NO longer is hacking confined to the bounties of corporate and enterprise organizations, it has trickled down to the end user. From stealing your identity, holding your precious information ransom, or surreptitiously taking over your computer and making you an unwilling pawn in their global web of deception. Make no mistake about it. The hacking game is now up close and personal.
The recent #wannacry ransomware epidemic did not just give us a painful lesson of what happens when we do not regularly patch/update our systems, it showed us something even more frightening—that we do not even need to do anything to be compromised. It only takes one computer in the network and the rest will fall like dominoes in a matter of seconds. We didn’t click a link, did not open a file, downloaded anything from the Internet. That is how it is today. Scary.
Programs that were “weaponized” for combating the enemies of the United States had been made public, and the ones that caused the #wannacry epidemic used only two of these. The newer ones that will come out will use seven! Targeting not only the ones that had the unpatched vulnerabilities that #wannacry took advantage of but will exploit newer ones that had not even been discovered.
Which brings us back to the million-dollar question: How the hell did I got hacked anyway?
Remember Sunday school? We were taught the two types of sins – commission and omission. Same banana here. We get hacked, our systems get compromised because we either failed to do something or because we did something we thought was harmless. Lucky for us in our religion, we have the Ten Commandments to explicitly tell us what is right and wrong, and that its prescriptions do not change over time. Security and information technology on the other hand gets really fast! Before you can say Mr. Mxyzptlk, new tech and tricks have evolved. Even psychology is added in the mix and is now used to play on our emotions and gullibility. We don’t need to be geniuses or religious, however, to have a fighting chance or at least give the hackers some serious challenge. Knowing the reasons why you get hacked in the first place would be a good start.
1. Opening files and clicking on Internet links from unverified sources.
This is true for email attachments and any file from the Internet. When in doubt – DON’T! Call the sender and verify. Remember, files do not need to be programs or executables. Spreadsheets, documents, presentations – anything can have a malicious program embedded into it which activates if you open them. Another variation is that some which are harmless when opened but contains internet links or addresses within the body of the document that tricks you to click them. These links can either be compromised websites or infected files. A new method that had surfaced lately are Internet links or addresses sent via SMS on mobile devices.
2. Connecting to public wireless Internet access points.
Connecting to wireless Internet access points used to be a good idea. Who doesn’t want fast Internet access for free? While a lot of establishments offer this service now to entice customers, attackers have access to devices that can trick your computer or devices to “disassociate” your current connection and make you connect to theirs. This way they can now hijack your data and, worse, inject malicious codes into them. Although this technique requires close physical proximity, it is still prudent to access only trusted sources. Whenever possible, always use a VPN (virtual private network) application or service and communicate via encrypted channels.
3. Browsing questionable websites and downloading free apps.
No such thing as a free lunch. If it’s too good to be true, then it’s probably not. Tainted files are everywhere and sometimes they even make it to the app store of reputable organizations. Do not just download anything – research for recommendations or possible compromise. That’s another use for Google. For web surfing, stick to the reputable ones. Do not click away because it looks so professional or has a fancy name – the malicious ones are better looking than the legitimate ones.
4. Not updating your operating systems or applications.
This is the single most common reason that compromises and attacks happen. Software is still made by humans and ergo prone to mistakes. That’s why we have patches and updates so that these programs can perform better and operate within the parameters that they were intended to be. Majority of operating systems and software (including your anti-virus) has auto-update features built-in. For the love of kittens and puppies, please turn them on! If you don’t, hackers will take advantage of these vulnerabilities and can use programs that can exploit them to make your computer do their bidding.
5. Not being informed.
It was a pain to keep track of all the attacks, vulnerabilities and incidents before. You must dedicate a fair amount of time and effort to search for them. And even when we had RSS and Newsfeeds it was still a nightmare to read each one of them. Thank heavens for Twitter. Now you do not have any reason not to be in step with the security world. Create a Twitter account now and subscribe to the major security organizations, vendors and personalities (e.g. @digitaldelacruz ;).