By Dr Mahmoud Elkhodr
Cybercriminals continue to target Australians through a range of cyberattacks including scams, viruses, malware, hacks, fraud, phishing schemes – you’ve heard it all. With more people increasingly working remotely from home, cybercriminals have been exploiting the COVID-19 pandemic with a new set of cyber threats as well.
What is a cyberattack?
A cyberattack is an attempt to disable, gain unauthorised access, or steal private information from devices as simple as your laptop, mobile device, or tablet, and more importantly, from critical infrastructure systems such as servers, network devices, databases, and more recently from Cloud and IoT systems and devices.
A cyberattack can be used as well as a platform to launch additional more sophisticated attacks. A reconnaissance attack, for instance, is used by an attacker to gather information and learn about the targets’ vulnerabilities. Including collecting information about the protocols and security mechanisms they use so they can choose the right tools to launch their attacks.
The latest round of cyber-attacks on Australia reported last month by the Prime Minister were likely the result of previous “reconnaissance attacks”, which revealed existing vulnerabilities in Australian networks.
Phishing attacks also remain among the most common method used by cybercriminals. Phishing and spear-phishing is a method of stealing confidential information by tricking and luring the victim to hand over their personal information. Phishing is not just limited to email. These scams can be executed via text messages, social media such as Facebook, and VOIP messaging services such as WhatsApp.
Who is behind these attacks?
Most cyberattacks are often motivated by financial gain. Other motivations include cyberwarfare, hacktivism (making a political or social point) or simply script kiddies taking on an intellectual challenge for some fun. These can be categorised as threats from outside the organisation. Insiders, on the other hand, are anyone with physical or digital access to your organisation. These are your trusted employees, customers, contractors, and business partners. Insiders attacks amount for over 60% of all cyber-attacks. An insider attack is not always an intended act but more commonly happens by accident i.e. through employee’s carelessness or negligence.
Examples include opening spam or suspicious links and email attachments (known as phishing), transporting company information via unsecured portable devices, choosing weak passwords and using the same password on multiple accounts. The latest creates what is a known as a single point of failure. That’s, if you use the same weak password on multiple websites or platforms, it will only take for one of your account to be compromised for the rest to fall apart.
What can people do to best protect themselves from cyber-attacks?
To remain cyber safe, we must maintain strong cyber security practices. This includes:
- Use a strong and unique password. Tips can be found here (Avast tips).
- Use two-factor authentication.
- Use a virtual private network (VPN).
- Always verify the source of information and secure your devices when they are not in use
- Protect yourself against phishing attacks by never providing personal details via a link sent to you in a message.
- Think before you click on a link and ask yourself: Do I know the sender? Does it look suspicious?
- Check that your internet connection is secure before providing any personal information look for the S in your browser HTTPS or look for the lock pad icon in your browser.
- Be careful with what you download, where you do your online shopping, and practice safe browsing
- Shopping, banking, donating, contests, freebies, or your Nigerian prince. If it is too good to be true, then it is not true!
- It goes without saying to keep your antivirus, your OS and any software you use updated and patched.
- And finally, be nice online and treat people the way you would want to be treated
Dr Mahmoud Elkhodr has a PhD in the areas of Internet of Things Security and Privacy. Dr Elkhodr is currently coordinating and lecturing a new unit on Cyber Security Management.