Ransomware, phishing attacks, malware, and traditional virus attacks. The last year has provided plenty of evidence that hackers pose a genuine threat to governments, businesses, and private individuals.
Hackers associated with Russia used phishing scams to obtain user information from the Democratic presidential campaign of Hillary Clinton. Phishing involves sending an email that appears legitimate to a user. The email provides a link to a fake website that asks for the person’s account and password. Phishing is widespread, which is why security experts tell you: never, never believe an email that states you need to update user information.
Newer browsers do not display full web addresses. Instead, these display the self-reported title of the site. Though you would never trust “io.amazon.user.ru” if you read that in the browser bar, most browsers will display “Amazon User Account” instead. Titles are user-friendly, but they mask the real address of a site, leading to unnecessary risk.
Some famous people have fallen victim to phishing attacks, providing account information to Google, Amazon, Yahoo, Dropbox, and Apple’s iCloud among other online services. This also exposes the risk of storing information on the “cloud” because one mistake gives away everything on the server.
This method of hacking is unsophisticated, to say the least. A hacker obtains logo art by right-clicking on the images and saving them to a drive. A quick “view source” and “save” recreates the layout of a website. Then, send random emails using a “bot” to thousands of people knowing a handful will click on the email link and give away security credentials.
The security lab at Stanford University provides free anti-phishing tools. Most commercial anti-virus software also includes anti-phishing features for the major browsers. Edge, Safari, and Chrome all include some anti-phishing features, but these are minimal compared to the features offered by dedicated security tools.
The catch: you need to use the most recent browsers for anti-phishing and malware blockers to work. You cannot be using older software.
Old software, old operating systems, and old hardware invite hacking and security issues.
You should always be running an operating system less than a year old. Though I wait six months before upgrading to the latest operating system from Microsoft, I patch my Macintosh and Linux computers within a month of new releases. Newer operating systems close holes discovered in the older platforms.
Recent ransomware attacks that brought down the United Kingdom’s healthcare computers targeted computers running Windows XP, Vista, 7 and 8. There is no excuse for running an essential service on anything other than Windows 8 or 10.
Ransomware can be inserted via email, infected documents, websites, software, or other means. Ransomware encrypts files or locks your computer until you pay a ransom to the hackers for a password. Paying is no guarantee you’ll retrieve the data.
The newest ransomware attacks used popular subtitle websites. These websites offer the subtitles to movies for download. The first question I would ask is why you would be downloading subtitles…since they are included when you purchase a movie legally to comply with the Americans with Disabilities Act and the Telecommunications Act. In effect, this ransomware targeted pirates.
The software many people use to “rip” (copy) movies, Handbrake, was also hacked. This is possible because some open source software projects freely allow developers to collaborate on the code. The malicious code was quickly discovered, but only after it infected countless computers.
Microsoft Office documents are another popular vector for malicious code. The Visual Basic for Applications that allows companies to customize Excel, Word, and other applications can also be used to write dangerous code that modifies files. Microsoft removed VBA from Office for Mac briefly, but corporate users demanded its return. I love VBA macros, especially in Excel and Word. Still, I also know that I should never trust a document with macros from anybody else.
Microsoft updates Office often to block newly discovered vulnerabilities. You should always use the most recent version of Office. The best way to do this is subscribe to Office 365 and enable automatic updates. You should also disable macros if you do not use VBA.
When I ask clients why they have old versions of Windows, macOS, or various applications, the answer tends to be that their computers are too old for the new operating system or not powerful enough for new software.
If your computer cannot run the latest versions of software, you need a new computer. Budget for new hardware cycles in any business. It’s a matter of security.
I know people don’t like to hear that, and some assume companies plan this obsolescence. Yet, sometimes the old hardware is part of the security issue. When you turn on a computer, the BIOS (basic input/output system) of the motherboard helps load the operating system. Some old BIOS versions are vulnerable to hacking.
There are security issues with older USB controllers, older hard drives, and older bi-directional printer ports. Older Ethernet controllers and WiFi chipsets also attract hackers. It’s even possible to hack into a computer through an older printer unknowingly connected to the Internet.
Update your software often and automatically if possible. Update your network-attached hardware within six years of its manufacture date. If you are certain hardware is unexposed beyond a local computer, then it is probably safe to use for longer. Our laser printers last for ten years or more, for example.
Microsoft and Apple do a rather impressive job, considering how vulnerable computers are to hackers. Generally, both companies support an operating system and hardware that was sold within the last five years.
A computer from 2005 running Windows XP or Vista is asking for trouble. If you are using Office 2007 or 2010, you’re also inviting trouble.
Finally, consider buying a security suite and keeping it up-to-date at all times. Even if you use an Apple computer, you probably share files with Windows users. Do not fall victim to the security scams online, either, which use pop-up ads to claim you need to buy software. These are another fancy form of malware.
Our server scans files nightly. Since 2001, I have only had to remove Windows-targeting code received via Microsoft and Adobe documents. I’ve never had a virus, malware, or other malicious code strike our Apple systems. But, I assume it could happen.
I recommend and use Bitdefender, which consistently scores high in impartial tests by consumer groups and security experts. AV-Test (avtest.org) offers the best independent security news and reviews, and Bitdefender regularly leads Windows security suites.