Stay safe in 2017
2016 has seen the rise of DOS (Denial of Service) attacks through zombie networks of ‘smart’ household devices like CCTV Cameras.
Ransomware has become more sophisticated with attackers cannibalizing code from previous failed attempts to potentially hold entire networks hostage for money, threatening to delete users’ files unless they pay up.
In November 2016 Kaspersky released their Security Bulletin detailing these and other hacks throughout 2016. The bulletin also predicts some likely cyber-security threats for the coming year.
Although these threats don’t yet exist, you can take action now to help prevent them.
1. Update Update Update
In 2016 Kaspersky documented a number of APTs (Advanced Persistent Threats). Chief amongst these was ProjectSauron, a cyber-espionage platform which attempted to harvest intelligence from government departments, telecom providers and scientific research stations to name but a few.
APTS often make use of Zero Day Exploits. In other words malware is used to compromise a computer before the developer has the chance to issue an update.
Even when updates become available, many users don’t bother to use the latest Operating System with all the latest updates installed. Turn on Automatic Updates in Windows and on your Mac to stay safe.
2. Maintain your Airgap
Sophisticated malware like that used in ProjectSauron will often make use of network-driven backdoors. These can sit benignly in a computer system, until activated remotely.
In December 2015, tech giant Juniper Networks made a shocking announcement that it had found unauthorised code embedded into its firewalls which could potentially allow attackers to take control of their systems.
Rather than scan your OS’s code line by line, employ an airgap. Any truly sensitive data will then stored on a device that is not connected to the internet, protecting it from network backdoors.
According to a report by Kaspersky ransomware attacks increased threefold during 2016, averaging around 1 in every 40 seconds.
While traditionally there has been a certain honor among thieves when it came to unlocking machines, the same report by Kaspersky noted that one in five small businesses that paid the ransom never got their data back.
Use the backup and restore features available in both Windows and OS X to avoid being extorted.
When backing up be sure to use a separate, external drive to store your files and keep it off site when not in use.
Our following guides can show you how to back up your device:
4. Lock IoT Down
In October 2016, over 80 major websites were forced offline in a DOS (Denial of Service Attack) using hundreds of enslaved IoT devices. A Chinese Electronic component manufacturer later sheepishly admitted that its devices from CCTV Cameras to digital recorders had been hijacked to form a huge slave network.
Devices like Samsung’s Smart Fridge have also been hacked to obtain the owner’s Gmail passwords.
Contact the manufacturer of your devices for help with changing the default password. Make sure to use a secure wireless network for your IoT appliances, ideally one secured with WPA2-PSK (AES).
5. Stoke your Firewall
Aside from the Juniper Networks incident, in January, the developers of FortiOS were also under scrutiny after seemingly hardcoded passwords were discovered in their firewall. In 2017 firewall manufacturers will most likely continue discovering backdoors in their products.
Consider installing the free and open source firewall distribution IPFire onto a dedicated computer such as an inexpensive Raspberry Pi to be certain there are no hidden surprises. IPFire is designed specifically for people with little networking experience and allows you to separate your home network and internet traffic into separate safe ‘zones’.
6. Advanced Intrusion Detection
In August 2015 the hacking group Sofacy launched a cyberattack using their own tool ‘AZZY’.
Kaspersky countered by updating their virus recognition database. Sofacy responded to this by releasing a modified version of ‘AZZY’ within 90 minutes which was not recognised by the virus scanner.
The bottom line is that in 2017, simple antivirus programs relying on signature based-verification will not be able to detect malware fast enough.
Choose security software which also employs anomaly based detection, which will block any programs that behave unusually. ClamAV, for instance, is an excellent free, cross-platform antivirus program which uses both types of detection.
7. Turn off Tracking
Kaspersky predicts that 2017 will be a year where advertisers or spies will try to further undermine your anonymity through use of tracking cookies.
This has worrying implications for your privacy if, for example, you visit a life insurance website for a quote and they are able to detect that you recently bought a book about heart disease on Amazon.
8. Be more Antisocial
Kaspersky has predicted that in addition to advertising networks, vigilante hackers are more likely to target social networks for cyberespionage (). In June of this year some of the social media accounts of Facebook CEO Mark Zuckerberg himself fell into the hands of hackers.
While you cannot control the servers used by your favorite social networking websites, consider carefully what you post online and make sure to familiarise yourself with the privacy settings of your favorite social network.
Facebook users can benefit from TechRadar’s recently updated article on Advanced Facebook privacy and security tips.
9. Use 2FA
In June 2016 a number of celebrity Twitter accounts were compromised leading to false rumours that celebrity Jack Black was dead.
Some passwords were obtained through from a “data dump” from an attack on the website LinkedIn a few years previously as some users had the same password for both.
While it would be wonderful if everyone used a different, complex password for each site, it is not very practical. Major websites like Facebook, LinkedIn and Twitter do however offer two step verification, which requires a code sent to your phone in addition to your password when logging in from a new location.