Cyber Attacks: Not under lockdown

Reading Time: 3 minutes

It is not all Netflix and chill during lockdown. Most companies are still just as hard at work (if not harder) to keep operations going. Clicking and clacking away on their computers at home while trying to take care of day-to-day challenges and explaining to the kid why he can’t play Fortnite on the family PC anymore because the adult needs to bring home the dough.

And while you are at home and have turned your living room into an office space, someone else is home too: online attackers. And they have way too much time on their hands to get up to mischief.

When you have one online account is not a train smash. But it is 2020. For social media alone, the average user now has an account on almost nine different platforms.

What now? While you are vulnerable at home, how do you curb the ‘boredom’ of online attackers and keep yourself safe?

The unfortunate reality is that your personal information can get stolen, data about your work can get stolen, and in extreme cases your device might crash as a result. And what do you do now during a time when moving around is restricted.

How to protect yourself from Cyber Attacks

Tech Matters (Pty) Ltd, a managed IT solutions company, weighs in on the matter with three fundamental changes you can make today to help you tighten your digital life, and stay safer.

Austyn Cohen, Director of Tech Matters, says, “It is strange to think that a biological pandemic can go beyond your own personal health but it does and it can also affect your technological or digital life.

“Attackers have more time on their hands. It’s that simple. We have seen an increase in social media attacks, where social media accounts are breached, and the attacker uses the victim’s account for the posting/ sharing of content. In short, your Facebook account becomes a distribution machine for the attacker.”

Tech Matters Tip #1: Try and choose strong passwords for your social accounts, remember to vary passwords used across accounts.

“Attackers aren’t just going for your online accounts, they are going straight for the company where you signed up. For example, Adobe (who were breached in October 2013, with 153 million known accounts being leaked) or MyFitnessPal (who were breached on February the 1st 2018, 144 million accounts were exposed). What would an attacker want with one of these big company’s stored information you might say?

A common technique in cracking online accounts involves knowing the password upfront. Online services utilise lockout features, this stops brute-force attacks. A brute-force attack involves trying every single possible password until you guess the correct one. This is where the database breach comes into play. Adobe and MyFitnessPal (with LinkedIn being breached in May of 2012 with over 164 million accounts being affected) are some key breaches attackers actively use for online account cracking.”

Tech Matters Tip #2: Enable 2-factor authentication on your online accounts. This makes breaking into your account very difficult for attackers as they need your password AND the code sent to your phone/ TOTP code, etc.

“Another caveat is receiving communication. This can be an email, WhatsApp messages or an SMS. We all receive the odd spam message here and there. But what about your friend or contact sending you something? What about getting an email from a company you trust, and clicking a button or opening an attachment? This is another tactic used. Attackers know you are more likely to open something if you feel you can trust who sent it. You’ll notice emails that look like they have been sent from Microsoft or a company you know. It’s a technique called spoofing (whereas phishing is an attempt to make you hand over sensitive information). Attackers can make an email look like you sent it to yourself, or even make it look like Facebook sent you an email.”

Tech Matters Tip #3: Assuming you receive an email from a company you have an account with, and it requires account action, like a security check-up or password change, and you never requested it, go to the website directly yourself. Do not click anything in the email. If you receive a message from friends that might look a bit off, try and make contact with the person off that platform. Make sure that they haven’t been a victim of an attack, and maybe their account is being used for malicious purposes.