Beware! Maximum cyber criminals eye your personal data
A report of the World Economic Forum revealed that cyber security is increasingly becoming an issue of public security as the majority of cyber criminals are increasingly targetting individual internet users. This requires preventive measures both at organizational as well as individual levels to ensure the security of personal data.Siddheshwar Shukla | Updated: 25-01-2020 10:29 IST | Created: 24-01-2020 23:29 IST
- Social engineering fraud is the biggest threat to cyber security.
- Globally, 33 percent of data breaches in 2018 were related to social attacks.
- Globally, 32 per cent of data breaches involved phishing emails.
- 32 per cent of breaches involve phishing, 48 per cent of malicious email attachments are office files and 78 per cent of cyber espionage incidents had phishing involved.
- Globally, 65 per cent of targeted attack groups used spear phishing as the primary infection vector which primarily involves using email ids of the topmost authority of organization such CEO asking sub-ordinates for immediate fund transfer.
The news of cyber attacks on big organizations often come into the limelight of media. However, it does not mean that only big organizations are the target of cyber criminals. The truth is just reverse, a recent report of the World Economic Forum (WEF) reveals that individual users are the largest victims of cyber crime, both, in terms of the aggregate amount of money stolen and the number of affected users. As the trend to target individual internet users in increasing alarmingly, the report predicts the individual users would collectively lose US$6 trillion in 2021. The strategies used by the cyber criminals to trap individual users could be classified as under:
Social Engineering Frauds
This is a clever application of communication skills and communication technology to manipulate user behavior and make him disclose confidential information. The extracted information may be directly used to access the password of bank accounts and related information to transfer the funds from your account or it could be sold to any agency or beneficiary person. In some of the investigations, the security agencies have also revealed that men or boys use the picture of beautiful girls or pictures of somebody else to chat the targeted user and ultimately extract the information. This is also a popular modus operandi of spy agencies to trap the security and defense officials responsible to protect sensitive and confidential information. Besides, this strategy is also used by honey traps to extract money or information from individual users.
Business email compromise (BSE) is the most popular tool of social engineering frauds that involves both indiscriminate phishing emails and targeted spear phishing emails in which cyber criminals sent individualized emails impersonating as your boss, friend or close relative. "The FBI estimated a loss of over US$1billion as a result of Business Email Compromise (BEC) fraud by US businesses and individuals in 2018," said the WEF Report. According to the 2019 Verizon Data Breach Report, 33 per cent of data breaches in 2018 included social attacks and 32 per cent involved phishing. The report also concluded that about 85 per cent of organizations experience social engineering and phishing attacks. User-friendly information technology is being misused popularity by cyber criminals to steal data and money.
Social Media Platforms and Mobile Apps
You need to cautious about the data you put on social media. Besides, the Mobile Apps promising to provide various free services also demand access to your contact list, SMS, pics, videos, etc. stored in your mobile and to be stored in the future. These Mobile App companies have all the right to use your personal data which they may misuse in the future. Therefore, you need to be cautious enough in giving access and your selection of mobile apps. Individual awareness about various kinds of cyber crimes is the only preventive measure at the level of individual users.
Botnet and Malware Attacks
It is basically a kind of loop within the network of an organization used to deny access to the services of the organization and steal data, distributed denial of service attack (DDoS attack), send spam, and allow the attacker to access the device and its connection. The cyber criminals create a loop or circuit within a circuit of the devices connected through the internet to steal data and deny the services. Here data protection is the main responsibility of the concerned organization. However, awareness among individual users makes their data more secure. Besides using strong passwords, non-sharing of individual confidential data such as password and pin could save you from such cyber criminals. According to the WEF report, almost 85 per cent of botnet infrastructure is in consumer ISP networks, with the remaining 15 per cent being placed in hosting centers.
Malware is a kind of software designed by cyber criminals to damage computers, network, server, client, and steal data. "Accenture analysis of nearly1000 cyberattacks highlighted malware as the most frequent attack overall land, in many countries, the most expensive to resolve," said the report. One banking botnet was used to steal more than USD 39.68 million from 30,000 customers over a 90-day period, it added. "BT is blocking over100 million attempted malware communications every month in order to keep their customers safe," said the report. The service providing agencies deploy Bonnet Cleaning and Malware Analysis services at their end to ensure uninterrupted service and protect the data of individuals users.
Denial of Service Attacks (DoS)
The denial of service attack (DoS) software is generally used by cyber criminals to damage the client base of targeted organisations by adversely affecting the routing protocols and directing the traffic towards another web portal. According to the WEF report, such attacks can adversely affect up 25 per cent of a country's total internet traffic when they are active. The average cost of downtime in 2018 has been estimated to about the US $221,836.80per attack. In addition to spoiling the credibility and reliability of the organizations, cyber criminals may also steal the data of the individual user by creating a fake website and sending phishing emails from similar email accounts.
The low quality and cheaper devices are prone to cyber-attacks and data stealing. WEF researchers highlighted that such devices are often seen as an easy target because the firmware and passwords in such devices have well-known default administrative passwords and user IDs, are easily compromised and may also not be easily updated.
(Disclaimer: The opinions expressed are the personal views of the author. The facts and opinions appearing in the article do not reflect the views of Devdiscourse and Devdiscourse does not claim any responsibility for the same.)
- FIRST PUBLISHED IN: