Cybersecurity on the rise
Are companies, governments and organisations failing to secure information in today’s digital world more frequently than before? Data breaches happen almost on a daily basis. Just a few weeks ago, Tesco and Three were victims of fileless security breaches attributed to employee negligence or misconduct.
Cybersecurity expert Bob Carver rightfully points at the high velocity and changeability of the cybersecurity environment, which in reality is more complex than what current security standards require.
The type of information a criminal can steal, as well as the technology through which they can steal, have radically changed over the past years. Most specifically, the threats, information types and technology currently targeted are Cloud based, and via mobile devices, which can easily be intercepted, tracked or stolen.
Not all hackers are criminals
There’s a huge grey space between cyber-criminals and white-hat hackers, who are usually hired by big tech companies to spot and report encryption and security flaws. For example, if someone takes note of your manager’s contact details because your iPhone was left unlocked for a long time, does this qualify as information theft? Possibly, it depends what happens with that information.
Hackers are not geniuses either. It’s a common misconception that prevents both regular users and companies take the right measures to prevent cyberattacks or respond appropriately.
Anyone can be hacked and probably will be
Criminals do not always target high profile accounts. Phishing, scams and social engineering can be used for a variety of purposes, from identity theft to fraud and access to your employer’s database.
Regardless of motivation, anybody can be a target.
The full spectrum of online security risks
Just how much do you risk to lose if your account has been hacked?
- Identity theft leads to reputation damage and unlawful use of your private information;
- Social engineering & phishing attacks leads to data breaches and access to sensitive information;
- Retail data hacks often associated with data leaks around credit card and customer data;
- Mobile security can lead to many types of damages, some of which are stated above;
- Targeting of children by online predators is a type of criminal offense that is often tackled separately by dedicated child monitoring companies;
- Attacks on banks are usually masterminded over a long period of time, instead of a hit-and-run type of attacks;
- Crypto and locker ransomware are most commonly associated with threats to release sensitive information if ransom is not paid;
- iCloud attacks mostly connected with high profile accounts, which leads to reputation damage and release of sensitive information.
Depending on the risk type, the methods of protection are different but almost all of them can be avoided as long as the target knows how to protect itself.
1. Identity theft has been on the rise since 2014, with more than 15M US residents affected each year. Identity thieves can data scooped from your very own social media posts or hacked accounts to impersonate you. The same information could be used to open bank accounts on your behalf.
Usually you do not know you’ve been a victim, unless a friend who knows you well flags a suspicious event, or unless you have strict notification settings for all of your bank, digital and social media accounts.
2. Social engineering & phishing attacks are more sophisticated. Pretending to be someone else (a website or a person), attackers can make the target trust them. By using this strategy they will determine the target to introduce his credentials in various fields on a fake site, owned by the attacker. The data submitted on the attacker’ site is then used to illegally access the target account. This is how Pippa Middleton's iCloud account was hacked recently.
3. Retail data hacks. Earlier this year Wendy’s customer databases was infected by a malware that captured credit card informations. On the black market, credit card data are available for sale.
As mobile Pay solutions become more popular (Apple Pay, google Wallet), malware can be engineered to capture information at point-of-sale or from your device.
Make sure you have an alert setup for your credit card and that your iCloud is 2FA enabled.
4. Mobile security. Smartphone vulnerabilities are easy to exploit by cyber criminals. Data breaches can be app-related or platform related. Sometimes, the phone itself can have a security flaw. Avoid installing any unusual app and check the producer’s credentials to make sure they have standard-level security and encryption protection in place.
5. Children targeted by online predators. The Dark Web is the main place where online predators share stolen illegal photos of children.
Digital parenting requires a good understanding of how children and teens can be targeted online. We recommend using child monitoring tools to prevent online bullying or other inappropriate interactions with strangers.
6. Attacks on banks. The most recent attack on banks has targeted Tesco Bank. The bank’s employees discovered that 40,000 suspicious were made in a single weekend. They stopped this very sophisticated attack without revealing very much information, but the lesson is simple: although you take measures to protect yourself, others can expose your data.
7. Ransomware. This is a term for malicious software which encrypts or 'locks' files on your computer by scrambling them with a code known only to the attacker. The attacker will then offer to sell the unlock code to the victim for a payment (usually made using BitCoin or some other untraceable payment method);
8. iCloud attacks. Last year, an iCloud security breach has allowed hackers to use a brute force tool in order to access any iCloud account. Apple fixed the security flaw in iOS 10.2 and this type of attack no longer possible.
Can it happen to you?
We care about data, but most importantly, we care about people. As much as we love making iPhone Backup Extractor the best tool for data recovery out there, we’d rather help you not get into a data breach situation in the first place.
Cyberattacks are so prevalent, it really takes a lot of resources and energy to cover and understand all possible types of attacks. To make this easier for you, here’s a breakdown of what you can do to prevent your iCloud account from being hacked.
What to do if you’ve been hacked
If you’ve been hacked you need to act fast. Your options are sometimes limited, but you still can do a lot of things to prevent additional damage.
1. Install a strong security software and scan all your devices. You need to check if any keylogger, virus or malware is present on your machine.
2. De-authorize the apps able to access these accounts. Sometimes an infected app is responsible for the hacking. By removing them or disabling the access to the hacked account you'll avoid any new hack.
3. Take back your hacked account. The main online services usually have various protection methods to prevent losing users accounts. Using these methods, you can recover a hacked account. To make this task easier, use these direct links to recover your online accounts: Apple, Google, Yahoo, Facebook, Twitter and Microsoft.
5. Update your security questions associated with the hacked accounts.
6. Check if the accounts recovery options have been modified. The hackers are clever, and very often they use various recovery options to make sure they can get back in your account. Remove any suspicious recovery method and update the recovery options.
7. Lock your credit card. If your credit card data has been exposed or if your account was used by a hacker, block it as soon as it possible. Based on a filed police report, your credit card can be blocked by your bank.
8. Check all associated accounts. If you discover a hacked account and you change the password, this doesn’t mean your data is safe. You need to check all accounts associated with the hacked email because someone could access other data using credentials stolen from the first account hacked. For example, someone could access your cloud account if is associated with the hacked email. Make sure you also update these credentials.
9. Make a choice. If you’re the victim of ransomware you don’t have many options, especially if you do not have a backup of your data.
Data encrypted with some older ransomware software can be unlocked for free thanks to the efforts of law enforcement and the anti-virus industry. There is a list of tools at https://noransom.kaspersky.com. Be warned that some criminals sell supposed 'unlocking' tools for a fee, or will offer a free tool that will just re-infect your computer, so only download software from a reputable source.
If the ransomware is not one for which there is an unlocking tool then you don't really have many options. If you have a backup of your data then the best option is usually to wipe your computer and restore from the backup.
Alternatively, if you have the System Restore option active, you can try to recover the encrypted data. Also, you can try to retrieve your data using using ShadowExplorer which it a tool that searches for shadow copies of your files and allows you to save them. This does not always work as some newer ransomware software will also seek out and delete the shadow copy backups as part of the infection process.
Whatever you end up doing, always make sure you have removed the malicious software by using an anti-virus program such as HitmanPro or Malwarebytes. If you try to remove the crypto locker ransomware, you will lose all your encrypted data. Follow the instructions provided by ransom if you really need to recover your files.
And remember - if infected with ransomware never pay up - your money is only going towards funding crime, and in many countries it's actually illegal to pay criminals in this way.
10. Update the firmware or operating system of your affected device. The old versions of firmware or outdated operating systems usually have security issues. Make sure you update your devices, to prevent any security weakness.
11. Activate 2FA on your devices or on your credit card. Any hacking attempt will be blocked before the start if you have this security feature active.
12. Contact the Police. If someone bullying your child online or tried to get in touch with him in any way, contact the police and offer them all the data required. Also your children whether they gave away personal data (address, family members’ name, school) to prevent any dangerous incident.
Almost all of the described cybersecurity risks can be avoided. From clicking on an unusual link to offering our data by mistake directly to hackers, your reputation, earnings, and safety could be at risk.
Make sure you follow our recommendations, and you and your family will be better protected.