Today, February 7th, 2017, is the international day of secure Internet and our responsible in cybersecurity Manel Medina warns us of the most common dangers of 2016 and gives us some recommendations to be safer on the Internet.
In 2016 there has been an extraordinary growth of four types of attacks:
- Distributed Denial of Service (DDoS) attacks using home-connected Internet devices (IoT), taking advantage of the fact that users connect them without updating factory passwords.
- File-hijacking attacks on hard disks and mobile devices, calling for a rescue to recover them grew by 800% in 2016. Normally the computer is infected by an email contaminated with malware. Attacks have been generated with a bandwidth of more than 1Tbps (1000Gbps).
- Fraud of the CEO, in which his identity in emails is supplanted to deceive some person of the company to make a transfer to an account of the attacker with deceptions of social engineering. It has caused scams / robberies of € 600,000 on average in the attacks published, which are only on the order of 15% of those that occur. In 2015 they caused losses of 2 or 3 billion dollars worldwide (according to sources).
- The websites from which Phishing is made grew by 25% during 2016, with growth points of 100% in spring. About 30% of users open phishing messages and 12% click on the URL "without thinking".
- Theft of personal data (reported) has hit record numbers of affected users: Voter Database 191M, Friend Finder Network, 412M, MySpace 164M, Dailymotion 85M, Anthem 80M, Weebly 43M. With an average cost of about € 4M per incident or about € 150 / stolen record, which may be higher if it impacts the value of the shares in the stock market.
Consequently, we must invest and strive to get everyone:
- Update IoT device credentials and make it easier for manufacturers.
- Check the senders very well, and ask before opening them in case of the slightest suspicion.
- Distrust of communications from our colleagues or friends who come to us through new channels and always ask for confirmation by another channel.
- Protect access to our social networking and email profiles with double factor authentication.
- Protect the privacy of users and clients with shadow authentication systems, identifying abnormal or suspicious behavior.