GUEST ESSAY: 5 cyber attacks you will need to defend this week

September 6th, 2017

By David Balaban, director of the Privacy-PC.com project

Computer infections continue to pose a major threat to every one of us. Distinguishing between the most pervasive types of threats is the first step in protecting your particular device. Here is a quick rundown of what lurks out there:

Mass mailed phishing campaigns. A mass mailing you and thousands of others may receive could be part of a wide-scale phishing attack. The attacker may know or guess that you patronize a particular company, and send you an authentic looking email.

That’s what happened in a recent phishing campaign targeting Delta Airlines customers. A variety of social engineering tricks were used to get victims to click a link. Needless to say, the link dropped malware.

Spear phishing and whaling. Phishing attacks crafted to trick a specific individual at a targeted company continue to be very damaging for victims, and lucrative for the criminals. Paydays in spear phishing campaigns can involve huge amounts.

Related story: Hackers use personal phishing emails to hook employees

Whaling, as its name suggests, targets very big fish, in a highly customizing attack, making use of plenty of personal data collected beforehand. Even Google and Facebook have been scammed as part of an elaborate whaling campaign that netted $100 million.

Identity theft. Fraudulent use of a stolen payment card account continues to be a pervasive form of identity theft, likely affecting many thousands of individual consumers each year. This is difficult to quantify. However, one recent estimate places the average price of a single stolen payment card record at nearly $30. That represents plenty of incentive to compel cyber criminals to continue hacking into networks of retailers, financial companies and other online vendors in hopes of stealing large caches of fresh records.

Clearly, breach attacks continue—and many are successful. One telling metric is the success rate of data breaches. Risk Based Security estimates that over 4 billion records were stolen during data breaches in 2016. Most of those leaks involved stolen message contents, without any passwords. On the other hand, the actual loss of sensitive personal information, including account data, may be even more devastating, as many businesses just refuse to disclose any relevant statistics.

Ransomware. Last fall, Panda Labs issued a report describing 18 million variants of infections designed to encrypt files in support of a ransomware attack. The forum I help run, Privacy-PC.com, makes available a detailed timeline that gives you a sense of how virulent ransomware has become.

Ransomware typically uses phishing tactics to get installed. Once ransomware gets inside a host device, victims suffer a loss of access to nearly every bit of data onboard.

Ransom for individual victims can range from $500 to $10,0000. Corporate victims get hit with ransom demands ranging from $10,000 to $40,000, and a recent IBM study shows that 70 percent of businesses pay up.

And even if the victim pays, a successful decryption results only 42 percent of the time.

Browser flaws. The overall security of web browsers, which we all depend on, is high. But browsers are full of vulnerabilities and, therefore, heavily attacked. Some 900 browser flaws were reported in 2016, and some of those security holes enabled hackers to install malware on the host PC.

Furthermore, the cool functionalities of browsers tend to rely on use of Flash and Java, and hackers keep spotting and using new security flaws in those applications. Meanwhile, users typically do not keep current with security patching. DUO’s 2016 Trusted Access Report indicates 25 percent of users run outdated versions of Internet Explorer, while 60 percent do not properly update Flash and 72 percent stick to old Java.

To sum up, this list is far from exhaustive. It does highlight a few of the most common and active threats you face every time you use the internet. So stay vigilant.

More stories related to thwarting common online threats:
Look to human nature for continued success of phishing attacks
Exercises can help organizations train for wide range of cyber threats
As threats multiply, cyber insurance and tech security industries start to merge

This article originally appeared on ThirdCertainty.com