Updated: Jun 23
Common types of computer and mobile device online cyber security threats, as well as kinds of prevention
Online technology is making our lives easier, but the downside of this, is that this leaves us more vulnerable to online threats like theft of confidential information, banking information and identity theft. Because this is not something that many people think about regularly, the victims often only realize that they should have done more to protect themselves online, after it is too late.
Online threats targets vulnerabilities to launch attacks to gain access to online devices and confidential information.
The first step in being safe online, is to educate oneself regarding the types of vulnerabilities and potential threats out there. Persons with a better understanding of the online threats and who act on it, based on this knowledge, are less likely to fall victim to these cyber-attacks.
In our daily lives, it is second nature to avoid roaming unsafe neighborhoods and handing out our personal information to strangers. The same should apply when online. This is very often not the case, mostly through a false sense of security, people visit dubious websites and hand out personal information to get “free rewards”, or something similar that Cyber attackers use to lure people in.
There is a common misconception that only computers can be targeted by cyber criminals. Any smart devices connected to the internet, including Macs, iOS, and Android devices can be targeted and compromised by malware and cyber-attacks. This is especially important to remember in corporate environments, where mobile devices are also connected to company networks.
Tips on how to stay safe on the internet
Use strong passwords and avoid using the same passwords on different sites.
Keep your privacy setting active on all devices. Do not deactivate firewalls and make sure that privacy software is up to date.
Always be wary of your online activity. Be careful of the websites that you visit and what you download from the internet. Malware if often distributed through Freeware and Shareware.
Do not open emails and attachments from untrustworthy, or unknown sources. Emails are a notorious for being a highly effective tool, used by Cyber Criminals to deliver Malware to unsuspecting victims.
Make sure that your Internet connection is secure, especially when on open public Wi-Fi, or Hotspots. Also keep in mind that even if you are working offline, your device may be set to automatically connect to open Wi-Fi. If you connect to public Wi-Fi, rather use a secure encrypted VPN connection.
Ensure that you have reliable security software on all your devices from a reputable brand, like Norton, or Bitdefender and always keep your security software up do date. Run frequent scans on your devices.
If you send confidential information by email, make use of email encryption, like that of CTEMPLAR
Be careful of who you meet online and do not share any confidential information with a person that you have only met online.
Educate children regarding online safety. (See our related article)
Definitions of different types of online threats
The term Malware is short for Malicious Software. This single term is used to describe different types of software that were designed to infiltrate computers and mobile devices, without the user being aware of it. Types of Malware are Viruses, Spyware, Worms, Ransomware, Trojan Horses, Rootkits, Adware and any other software that was designed with the purpose of disrupting, damaging, or gaining unauthorized access to a device, or network.
The term Spyware refers to any type of malware that was created with the intent to steal information, or to spy on what the user is doing. This include Keyloggers, Trojans, Adware and other similar Malware.
Hackers are predatory programmers and security system experts who unlawfully gain access to online devices and networks by exploiting weaknesses. Some types of hacking are done by finding innovative ways to bypass security protocols like passwords. Other times they will infiltrate the system, through Malware which then allows them to gain access to the system. Their intent is to do it in such a way that the victims do not realize that they have been hacked until it is too late.
Software Viruses are self-replicating pieces of code that are specifically developed to enter a digital system unnoticed. It will then spread and do damage. To be classified as a virus, this form of malware must have the ability to self-replicate and must also utilize a host program to spread itself. The level of damage that the virus does varies, depends on what the intent of the creator of the virus was. Viruses typically attack things like boot sectors, system memory and data files. Some viruses can also steal personal information, or act as a form of Ransomware.
Similar to a Virus, a worm will infiltrate the digital system, and then spread by making copies of itself on the device and through a network, from one device to another. Typical worms will take up large quantities of resources, slowing down the device and the network. It can replicate itself without any user interaction and without the need to attach itself to a program. These two factors differentiate it from a computer virus.
Named after the Trojan horse from the legend of Troy, this is malware is hidden inside other software that fools victims into thinking that the software is beneficial to the user, while it is causing damage in the background. It can also create a “backdoor” on the system that Hackers and Cyber Criminals can use to access data unnoticed. It will often overload resources and slow the computer down while the user is performing normal tasks.
This is malicious software that is capable of recording everything that the user of the infected device types while online and then sending it to keylogger’s creator. Keyloggers can collect information like personal credentials, usernames and passwords, pin numbers, bank account details, credit card details, and other confidential information.
Keyloggers can also be purchased and deliberately installed on a device when the owner is away from the device. For example, by a jealous spouse.
Rootkits are considered to be a very invasive type of Malware. Once it infects a device, it allows Cyber criminals full remote access and control of the infected device, including full access to the personal and confidential information on the device.
Adware are programs, designed to display advertisements on a user’s device. It is usually not dangerous but can be very annoying. Adware can consist of Pop-Ups or can redirect web searches to advertising websites. Some types of Adware can also collect marketing related data, like websites that you visit and searches that you do. If this is done without the user’s consent, then it can be considered to be spyware.
Ransomware is a type of malware that is specifically designed by skilled coders to lock users out of files, devices, and networks. This is often done by encrypting the files. A ransom is then demanded to restore access to the devices or networks.
Browser hijack is a malware program that modifies the settings on the internet browser of the infected device. It can then place unwanted advertising in the browser and take the user to unwanted websites. In some cases, the hijacker uses this malware to earn additional advertising revenue from a third party. In other cases, the intent of the hijacker is to re-route the browser to a malicious website, where the device can be infected with other Malware, like Spyware, or Ransomware.
Like the name implies, this is when a camera on a device is accessed, without the user’s knowledge. Any electronic device connected to the internet could be infiltrated. This included webcams, mobile devices, security cameras and even other devices like baby monitors. Because multiple devices are often connected to the same network, hackers could hack multiple cameras in an office or home.
Phishing is not a software program, but a method used by con artist to steal information. Their victims are scammed into giving their information to the criminals. They masquerade as being trustworthy, usually with the pretense of assisting with a service, rectifying an account error, or various other false claims. While pretending to assist, they ask for personal information like credit card information, and other information that they can use for identity theft.
Spoofing is when someone digitally pretends to be someone else. It is often committed when a fraudulent communication, like an email, is disguised to appear as being sent by a known, or trustworthy source. The main purpose of Spoofing is generally to spread malware, or to steal confidential information.
There are also be more sophisticated forms of spoofing where attackers gain unauthorized access to user systems or confidential information by pretending to be the user and by spoofing IP addresses, ARP (Address Resolution Protocol) and DNS servers (Domain Name System)
Pharming is initiated by infecting a device with malicious code. The intent of the code is to intentionally misdirect users to fraudulent Web sites. Cyber criminals who make use of Pharming will typically create websites, or web pages that resemble that of a trustworthy business. This often include online banking pages. Users are then unknowingly directed to these fraudulent websites, instead of the website that they intended to visit. Once on there, the users will enter their details, while under the impression that they are entering in onto the legitimate website. This information is then digitally recorded and, in this way, stolen by the Cyber Criminal who launched the Pharming attack.
Scareware is malware that was designed to trick victims by scaring them into purchasing software that are useless and sometimes dangerous. It displays pop-ups on the infected device that resemble that of legitimate brands like, as an example, a Windows system messages. This pop-up will advise the user that there is a serious problem on the device and the user is then prompted to purchase the bogus software to fix the problem.
Botnet malware is designed to infect Internet or network connected devices in order to give Cyber criminals the ability to recruit and control all the infected devices collectively. When multiple infected devices are recruited into the cyber criminal’s network, it is referred to as a Botnet (Robot + Network)
These infected devices can be controlled to access data in the background of the individual devices. This is done without the user’s knowledge to collect information such as usernames and passwords.
In the Botnet these infected devices can be used as an “army” of devices to distribute spam and malware, or for click fraud, online polls or any other type of online event where multiple inputs are required.
If corporate internal networks are infected, it can create havoc. The botnet can be used to overload servers and websites by sending millions of simultaneous requests. It can also overload devices to such an extent that users cannot access these devices. In a corporate environment, this can lead to a serious disruption of its ability to deliver services.