The Internet is not the most secure channel for transmitting information because it can be intercepted. Even social media accounts can be of interest to attackers. Your list of friends, subscriptions to bloggers and media, correspondence containing secret information, electronic wallets, bank accounts – all this can be at risk.
Next, we talk about methods of intercepting information and how to protect yourself. You can also get advice from our managers.
Among the most well-known methods of intercepting information:
- Malicious programs.
- Phishing.
- Application vulnerabilities.
The data for the last two years show that the majority of users do not take information security seriously.
%
Faced with a burglary
%
Still not using 2FA
%
The same passwords
%
Sharing passwords with colleagues
Types of malware
- Computer viruses — are programs that can copy themselves and can extract, delete, replace or distort the original data.
- A botnet — is a network of computers infected with bots that execute certain commands: sending spam, guessing passwords, DoS attacks.
- Cryptojacking — or hidden mining.
- Network worms — are malicious programs that slow down device performance, delete files, and disable certain programs.
- Rogue antiviruses — are computer programs that pretend to be an antivirus by downloading malware or downloading data from a computer.
- Spyware — is a program that monitors user activity and can connect remote control of a computer.
- Trojans — are malicious programs that appear on computers under the guise of legitimate software.
Protection. To protect yourself from malware, use licensed antiviruses. Also be sure to enable additional protection in your accounts: two-step or two-factor authentication. Use USB keys.
What is phishing
Phishing — is a type of social engineering, a type of Internet fraud. It is aimed at obtaining data for authorization, most often in payment services and banking. This is done with the help of fake sites, pages on which users are prompted to enter data.
Protection. Such sites are most often distributed through mailing lists from supposedly official companies. Be sure to check the site address by clicking on links through third-party services. Use hardware security keys: they will not work on phishing sites and you will understand that the site is fake.
What are application vulnerabilities
Unfortunately, not all applications are made with high quality, and vulnerabilities can lead to serious consequences, up to loss of control over the device. An up-to-date list of vulnerabilities is available on the OWASP website – a tool for developers. We list only a few for the understanding of ordinary users.
- Access Control Violation — Insufficient restriction of rights for registrant users. This results in unauthorized disclosure of information or deletion of data.
- Insecure data storage — storing data on a local server, and not on a secure one. As a result, unauthorized persons can access it.
- Insecure communication — the use of insecure protocols in instant messengers, chats. In this case, messages may be intercepted.
- Incorrect security settings — unlimited number of login attempts. This is fraught with hacking accounts by guessing passwords.
- Lack of additional protection — there is no possibility of connecting two-factor authentication. This threatens to hack accounts.
Protection. At least before downloading applications, check how long ago they were updated, how many users were convinced of the quality, wrote reviews. Check what data the application is requesting and whether this request is justified. Stay tuned for updates to be delivered on time. Change your passwords periodically, or better yet, encrypt them using hardware security keys.
