This is the ultimate guide to protect your data on the web. From passwords to opening emails, everyone knows what they should do but do you do it? Tons of malicious content floods the internet which can compromise your system and your device, be it your laptop, tablet or phone. How often do you make payments online? Do you have children and want to ensure they stay safe online? How often do you sit at a coffee shop and log onto their free WIFI? How often do you use social media on the train or bus? If you believe using an antivirus software will keep devices safe... you are wrong. This book will guide you and provide solutions to avoid common mistakes and to combat cyber attacks. This Guide covers areas such as building resilience into our IT Lifestyle; Online Identity; Cyber Abuse: Scenarios and Stories; Protecting Devices; Download and share; Gaming, gamble and travel; Copycat websites; I Spy and QR Codes; Banking, apps and Passwords. Includes chapers from Nick Wilding, General Manager at AXELOS, Tim Mitchell, Content Director at Get Safe Online, Maureen Kendal, Director at Cybercare, Nick Ioannou, Founder of Boolean Logical, and CYBERAWARE.
|Publisher:||Legend Times Group|
|Product dimensions:||5.00(w) x 7.70(h) x 0.80(d)|
About the Author
Read an Excerpt
DAY TO DAY LIVING IN THE CYBER WORLD
Content Director of Get Safe Online
PROTECT YOUR COMPUTER AND DEVICES
There's a commonly-quoted statistic in law enforcement and information security circles: 80% of cyber-dependent and cyber-enabled crimes could be avoided if we all just changed our behaviours and took more care when using the internet.
It could be argued that 'behaviours' and 'taking more care' mean knowing when not to click on links or attachments in emails, nor paying someone you don't know by bank transfer, or donating to charity only via well-known channels (and many, many others). And that protecting your computer, smartphone or tablet is about technology, not your online behaviour. However, the ongoing and very necessary task of making sure that these devices are protected constitutes a behaviour in its own right, so don't blame the tech if you become a victim of fraud because your antivirus runs out, because it's your responsibility to make sure it doesn't.
To many, this will sound like common sense, but one of the most common flaws in human nature is putting things off.
The last things I want are for you to stop using the internet, and for you to become paranoid (or to think I'm paranoid). But cyber-enabled and cyber-dependent crimes are the fastest-growing of any, and I'd like to think that you will read and heed the advice and make being careful the default when going online and using your devices.
Viruses, spyware and other malware (malicious software) represent big business for the cybercriminal fraternity, whether they're devising and coding new strains, selling it on to other criminals, hosting it, distributing it and generally profiting from the dishonest gains made at the expense of their victims. Malware can cause many things to happen, from generating clicks in order to artificially boost advertising revenue, making your device part of a 'botnet' to swamp a website with traffic in order to close it down (known as a Distributed Denial of Service or DDoS attack). Some can snoop on all your online transactions including email, banking and payments; some can even activate your webcam to quite literally spy on you or your family.
Then there's ransomware, which is when criminals literally hold you to ransom by locking access to your files and programs until a financial ransom is paid (allegedly). Ransomware is one of the most burgeoning and insidious threats today and has become well-known owing to a number of high-profile and damaging attacks.
Malware is one of those terms which started off in a technical sector (cybersecurity / information security in this case) and has subsequently been adopted by everyone. Having said that, some internet users still aren't aware of the term, instead still using 'viruses' as a catch-all, which technically, isn't accurate. So let's define the word malware, and stick with it.
Putting it simply, malware is malicious software coded with the intent of causing harm to a user, a system, or a network. It can at best disrupt and, at worst, cripple its targets in a number of ways, depending on its nature and objectives. It is programmed to act by stealth, often residing on devices and systems for long periods of time while the user (you or I) remain oblivious. It is usually disguised as a clean program. For consumers, the effects of a malware infection can range from inconvenience to, literally, financial ruin. For organisations, add business interruption, loss of revenue, reputation damage and possibly closure. There's a well-documented incident regarding a senior executive in a business who plugged his vaping charger (albeit a spurious model not supplied with the original kit) into his company computer, only to be informed by the IT department that it had been pre-loaded with malware, which proceeded to infect not only his device ... but the entire network.
Malware has been around for many years ... the term was coined in 1990 but viruses had already been around for decades. Given that its development and distribution is a multi-million-pound industry (for criminals), it's not surprising that it evolves at an alarming rate and, to be frank, the cybersecurity industry and law enforcement struggle to keep up with it when it comes to protection. It's often quoted that over a million new malware threats are released every day. It's hard to conceive the scale of this and the havoc it wreaks amongst ordinary computer and mobile device users in their personal and business lives. This is why the combination of the best malware protection you can afford – and understanding what you can do to avoid the issues that can cause you problems – are so vital.
Types of malware
I have no wish to get overly technical, but in a book on cybersecurity I think it's important to discuss the different types of malware out there, give you a brief explanation of what they do, and what this means for you if you're affected. These are listed in no particular order.
To be described as a virus, malware must be able to reproduce the code that's programmed into it, meaning that it will distribute copies of itself by any means possible. It will infect a device or network but work away in the background undetected, hiding within files whilst the device executes (runs) the code. A virus generally needs some kind of human intervention to propagate, such as you clicking on an infected attachment or visiting a malicious website.
There are three main types of virus:
1. File infectors
An 'executable file' on a computer is one that is used to perform a task, rather than one that contains data like a word processing document or photo. Some viruses enter ordinary executable files (such as those with a .EXE or .COM extension) by stealth, in readiness for that function to be instigated by the user. Batch and script files such as those with .BAT, .JS. and .VB extensions are also susceptible, as well as screensaver (.SCR) files.
2. System / boot infectors
Some viruses are designed to infect your computer by installing themselves as part of its operating system, residing in the RAM (random access memory). Nowadays, security built into contemporary operating systems has largely combated these types of viruses, so cybercriminals are less likely to develop and distribute them. However, this does indicate the importance of you running the latest version of the operating system that your device will allow.
3. Macro viruses
Macro viruses run inside certain software applications that allow macro programs to offer more functions. They can result in accessing sensitive information, data theft and consuming system resources, often explaining a noticeable deterioration in the performance of infected systems, such as slow running, overheating and the inability to perform the most basic tasks. Macro viruses used to be renowned for targeting Microsoft Office programs, but these days unsigned macros are automatically disabled.
Worms are small, standalone programs that replicate without targeting specific files apart from the operating system files, indiscriminately destroying files and data on the device until the drive that they're inhabiting is empty. Unlike viruses, which latch on to existing files, worms are self-contained.
Worms generally arrive via emails and instant messages, exploiting security vulnerabilities to spread via networks. Some worms are designed to merely use computers and networks to spread, rather than damaging them, but this doesn't make them any less malicious.
A Trojan horse is named after the legendary wooden horse disguised by the ancient Greeks as an offering to Athena – but actually concealed around 40 soldiers who opened the gates of Troy, leading to its downfall. Normally referred to simply as a 'Trojan' this malicious program misrepresents itself as authentic software to appear genuine and convince you, the PC user, to install it on your device. Not unlike what happened in Troy, some types of modern-day Trojans disguise themselves as software that removes viruses, whereas they are doing precisely the opposite: installing them.
Trojans can carry (and disguise) pretty much anything, but generally they're items of malware that create a 'backdoor' that enables criminal access to your computer. Critically, they enable access to your personal information: passwords, banking details and IP addresses to name but a few. Some can snoop on your keystrokes to harvest logins and payment card data. Many ransomware attacks are also perpetrated by Trojans.
As the name suggests, spyware is a kind of malware designed to constantly spy on you or, more accurately, spy on what you're doing on your connected device. It can take many different forms ... from tracking your internet activity in order to exploit your interests for commercial gain to downloading adware, to gathering information about you without your knowledge, again from your online activity but also from data you have stored. This could include financial or other personal information in order to perpetrate various types of fraud, identity theft or both. It could also include your photos, videos and sound recordings.
One kind of spyware that is becoming more commonplace is a Remote Access Trojan or, appropriately, RAT, for short. RATs are usually downloaded without your knowledge, with a program legitimately requested by you such as a game, or perhaps as an email attachment.
Obtaining your confidential information or capturing your every financial transaction is bad enough. However, a particularly insidious application for RATs is to activate your webcam or other internet-connected cameras around the home or office, and therefore, quite literally, spy on you. The motives are varied – from facilitating webcam blackmail (such as threatening to post footage of what you're doing sitting at your computer), to financial or identity fraud, or just for kicks. Cases that come to mind are an 18 year old student who was watching a video on her laptop whilst in the bath and spotted that the LED next to the built-in webcam was illuminated, and a Russian website that broadcast an array of feeds from many cameras around the world that it had activated via spyware infections. You should note that some variants don't activate the LED – just the camera – so you may not even know that you're being watched.
In addition to the advice I always give about avoiding malware by having up-to-date antivirus installed and not clicking on spurious links or attachments, I also advise you to cover up your webcam if you're worried about being physically spied on. You can buy an inexpensive device for this, but to my mind, a Post-it or piece of opaque adhesive tape is ample.
Ransomware has actually been in existence since the late 1980s, rose to prominence in 2013 and almost became a household name in 2017 with the 'WannaCry' attack, which infected more than 300,000 computers in 150 countries. In the UK alone, more than 80 National Health Service hospitals were impacted, resulting in cancelled surgeries and diverted ambulances. But it can just as easily affect individuals' own computers or, increasingly, mobile devices.
Many regard ransomware as the most malicious type of ransomware, as it blocks access to your data, accompanied by a screen which demands a ransom, normally payable in digital currency. Sometimes, it 'merely' locks your system, difficult enough for most people to remedy. More sophisticated versions, however, actually encrypt your files, rendering them inaccessible until the ransom is paid. Restoration is best left to an expert and therefore normally not cheap. Sometimes, the perpetrators also threaten to publish your data online.
However, there's no guarantee that paying the ransom will restore your access to the data nor prevent it from being deleted. I advise you to never even consider making a ransom payment if this happens to you.
Good day-to-day online practice on your part will help to prevent a ransomware attack. It should go without saying that your computer should be protected by an updated antivirus program. Cybercriminals also look for security weaknesses in your software – including your operating system – so it's essential to update all software when prompted, as updates almost invariably contain security patches. Better still, set software and operating systems to update automatically, then you won't have to worry about it.
Be careful about the websites you visit, as some are found to be infected (either intentionally or inadvertently), which could in turn cause an infection on your own device.
The existence and effects of ransomware also serve to reinforce the importance of performing regular backups of all or selected important data. It's perfectly possible that you'll lose financial records, important documents or cherished photos altogether in a ransomware attack, with the consequences ranging from inconvenience to heartache. Businesses who have failed to back up their data can suffer revenue losses, reputational damage, financial penalties and even closure.
A keylogger is a type of software program that records (logs) all the information that you type on your keyboard and sends it to the cybercriminal who has installed it on your computer. It runs in the background, so you're unaware that your keystrokes are being monitored.
In this way, the perpetrator can obtain sensitive information such as usernames, passwords and payment card details. From continuous monitoring over a number of transactions, it is even possible to obtain the memorable information requested along with the password ... set up when you opened the account. Keyloggers do not have the capability to record information typed on virtual keyboards.
Considered to be one of the most lucrative (for its distributors) but least harmful types of malware, adware (short for 'advertising-supported software') is designed specifically to display advertisements on your computer, or certain types of mobile device, as pop-ups. For its distributors, it earns revenue in two ways: by the act of displaying the advertisement, and by charging the advertiser for each occasion it is clicked (known as 'pay-per-click').
To you, it could be presented as a static or moving box or banner, a full screen display or a video, with or without sound. Whilst adware is not generally regarded as a threat, but rather more an irritation, most commercial antivirus programs can detect and block it.
How does your device get infected by malware?
The writing, sales and distribution of malware is a massive growth industry, and as in all successful business sectors, those involved will exploit as many channels and delivery methods as possible.
A favourite way for cybercriminals to infect your device with malware is via bogus attachments, which can be disguised as documents, photos, exe. or other files. Clicking on the attachment to open it, can cause malware to directly download on to your device, or enable ongoing online communication with a 'command and control' server. Spyware, ransomware, adware and many other types of malware can be introduced this way, as well as recruiting your device to become part of a botnet, mobilised to cause financial and reputational damage to targeted websites without your even being aware of it.
Malicious links can be found in 'phishing' emails, 'smshing' text messages and 'twishing' social media posts or messages. Typically, they are designed to exploit human nature, such as the desire to avoid problems, get a great deal on a purchase or take advantage of a free offer.
The original type of scam emails, some of which are still being distributed – and unfortunately still responded to – are known in law enforcement and cybersecurity circles as '419' scams, named after Article 419 of the Nigeria's criminal code, concerning fraud. The senders claim to have come into considerable sums of money, some of which they want to gift you, normally in return for an advance fee. These days, scam communications have become far more sophisticated. Emails can include your name (as if from an authorised organisation such as your bank, the tax authorities or law enforcement), they can feature authentic-looking branding and they can even appear to come from an authorised email account, thanks to address spoofing. Fraudulent text messages and social media posts can be equally deceptive.
Inevitably, the link in any of these communications leads to a bogus, but normally convincing website, which will either (1) request you to fill in confidential financial or other personal details which the fraudster can use to defraud you of your money or identity, or both, or (2) cause your device to be infected with malware. The key advice here is to type in the address that you know to be correct into your browser, rather than simply clicking on links in unsolicited or unexpected communications. It may take a little longer, but better to be safe than sorry.(Continues…)
Excerpted from "Conquer the Web"
Copyright © 2018 Legend Business, Jonathan Reuvid and Individual Contributors.
Excerpted by permission of Legend Times Ltd.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Table of Contents
Foreword Preface Get Safe Online- Introduction Practical solutions to combat advanced cyber abuse Protect your computer and devices – antivirus/updates/backups Using smartphones and tablets Downloading and file sharing Online gaming/gambling/holiday and travel bookings Copycat websites Spyware/avoiding ratting QR codes Other commonplace fraud types CyberCare UK - Introduction If we use common safeguards, how safe are we? Choosing how to use the internet safely through managing your IT lifestyle What you need to know to spot signs of hacking Who we are online? Our different roles and activities Keeping our Identities safe How to safeguard your families and your children Cyber abuse, hate content and how to tackle them How CyberAbuse can affect the lives of individual victims Appendix
This is the ultimate go to guide to understand and get practical advice on how to be safe and secure on the web. Tons of malicious content flood the internet and this can compromise your device, profile and family. It is up to you to take charge and conquer the web. This book covers areas such as,
• Building resilience into our IT Lifestyle
• Online Identity
• Cyber Abuse: Scenarios & Stories
• Protecting Devices
• Download and share
• Gaming, gamble and travel
• Copycat websites
• I Spy & QR Codes
• Data protection and the legislation
• Banking, apps and Passwords