Technology E-mail & Phone Threats 2020
Related Article : [Common Online Dating Scams]
You are on page 1/4
Every day new threats are launched in our world. Below we have outlined common terminology and known scams that are in circulation. This is a living document that we will add to as new threats emerge. Always report any abnormal activity to your I.T. department or computer support personnel if you suspect any of the following are occurring on your system(s)! It is important to note that any computer is capable of these threats, including the Mac and the PC. Users should also be aware that Android, Windows and iOS based tablets and smartphones can also become infected. Always be aware of any apps or new programs you install. See the last page of this document for cleanup tools/scanners and our recommendations.
Malware – is software used to perform malicious operations on computers. The primary intent is to disrupt regular operations, gain remote access to private computers, gather information or display aggressive advertising. Malware can be hidden and quietly run in the background, however it can also make itself well known and put measures in place to prevent you from stopping it. Malware is ever evolving, the end game is always to make money or extort payments for removal. Common terms associated with malware include: crypto lockers, backdoors, viruses, rootkits, worms, Trojan horses, spyware, ransomware, scareware and adware. Any program that is malicious can be considered malware by today’s definition. Although ‘malware’ is a catch all phrase for malicious software, you should understand the other common terms meanings:
- Backdoors – are designed to bypass any security on a computer and provide the creator with full remote access to your devices and/or system(s). Backdoors can be used to view compromised devices screens, trap keyboard inputs for the purpose of obtaining logins and credit card information. Backdoors can be installed with some ‘free’ downloadable software off of the internet or distributed as a bonus part of a Trojan horse or worm infection.
- Viruses – are typically used to destroy data and replicate themselves to increase their distribution. Viruses, when launched will normally do their damage on your local computer, but present an especially problematic issue for corporate users or any companies where shared drives are in use, as the virus will also potentially infect files on the ‘shared’ drives. The next time an uninfected user opens one of these files, they also become a victim and the process repeats.
- Internet Of Things – IoT includes devices such as televisions, alarm systems, DVRs and many other non-computer internet connected devices. Recent large scale denial of service attacks were tracked back to insecure and un-standardized use of the software running on traffic control systems and home appliances. Attackers can exploit the insecure devices and have them carry out attacks, often without the owner of the device even knowing they are involved. The attacks can include denial of service attacks and massive SPAM distributions.
- Rootkits – can be thought of as viruses but have a dark secret, their primary job is to stay out of sight – living on your system(s) without your knowledge, doing whatever they were designed to do in the background. Rootkits are well known to hide themselves from common antivirus software and from typical places you might check to see if something is running, like the Windows Task Manager. Even if you do happen to find the background thread, or process that the rootkit is running under, they are smart and know when terminated, launching another copy immediately after being closed. These are considered so dangerous because they can modify files at the operating system level and live within critical operating system files which are in use during normal operation, making removal almost impossible without booting to a special USB drive or operating system DVDs.
- Worms – replicate and spread across networks, such as the internet and local company or home networks. They prey on un-patched computer systems and although can cause malicious harm, most of the payload of this type of infection is elevated network traffic and increased processor usage. On a single computer, this is normally not such a big deal, but when you multiply this times the internet or company network, the right worm in the right environment could effectively render computers unusable and make networks so congested that normal operations are disrupted preventing access from day to day operations.
- Trojan Horse – a Trojan horse can be classified as any method or trick that fools a user into executing a malicious piece of software. Trojan horses are intended to be destructive and can spread across networks. Their intent is usually to destroy files/data, crash the computer/device, modify files causing corruption and instability, along with potentially spying on infected machines with the intent to access sensitive information.
- Spyware – as the name implies, this form of malware has one purpose, to spy on the person or company without their knowledge. Spyware tracks and monitors users behaviors, gathering data to determine what ads to show on websites and can capture keystrokes used for theft of data or monies from online accounts. Spyware can be annoying as some variants of it will actually redirect web browsers to pages you didn’t choose to visit or change settings on your computer. Spyware running in the background has been shown over and over to slow down the computer as the background processing puts an overhead on nearly everything you may do.
- Adware – adware is simply a piece of software that displays advertisements, generating revenue for it’s creator. Adware usually strikes while surfing the internet, but can also present ads on a computer when you aren’t even surfing the internet. Advanced adware can actually analyze websites and cookies to determine what ads you are mostly likely to click on, in turn maximizing profit for the adware creator. This form of malware can be quite annoying, but usually is the easier of the variants to cleanup!
- Ransomware – is a form of malware that actually holds your data hostage. It installs silently on users computers and/or devices. Ransomware comes with a heavy payload. If successfully deployed, it will hold your data and/or company hostage until a ‘ransom’ is paid. Ransoms are usually demanded in Bitcoin currency and can range from $100 to tens of thousands of dollars. There is typically a time limit on ransomware infected machines, up to 72 hours in generous cases. If the ‘ransom’ is not paid within the number of hours given, the data will forever remain encrypted and rendered useless to the user, resulting in a full data loss (unless good backups are available). Ransomware is extremely popular because it generates cash and a lot of it. In 2015 a popular ransomware variant known as Crypto Wall made over $18 million dollars.
- Bitcoin – Bitcoins are cryptocurrencies, emerging around 2008, where transactions take place in a user to user format. Bitcoin transactions do not require the use of real names. Similar to paying someone directly, without the use of a bank. Bitcoin can be accepted by legitimate businesses and as a payment method, but it is currently mostly known for use on dark net markets, used by criminals for a way to be paid without all the so called ‘paper trails’. Transactions conducted via Bitcoin are recorded in a public log, but names of buyers and sellers are not revealed. Transactions cannot be easily traced back to a buyer. Currently, one (1) bitcoin is worth ~$9500.00 USD (as of Feb 2020).
- Crypto lockers – are designed to lock down your data by encrypting the contents of common file types. It makes use of standard public key cryptography, the same method used to secure sessions to HTTPS websites (like your bank). Certificates require 2 parts to be successful, a public and a private key. Public keys are just that, public facing keys. When data is encrypted, the public and private key combinations build the encryption. You cannot decrypt (or undo) an encryption without both parts of the key. Crypto locker authors keep the private key on their systems, demanding payments. Once payments are received you will receive the private key and can theoretically revert your system back to before the encryption occurred. Since the object of a crypto locker is fast cash, authors usually demand payment and give a window in which payment must be made. If the time expires, they will remove the private key, making recovery virtually impossible. There are many cases of people paying the said ransoms required to obtain the private key and simply never getting it. Since payments are almost always demanded in the form of Bitcoin currency, there is a little to nothing that can be done if you pay up and never receive your private key. The FBI recommends to never pay cyber-criminals for these types of infections and urges users to keep backups of critical data current.
- Scareware – uses social engineering to trick users in buying unwanted software. It can include rogue security software, cleanup tools and a range of other software. They are intended to cause shock and scare the users in to thinking something is wrong, but fear not – the scareware will save the day for a low low price of $xxx. Scareware is fake. A user may receive a virus notification window popup, for example, claiming the computer is infected and is putting their personal data at risk. The scareware will attempt to get them to buy the removal or cleanup tool to remedy the urgent situation at hand. What many don’t realize is that the notification of the alleged infection is fake and the cleanup tool you just bought is not really doing anything except telling you it cleaned up your system, when in reality it did absolutely nothing, because nothing was actually wrong to begin with. Scareware can be distributed via e-mail, but is most commonly encountered with surfing the internet. Flashing, annoying banner ads stating “your computer might be infected” are a common breeding ground for scareware…
- Technical Support Scam – a sudden pop up of your antivirus software stating you need to call a phone number because of ‘suspicious activity’ or viruses on your computer that are sending out your personal information are fake. Although designed to look like real antivirus popups, these are in fact fake. Your antivirus provider will not ask you to call them in the event of an infection, nor will big companies like Microsoft or Apple. What actually happens is you are directed to a malicious website to start the repair process. The victim will need to pay for the cleanup service, often for the very low rate of just $49.95 to $79.95. The fake antivirus will ‘scan your system’ reporting back virus infections that actually don’t exist. You may notice that your web browsers are redirected and won’t go where you want… Ads are bombarding your screen. These fake antivirus windows can now also talk in a repeating loop and they have hijacked your internet browser and start every time you launch the web browser.
You are on page 1/4
Up next, on page 2: E-mail Threats