative Action Center.

    Stay Informed!

    Simply enter your email address in the space below to receive our latest posts right in your mailbox! It's FREE!

    Join 2,509 other subscribers
    Podcasts
    podcasts
    Survey of the Quarter:
    • Most Recent Posts
    February 1, 2023

    42 States Added Construction Jobs During the Past 12 months

    February 1, 2023

    Fewer Adults are Planning to Purchase a Home

    January 31, 2023

    Top 10 Housing Markets Most Affordable for Renting

    January 31, 2023

    Zumper’s National Rent Report for January ’23

    Benefits of Joining National REIA
    Click here to find a REIA!
    The Latest issue of the RE Journal
    REJ cover winter 22-23
    Follow us on Twitter: @REI2Day
    My Tweets
    Keyword Search
    Real Estate Investing Today
    National Real Estate Investors Association
    2755 Mansion Place
    Crestview Hills, KY 41017
    888-762-7342
    www.NationalREIA.org
    Top 100 Real Estate Investing Blogs & Websites on the Web
    Categories
    About Real Estate Investing Today

    Real Estate Investing Today is the news aggregation site for the National Real Estate Investors Association (NREIA) and features news & industry updates to help investors stay informed. Learn more at www.NationalREIA.org

    Media Inquiries

    Media Inquiries Click here

    Copyright 2022 Real Estate Investing Today

    • Home
    • News
    • Legislative
    • Market Trends
    • Residential
    • Data
    • Rentals
    • Crowdfunding
    • Legal
    • Regulations & Taxes
    • Infographics
    • Technology
    Copyright 2022 Real Estate Investing Today
    • Home
    • News
    • Legislative
    • Market Trends
    • Residential
    • Data
    • Rentals
    • Crowdfunding
    • Legal
    • Regulations & Taxes
    • Infographics
    • Technology

    Type above and press Enter to search. Press Esc to cancel.