Web directory

Main threats and how to overcome them

In recent times, hackers have developed ingenious methods using unique and complex sets of cyber attacks to outsmart security systems. They can be seen obtaining sensitive financial information about individuals from an individual’s bank servers or personal devices.

Here are some common types of cyber threats that take place these days:

Phishing

In this case, the hacker sends an email to the victim claiming to be a trusted sender (like a bank or online store), or creates a fake website that claims to be genuine. The hacker can also attach a banking Trojan to the email. Once the victim downloads and opens it, the Trojan steals activity and information, said Khushhal Kaushik, founder of Lisianthus Tech in interaction with CNBC-TV18.

Another method, Kaushik said, involves hackers first buying real account information in large amounts from the dark web, and then retargeting those accounts using phishing emails.

“In such phishing emails, the disguised hackers ask the victim to follow simple procedures on a web page, which has been configured by the hackers to deliberately steal login and other credentials. important, ”he explained.

banking Trojans

Another common fraud is the use of banking Trojans.

“Sometimes hackers embed bogus apps with banking Trojans, such as the Cabaret Pink Slip banking bots, which intend to attack banks and brokerage firms to facilitate hacking operations. This malware uses an Active Directory attack to lock out users with multiple logins. These bots and Trojans focus on stealing money from victims’ bank accounts, ”Kaushik said.

Macro malware

Hackers also employ so-called malicious macros which are developed using programs such as the VB Script programming language used for MS-Word and MS-Excel. Legit looking files are usually sent via phishing emails containing attachments infected with malware, such as cover letter reports written by job seekers as resumes and MS Word files. , Kaushik said.

“Even advanced antivirus programs don’t easily detect macro viruses. So hackers stay ahead of the game. Malware can hide comfortably in a system for long periods of time, giving it enough time to infect. users’ systems. Using Free Wi-Fi This is like asking hackers to invade privacy. User data shared by anyone on the Internet can be intercepted by a hacker. This includes valuable personal data, such as usernames / passwords for online banking accounts, ”he added.

In fact, Kaushik added, a user would find it difficult to tell the difference between free Wi-Fi provided by an authorized agency and that installed by a hacker. For this reason, many banks have started using two-factor authentication methods to secure their transactions. However, there are advanced Trojans that can bypass these security measures. One of these Trojans, Bankbot, mimics real banking apps to steal user credentials.

So how can customers be secure when using the bank?

Kaushik said that it is always advisable to avoid opening or downloading attachments on the device without knowing the context.

“Equally essential is investing in genuine, licensed antivirus software on all devices. Additionally, users should never click on suspicious links in an email that may contain genuine information and refrain from sharing personal information on social media. Using a VPN service is another way for users to neutralize and overcome potential cyber threats that migrate. Free internet or wireless hotspots should even be avoided when traveling. Instead, you have to use a paid VPN to encrypt network traffic, ”he said.

How can businesses and governments strengthen their cybersecurity?

In this regard, Kaushik said that the systems will remain weak unless the technical base of the internet system is strengthened, as some of the technical products that we use in our daily work are still dependent on other countries.

To make the internet foolproof, Kaushik said hardware devices should be built locally with built-in security features.

“Unless this is achieved, government cybersecurity will remain ‘porous’ and vulnerable. There should be multi-factor authentication to track all connections between businesses. If a company uses third party vendors for services, etc., they should make sure they have their own security audit or test reports. There should be someone dedicated to cybersecurity and IT, support, for the business. While it is important to use physical and cloud-based backups of important files, it is even more important to audit these backups regularly, he said. CNBC-TV18.

What should customers do in the event of a cyber fraud?

According to Kaushik, they should freeze their bank accounts and credit cards first, then change Internet and mobile banking passwords.

“They must inform the bank of the cyber fraud that occurred within 24 hours. In addition, they must initiate legal proceedings to minimize the negative consequences of cybercrime. Customers can contact their local cybercrime investigation unit. to file a written complaint against the cybercriminals. Or the same can be done online, “he suggested.

Disclaimer: The opinions and investment advice expressed by the investment experts on CNBCTV18.com are theirs and not those of the website or its management. CNBCTV18.com advises users to consult with certified experts before making any investment decisions.

(Edited by : Abhishek Jha)

First publication: STI


Source link