Common threats to online privacy and digital security

In this blogpost, we will look at the most common threats to online privacy and digital security.  You will increase your awareness of common threats, but also learn tips on how to protect yourself.

What are the most common threats to online privacy and digital security

Social Engineering threats to online privacy and digital security

Social engineering is about exploiting the human nature and manipulating people so they give up sensitive information. Cybercriminals use social engineering tactics because it is usually easier to exploit your natural tendency to trust than it is to discover security weakness in your device.  Social engineering is a broad concept, and includes all kind of ways and methods that involves exploiting human aspect of technology.  Check following blogposts to learn more and find out how to protect your device against them.
What is Social Engineering?
– 11 tips on how to avoid social engineering schemes

Phishing

Phishing is one of the most common online threats, where cybercriminals use fraudulent emails, text messages and websites to look like they are from authentic companies. They are used to steal account credentials, Personally Identifiable Information (PII) and financial information.
It is an easy and effective attack that requires little effort, and therefore is highly favored by attackers.
Check this blogpost on how to protect yourself.

Baiting

Baiting attacks exploit the curiosity or greed of unsuspecting victims. A hacker may plant a USB stick loaded with malware in the lobby of a business. If an employee then puts that USB into their work computer – perhaps because it had the logo of a rival company on it – it could install malware onto the company’s internal computer network.
Baiting is like the real-world ‘Trojan Horse’ that uses physical media and relies on the curiosity or greed of the victim. Be careful on what you do online.
Check this blogpost on how to protect yourself.

Tailgating

An attacker seeking entry to a restricted area, where access is controlled by electronic access control, can simply walk in behind a person who has a legitimate access. ‘Tailgating’ gives adversaries a physical access to hardware. A physical access can allow a hacker to pretty much do anything including stealing information, installing spying tools, or simply harming the equipment to make it dysfunctional.
Check this blogpost on how to protect yourself.

Quid Pro Quo

Quid Pro Quo Attacks promise a benefit in exchange for information – the benefit usually takes the form of a service (whereas baiting frequently takes the form of a good). The goal includes scamming users for financial gains, identity theft etc.
Check this blogpost on how to protect yourself.

Pretexting

Pretexting is a form of social engineering where attackers focus on creating a good pretext, or a fabricated scenario, that they can use to try and steal their victims’ personal information. These types of attacks commonly take the form of scammers who pretends that they need certain bits of information from their target in order to confirm their identity.
Once they get this information, they initiate their attack either by stealing the victims’ identity or by performing other malicious operations. Check this blogpost on how to protect yourself.

Smishing

SMiShing (short of SMS phishing) is an emerging security threat. It is a technique that uses mobile phone text messages (SMS) to tricks victims into taking an immediate action. The goal is to steal sensitive information and other confidential data, along with compromising a device.
Check this blogpost on how to protect yourself.

Vishing

Vishing is a combination of the word “voice” and the word “phishing”. It refers to phishing scams done over the phone. Individuals are tricked into revealing critical financial or personal information. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology.  The goal is to steal sensitive information and other confidential data, along with compromising a device.
Check this blogpost on how to protect yourself.

Malware threats to online privacy and digital security

Malware is a general term that gets used to refer to any kind of malicious software or program. The goal of a malware is to infect your devices by using computer viruses, worms, Trojan horses, spyware, adware and whatnot.
Malwares can do all sorts of malicious things to your device e.g, popping up ads, perform crypto-mining, alter or delete files, steal your data, covertly monitor all your activities etc.
Check following blogposts to learn more, and find out how to protect your device against them.
– 10 tips on how to protect your computer!
Tips on how to protect your data
6 important tips to safeguard your privacy online

Spyware and Adware

Spyware monitors your activity covertly, whereas Adware collects information and passes it on to third-parties. They often come in the form of a ‘free’ download and are installed automatically with or without your consent. They are often sophisticated to a point, where they become difficult to detect and remove.

What is a Worm

Worms are malware computer programs that have the ability to replicate themselves. Their sole objective is to increase their population and transfer themselves to another computer via the internet or through storage media. They operate like spies involved in a top-secret mission, hiding their movements from the user.
Worms don’t cause any harm to the computer.  However, their replicating nature consumes hard drive space, thus, slowing down the machine. A couple of infamous worms are: SQL Blaster which slowed the internet for a small period and Code Red which took down almost 359,000 websites.

Trojan Horses

A Trojan horse is a well-known term, which actually is a malicious program that disguises itself as, or embeds itself within, legitimate software. Once executed by the victim, it can alter or delete your data, use your device as a proxy to attack other computers, spy on you or do all sorts of other digital harm.
The possibility that you or someone you know is affected by a Trojan horse is high.  Because of their sophistication, they mostly go undetected.

Exploit

An exploit is a piece of software, a command, or a methodology that attacks a particular security vulnerability. Exploits are not always malicious in intent—they are sometimes used only as a way of demonstrating that a vulnerability exists. However, they are a common component of malware.

Back Door

A back door is an undocumented way of accessing a system, bypassing the normal authentication mechanisms. Some back doors are placed in the software by the original programmer and others are placed on systems through a system compromise, such as a virus or worm. Usually, attackers use back doors for easier and continued access to a system after compromising it with a malware.

Zombies and botnets

Welcome to the world of zombies, well not in a classic sense but as in infected machines (software robots). A zombie computer is similar to a traditional Trojan horse (bad code wrapped inside normal behaving code). Collectively they create a network, known as a botnet. If you’ve never heard of one, it’s likely because they go largely undetected, and your device may be a part of it without you even know about it.
They can send spam emails, spread malwares, or be used to launch Distributed Denial of Service (DDoS) attacks.
Check this blogpost on how to protect your device from becoming a zombie.

Distributed Denial-of-Service (DDoS) attack

A distributed denial-of-service (DDoS) attack is when a malicious user by using a botnet attacks a website or a server in order to exhaust its resources and eventually make it inaccessible. In simple terms, the botnet (using its zombie army) tries to make millions of unsuccessful connections to the target server.
Such attacks are mainly distributed as the attacker uses a group of infected devices. The worst part is the fact that your device could also be used to launch such an attack, by exploiting possible security vulnerabilities or weaknesses.
Check this blogpost on how to protect your device.

Pharming

Pharming refers to pointing you to a malicious and illegitimate website by redirecting the legitimate URL. Even the URL entered in the browser would be correct, attackers use various security flaws/weaknesses e.g. to affect the DNS (a dictionary of the internet, that contains all the records of websites) in order to infect your device.
There are many ways you can protect yourself from such kind of attacks, and this blogpost lists most of them.

Holygraph attack

It refers to using homographs or homoglyph (words of the same written form) which exploits the close similarity between two different characters – by using them to register phony domains of existing ones to fool users and lure them into visiting.  E.g. fȯȯ.bar, the “o” is in fact an “ȯ” – a regular “o” with a dot, or diacritic mark, placed above it. This attack is also known as script spoofing, and homograph domain name spoofing

General recommendations in regards to Social engineering , and this blogpost in particular can help you to protect yourself.

Ransomware

Ransomware is a cyberattack in which hackers encrypt/lock victims’ data until they pay a ransom. There are two types of ransomware that are currently affecting systems around the globe. System locking ransomwares: that lock the system until a victim pays the ransom, and System encrypting ransomware: that encrypts the system files and provides the key only after victim pays the ransom.
Do not pay the ransom, as even if you submit payment, there is no guarantee that you will regain access to your system. We strongly recommend, that you back-up your data every now and then.
Check this blogpost on how to protect yourself.

Spam

Spam is the mass distribution of unsolicited (bulk) messages or UBEs, advertising or pornography to addresses which can be easily found on the Internet or stolen from various sources.
Spams are not only annoying, but often get used to spread malware, phish your sensitive information or perform other kinds of scams, frauds or threats to online privacy.
Protecting your device and other techniques will mostly protect your device against them.

Email snooping

Email protocol was not designed with security in mind and since its inception hasn’t changed much. A huge chunk of emails sent across the internet can be easily intercepted by anyone and tempered with as well. Yes, it’s like anyone in the ‘middle’ can read your emails. The solution to this is end-to-end encryption and digital signatures, where you scramble your messages on your device and where they gets descrambled on your recipient device. This way, no intermediary can read or temper your email messages.
Learn more about end-to-end encryption and digital signatures.

Wi-Fi Eavesdropping

Wi-Fi eavesdropping is Virtual “listening in” on information over an insecure (not encrypted) Wi-Fi network. The way attackers perform this attack is by placing themselves in the middle (known as MITM attacks) of communications between different parties.
The goal is to listen in on the communication in order to steal sensitive information or just to monitor the conversations.
Protecting your device and exercising caution will help you in protecting your device.

Doxing

In a doxing attack, hackers publicly release personal information about one or more individuals which in such cases are victims. The process simply includes gathering information both from public and private online sources – which could include compromising victims online accounts, and other online spaces. The purpose of such attacks primarily include reasons such as defaming, taking revenge, blackmailing, etc.., rather than financial gain.
Protecting your online privacy and exercising caution (+ having TFA enabled online accounts) will help you to protect yourself from such an attack.

Keylogger

A keylogger is any piece of software or hardware that has the capability to intercept and record input from the keyboard of a compromised machine without the user’s knowledge. The stolen information then gets sent to a remote server, famously known as C&C’s (command and control center) which then further sells this sensitive data to cybercriminals!  Here’s where you can learn more about keyloggers, and how to protect your device.

Password brute-forcing

A trial-and-error method used to obtain user password or personal identification number (PIN). In a brute force attack, automated software generates a large number of consecutive guesses as to the value of the desired data. Combining with some clever tricks, such as choosing specific lists of related words and crunching them together to make more relevant guesses makes this attack more and more effective.

Watering hole

The name derives from predators who wait for an opportunity to attack their prey near watering holes. In cyber world, attackers wait for their prey at infected websites. The attackers infect websites with a malware.  Then they use the infected website to further spread the malware into visitors’ devices or do other malicious operations.
Such kind of attacks generally aim to harvest user information. Their sophistication makes it hard to detect and research.
Check this on how to keep your device protected.

Dumpster diving

You probably throw your bills and receipts in the trash. Nothing wrong with that, but what if someone scavenged the trash for the information contained in those documents? This is dumpster diving, an unglamorous (and very dirty) way for someone to obtain important personal information about you.

You don’t need to buy a file shredder to make the papers unreadable, but ripping them up in 4-5 parts before you throw them in the trash will go a long way into preventing someone from reading the information present.

Advanced Persistent Threats (APTs)

Advanced Persistent Threats (APTs), are advanced threat groups (usually nation backed agencies, or skilled hacker groups with lots of resources ). As the tactics, techniques and procedures (TTPs) of the “true APT” have proliferated, there are now many groups around the world that resemble APT’s. It is becoming increasingly difficult to tell who perpetrates an attack: a national actor, organized crime or an individual. Their goal mostly includes cyber espionage, and other targeted high-level (harmful) objectives.
Check this blogpost for more details.

Would you like to see more threats to online privacy and digital security addressed in this blogpost, then simply let us know in comments section below or send us an email at our support.
As for protecting your device and data, aside from our Email security and privacy awareness course – following blogposts will also assist you in that regard.
Mailfence is a secure and private email suite that helps you protect against threats to online privacy and digital security.
Get your secure email!

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team


Spread the word!

M Salman Nadeem

Information Security Analyst - Security Team | Mailfence

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code

This site uses Akismet to reduce spam. Learn how your comment data is processed.