Hackers' tricks and cyber security's treats: stay safe this Halloween

Cyber Security Awareness Month encourages users to be aware of Halloween scams and phishing attacks

Don't fall victim of cybersecurity threats this Halloween

This year's Halloween is not only filled with spooky decorations, flashy costumes, and trick or treating – cybercriminals are well aware of the celebration, and they are quick to utilize any means to compile cyber attacks on victims. However, since it is Cyber Security Awareness Month,^[1] it is time to assemble the cyber security intelligence and protect yourself from hackers' tricks.

2017 was a devastating year for thousands of organizations (as well as home users), worldwide with cyber attacks like WannaCry and Equifax data breach^[2] wrecked havoc around the world. Organizations faced major disruptions, dealing with high recovery costs, as well as losing the sensitive information of millions of its customers.

With the rise of cyber attacks, the cost of recovering from them is immense. According to Barkly, the total average cost of a cyber attack equals $5 million.^[3] Because of that, multiple organizations are spending billions not to become the second Equifax and protect their organizations.

Data breaches, ransomware attacks, crypto-mining malware, IoT hijacking, DDoS attacks, and many other threats are on the rise. So, what can one do to protect themselves this Halloween?

Phishing attacks

Hackers often utilize deception to make users believe, that what they are about to do is completely legitimate. They often employ the look-alike sites that users usually never question the validity of, and type in their credentials, revealing their login information of particular a particular account (such as Netflix)^[4] or, even worse, enter their credit card details for scammers to harvest.

Therefore, do not believe sites that are offering you free stuff on Halloween, or the email that just directed you to the “official” website to re-validate your credentials. Make sure the site is legitimate (uses SSL certificate) before putting any type of details into fields.

Data breaches

Data breaches are incredibly impactful to the organizations, as the recovery costs can reach millions of dollars. Unfortunately, companies often forget that not only the security infrastructure is essential, but also training of the staff in particular fields.

In most cases, regular employees are not aware of the impact they can make to the company after connected an infected device to the servers or clicking on a malicious attachment inside the spam email. Thus, creating awareness is one of the major steps to improve the cybersecurity of the organization.

IoT hijacks

IoT devices have become increasingly popular among users all over the world with such additions as Amazon's Alexa or Google Assistant. However, according to security researchers, Internet of Things devices are not safe at all and are filled with security flaws for hackers to exploit.

In theory, a sophisticated malware would be able to record your conversations or find out anything about you. Obtaining such malware is not a big deal: users can simply download an app on the Google store that somehow bypassed security measures.

There is not much that can be done here, apart from Google and Amazon working on improving the safety of such devices. Nevertheless, it is advisable to make sure that the machine is running the latest version of the software.

Ransomware threats

Ransomware is one of the most prevalent threats around. While the infection rate decreased slightly in 2018 comparing to the previous year, such threats like GandCrab show that malware authors are not going to step back anytime soon.

To protect yourself from ransomware attacks, users should make sure that their device is protected by powerful anti-malware software. In most cases, the security software will be able to block the threat before it will manage to execute its payload. Nevertheless, users should be aware that new ransomware viruses are released every day and, AV engines do not detect initial infections until the sample falls to the hands of researchers.

Thus, use strong RDP passwords, update your software as soon as patches are released, don't click on suspicious links, beware of spam emails and stay away from file-sharing sites.

Social media and communication apps

It is not a secret that social media platforms like Facebook are widely used not only regular users but also organizations to contact their customers or make announcements. Unfortunately, hackers are also quick to utilize these platforms to their own benefit, using social engineering attacks to lure users into disclosing their personal details, installing malware, or spreading the malicious messages to all people on their friend lists.

Thus, be aware that social media is by no means a safe place. Ignore messages that offer you Halloween deals, as you might end up with no money for your shopping sprees after your banking details are compromised. Remember, your friends' accounts can be compromised, so do not trust any messages that look suspicious or “out of character.” Contact your friend and make sure the message is legitimate.

Treat yourself this Halloween: keep your PC out of trouble

While traditional threats like trojans, ransomware or data-stealing malware are the most prevalent threats, researchers notice the rise of much more sophisticated cyber threats. These malicious actors can go beyond what is currently known to cybersecurity experts. We are talking about such treats like Xbash^[5] (the multi-stage and multi-functional virus) and DeepLocker (the AI-based malware).

While security researchers dedicate much time and effort to study and prevent the threats, cybercriminals often go one step ahead, surprising everybody by the level of sophistication the new strains of malware brings. Stay safe this Halloween, don't let crooks fool you.