A guide to all the latest cyber criminal tricks, and how to beat them
When it comes to defeating security threats, awareness is one of the most effective weapons in your arsenal, and our chief aim is to continue providing you with the knowledge and the defences you need to stay one step ahead of the hackers and scammers.
Below we run through the latest security threats and show you new ways to beat them. The overall message here is: don't be complacent. The techniques used by crooks and hackers are always evolving, so you need to keep evolving your security strategies, too.
The return of ransomware
Ransomware had a profitable year in 2017, but it reduced over time. This is partly due to many corporations investing in backup solutions that mitigate the impact of a ransomware event, or a quality Endpoint Detection and Response (EDR) solution, which effectively eliminates the risk. As a result, fewer companies are susceptible to ransomware and less are paying up. However, there were still plenty of high-profile ransomware events in 2018, which is why it remains towards the top of most security experts lists.
For Brian Hussey, VP of cyber threat detection and response at Trustwave SpiderLabs, there's still lots of lots of money in ransomware. "Though overall, I predict continued impact reduction of ransomware threats in the coming years, there are enough companies running lax security practices that still makes ransomware profitable," he says.
The fix: Practice the fundamentals
According to its 2018 Threat report, Sophos says it's about getting the basics right, such as using a password manager and never reusing passwords. Keep up to date with operating system patches and app or software updates. Change the default administrator passwords on things like home routers, modems, and network-attached storage servers. Add a passcode or password pattern to your phone. Use multi-factor authentication for everything you can use it for. Stay mindful and practice reflexive distrust of unknown files, messages, or links.
As more and more objects and devices become internet-connected criminals have been devising new ways to hijack them by using nodes in huge botnets. These botnets are used to conduct distributed denial-of-service (DDoS) attacks, mine cryptocurrency, infiltrate networks for the purposes of espionage or data theft, or even create chaos by "bricking" the device, taking it permanently offline or demanding a ransom to restore it to full functionality.
These types of attacks are on the rise and in 2018, SophosLabs saw significant growth in the volume of attacks targeting IoT devices. One of the reasons for this is that it's challenging to detect a device is affected until something goes horribly wrong.
The fix: Get the basics right
The government's Secure by Design initiative will help with IoT security, but there's plenty you can do to shore up your network yourself, such as not using default passwords and making sure the device is updated.
A new IoT device that's a replacement for old devices makes it increasingly easy to forget about every connected device on your network. But old IoT devices may carry old security protocols, forgotten passwords, and a whole host of other threats to your networks.
Each IoT device is a potential weak point that has to be secured. So if there are old access points that you no longer use, you'll want to thoroughly disconnect them from the network and even go as far as to do a factory reset on the gadget and reduce the number of openings you'll have to keep an eye on.
Despite being around for a number of years, phishing is still proving to be a big threat with hackers using more and more innovative methods to intercept. It is believed that businesses both in the UK and wider Europe could see a sharp spike in phishing attacks once the political uncertainty around Brexit is resolved, with analysts already spotting a rise in malicious activity.
The outcome of negotiations should be known by March 2019, by which point organisations will face an increase in Brexit-themed spearphishing campaigns and political disinformation that could transition into infiltration, according to threat intelligence firm EclecticIQ.
"Cybercriminals could easily exploit Brexit in large-scale phishing campaigns," the researchers said.
"A campaign targeting businesses could see cybercriminals sending out documents that are made to look like government advice on dealing with Brexit which in fact download malware."
The fix: Don't trust anything
Sadly, these latest scams simply highlight the need to be hyper-vigilant when it comes to spotting fakes, whether they appear online, in an email or on your phone. You should never assume any unexpected communication is genuine until you've been able to verify it independently. Call your bank if you receive a text message, for example.
More than a million people downloaded this fake version of WhatsApp
Never click links in emails, never disclose any personal details and don't reply to any suspicious texts you receive. Also, remember that unencrypted text messages can be intercepted by just about anyone. It's much safer to use messaging tools that employ end-to-end encryption, such as WhatsApp. Just make sure you install the real WhatsApp, not the recent fake one – cleverly named 'Update WhatsApp Messenger' on Google Play – which tricked more than a million people into downloading it, then bombarded them with ads.
Yes, this is another type of scam to watch out for, and worrying proof that not all Google Play apps are safe.