October is National Cyber Security Awareness month. This is part 1 in a series of blog posts we will be publishing on various topics aimed at educating you on how to stay protected on today’s Internet landscape.
Most tech-savvy folks are familiar with the standard forms of malware: phishing scams, adware, spyware, viruses, worms and the like. However, as technology advances, so do cybercriminals, and they are attempting to fly lower under the radar to get your information. As a result there are newly emerging forms of malware that you may not be aware of.
Social Media Scams and Malware
Grayware is a form of malware that doesn’t really do any physical damage to your data as other malware can, and it presents itself in a more annoying matter, such as adware and spyware. It has a high prevalence in social media, usually in the form of “click bait”, where an enticing article will lead you to a website that asks that you fill out a quick survey before accessing the media. That information is then collected and sold to other cybercriminals and can be used in attempts to hack into your personal accounts. If you want to learn more about how to protect yourself against these kinds of scams, you can check out an article I previously wrote about Social Scams, when the fake Robin Williams “Goodbye” Video SCAM went viral.
In addition to grayware running rampant on these platforms, there are also high risks of encountering dangerous malware across social networks. When the television show, “Breaking Bad”, was in its heyday, there was a popular Twitter scam making the rounds. Links were posted luring users to download a leaked copy of the next unaired episode. Following the link led the user to a page where a file is downloaded. The page directed users to another link to install a program that would allow them to play the video. The link sent users to an affiliate program, which was how the spammers made money. Granted, this scam seemed fairly harmless to the user’s computer, however, there are other instances where what is downloaded can be a dangerous malware program. Always use caution when clicking on unknown links and attempting to download unknown files.
Exploit kits are generally what they sound like - a malicious toolkit that searches your computer for software that has not been updated. These kits look for security holes in software with the goal of implanting malware on the user’s machines. This can happen by visiting websites that have malvertising on them. Malvertising can be found on any website, trusted or unknown, and it uses online advertising by embedding malicious code in legitimate advertisements. Recently, Yahoo was a target of this by hosting malicious ads that redirected users to websites hosting these kits. Exploit kits are not always found in malvertising, however. The popular men’s website Askmen.com was recently compromised to redirect users to a site hosting an exploit kit. This is why it is very important to make sure all of your software is up to date.
Ransomware on computers isn’t a new threat, but recently it has started to migrate to popular mobile platforms. Ransomware is a program that will target important files such as photos and documents and encrypts them, blocking the user from accessing them. The user is then sent a message demanding payment to unlock the files. Earlier this year, the first versions of mobile ransomware were spotted in the wild. The ransomware is contracted by visiting an infected site and then is automatically downloaded to the phone, or by downloading a malicious app. If your device becomes infected, do not pay the fee! Instead, make sure you get in the habit of regular backups and restore your phone from the most recent backup. You can learn how to spot fake mobile apps by checking out “How to Spot a Fake Android App.”
Online Gaming Malware Attacks
There have been a few instances of gaming malware in the media lately. One that may not cost you money, but it can cost you the many hours you’ve spent building up your characters. Twitch.tv, a website used to stream live gameplay was recently infiltrated by a bot in their chat rooms that lured users using raffles. Upon clicking the link to enter the raffle, a Java form displays a phony raffle form. After filling out the form, the malware installs itself on the user’s computer, targets the user’s Steam account and then wipes out the entire Steam wallet and inventory. In turn, the cybercriminals will sell the user’s items on the Steam community for money. Similarly, there was an issue with a malicious trojan in the popular World of Warcraft game, masquerading as a legitimate game add-on. Once installed, the trojan completely takes over the user’s account. It is highly recommended that users not disable their antivirus programs when playing online games.
Browser Extension Adware and Malware
Browser extensions are a very popular add-on used for a multitude of tasks while surfing the Internet. But I bet you’re not aware that some of them can be stealing your information! Some malicious extensions will either track every site you visit or inject adware into those sites. While this is not a huge concern as far as what this will do to the data on your computer, it is a pretty large privacy concern. Attackers can use these extensions to perform click fraud by adding rogue ads to websites and redirecting you to those sites. Although this is lower on the threat level, this newer form of malware is evolving into something much more invasive. As a matter of fact, the European Union Agency for Network and Information Security (ENISA) has warned that there has been an increase in malicious browser extensions that are aimed at taking over social network accounts. So while at the moment, they’re not at the top of the threat list, they’re definitely something to keep an eye on.
Internet threats can appear in all shapes and sizes, many of which you may not be aware of. Luckily, the new Norton is. We have your back so you don’t have to worry about every little thing you may come across, and you can go about your business and leave the complicated stuff to us.
This is part 1 of a series of blogs for National Cyber Security Awareness Month. For more information on various topics, check out:
5 Ways You Didn't Know You Could Get a Virus, Malware, or Your Social Account
How To Choose a Secure Password
How To Avoid Identity Theft Online
How To Protect Yourself From Phishing Scams
How To Protect Yourself From Cyberstalkers
Securing Employee Technology, Step by
Are Your Vendors Putting Your Company’s Data at Risk?
Four Mobile Threats that May Surprise You
Theft-Proof Your Mobile Data
Traveling? Don’t Let Your Mobile Data Stray