By: R.L. Adams, CONTRIBUTOR
April 4, 2017
News flashes and sound bites are constantly calling our attention to the latest hacks or threats to our cybersecurity that seem to be filling our social media news feeds and television reporting circuits. While there are plenty of bad actors out there hell bent on doing us harm, symbiotically living in the digital ethers and layers that make up the vast web, there are companies and organizations working in the background to protect and remediate any potential disasters.
Some of these online threats pose significant harm to our lives, our businesses and our finances. Some of them are easy to detect, while others have become increasingly challenging and more sophisticated over the years. They sometimes involve massive bot-nets of millions of devices all acting in concert with one another, and sometimes they’re far more individualistic in nature, with specific high-value targets that involve social engineering and location tracking to ensure that their cryptic intentions are fulfilled.
If you’ve ever been the victim of a phishing scam online or you’ve ever had someone hijack your profile or social engineer you or your employees to gain access to critical corporate information and infrastructure, or to steal any amount of money from you through methods such as Instagram money-flipping, then you know just how painful this process is. Oftentimes, we search for ways to exact our revenge, usually falling flat on its face due to the anonymity of the World Wide Web.
So, how do you go about protecting yourself from these online threats and cyber criminals who are determined to extra money and valuable information from you?
Clearly, there is no full-proof method to protect yourself. As technology evolves, so do our methods for combating these online threats. However, that doesn’t mean that the threats stop. They also evolve. They get smarter, more efficient and more scalable as the near-limitless reach of the web gives them unfettered access to potential billions of dollars in crimes against unassuming individuals and businesses from across the planet.
What Are The Top Online Threats In Cyberspace?
While there are numerous threats that exist at every turn on the internet, there are 10 very significant threats that pose malicious harm to us. Understanding what these threats are that exist on the web and learning how to combat them is integral to conducting any semblance of business or personal activity these days. Falling for these is painful to say the least, but even more so when you didn’t even see it coming from miles away.
One of the biggest and most challenging uphill battles here when it comes to online threats to our security is actually determining whether or not a visitor is human. Bots that crawl the web, or that are designed to somehow infiltrate systems and drop malware generally don’t behave like humans. However, this isn’t always something that’s straightforward. How companies go about detecting automated software and threats in cyberspace has a lot to do with their potential to fall victim to these scams.
Not only is it important to institute a good set of habits when it comes to dealing with online threats like this, but it’s also important to stay in-the-know. The more informed you are, the better off you and your employees will be. It’s important to note that whatever you do, threats are always evolving. Locate reputable companies that you can work with to help alleviate some of the stress that failure might cause in this arena.
#1 — Ransomware
One of the biggest ongoing concerns and threats to our digital existences has been the proliferation and exponential rise of ransomware. You know, the type of thing that locks you out of your computer with an impending countdown that signals the digital death of your entire virtual existence. As it counts down, threatening to encrypt every last shred of data, you realize the peril that digital criminals can inflict on their unassuming victims.
Your choices? According to Tod Beardsley, Director of Research at Rapid7, a firm dedicated to thwarting these types of attacks through some of their wildly-popular software platforms such as Nexpose and Metasploit, you should never pay the criminals because you don’t know the outcome of whether your information will in fact be restored, or simply vanish into thin air.
Redundant backups should be a priority for you. Backup to an external drive somewhere on your network and to the cloud through DropBox or another provider. Rapid7, which oftentimes stress tests other corporations by hacking in an effort to expose security loopholes, working to ensure that networks are safe from potential attacks, knows a thing or two about this. Companies rely on their teams to ensure that they’re protected, and they’re often the first phone call many make when an attack like this and others do actually happen.
#2 — Phishing schemes
A large majority of people get caught up in phishing schemes. Phishing schemes are engineered to get you to click on things and oftentimes they seem harmless. Simply click on a link and it will go to some URL. That’s it. However, as harmless as they seem, phishing schemes can lead to to a number of major online security breaches if you’re not careful. By paying close attention to what you’re clicking on, you’ll better be able to mitigate these types of attacks.
Once you’re ensnared in this type of scheme, it’s hard to untangle yourself. There are phishing schemes for bank accounts, email accounts, big e-tailers and other service providers that have massive footprints. The goal? Gain access to the consumer’s account to do the most damage. If you think you were the victim of a phishing scheme, and you entered in your username and password somewhere online and things didn’t seem right, immediately change all your passwords.
Another important thing to note is that most people use the same (weak) password across a variety of services such as Gmail, Facebook and online banking as one example. Never do that. Always use different passwords and ensure that they’re not simple passwords to begin with. If a cybercriminal gains access to one service, you don’t want them gaining access to the others. You should also be changing up your passwords every few months or so.
#3 — Man-in-the-middle (MIIM) attacks
One of the most sophisticated threats that exist online are man-in-the-middle attacks. I’ve seen these threats firsthand and know just how malicious they can be. Everything seems okay all the way to the final point of entry (even when using 2-factor authentication). This malware sits on your computer and waits until you’ve entered in all your credentials, then it actually swaps out the server that receives the communication and even communicates back to you.
Throughout all of this, everything seems fine. Nothing seems amiss. That’s why it’s such a sophisticated online threat. You almost don’t know that anything is happening when it actually is happening. You have to be very wary of what you download to your computer and what reputable sources they’re coming from. Virus software is not going to help you in most cases here because these threats are always evolving.
Oftentimes, MIIM attacks are a result of phishing schemes that installed latent software on your computer that sits dormant for some time until you begin accessing the proper network or until its recorded the right keystrokes. It then substitutes its own intercepted server right when you submit your credentials to login.
#4 — Ad fraud
Online ad fraud is far more widespread than anyone could possibly imagine. This is likely one of the biggest cyber-threats that seems to go under the proverbial radar. Few people know that they’ve been scammed by sophisticated ad fraud systems after it’s occurred. Publishers simply see views increasing and most ad platforms don’t provide high specifics as far as direct views on every single ad impression or click, leaving most people in the dark.
In a recent conversation with Tamer Hassan, CTO of WhiteOps, a firm deeply entrenched in the fight against automated ad fraud, they’ve taken this fight to a new level by developing a platform that actively measures 500 to 2000 technical metrics to determine whether the person viewing the ad is in fact a human or a robot. This software analyzes several layers at a time and its the leading platform amidst the largest publishers in the world.
This impressive system developed by Hassan and team runs silently in the background, with no impact on the speed or latency of ad serving or delivery. In fact, most publishers are now building White Ops’ software into their contracts, stating that violations in ad clicks and views from bots will result in non-payment of revenues. This human verification on the web is potentially one of the most lucrative types of fraud that so many cybercriminals are working to exploit and companies are working to protect against.
#5 — Social media schemes
Instagram (IG) money-flipping schemes and many others social media scams have surfaced in recent years. Considering that IG is one of the most popular social media platforms in the world, it’s no wonder that unscrupulous cybercriminals are targeting individuals who are in desperate situations, looking to make a few hundred or a few thousand dollars quickly. These IG money-flipping schemes have become so widespread that the company can only take down 1 money-flipping scam for ever 3 that are being created.
In a recent conversation with Evan Blair, co-founder of ZeroFox, a firm specializing in social media security, he tells me that 70% of companies are using social media for business but that a large majority of those companies are uninformed about potential impersonations of customer service representatives or duplication of accounts and impersonation of profiles, until it’s too late. In fact, there’s little that many of the most popular platforms like IG can do to safeguard against the windfall of social engineering and phishing that is constantly occurring against companies at any given moment.
However, this isn’t just a risk to digital security; cybercriminals are now using IG and other social media sites to physically track and harm well-to-do executives, celebrities and other high-profilers such as athletes and even politicians. Without a good system to thwart such attacks, most businesses and individuals are completely left lost in the dark. That’s likely why so many of the world’s leading companies and affluent individuals rely on ZeroFox’s groundbreaking platform to thwart and mitigate such attacks.