Contents:
- Back in the day, every trojan used to make the news. Now, they’re a non-topic – does that mean they’re no longer a threat?
- Everyone’s talking about DDoS attacks these days – what are those?
- What other tools do cybercriminals have at their disposal?
- Why would anyone hack me? I’m no bank or ministry – does that mean I’m safe?
- How can you tell if a computer or website has been hacked into?
- I use an antivirus – is that not enough?
- How else can I protect my data?
Back in the day, every trojan used to make the news. Now, they’re a non-topic – does that mean they’re no longer a threat?
It’s more that they’ve become much more common. The Kaspersky Lab has a real-time tracker of virus detections around the world. The average stat is 10 million per day. It’s like with all sorts of crime: the sensational cases are in the news, but the vast majority are only found in statistics and reports. Major viral attacks have been in the news 20 years ago and today: think back to the motherboard killer CIH/Chernobyl (1998) or the cryptoworm WannaCry (2017). Today, most viruses don’t make loud statements. Instead, they’ll steal your logins and passwords, take screenshots, report on your bank account balance, and give their owners access to your PC when the time is right.
Everyone’s talking about DDoS attacks these days – what are those?
Upon its master’s order, a trojan-infected computer will continuously attempt to connect to an online resource, loading pages over and over again. If the botmaster has lots of machines under their control, the website’s server goes over capacity and becomes inaccessible to users. Some attacks are more inventive: for instance, sometimes the infected machines don’t directly load the victim’s website, instead requesting data on its behalf from DNS servers around the world. In turn, those servers respond with 15 times the traffic: a DNS request is 90 bites, but the response is a whole 1,400. This way, one infected server with a small 100 mbps bandwidth can unleash a whole 1.5 gbps on the victim. Today, DDoS services are widely available. Fortunately, so is protection: Cloudflare.com, for instance, provides free and reliable protection from DDoS attacks.
What other tools do cybercriminals have at their disposal?
Viruses can’t infect systems on their own. To gain data or access, criminals exploit weaknesses. Phishing relies on human error. It’s pure fraud: a YouTube notification saying, “We’ve received a report, please log in to restore your channel,” a file on your thumb drive named “exam_answers_5semester.docx.exe” – all these approaches rely on users willingly giving away their data and providing access. Exploits are software errors. Let’s say a programmer made a mistake and the program outputs more data than its allotted memory. If one could tailor the data that overflows and thus create an exploit, they could hijack it and, for instance, force it to download and launch a trojan. When such errors are found in popular software, cybercriminals seek ways to create an exploit and infect others. That’s how you might follow a link and catch a virus due to a Chrome bug, or open a presentation and fall victim to a PowerPoint exploit. Fortunately, dangerous exploits rarely get into the hands of many ill-doers, and errors are fixed quickly. Most devices become infected as the result of phishing.
Why would anyone hack me? I’m no bank or ministry – does that mean I’m safe?
You might not be a bank, but surely you’ve got something worth stealing. This could mean transferring money from your bank account, demanding ransom for important files that have suddenly become encrypted, reselling your Steam account with 500 games in it, or trying to get into your employer’s network – maybe it is a bank. Even if there’s nothing worthwhile on your PC, hackers still could get into your social media accounts and use them to post paid comments or use your IP as cover for nefarious activities. No one way want to target you directly, but you could still get caught in a mass attack. A randomly caught trojan will send to its owner everything it can find; then, the hacker will scour the data for your Facebook credentials, put them together with a hundred others, and sell them for $15 a package.
How can you tell if a computer or website has been hacked into?
Because trojans are now much more covert, there is no surefire method. The solution is to look for signs of an existing breach: messages about log-ins from other IPs, a heightened CPU and video card load due to crypto-mining, DDoS complaints from your provider or hosting service, and night-time purchases from shady online stores. Until nothing has happened, a contamination is difficult to detect, especially to a layperson. If you know what should and shouldn’t be present on your clean system, you can perform manual scans using the following tools: check the autorun queue with Sysinternals Autoruns, the ongoing processes with Process Hacker, and web traffic with Wireshark.
I use an antivirus – is that not enough?
Virus makers are aware of antiviruses. Once an antivirus lab adds a trojan to its database, the trojan’s creator looks for ways to change it and make it undetectable again. Before using a trojan, the hacker will always check that it is not detected by any antivirus. As a result, antiviruses only stop simple or old viruses that have not been maintained for a while. When using an antivirus, make sure to keep its database updated to protect yourself from the majority of attacks.
How else can I protect my data?
First of all, to catch a virus, you have to find it. An illegal online cinema is more likely to host a browser exploit than a streaming service. Software downloaded via torrents is more likely to contain trojans than if you bought a license or downloaded a free counterpart from its official website. The more popular and reputable the sites and file hosts that you frequent are, the less likely you are to become a victim of a cyber attack.
Secondly, a virus has to infect somehow. Exploits’ worst enemies are updates – that includes everything from your OS to your browser and document editing software. Updates fix bugs and snuff out exploits. Suspicious documents are best opened through Google Docs, which prevents exploits from being used. The only way to combat phishing is to be careful. Be mindful when asked to share your data or launch some application. Maybe you’ve followed a link in your email to find a page asking for your password. Maybe you received a document that has the *.scr extension instead of *.docx. Maybe you got a call from your “bank” asking you to install a mobile app. Maybe you received a message from an old friend – but your previous message history is missing. Those are all telltales signs of someone trying to “phish” you.
Thirdly, trojans steal data from computers: passwords, credit card credentials, screencaps, input text. You can’t steal what’s not there – for instance, if you only use your phone to access your bank account.
Finally, anything stolen must be used somehow. Make it more difficult to use your accounts: don’t reuse passwords and enable two-factor authentication (via text message or Google Authenticator). This way, simply having access to your computer will not be enough for a hacker to get hold of your accounts. First of all, secure the email account to which you can request password resets for other services. Arm yourself with these four tips to put a dent in a cyber-criminal’s wallet.