Fortunately, many anti-virus programs, as well as comprehensive security software, exist to prevent the effects of software threats. A comprehensive security suite will have specific anti-spyware and dedicated adware removal software and provides general protection from viruses. Most vendors also issue patches that close down vulnerabilities exploited by email viruses. If you use and update good security software, stick to reputable websites and only open files sent to you by senders you know and marked as “safe” by your email provider, you should be able to avoid most threats. Keep in mind, though, that email accounts are sometimes hacked and used to send spam, so treat even email from people you know with caution. Show
Software ThreatsMany software threats now target smartphones specifically, so approaches to cybersecurity that are based on desktop computers are not always effective. While viruses that target smartphones are simply the mobile versions of ones that target your desktop or laptop computer,man-in-the-middle attacks take advantage of free Wi-Fi in order to place hackers between your device and a Wi-Fi hotspot and steal your information and details from your apps. Bluejacking is the sending of unwanted or unsolicited messages to strangers via Bluetooth technology. It can be a serious problem if obscene or threatening messages and images are sent. Bluesnarfing is the actual theft of data from Bluetooth enabled devices (including both mobile phones and laptops): contact lists, phonebooks, images and other data may be stolen in this way.[1]Mobile Ransomware is malware that locks up your device.[2] If your device has been infected with the malware, you lose all access to every part of your phone until you pay a ransom to the hacker/criminal who has taken control over your device. [3] Phishing or Smishing usually starts as an email or text claiming to be from a person or business that you know. This email usually contains a link that asks you to verify information. This information in turn goes straight to the scammer to steal and use your details.[4] Free Wi-FiSince we are constantly trying to connect to public Wi-Fi networks, there is a constant threat of these networks stealing your personal information. Kevin Du, a computer science professor at Syracuse University, claims that “if you don’t have a VPN, you’re leaving a lot of doors on your perimeter open.”[5]A VPN or a Virtual Private Network “creates a secure connection between you and the internet,” [6] which means your IP address (all your internet activity) [7] and your location are encrypted, keeping hackers and cybercriminals away. For smartphones, it’s best to turn VPN on only when on an insecure connection or app in order to preserve battery life.[8] RansomwareRansomware is a type of cyber extortion. Criminals “threaten to seize, damage, or release electronic data owned by the victim,” with the main goal being to obtain money rather than data. [9] Scareware is similar to ransomware, except it only tries to make you think your device has been compromised or infected by a virus.[10] BluejackingBluejacking uses a feature originally intended to exchange contact information to send anonymous, unwanted messages to other users with Bluetooth-enabled mobile phones or laptops. In some cases, this is used to send obscene or threatening messages or images. It could be used to spread malware, as well.[11] BluesnarfingBluesnarfing is the actual theft of data from Bluetooth enabled devices (especially phones). Like bluejacking, it depends on a connection to a Bluetooth phone being available. A Bluetooth user running the right software from a laptop can discover a nearby phone and steal the contact list, phonebook and images etc. Furthermore, your phone’s serial number can be downloaded and used to turn off the phone. Again, the only current defense is to turn your Bluetooth off by setting it to “undiscoverable.” Phishing and Smishing ScamsThis scam starts, usually, as an email from a friend or business asking you to verify your information. This can also come in the form of a text message (Smishing) or phone calls from a company you could have recently contacted asking for payment confirmation. If given this information, the cybercriminals can obtain access to your details in order to take your money or steal your information.[12] Security Tips
Understanding MalwareEmail viruses (phishing) and SMS viruses (smishing)Most email viruses (phishing scams) rely on the user double clicking on an attachment that most often comes from a person you recognize on your emailing system. That person’s email could have been hacked as well, or it could be an email that looks the same, but when expanded is from a different source altogether. The attachment, when clicked, runs a malicious code that mails itself to other users from that computer. Any attachment that you open on your computer could contain a virus and infect your computer even if the extension appears to be safe (such as .txt, .doc or .jpg). Some viruses can infect users as soon as they open the email. These viruses may compromise your computer’s security or steal data, but more often they create excessive email traffic and crash servers.[17] Viruses can also be spread by clicking on links in emails that lead to malware sites. SMS viruses (smishing) depend on the user getting a text message or a phone call from an unknown number. The hackers use social leveraging to obtain anything from an online password to your social security number. The text messages can also appear be from companies you have used recently, like Canada Post telling you that you have a customs fee to pay to receive your package. Once you click on the link and enter your credit card information, the hacker has all they need to steal your money and personal details.[18] Macro virusesThis type of virus, also known as a document virus, takes advantage of macros (commands embedded in word processing and spreadsheet software that run automatically) to infect your computer. A macro virus can copy itself and spread from one file to another. If you open a file that contains a macro virus, it copies itself into the application’s start up files and infects the computer. The next file you open using the same program, and every file thereafter, will become infected; the infection can therefore spread rapidly across a network.[19] When Microsoft first introduced macros, the company was not aware of the many security risks that would be imposed on them. With their latest updates, when you open a word document, the macros will not run unless you approve it (know it is from a reputable source) stop a macro virus erupting in your computer (PC or Mac).[20] Boot sector virusesBoot-sector viruses (the oldest type of viruses) are mostly spread through infected storage devices such as USB drives. When your computer is turned on, the hardware seeks out the boot-sector program, the program the computer runs when it starts up. This is generally located on the hard drive but can also be on a storage device such as a USB drive. A boot-sector virus replaces the original boot-sector with its own, modified version. Upon your next start up, the infected boot sector is used and the virus becomes active. It can then read or modify any files or programs on your computer.[21] AdwareThis type of intrusive software displays advertisements on your computer and has become increasingly more aggressive since 2019 on Windows, Mac and Android devices. These usually come in the form of banners and pop-ups when an application is in use and try to “sell something to users, inflate views of ads, or scam people out of their money.” Adware can become a serious problem if it installs itself onto your machine: it can hijack your browser (Internet Explorer, Firefox, Chrome or Safari, for example) to display more ads even on your social media accounts (such as Instagram and Facebook), as well as gather data from your Web browsing without your consent and prevent you from uninstalling it. The most common issues with adware is that it can slow down your internet connection or render your computer unstable, as well as distract you and waste your time and money.[22] SpywareWhile technically a form of adware, spyware has as its primary function the collection of small pieces of information without users’ knowledge. One form of spyware, called a keylogger, actually monitors everything you input into your computer. In addition to monitoring your input and internet surfing habits, spyware can interfere with your control over your computer by installing additional software, redirecting your browser, changing computer settings and slowing or cutting off your internet connection.[23]Other types of spyware include: tracking cookies, trojans and system monitors.[24] Security tips
General tips - Most computers come with embedded security features including a firewall. This prevents unknown programs and processes from accessing the system, but is not a replacement for anti-virus software. Your firewall can be located and activated from your computer’s control panel. Some websites maintained by anti-virus vendors offer free online scanning of your entire computer system, but verify the source to be sure. Some sites which claim to scan for viruses actually plant malware on your computer. CookiesA cookie is a small text file saved on your computer by a website, mainly used as a means for session management, personalization and tracking while surfing the Web. Some cookies can be useful, making for a smoother browsing experience. For instance, they can save small pieces of information into memory, such as your name, so that you don’t constantly have to re-enter it on your most frequently visited websites. Cookies are essential to common features of websites such as “shopping carts” (which store your purchasing decisions while you browse an online commerce site such as Amazon). These cookies are usually deleted after you leave the website or within a few days of not visiting it. Other cookies, however, can be far more of a nuisance. These cookies will recreate themselves after the user has deleted them. A script will then keep this information in some other location on the computer, unbeknownst to the user. Other kinds are able to closely track your online habits and can last up to a year on a given server.[25] Understanding cookiesThere are several different types of cookies. Each has different properties: Session cookies This type of cookie only lasts for the duration of your stay on a particular website and is deleted when you close your browser. These cookies pose less of a security risk.[26] Persistent cookies This type of cookie is also known as a “tracking” or “in memory” cookie. These cookies can last up to a year from each time a user revisits the server. They are stored by the browser even after it is closed; when you click ‘remember me’ on a webpage where you hold an account, a persistent cookie is used to store your information.[27] Secure cookies These cookies are used when you are visiting a secure site (one where the Web address begins with “https” rather than “http”). Secure cookies are encrypted when being sent to and from your computer and the server, which means that they are more secure if someone intercepts or copies them. Use the HTTPS Everywhere plugin to make sure you only connect to the secure version of the site. Unauthorized installation and replication cookies This type of cookie, sometimes referred to as a “zombie” or “super” cookie, automatically recreates itself in some other location on the computer after a user has deleted it. Security tips
Browser hijackingBrowser hijacking is a malicious online activity where hijackers change the default settings in your internet browser. Links may appear that point to websites you would usually avoid, new toolbars and favorites that you do not want may be added and your computer may slow down overall. Users will also often find themselves unable to return to their original settings once this is done. The purpose of this threat is to force you to visit a website. This increases the traffic and number of “hits” a website receives, allowing it to boost its advertising revenue. These websites may also contain malicious scripts or viruses. Browser hijackers can be extremely persistent. If they can’t be removed, you may find yourself having to reinstall your browser or restore your entire system to its original settings.[28] Security tips
ScriptsA script is a piece of code that is loaded and run by your browser. The most common type is JavaScript, but HTML, Java or Flash based plug-ins have similar effects. While scripts may enhance and enrich online experiences (and are often necessary to use the full functionality of a website) they can also be malicious. A malicious script can compromise your computer’s performance and overall functionality by redirecting you to another site or loading malware onto your computer. Security tipsWhile you are generally safe from malicious scripts if you stick to trusted sites, there have been cases in which hackers installed malicious scripts onto legitimate sites. The only sure way of preventing script attacks is to control which scripts run when you visit a site.
Internet-connected devicesAn increasing number of electronic devices, from fitness trackers to cars to children’s toys, are now connected via Wi-Fi in what’s often called the “Internet of Things.” A report by Fortune Business Insights indicates that “the global Internet of Things market size stood at USD 250.72 billion in 2019 and is projected to reach USD 1,463.19 billion by 2027.”[29] Unfortunately, many of these devices are vulnerable in several ways:
Security tips
[1] (n.d.) TechSlang. Retrieved from https://www.techslang.com/definition/what-is-bluesnarfing/ [2] Ibid. [3] Ibid. [4] Ibid. [5] Raphael, J (2020) 8 mobile security threats you should take seriously in 2020. CSO United States. Retrieved from https://www.csoonline.com/article/3241727/8-mobile-security-threats-you-should-take-seriously-in-2020.html?page=2 [6] Marks, T (2020). VPN explained: How does it work? Why should you use it?. VPNOverview. Retrieved from https://vpnoverview.com/vpn-information/what-is-a-vpn [7] WhatismyIPaddress.com (n.d.) IP 101: The basics of IP addresses. Retrieved from https://whatismyipaddress.com/ip-basics [8] Raphael, J (2020) 8 mobile security threats you should take seriously in 2020. CSO United States. Retrieved from https://www.csoonline.com/article/3241727/8-mobile-security-threats-you-should-take-seriously-in-2020.html?page=2 [9] Bonner, M. (2019) Insuring against Ransomware and other Cyber Extortion. The Balance small business. Retrieved from https://www.thebalancesmb.com/insuring-against-ransomware-and-other-cyber-extortion-4060470 [10] Ibid. [11] (2013). What Does BlueJacking Mean? Techopedia. Retrieved from https://www.techopedia.com/definition/5045/bluejacking [12] Bonner, M. (2019) Insuring against Ransomware and other Cyber Extortion. The Balance small business. Retrieved from https://www.thebalancesmb.com/insuring-against-ransomware-and-other-cyber-extortion-4060470 [13] Ibid [14] Ibid [15] Ibid [16] Ibid [17] Day, B (2021). Complete Guide to Email Viruses & Best practices to Avoid Infections. Retrieved from https://guardiandigital.com/resources/blog/email-virus [18] Norton Lifelock (2020). What is smishing? Norton. Retrieved from https://us.norton.com/internetsecurity-emerging-threats-what-is-smishing.html [19] Ibid [20] (2019) Macro Viruses: What they are and how to avoid them. Sophos Home. Retrieved from https://home.sophos.com/en-us/security-news/2019/macro-viruses.aspx [21] Mustafa, D (2022). What is a Boot Sector Virus? Securiwiser. Retrieved from https://www.securiwiser.com/blog/what-is-a-boot-sector-virus/ [22] Malware Bytes Lab (2020) 2020 State of Malware Report. Retrieved from https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf [23] Ibid [24] vpnMentor (2020). What is spyware? And how to remove it in minutes. Retrieved from https://www.vpnmentor.com/blog/what-is-spyware-and-how-to-remove-it-in-minutes/ [25] Beal, V. (2010). What are Cookies and What do Cookies Do?. Retrieved from http://www.webopedia.com/DidYouKnow/Internet/2007/all_about_cookies.asp [26] Ibid [27] (2021). What is a Persistent Cookie? CookiePro. Retrieved from https://www.cookiepro.com/knowledge/what-is-a-persistent-cookie/ [28] (n.d.) What are browser hijackers? Norton. Retrieved from https://us.norton.com/internetsecurity-malware-what-are-browser-hijackers.html [29] Fortune Business Insights (2020). Market Research Report. Retrieved from https://www.fortunebusinessinsights.com/industry-reports/internet-of-things-iot-market-100307 [30] Broom, D (2021). 5 Surprisingly hackable items in your home – and what you can do to make them safer. World Economic Forum. Retrieved from https://www.weforum.org/agenda/2021/11/how-to-secure-smart-home-devices/ [31] Chester Wisniewski, “7 Tips for Securing the internet of Things.” Naked Security, March 7 2016. https://nakedsecurity.sophos.com/2016/03/07/7-tips-for-securing-the-internet-of-things/ Which HTTP response header should be used to prevent attackers from displaying their content on a website?The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
Which of the following is a characteristic of a potentially unwanted program pup?The most obvious characteristics that identify PUPs include being downloaded without a clear opt-out method and intrusive advertising or unwanted web tracking. PUPs may simply be junk files or other bloatware. But they might also be adware or spyware in disguise, and they can compromise the security of your computer.
Which development process would be ideal for Ronald to employ to achieve this objective?Which development process would be ideal for Ronald to employ to achieve this objective? Ronald can employ the SecDevOps model to meet the requirements of the client.
|