Category Archives: Cyber Security

Cyber Crime as a business

You’ve probably never thought of this, but cybercriminals do run their operations like a business.

They:

  • Search for new ways to monetize their attacks (sell data on the Dark Web, purchase new types of ransomware that is impossible to break, etc.);
  • Monitor their income and use all kinds of tactics to expand their reach, harvest more data and launch stronger and more lucrative attacks;
  • Hire blackhat hackers to do it (they’re the bad kind, because there are good hackers too – the whitehat kind);
  • Invest in acquiring infrastructure they can use to launch attacks and keep them anonymous;
  • Buy exploit kits and ready-made malware that can be deployed instantly

Malware creators often sell their malicious code, which is often modular and comes with pre-coded targets ready to be infected. Consequently, the malware economy is kept alive through this way of doing “business”. But it’s also constantly fed by the vulnerable systems that exist (because people and companies don’t keep their software updated and don’t implement enough protection for their data).

Now you know.

Bad Neighborhoods

Nobody will brag about the fact that they navigate in shady online places. But we all know that’s not true, because it starts with P2P sharing websites and ends who knows where.

Yes, I know you can’t wait to see that new show or movie, but P2P sharing websites are still dangerous.

See those pics of strangely intriguing topics?

Cyber criminals can infect those banners with malware, even if the rest of the website is clean. And you don’t even have to click to get infected.

The whole thing is called fileless malware, you should read about it.

10 things you never know were necessary

The netiquette rules and guidelines we’ve gathered in this lesson will help you identify some of the more frequent cybersecurity threats and how you can protect yourself against.

By following these basic rules and tips you will avoid most online threats such as phishing attempts, malware infections and so on.

Why is this important for us?

Given the rise of cybercriminal activity in recent years, the need to stay safe on the Internet has never been more pronounced. Most people believe all they need to be secure online is to have an antivirus program and do frequent back-ups, but the truth is, cybercriminals know lot of ways around these.

What really keeps you safe is the ability to recognize online threats and how to avoid them, and this is why netiquette is so important.

study from University of Maryland University College analyzed users’ knowledge on cyber-security and came up with a few interesting conclusions:

  • the more you know about cybersecurity, the likelier you are to adopt online safety measures;
  • cybersecurity training and education will make you more open to new online safety methods.

A 2015 study conducted by PwC found that most corporate security breaches weren’t caused by malicious hackers or attacks by nation states, but by their own employees, both current and former.

Because so many breaches were caused by employees, it’s safe to assume they didn’t understand the basic rules of netiquette.

You can find tools to keep you secure, but ultimately, the best weapons are the ones you don’t use. Netiquette is important, so here are the 10 best internet safety tips you need to be aware of when online.

1. Keep your software/apps updated and delete the ones you don’t use.

Developers and cybercriminals are almost always caught in a cat and mouse game, where cybercriminals search for exploits and developers rush to patch them before too much damage is done.

Most of the times, vulnerabilities are quickly updated, but the real issue is that most users will still use an outdated version and will be vulnerable to the exploit.

Keeping your software up-to-date will go a long way into keeping you safe. But an equally important step is to remove software and apps you no longer use.

Many of these programs still communicate in the background with various servers, and in case of a breach, this data might fall into the wrong hands.

2. Be careful when dealing with emails from unknown sources

Have you received an email from an unknown source? Do you frequently receive -mails from people you don’t know?

Just as in real life, an important rule to stay safe on the internet is to be suspicious of strangers. First, don’t trust emails from people you never met, especially those that ask you to click a link, open an attachment or send a file to the sender.

It’s pretty easy to spot phishing emails. What gives most of the away is the urgency with which they ask you to do something, either because your account may be compromised or your online purchase may have encountered some issues you need to sort.

To fool the potential victims, the latest trend in e-crime is to deploy spear phishing attacks, where emails appear to come from well-known individuals or banking authority.

But in order for a spear phishing attack to be successful, it needs to appear as genuine and believable. So they launch an elaborate identity theft operation to target and steal your sensitive information.

So when you do get a phishing email, ignore it completely and:

  • don’t reply to the e-mail
  • don’t click the (malicious) attachment
  • don’t click the dangerous links in the e-mail that could download malware on the system

3. Don’t click that link or online ad

You found a pretty cool link on the Internet and it keeps tempting you to click it. But the source of the link (website or email) seems fishy. You ask yourself: What can the bad guys do to me if I click this link?

The answer is simple: a lot of things could go wrong.

Just by clicking a link in an email or a pop-up window, you could turn your PC into a botnet slave, allow cybercriminals to inject malware into your device, or expose your personal information.

You may think that you are safe from all these dangers because you have a good antivirus product, but nowadays traditional antivirus protection isn’t enough anymore and you need additional weapons in the fight against online dangers.

4. Just because it’s free, it doesn’t mean it’s safe

As a rule of thumb, paid software is almost always secure and safe. It wouldn’t make sense for a cybercriminal to limit the number of victims by imposing a paywall.

Double check free software using Google, especially if it’s not a well-known one, such as WinRAR.

This filtering process can expose bad reviews, or reveal that the free software is actually a vehicle for malware.

While the free software itself might be safe and legit, the website itself may try to compromise your security through drive-by downloads. These are secret downloads carried in the background, that target software vulnerabilities and system exploits.

Make sure you use a trusted, free program that automatically updates your vulnerable software applications to close security holes in your system.

5. Do not reveal sensitive information online

Social media is the first place criminals check to gather information on you. They will use any piece of information they can find, such as your name, birthdate, address, city, your spouse/partners name, what sort of pet you have, name of the pet. Literally, anything that you can think of.

Improving your social media security settings is a good first step in preventing an identity theft.
So, be a bit skeptical about people you meet online and about their intentions. Many people exaggerate their Facebook lives, and depending on how you use it, social media may come back to haunt you.

6. Keep your account information for yourself

Our credentials for online accounts, user names and passwords, hold the keys to a lot of important information, and for that reason they are the most sought after targets by cybercriminals.

Using the same password for more than one site is a risky move, since if a malicious hacker breaks into just one account, he can then take over the others.

One of the better online safety tips is to use a different password for every website you register. The downside however is the difficulty of memorizing them. One workaround is to use password managers, these will remember the login details of every site you use and can even generate some strong password for you use.

The one we recommend the most, both for its features and ease of use, is LastPass. You will only need to remember the master password for LastPass itself.

7. Report illegal activities or offending content

If you notice offending language attacks, like cyber-bullying, hate speech or any form of harassment, do not hesitate to report it.

Using the “Flag as offensive” or “Flag as spam” buttons is proper internet etiquette and should be sufficient to fight back against minor online threats, but other types of content, such child pornography or arms trafficking should be immediately reported to the police.

Reporting cyberbullying is takes on a different importance when children are the targets.
report on cyber bullying on 2014 gives the following troublesome conclusions:

  • 25% of teenagers report that they have experienced repeated bullying
  • 52% off young people report being cyber bullied
  • 95% of teens who witnessed bullying on social media report they have ignored the behavior
  • cyber bullying affects all
  • the most common types of cyber bullying tactics reported are mean, hurtful comments.

So, if you see it, report it. The consequences for cyberbullying can be quite severe, depending on the victim. In rare cases, cyberbullying has been known to push people into suicide. That’s why it’s so important to report it when children are involved.

8. What you post online stays online forever

We post photos, remarks, location updates and similar content, which we think is fine because we use an anonymous username on a small niche forum.

But niche forums are also indexed by search results, and if you reuse the username, other people can start to connect the dots.

This is called doxxing, where people hunt for information about an internet user until they manage to figure out who they are in real life.

And you may think that your posts and comments are usually ignored or don’t receive much attention, but they still remain there and you never know when they come back at you.

Not to mention the fact that search engines save and classify your content on so many online servers.

But if you live in the EU, you benefit from a so called “right to be forgotten”, which will prevent search engines from showing things about your past. Here’s how you can benefit from this right.
To keep it short, when it comes to posting personal content on forums and similar places, follow these guidelines:

  • is this information too personal?
  • Delete/edit past posts which reveal too much about you
  • could your content affect your personal or professional life in the future?

9. Use antivirus protection before you go online

Don’t go online until you have the best antivirus protection that money can buy.

You may think that avoiding adult websites and that sort of thing will keep you safe, but did you know that hackers now hide malicious code even in legitimate websites?

And sometimes not even that is enough. Some ransomware programs are so sophisticated, it is technologically impossible to decrypt them, no matter how much you try.

And in this case, you really need the best tools out there. Heck, some of them are even free.
Though antivirus is still important for our online safety, as Brian Krebs said it:

“Anti-virus is a Poor Substitute for Common Sense.”

10. Create back-up copies for your important stuff

Though you may have all the security protection in the world, disaster may still hit your system and your valuable files.

It may be a system crash, a hard disk failure, a ransomware attack that encrypts your entire operating system or it may be a human mistake.

There are so many reasons something can go wrong for you and your sensitive information, even if you followed all the netiquette rules in the book.

To emphasize the importance of this point, we can tell you that a while ago we interviewed a series of security experts in the IT industry, and one recurring theme was the importance of backing up your information.

Conclusion

We started this lesson with an emphasis on the connection between online behavior or netiquette and security knowledge.

Just as in real life, common sense is vital on the internet. Most of the threats you will find online rely on human error to break into your system.

What your kids & parents need to learn about cyber security

10 tips to help keep you & your parents safe online

Parents are often out of sync with the latest technology developments, and rarely, if ever, go beyond a simple antivirus. But cyber security is a very dynamic field, so staying updated with the newest threats is always important.

So here are the most important tips that we have in order for you to help keep your parents safe.

Our parents have poor basic security habits

1. They think they have nothing worth the cybercrooks’ interest.

No? Really? What about any work documents? No contracts attached to past emails? Any information they wouldn’t want to be public? No credit cards pins saved in text drafts on desktop? No online shopping on websites that stored credit card details?

How you can help:

Open their eyes. Compile together a list of all their online information assets. Take every account they have: emails (both work and personal), social network profiles, financial accounts, etc.

List everything they have on those accounts, from work documents, photos, personal messages or sensitive information, such as credit cards PINs, passwords or social security number.

Ask them to imagine how much it would cost if they lost that information, was deleted, stolen or leaked online. According to this, have them note how valuable each piece of information is.
You can also have them follow our free, action-ready security plan.

2. They have bad passwords habits.

They set passwords that are easy to guess – it’s usually their kids’ names, birth dates or pets names. Most likely, this kind of information can be found on social networks, such as Facebook profiles, where they are willingly sharing it. This makes cyber criminals’ jobs easier: they only need to glance over the social accounts profiles to find out possible passwords combinations or answers to security questions.

They use the same password everywhere. They don’t take their time to create different passwords for each and every account, they only recycle the same password. And they don’t even think about changing it every few months.

They write their passwords and PIN codes on a paper that they keep in their office desk or in a mail draft. Or worse, in their wallet, next to their credit / debit cards.
They use some of the worst passwords.

How you can help:

Discuss together the importance of passwords, about why and how much they matter. Only a few people really comprehend how easy it is for cyber attackers to crack a password.

An 8 letter random password means 200 billion passwords combinations. How long would it take to break that password? We’ll let you do the math.

Also let them understand why it’s important to have unique passwords for each and every account. Just like they don’t use the same keys for their car and house and bank safe deposit, they shouldn’t be using the same password everywhere. If one of them is breached, then the attacker will have access to all other accounts. And it doesn’t necessarily have to be your parents fault for a password to be leaked, the employees of the companies that manage those accounts can be equally responsible.

Let them know that a good password needs to be at least 14 characters long, random, use non dictionary words, mix uppercase with lowercase, digits and punctuation.

You can also forward them our password security guide 101

3. They don’t understand what two-factor authentication is or why it’s so important to set it up everywhere possible.

What’s even worse, chances are they haven’t even heard about it until your bring it up.

How you can help:

Ideally, two-factor authentication would be a default setting for all major accounts. But until that happens, you’ll just have to help them set it up wherever it’s currently available.

Let them know how easy it is to use it: they just have to log into the account with their usual password, then they’ll receive a text message on their phone with a unique code, they’ll have to put code in and that’s it – safe login!

Start with setting it up for their banking accounts, put in place a second verification for online payments. Move on to the email accounts, as most likely those are the central piece of their online activity and they are linked to all other accounts. Social networks shouldn’t be neglected either – Facebook, LinkedIn, Instagram, Twitter, they all offer the possibility to activate 2FA.

Help them understand how interconnected our online accounts are. If a cyber attacker manages to breach into one of them, then all accounts will be compromised. You can also send them our complete guide to what two-factor authentication is and why they should use it.

4. They leave their mobile phones and computers unattended and with no security barrier set in place.

This way, they could be easily accessed by someone with bad intentions. It could be a thief that stole their mobile phone and thus gained access to other sensitive data. Or, even more likely, a vengeful work colleague that installs a keylogger or Trojan horse on their PC, to spy on them.

How you can help:

Teach them how to set up their phone to lock after a short time, if it’s been idle, and how to set it to require authenticating in order to unlock. If available, use something stronger than a four digit PIN (that’s the easiest one to breach).

Our parents can easily fall for scams & social engineering

5. They can’t identify cyber threats delivered via email.

They fall for all the contests and lotteries that announced them they’ve won. They will click on any email they receive, without second thinking that they might not be from who they think they are.

They are willing to cooperate and give away their personal data. What’s even worse, they’ll click on links or download attachments without giving it any extra thought.

How you can help:

Encourage them to second guess any email they receive before opening it, replying or clicking on any link or attachment. Let them know that just because an email says it comes from the bank or the IRS and uses the company’s logo, it doesn’t mean it really was sent by their representative.

If they still aren’t sure of its authenticity, ask them to forward the email and have you check it.

6. They don’t understand how social media platforms work or what their impact is.

They don’t know how to set up their privacy settings on social networks. They aren’t aware of the possible consequences that might arise from this.

They freely allow any third-apps to connect and access their online accounts, without giving any second thoughts to it.

Most of their friends also lack technical knowledge, so the odds are that one of them will get infected with a Facebook worm and further infect his / her network. They aren’t aware that they shouldn’t click on short links, links that they don’t know where they lead, not even when those links were sent by their friends.

How you can help:

This kind of scams rely on shocking news, use celebrities names or even emotional extortion.
Ask them to be patient and don’t rush into clicking on any links or opening attachments. Before doing any action they should ask their friends what those links are about.

We also recently published an extended guide on social scams, you can forward it to them.

 

7. They share too much information.

They post on social networks photos of their homes, photos from their vacations, so the criminals know how their places look like and when they are gone. They also post tons of photos of babies and children – nephews, cousins, and so on. They aren’t aware that the net is dark and full of terrors – including groups where pedophiles are sharing photos like the ones posted by them + digging for any kind of information on how to locate the kids.

Other potential risks:

Stories of oversharing gone wrong have been rampant in the news, with one of the most extreme examples including a phenomenon called ‘digital kidnapping’ reported on earlier this year.

Parents were shocked to learn that strangers were ‘stealing’ their kids’ online photos and re-sharing them as if the children were their own.

In other cases, children’s photos have become the target of cruel jokes and cyber bullying. Among the most notorious cases in recent years was that of a Facebook group that made fun of ‘ugly’ babies.

How you can help:

Ask them to be more aware of what they share online. While it could be tempting to do what everyone else is doing, as a way to fit in the new modern world, they should also be aware of the dangers of oversharing.

Go together through the privacy settings for each social network account and adjust them to their needs. Have them turn off their location settings – they wouldn’t want others to know where they live, right?

8. They can be easily manipulated by online media.

They think that just because it’s on the internet, then it must be true. They are willing to believe in conspiracies and fake news. They don’t know how to discern between what’s true and what’s exaggerated because of a commercial purpose.

How you can help:

Ask them to always be vigilant. Have them check from three trustworthy sources (legitimate websites) before they believe anything they read. If unsure, ask them to email you so you can help them out.

Our parents don’t realize how vulnerable software & hardware really are

 

9. They place too much trust in an antivirus product.

They believe that just because they installed it and are paying for it, then it will save them from any potential cyber threat.

They believe that their Apple device can’t be hacked. Actually, that’s not true. In 2015, MAC and iPhone OS made it to the top of software with most vulnerabilities. And since we brought up this subject, Linux users aren’t safer than Windows ones.

Take a look over 2015’s list of most vulnerable software:

How you can help:

Help them realize that it’s not enough to have an antivirus (or only use iOS / Linux) and it won’t protect them from all evils that exist out there.

Help them install security software they can trust, such as a traffic-filtering solutions (that sanitize Internet traffic) and automatic software patching solutions that keep their apps up to date.

10. Parents rarelyunderstand the interconnectedness in software and / or hardware.

They have no idea how sophisticated and frequent cyber attacks are. They don’t realize how easy it is to get malware. You don’t even have to click on anything or enter a suspicious website in order to compromise your computer – all it takes is an infected banner on a perfectly legit website.

How you can help:

Let them know that even legit websites can be compromised. Explain how plenty of attacks can happen without their action – they don’t need to click or download anything for their PC to get infected with malware or Trojans. Malicious codes injected in ads will search for vulnerabilities in their system and exploit them.

Just 8 software apps make 99% of computers around the world vulnerable to cyber attacks, so make sure that your parents keep their software updated and patched all the time.

This includes: browsers, browsers plugins and add-ons (Flash, Java) or any other kind of desktop apps (Adobe Reader, VLC player). Go to the software settings and change them all on Auto-Update.

To avoid  the pain of manually updating apps and software, we recommend you use our very own Heimdal FREE, which will automatically update the software for you!

Internet Safety for Kids in 10 Steps

Online protection for children is hard to deliver in just one lesson, but we can present the most important steps a parent can take to keep a child protected from online dangers.

It’s difficult to predict what a cybercriminal can obtain from a child. It could be sensitive financial details from his parents, such as credit card information or online bank account credentials, but there could also be another, more dangerous aspect, the possibility of meeting an online sexual predator.

To help protect you from these dangers, here are 10 actionable tips will improve the Internet safety for your kids and bring you peace of mind.

1. Make sure to always have access to your child’s computer.

It doesn’t mean that you need to verify every day what happens on the computer. But once in a few weeks, you can take a look on what websites have been accessed or what kind of content has been downloaded on the system. If you have the possibility, monitor the chat rooms, the IM applications and the received emails.

We need to emphasize that online sex-offenders usually meet their victims by accessing chat rooms. And as soon as the communication has been established, the relationship usually continues by a long time exchange of e-mails.

In the unfortunate case that you discover your child could be the latest target or victim of a sexual offender, there are two actions you can take. First, talk to your child and clarify the situation.

Second, if you discover actual proof of more than sexual innuendo taking place in their conversations, then you really need to do something about it and contact the local authorities.

2. Teach your children about online dangers.

Learning is not a destination, it is a process. In a changing environment we need to establish fast the limits of our liberty to access unfiltered content and the potential dangerous phishing attempts that could pose a threat to our families.

And this is actually the best step you should follow. Teach yourself about malicious software and evil hackers before you develop any action on the Internet or access the online bank account.

The following questions could prove useful for you and your family:

  • How much do we know about safe browsing?
  • Do we know how to secure an online email account?
  • How do we stay safe on Facebook?
  • What security myths should we begin to forget?
  • What security blogs should we access to improve our learning?
  • How do we stay safe from online scams?
  • How do I know my computer is infected?
  • How do we maximize our financial data protection?

These are just a few topics you and your family should address. To find answers to the questions above, simply access the corresponding links.

3. Let them teach you. Or simply listen to them.

Staying online is a risky business and we cannot really predict where a discussion or comment will take us or what type of people we may encounter on a social media platform.

You may check their computers, their smartphones or any other devices they might use to connect to the world wide web. You can find out who they know and whom they listen to.
But how much do we actually know about our children?

In just a few words…not very much, because there will always be ways and methods to evade our attention. So, this time you need to listen and let them teach you about the social media platforms they use or the latest viral on Youtube.

Really now, this is by far the easiest way to obtain information on their online habits, then losing time on spying their computers and trying to understand their browsing history.

So, just listen to them. Pretend that you don’t know too much about this Internet thing and let them start talking. There’s nothing more exciting for children than pretending to be teachers for a little time. Not to mention the trust they gain in themselves and finally, in You.

4. Online actions have real consequences.

It is difficult to understand for a child that Internet is a dangerous location. How could anyone explain a child what a sexual offender is when they didn’t even start their sexual education?

Should we solve this quickly by teaching them to avoid talking to strangers or maybe we can help children improve their intuition on security risks?

Various choices and decisions can be made to increase our family’s security strategy, but we need to establish what is it that we are afraid of. The limits that we impose may increase our online security strategy, but at the same time, we risk to block the natural development process that drives our children forward.

How much do we tolerate and what can we actually control is a different topic that we need to answer, before we can create a security framework for our family.

For the moment, children need to acknowledge that online actions lead to real consequences. Not paying attention to what we choose to access may lead to serious malware infections. Using the parents’ credit cards on any website may

lead to losing money. And if we are here, we need to say it: Cyberbullying should not be accepted by any parent.

5. Install a good antivirus product on the computer.

Are your children using a separate computer from you? Are you using the same computer? It doesn’t really matter. Security is security and each computer should be protected from online threats and malicious software.

Since children are naturally attracted by new things and have less experience, they follow easily dangerous links and untrusty websites. Not to mention the tendency to download and install video games from unknown web locations, a content which could easily infect the entire operating system.

Therefore, you need to have a good antivirus product from a reliable company and this solution must include a real-time scanning engine, a firewall and automatic update.

To help you determine what is the best solution for you and your family, you could access the test results provided by companies in the online industry, like AV Comparatives, PC Magazine, AV-TEST or Virus Bulletin.

6. Use parental control software to monitor your child’s online behavior.

Software companies have already considered the possible issues that could appear from kids’ unrestricted access to online content. For this reason, we find many parental control solutions that address and try to limit this problem.

Should you use such a software or not? How much do you trust your child’s intuition? And how likely is that your child will involve in unsafe activities that could compromise the operating system or your financial situation?

Since parental control solutions are in use by quite some years now, you may find useful having a software that acts like an online guardian. These solutions can help monitor the Internet usage, keep track of visited websites,

control the Internet connection time, block malicious or porn websites, block games and report any unusual online activities.

This website can help you choose a free parental control software for your family.

7. Keep your child’s software up-to-date.

Make sure the Windows operating system used by your child has all the latest security patches installed. These updates are important because they contain stability and security fixes that shield the system against cyber-criminals attempts.

It has been proven that hackers usually gain access to operating systems by using security holes in software, like Adobe Flash, Java or popular browsers like Internet Explorer, Mozilla Firefox and Google Chrome.

That’s why you need to check the PC used by your children and make sure they have the necessary security patches.

But updating your software one by one can be very tedious and boring, so we recommend you use a specialized software to do that, such as our very own Heimdal FREE.

8. Don’t let them go online without anti-spyware protection.

Spyware is a software program that monitors your private Internet connections. But, as everybody knows there are many signs of alarm that could indicate such an infection on the system.

So, if you hear your child complaining about slow-down issues, pop-ups all over the screen, new toolbars, a different default engine or random error messages, this could mean a spyware issue that you need to address.

To stay safe from such a problem, talk to your child and teach him a few basic things to keep things clear:

  • don’t click suspicious links or pop-up windows
  • don’t answer to unexpected questions
  • don’t involve in chat sessions with strangers
  • be careful to drive-by downloads in free applications

Even better, use popular anti-spyware products available online, like Malwarebytes or Spybot Search and Destroy.

9. Secure your Home Wireless network.

The home Wi-Fi network is usually accessed only by members of the same household, but that doesn’t mean that dangers don’t exist and additional steps should not be followed to increase the home network security level.

Access our dedicated article to home network protection and follow a few simple, but vital steps like imposing a password for the network and another one for the network administrator, or using a good firewall to block hackers from accessing the network computers.

It is important to protect the home network and the computers that are part of it, because a security breach on one computer could compromise the entire network. And this is something parents should be aware of.

10. Pay attention to Wi-Fi networks outside your home.

Your children may be safe at home, but with so many Wi-Fi public networks they connect to, how can we be sure they will remain safe?

The free public Wi-Fi networks are everybody’s favorite places to stay up-to-date and check their social media accounts. And it’s not just children, we all do it.

We go everywhere and enjoy a coffee at Starbucks, without even thinking about the online dangers or hackers that could wait for our connection to start. Even if we can’t be anywhere, there are still a few things we can do to greatly improve their online security.

First, make sure the laptop they use has some sort of protection, like anti-spyware or antivirus protection and an update solution to keep the software sealed against exploits and security breaches.

Second and more important, information is the secret for your kids’ online safety, no matter where they are, so read this article or better yet, have them read it.

Conclusion

There are some aspects of cybersecurity that our parents and kids can’t do by themselves, and that’s why we recommend you do it for them.