Editor’s Note : Tarun Samtani, CISSP is a highly passionate Cybersecurity expert with 15 years of experience in securing enterprises. He regularly addresses global audience at conferences on these topics.
Computers, tablets, smartphones, smartwatches have become a norm in our lives and we use them every day. There was a time when we had only viruses but times have changed even in the cyber world and now we have viruses, worms, Trojans, spyware, adware, etc. – all clubbed together and referred to as Malware (MALicious softWARE).
Malware is an umbrella term for all malicious software that could infect your computer, smartphone, smartwatch or any other smart device. To understand the difference between the types of malware, you may want to refer this link.
Does it really matter if your device was infected by a malware? Well, let’s talk about some of the capabilities of malware first:
- It can record your every key board input,
- It can capture your video using your webcam even if you are not using it when the PC is ON,
- It can take screenshots of any page you browsing and send it across to someone sitting in other part of the world,
- It can listen to your conversations using your own device MIC,
- It can steal all your data on the device,
- It can make your device a part of the criminal network activity,
- It can encrypt all your data and demand a ransom to give you back your own data.
So now you see it’s serious! You may wonder how you would manage to infect your device with any such malware. Well, the answer is very simple – You may need to do nothing at all sometimes. Just by browsing websites you could be infected by something that is called drive-by download. Drive-by download may happen when visiting a malicious (infected) website, viewing a malicious email message or by clicking on a deceptive pop-up window. How do you identify a malicious website or malicious email message – It’s very simple.
They look like any other website or any other email message. So there is basically no way to figure out if a webpage or email message is malicious without having some blackmagic security researcher skills.
Why would someone want to infect your PC with Malware ? You see, hackers are very motivated individuals and their motivations could be anything like financial, political, etc. Imagine if they get a PC infected and could capture all your keyboard inputs. All your banking transaction username, passwords or your credit/debit card data could be with them in minutes.
They could issue instructions remotely to encrypt all your data in the background and throw a screen up to demand ransom money to decrypt your data.
Also, another use could be making your PC a part of Botnet and using it in a criminal activity like DDoS (Distributed Denial of Service) against some other big organisation demanding a ransom to stop this activity. You will have absolutely no way to know that your PC is part of such an activity.
The possibilities are absolutely endless!
All such kinds of Malware are classified as Crimeware. And this is big business, no more we are talking about a 20yr old geek in pyjamas sitting in a basement and writing some nasty code. We are talking about organised criminal gangs and syndicates who do this as a normal job just like us. There are organisations in the deep dark web which are accessible only to a few people who know how to get there. Even then you may not be able to explore the darkest areas of the dark web.
What can you do to avoid getting your device infected with malware? Few tips for you to stay safe –
- Always install a genuine copy of antivirus/anti-malware product on your device,
- Never use any kind of pirated software on your device,
- Always download the updates to your software by going to the original website itself like Adobe, Microsoft, etc.
- Beware of the links on your email especially from unknown senders – Never click any links unless you are 100% sure it comes from a genuine source. Even then you could always use an online tool to confirm if the URL in the email is not malicious.
- If you receive an attachment in an email, always use the option View Online if available. If you download the attachment do not enable editing mode if not required.
- If you are downloading an application for a smart device – always download from the Apple Store or Google Play store ensuring the apps are from well-known and well-reviewed publishers and never from any unknown sources. The risk of mobile malware is more on Android than on iPhone due to Android app validation process having too many holes.
- USB/Flash drives are one of the most common sources of spreading the malware, avoid using them if possible.
- Always be careful when installing new software and ensure you read every pop-up before clicking next to ensure you are not installing any additional free software. Usually developers package some free toolbars with some software that could be acting as a spyware on your device.
Stay Tuned with us as we bring you a series of cyber-security posts to help protect yourself, under our fresh, ACT (Act Against Cyber Threat) series.