Five Ways to Get Rid of Cryptojacking Malware
Cryptojacking is a growing threat in 2018 and there are several ways to prevent this threat. Few of the methods to prevent this emerging online threat are discussed below.
Installing browsing extension
Most of the crypto mining malware works from the web browser so we can stop that malware by installing a browser extension. There are few browser extensions like ublock origin & Malwarebytes that will help to block any cryptojacking scripts. If we have these extensions installed on the browser, they will automatically stop those scripts from running on the browser which will prevent the browser from running the mining code. Those extensions are available for free and they regularly update their signature. Since they will automatically filter the mining codes we don’t need to check them manually. Therefore, installing a proper extension will help to get rid of cryptojacking malware.
Installing only trusted applications
Another big source of crypto mining malware is untrusted applications from untrusted sources. Mostly untrusted adware comes with the bundle of cryptocurrency mining bots, so we shouldn’t install those applications in our computer if we want our computer to be safe from mining malware. For smartphones also, untrusted apps are the number one source for mining malware. Fake apps and untrusted apps with fake promises are found on the internet and these applications are designed to trap the users to install the mining malware on their computer. We must verify the legitimacy and sources of all the applications that we are installing on our computer. So, staying away from untrusted applications will help a lot to get rid of cryptojacking malware.
Installing Antivirus & Antimalware tools
Antivirus and antimalware software will block the crypto mining software before they execute. This software will prevent the landing of crypto mining malware on the computer. We might not be able to maintain our internet safety ourselves and there is always a risk of getting malware injected on our computer unknowingly. If our computer is already infected with mining malware then we can use the antimalware software to scan and remove it from our computer. Therefore, the use of antivirus and antimalware software will help us to block those websites and programs if we executed it accidentally and to remove the malware that is already on the computer.
Firewall
A firewall can be installed and configured to block all the website that hosts the cryptocurrency mining codes. Also, we can block the websites that provide the API for mining cryptocurrencies. This is very effective to block the crypto malware mining malware. It prevents the bad websites from being loaded on the browser of the user which will prevent the cryptojacking malware from entering in the system.
Education
If we are aware of safe internet browsing then there is less chance that we will fall for mining malware victim. Educating people on identifying fake applications and fake websites that host the malicious code will help to reduce the harm of crypto malware. Providing internet security trainings and awareness programs will not help to get rid of crypto mining malware but it also helps people identify other online threats and social engineering. Therefore, educating people should be considered as one of the security measures by organizations.
Read Article →
Installing browsing extension
Most of the crypto mining malware works from the web browser so we can stop that malware by installing a browser extension. There are few browser extensions like ublock origin & Malwarebytes that will help to block any cryptojacking scripts. If we have these extensions installed on the browser, they will automatically stop those scripts from running on the browser which will prevent the browser from running the mining code. Those extensions are available for free and they regularly update their signature. Since they will automatically filter the mining codes we don’t need to check them manually. Therefore, installing a proper extension will help to get rid of cryptojacking malware.
Installing only trusted applications
Another big source of crypto mining malware is untrusted applications from untrusted sources. Mostly untrusted adware comes with the bundle of cryptocurrency mining bots, so we shouldn’t install those applications in our computer if we want our computer to be safe from mining malware. For smartphones also, untrusted apps are the number one source for mining malware. Fake apps and untrusted apps with fake promises are found on the internet and these applications are designed to trap the users to install the mining malware on their computer. We must verify the legitimacy and sources of all the applications that we are installing on our computer. So, staying away from untrusted applications will help a lot to get rid of cryptojacking malware.
Installing Antivirus & Antimalware tools
Antivirus and antimalware software will block the crypto mining software before they execute. This software will prevent the landing of crypto mining malware on the computer. We might not be able to maintain our internet safety ourselves and there is always a risk of getting malware injected on our computer unknowingly. If our computer is already infected with mining malware then we can use the antimalware software to scan and remove it from our computer. Therefore, the use of antivirus and antimalware software will help us to block those websites and programs if we executed it accidentally and to remove the malware that is already on the computer.
Firewall
A firewall can be installed and configured to block all the website that hosts the cryptocurrency mining codes. Also, we can block the websites that provide the API for mining cryptocurrencies. This is very effective to block the crypto malware mining malware. It prevents the bad websites from being loaded on the browser of the user which will prevent the cryptojacking malware from entering in the system.
Education
If we are aware of safe internet browsing then there is less chance that we will fall for mining malware victim. Educating people on identifying fake applications and fake websites that host the malicious code will help to reduce the harm of crypto malware. Providing internet security trainings and awareness programs will not help to get rid of crypto mining malware but it also helps people identify other online threats and social engineering. Therefore, educating people should be considered as one of the security measures by organizations.
How to Identify Cryptojacking Malware?
There are several ways to identify the hidden crypto mining malware on our computer. We can either detect and identify that malware manually or by using the third-party antivirus or antimalware tools. These are the few ways to identify the cryptojacking malware on our computer.
Monitoring CPU usage
If we see unusual CPU usage behavior then our computer might be infected with cryptojacking malware. Usually, there won’t be much CPU usage when the computer is idle. We only see a spike in CPU usage when we are using heavy programs, so if we see high CPU usage on our computer when we are not using any programs on the computer then this might be the result of cryptojacking malware. We can manually monitor the CPU usage of our computer when we open any web browser or open any website. If the CPU usage is increasing when we open any website then there might be cryptojacking code on the website, we can then block those websites from being loaded on our computer. If we see high CPU usage when opening a browser or any other application, then this might be due to the hidden mining codes in that software. Monitoring CPU usage is one of the best ways to identify the cryptojacking malware.
Analyzing fan sound
One of the ways to detect crypto jacking malware is to monitor the CPU usage but checking CPU usage frequently might be impractical. Instead of checking CPU usage we can also check the sounds of a computer fan. If the computer is infected with cryptojacking then it will increase the CPU usage which will result on the increasing temperature of the CPU so the cooler fan of the computer will rotate rapidly making the sounds notable. If we can hear the loud noise of fan frequently then our computer might be infected with the cryptojacking malware. There are lots of fanless laptops and ultra-books available, also the mobile devices will not have a fan to cool down the CPU. For that kind of computers and mobile devices, we can monitor the temperature of CPU rather than monitoring the fan sound.
Analyzing the performance of the computer
If the computer is infected with crypto mining virus then one of the major symptoms is the slow performance. Since most of the CPU will be allocated for the mining purpose computer can’t handle the assigned task and the performance of the computer will reduce. If our computer started performing slowly suddenly then it can be the result of cryptojacking. When we open any website infected with mining malware it makes the browser and other application very slow. Sometime the browser might freeze due to high CPU usage by the application. With the modern operating system, we can see the CPU usage of individual tabs on the browser so if any tab is making the computer slower, the website opened in that page might be mining the cryptocurrency.
What is Cryptojacking and Why is it Increasing?
Cryptojacking is an online threat where a hacker uses the machine's resources of the victim to mine online currencies called cryptocurrency without their consent. Cryptojacking is one of the growing online security threat of 2018. According to the report of McAfee Labs, there is 629 percent growth in cryptojacking threat in 2018 Q1. Cryptojacking will hijack the processing power of the computer and mobile devices and uses it for mining. Mining cryptocurrency will need dedicated hardware with good CPU or GPU so that it can calculate the hash required for mining. Setting up this hardware and making it run is costly. Therefore, for cryptojacking hackers will use many infected computers for the hash calculation so that they don't need to use their own hardware and resources for the mining. According to Check Point Software Technologies, 40 percent of the top 10 malware are crypto mining malware.
We can see many websites hosting crypto mining code for their profit and it is estimated that those sites are getting billions of visits. When hacker could inject their code on a popular website they are saving thousands of dollars to build a mining rig which would be able to mine the same amount of cryptocurrency. Cryptojacking script will work on both computer and mobile devices so they could use a single code to mine cryptocurrency from multiple devices. These days smartphone are being more and more powerful, and the number of smartphone users is growing. Hacker is taking advantage of this large number of mobile devices as a host of their mining script. A report of Malwarebytes labs shows that more than 60 million Android smartphones are infected from cryptojacking malware. This is a huge number and it is still growing; bad guys are finding new ways to host their mining code and use many devices to mine the cryptocurrencies. Cryptojacking doesn’t need any downloading, it will run instantly when the website is loaded, which makes it a more serious online threat.
Why Cryptojacking is Increasing Rapidly?
Computer and smart gadgets have become one of the essential components of business and individual these days. Therefore, the number of computers and mobile devices are increasing rapidly. Hackers are using those large number of computer devices for their financial gains. We saw the upward trend of ransomware attack in 2017. Ransomware attacks were increased by 250 percent in 2017 and U.S was the country worst affected by the issue. Due to the evolution of cryptocurrency and its price spike hackers are now moving towards mining cryptocurrency. Technically cryptojacking is easier for a hacker than ransomware attack, because of that cryptojacking has become one of the rapidly increasing internet threat in 2018.
Cryptocurrency has made hackers easy to cash out their stolen money from different resources since cryptocurrency are not regulated by any bodies and they can anonymous transaction with it. There are two main reasons for increasing number of cryptojacking malware, one is the safe cash out solution and the other is an easier attack.
There are already many services that allow its user to create a mining code and implement it on their website of malicious applications. Since it is very easy to use anyone can create their own crypto mining malware in few minutes with few lines of code without having strong technical skills. One can create a cryptocurrency mining malware in few minutes without having many technical skills using third party tools.
The purpose of cryptojacking malware is not to steal any data and not to modify any sensitive information on the computer. The sole purpose of this malware is to mine cryptocurrency using the CPU of victim's computer. While cryptojacking malware doesn't pose serious threats like other malware that causes data breach and system malfunction, it will reduce the performance and life of the computer. Although cryptojacking malware is not developed to made direct harm on the computer it might have physical damage on the computer due to the nature of cryptocurrency mining. Mining of cryptocurrency involved the calculation of complex mathematical formula which needs a lot of CPU. It will not only reduce the lifespan of the computer but will also increase the cost of electricity and heavily reduces the performance of the computer.
How is Mobile Technology & IoT Devices Affecting IT Security
Technology has changed the way we do business and it has become an essential part of modern commerce. Technology has become the need of every business. Not only they are using technology for marketing their product and providing the better support they are also expanding their presence to the digital world with e-commerce. For communication, business is using latest technologies like VoIP which provide more functionality to the organization and is more easier and faster than traditional communication system. Since every employee needs a computer for their job in the organization, some companies are also promoting Bring Your Own Device (BYOD) on their organization, as it can reduce the cost of buying a new device and increase efficiency since employee are working on their own machine.
Although these new technologies have made the job easier and faster they possess several threats to the business. We can see smart IoT devices being installed on the organization to monitor the environment and to automate the controlling process, but these devices are being used by bad guys for their botnet. We have already heard a lot of times that hackers are using IoT devices to perform an attack like Distributed Denial of Service (DDoS).
Not only this but these device stores a lot of information about the office environment so a small loophole on it might result in a data breach of the corporate. We can see a trend of BYOD in most of the offices these days to reduce the operating cost of business. Although they think that this is reducing the cost of business it might have a serious threat on the information system of the organization because it is quite difficult to enforce security policies on the machine that are not owned by the organization.
Business can't run without using such kind of technologies, there is a lot of competition and to stand above their competitor any business organization should use the latest technologies for their business. Since there is a chance that the use of those technologies might also pose threat to information security, we have to create proper plans and strategy to maintain the security of our assets. Therefore, security must be considered on the plans and it should be implemented properly.
Why Should Every Organization Consider Cybersecurity in their Business Strategy?
These days business operation can't take place without using the technology and internet. Business must use computer network and system to perform their operations. Traditional methods of handling data and performing the job are already obsolete and workstation are digitalized. Information of an organization are being stored in the cloud and the type of information that any organization collects is increasing. Since, technology has become the part of business operation new strategy means more data, more information and more use of technology.
If the organization is collecting more information and storing the data, then the responsibly to keep that information security will increase. The organization must understand the current state of information security and potential risk to information after implementing the new business strategy. All the technical components like hardware, software, network configurations, must be reviewed to get information about security issues. Flaw on any one component means security threat to the critical information.
For example, a business is planning to move to the new country and to find out about their potential customer they might collect information about their interest and their information. The information they gather from the potential customer is stored in the database of the organization. Now, it is the responsibility of the organization to keep that information secure. There is always a risk to the information and threat are lying around us. If we don’t think about security while making plans and strategies, then we might not be able to achieve our goals.
Improper security plan will result in the failure of the organization and this is not a good strategy to run any business.
We should think about the potential security threat and the ways to secure it before implementing any strategies. Also, the strategies that we implement might create security loopholes in the system. In my opinion, security will influence an organization's strategy and strategy will impact their security. We can't isolate the impact of strategy on security and the implementation of strategy considering the security.
Let’s take the example of a store that only has a physical store and planning to go online and made a strategy to open their e-commerce website. To run their own e-commerce website, they need to store information of clients like their name, address, email, phone no. etc. Also, they need to securely process the transaction using credit cards or another payment gateway like PayPal. Now, they should make a strategy to store the information collected from the client securely. If they can’t guarantee the security of information collected from the customer, then they can’t be a success in their business. In this case, they first need to build a properly secure system that store information of customer and process the transaction securely. They might need to change their strategy to protect the data of the customer. Therefore, security will influence the strategy they make for their business.
On the other hand, strategy and plans can impact the security posture of the organization. We know that nothing is secure on the internet and every infrastructure has vulnerabilities. Implementation of our strategies might sometime give bad guys exposure to attack our system. Let’s take the example of a smartphone manufacturer company called OnePlus. OnePlus is an Android smartphone company whose strategy is to sell phones only from online store to make the smartphone cheaper by reducing the cost of the smartphone by avoiding the physical store. Their strategy is to sell the cheaper smartphone by reducing the operating cost of their business by avoiding any physical store. They started selling phones online but there were vulnerabilities in their payment system. They had announced that up to 40,000 customers credit card information was affected by the security breach and because of this, they need to shut down their payment gateway until the issue is fixed. From this example, we can see that our strategies might have impacted the security of our data and privacy. Therefore, strategies and securities should be considered as two sides of the same coins and we need to do proper research before making plans and strategies for our organization.
How Can We Solve the Problem of Identity Management with Blockchain?
Now many companies have started knowing about the potential of blockchain to develop their applications. The need for secure identity management system has become very important because currently, US retailers are losing about $32 billion because of fraud. All of this is happening because of the poor identification system that is currently existing. Migrating the identity management entirely in the blockchain is not going to happen overnight but we need a system that protects the identity information and the authentication process. Multi-factor authentication was introduced to solve the current issues but enabling multi-factor authentication with blockchain will help to make it more secure and will add an extra layer of security to the application.
Authentication using blockchain will be as easy as taking a picture because for the entire authentication process user must scan the QR code only with the application. To use the authentication using blockchain one must be using an application and whenever there is an authentication request it must be authorized from the app scanning the QR code. These days we have a smartphone with us with most of the time so, it will be more reliable than traditional authentication system. Authentication on the blockchain will be based on ID generated by the blockchain. This ID is a data that is stored on the block and contains the information to verify the identity like date of birth. This information can be verified by any third party that is authorized to retrieve the information from blockchain. A public key is assigned to the identification issuing service and the private key is assigned to the user. The user can then sign a signature that will verify against the public key stored in the blockchain. This identification will be used as a source of authentication while using the service. Since all of these are done in blockchain it will serve as a decentralized source of authentication. Blockchain app for authentication will be like a single-sign-on portal that can be used by another app not being owned by a single entity and will only be used for the authentication purpose. The protected app will have to request a digital signature and an ID from a user requesting access. This app will authorize the authentication if it finds that the signature is valid.
Blockchain provides a compelling solution to the problem of combining accessibility with privacy and security. Information can be transferred securely using end-to-end encryption. All the events are referenced and documented on the blockchain, so all the data are trusted and reliable. This technology wasn't possible a few years ago but with a smart contract on blockchain, this all has become possible.
Whenever we try to create an account or website we are asked a lot of information that might not be required to use the service. The problem with this is if the service that we are using is compromised or our account is compromised then all the information that we provided on that website are leaked. We can solve this issue by applying the single sign-in system with blockchain and providing the information that is required for the service user is requesting. By this way the user can access on the service he is trying to use, and the information of the user is not shared, it will only be verified from the blockchain. No information will be stored on the web server while using the authentication with blockchain and the data of the user is not shared. This will prevent the personal information from being leaked.
It will also make it possible to transfer money between two parties without sharing any personal information. If the application needs to get the credit information of the user, then it can simply send a payment request now once the user gets the request for payment they have an option to deny or approve the payment request. If they want to approve the payment request, they can directly make the payment from the bank by forwarding the request to the bank. This will make the financial transaction more fast and secure. By applying blockchain in identity management we can get a comprehensive, secure and a decentralized authentication and identity verification.
How does Blockchain Works and Why is it Secure?
The blockchain is distributed ledger of digital events that have occurred between different nodes on the network. Each transaction or event on the blockchain is verified by consensus of most nodes on the network. Once the information is stored on the block it can never be modified or deleted. Blockchain contains the information of each event on the network and the information is shared with all the nodes of the blockchain.
Bitcoin was the first major innovation of blockchain. It was created in 2008 by Satoshi Nakamoto as an experimental digital currency which is now worth more than $100 billion. Bitcoin is the most controversial technology because of anonymous transactions nature. However, the technology behind bitcoin i.e. blockchain is not controversial and lots of innovative applications have been developed on the blockchain. Marc Andreessen, the doyen of Silicon Valley’s capitalists, listed the blockchain distributed consensus model as the most important invention since the Internet itself. There is an assumption that by 2022, more than a billion people will have some data about them stored on a blockchain but may not be aware of it.
The blockchain is moving to mainstream world and many business and organization have started doing research on about implementing blockchain for their operation. US universities have already started teaching blockchain and cryptocurrency on their courses. Many companies are interested in blockchain technology because of the security feature that it offers.
The current digital economy is facing having the lack of trust issue and this is one of the problems that blockchain solves and has the possibility to revolutionize the digital world with a distributed network of blocks where all the current and past events can be verified anytime in the future. All of these are done without compromising the privacy of nodes or parties involved. The blockchain provides a solution for a variety of security issues that we are currently facing and blockchain has become one of the most trending topics because of the solution that it offers. One of the rapidly emerging use cases of blockchain is smart contracts which have made possible to run to different automated functions on the blockchain. Identity management can be run efficiently on blockchain because of the smart contract feature.
Structure of the Blockchain
Generally, a block will contain three major information, data, and a hash of the previous block. The first block of the blockchain doesn't have the hash of the previous block and all the next blocks will have has of their previous block. The first block on the blockchain which does not have the information of the previous block is called genesis block. A block has a record of all the recent transactions and a reference that came before it. Data inside the blockchain differs from blockchain to blockchain, the blockchain of bitcoin will have the information of the sender, receiver, and timestamp on the data field.
Hash on the block is unique and they are created by solving complex mathematical formula. If anything inside the block is changed, then the hash inside the block will also be changed and it will no longer be the same block. This will also make all other following blocks invalid because they will no longer contain the current hash of the previous block.
How Does Blockchain Works?
The blockchain is a decentralized database whose nodes are distributed around the globe and stores the digital information of any value inside its block. A block stores the transaction entries, timestamp, the hash value and hash value of the previous block. A block of the transaction must be validated and recorded by all the nodes on the network before it is added on the chain. This complete process is based on cryptography and who solves this cryptographic puzzle are called miners.
The sender wants to create some transactions or events on the blockchain, once the transaction is executed it is represented online as a block. Now, the block is broadcasted to every node in the network. All the nodes on the blockchain network will approve the transaction is valid. Once the transaction is validated the block will be then added to the chain and this information is a non-editable and transparent record of the transaction. Finally, the information will reach the receiver and the information will be permanently stored on the blockchain.
Why is blockchain considered secure than traditional technology?
Each block on the blockchain are connected to each other they do have a hash of the previous block. Since all the blocks are connected it is difficult to tamper with the information stored on the blockchain. If anything inside the block changes the hash recorded will be changed and the block will be no longer the same block, and this will not be accepted as a valid block by the nodes. This is one of the features that makes blockchain secure. All the information stored on the blockchain is secured with cryptography. All the nodes or participant will have their own private keys and public keys. Private keys are assigned to their transaction and it will act as a digital signature. If the record is modified, then the signature will automatically be invalid.
Blocks are continuously updated and synced between the distributed peer-to-peer networks which make it DDoS proof and hack-proof. Since the data of blockchain are not stored in a central location it doesn't have a single point of failure. It requires to control more than 50% of the blockchain network at the same time to make any changes accepted in the blockchain network. It needs huge computing power to have 51% of the blockchain network in control. Therefore, it is practically impossible to tamper the information in the blockchain. Because of this feature blockchain is considered more secure.
Most Popular Authentication System And Their Problem, They Are No Longer Secure
Although there are lots of method and devices available for authentication, each of the authentication that we use has their own limitations. Below are the authentication systems that we are using and their limitations:
Password
ID and password are the most common and widely used authentication method. Although it is one of the widely used methods it carries huge security risk. One of the biggest problems with this system is that anyone can guess the password and can be shared knowingly or unknowingly. Also, the no. of the password will increase with the no. of service that user uses. It is insecure to use a single password for all the websites, so it is recommended to create a unique password for each website.
Users cannot remember all the passwords that they have, and they might write it somewhere, which can later be leaked. The password can easily be stolen online by using phishing sites and can be stolen with keyloggers. We can create a strong password by using long characters, but it poses a risk of being stolen by a recording camera, social engineering and the method mentioned above. There is a huge chance of a password being leaked by human error.
Biometrics
Biometrics is considered a secure authentication method than password and it is quite popular these days. We have lots of devices with fingerprint, iris scanner and face recognition for the identity management. Although it is secure than traditional pin or password it is not 100% foolproof. Fingerprint has already been spoofed by creating 3D printed fingerprints. Also, the face ID by Apple on iPhone X was also bypassed. One of the biggest disadvantages of biometrics is that it will last for a lifetime. For example, if someone created a fake fingerprint of our finger then it will be the same for forever and the attacker can get access anytime using our fingerprint.
Two-factor authentication
Two-factor authentication is being widely used these days by lots of corporates. Since it requires multiple credentials for the authorization is considered more secure. If one of the credentials is leaked, then the attacker will not be able to gain access to the system due to the need of multiple authentications. Although it seems more secure, it has some limitations. A most common method of 2fa is to send the code over SMS and SMS message are notoriously insecure. A potential attacker can sniff the message and can read the authentication code.
Social media login
Most of the websites these days have adopted social media login. Users can log in on the websites by using their social media accounts like Google, Facebook, Twitter, Instagram etc. It is very easy for the user to login with social media accounts because they don't have to create a separate account for each site and they can log in on multiple sites with single social media accounts. If the social media account of the user is compromised, then the attacker can get access on all the sites that user had created an account using that social media account. Therefore, it is not considered that secure.
Most of the authentication method that we use these days are not secure and the credentials can be easily stolen with social engineering, phishing, and brute force attack.
What is Identity Management & Authentication?
Identity management is the process of authenticating users to find the access that they have. It will help the individual to get access to the system which they are authorized. Identity management is focused on authentication.
Computers these days are capable of handling multiple users at a single time. Data of multiple users are stored on a single database and they are managed with proper access control. The process of verifying the identity of users by matching the credential provided is called authentication.
The main function of authentication is to grant the right access to the right person at the right time so that there will not be any unauthorized access on the system. Different people in any organization will have different role and functions so they will have different access right and identity management is to ensure that the users only get access to the system that is assigned to them. Authentication works by providing the proof of its identity to the server by a client, generally, username and password are used a proof of identity. Authentication doesn't identify the role and permission that is assigned to the user there will be a different process for that and it's called authorization.
User authentication is very important for any enterprise and individual to enhance network, application and data security, reduce fraud and other risks. It is critical for the security of the computer systems because without the proper authentication we canned decide whether the requested operation should be allowed or not.
Identity management can be done either with single-factor authentication or with multi-factor authentication. In a single factor authentication, access will be granted once the user inputs the credential like a password. But in multi-factor authentication, two or more credential must be verified to get access on the system. The goal of multi-factor authentication is to reduce the risk of information being accessed by an unauthorized person. If one factor is compromised, then the attacker must submit one more credential which reduces the chances of unauthorized access in case of a password or another provided credential is compromised.
Best Practices to Avoid the Phishing Attacks
In my previous article, I posted about the phishing attacks and different types of phishing attacks. On this article, I will write about the best practices that will help us to control the phishing. Phishing can be prevented somehow if we do follow best practices for anti-phishing. Some of the best practices for anti-phishing are listed below.
Maintaining Firewall & IDs
It is mandatory to maintain proper security infrastructure by installing and maintaining firewall and intrusion detection system. It should also provide security against malware.
Awareness
Awareness is one of the major things that we need to mitigate the phishing attack. New Intel Security study demonstrates that 97% of individuals can’t recognize phishing messages. Therefore, it is very important to make people aware of phishing.
Updating Web Browser
The web browser is one of the application software where users spend most of their time online, therefore, it must be regularly updated, and security patches must be applied.
Limiting the Information on Email
Personal and financial credential information must never be enclosed in an email and awareness must be practiced for this so that user would know what information they can share in email and what they can't.
Don't Click on Suspicious Link
Suspicious links on email must always be ignored and it should never be clicked.
Reporting Suspicious Activity
Malicious emails and the malicious link must be reported to the appropriate authority and be submitted to the phishing listings like phishtank so that other people will know about it.
Monitoring Logs
Logs from firewalls and intrusion detection systems must be regularly monitored so that any suspicious behavior can be detected.
What is Phishing Attack? Understanding Phishing and it's Types
Phishing is a method used by fraudster for stealing valuable personal data from a user. It is generally done by sending emails or creating fake websites. One of the most common attacks that we see on cyberspace is phishing and it is rapidly growing cyber threat. To get the personal information from people attacker send a fraud email to large no. of people and few might fall for the scam. The attacker will ask the victim to provide their sensitive information like credit card information, social security number or username, and password. Phishing is one of the most common cyber-attack it is very easy to do, and it also doesn't require much resources and time. Most of the phishing act are automated and the done in a bulk and they wait for the victim to put their information. The attacker will create a fake login form, malicious files or personalized message and send the victim to take the action on their email. If it reaches up to the victim, then they might think that the email is legitimate, and they might put their personal info and the attacker will use the credential for their own benefit.
More than 60% of cyber attacks are associated with phishing and social engineering.
Cyber-attack can be active or passive, we can say that phishing is a passive attack. Phishing is a continual attack and most of the attack is done on social media like Facebook, Twitter, and Instagram. The phishing email will contain a link to the fake website which will look exactly like the legitimate website. Phishing is also called brand spoofing because in this attack attacker is making a fake website of the original one. The attacker is looking for a new niche to attack from where they can gain a lot of profit. Before they used to steal iTunes account information but these they are moving to cryptocurrency platform [1].
Most of the cyber-attacks start with phishing because there is a chance that many people will fall for phishing scam easily. 91% of cyber attacks start with the phishing email [2]. 76% of cybersecurity experts uncovered that there were phishing attacks of some sort in their organizations in 2017. [3]. A phishing attack is being huge, and it is very important for any organizations to apply anti-phishing techniques to protect their sensitive data.
Types of Phishing
Attackers are using different kinds of phishing methods so that they can steal the credentials from the victim. Below are the most common types of phishing:
Deceptive phishing
This is one of the most common phishing types. In this kind of attack, the fraudster will create a website that looks like the website of the legitimate company and sends email to a lot of users with a call of action which will open the login page of the fake website. The attacker will steal the information if the victim inputs their personal information on that form. The attacker will send an email that resembles a legitimate email from the company personnel to get the trust of the victim. So, that victim easily falls for the scam.
In the above figure, we can see that display name is "Microsoft Team" but the email doesn't belong to Microsoft and this is one random email address. Here the email is sent with a link which refers to the phishing site. This is one example of a deceptive phishing email.
Spear Phishing
In spear, phishing attacker tries to trick the victim by being someone they know. For this attacker use the name, email, company or the phone number that the victim already knows and have connection with them. Purpose of doing so is to create more trust level for the attack. The victim will think that they have received an email from the people they know, and they might click on the link that is sent on the email or other media that is used for the attack.
Smishing
Smishing is a security attack that is done by sending a phishing message on the mobile device of the user with SMS. Since the use of the mobile device is increasing rapidly hackers are moving to mobile devices to trap the people. There are more than 2 billion smartphone phone users [4]. It is easier to spoof a text message hacker using SMS technology to send malicious links.
Search Engine Phishing
If the victim is building any websites and getting it indexed on the search engine for stealing personal credential from the people, it is called search engine phishing. Generally, the victim creates a fake website or the website with fake promises and then they submit their websites on popular search engines like Google, Yahoo, Bing. They do blackhat or greyhat SEO so that their page can be listed on the first page of the search engine. Whenever victim search for the keyword that attacker has targeted and if the page in the top then there is a good chance that victim will fall for the scam. Search engine phishing has become very popular in 2018 because many people use the search engine to find the things that they need, and they even trust the top results they appear on a search engine.
Attackers these days are also using the paid listing on a search engine. They will create an ad for their websites on the search engine and wait for the victim to fall for the scam [5]. It is more effective than traditional search engine phishing because when they paid for the advertisement the results are at the top and the legitimate website is listed below that.
Malware-Based Phishing
For malware-based phishing, the attacker will install the malware on the computer of the victim. They might attack the victim in a bulk or they might do a single attack. Once the malware is installed on the system of the victim the malware will start collecting the information from the machine and will submit it to the attacker. Some of the malware-based phishing are keyloggers, session hijackers and web Trojan. Sometime, an attacker might use the web browser extension to collect the activity of users and data.
Man in the middle
In this attack, the attackers place themselves in the middle of victim and the website they are trying to access. These days most of the websites and services uses 2 step verification so that if their account information is compromised then no one can access the account because they will need to provide one more credential. Due to rise of two factor authentications on most of the services attackers are using man in the middle attack so that they can steal the credential in the real time providing the 2-step verification code that victim had input.
References: