[ 054 ]
your PC backed up to a cloud service, a NAS
device or USB drive — though the latter is
the least desirable since it may also end up
being encrypted by the ransomware if it’s
connected at the time of infection. Use
automated backup software; don’t rely on
remembering to do it manually.
Other than that, take the usual precautions
against malware: running a proper anti-virus
application; being careful about what you
download; don’t just click on every link you
get via email or social media.
- IOT THREATS
The other big common denominator in threat
reports for 2017 was the vulnerability of
Internet of Things (IoT) devices. These are
non-PC devices that connect to the internet:
smart home and automation appliances, cars
with internet connectivity, air purifiers and
conditioners, internet-connected drones, IP
cameras, smart medical equipment, wearables,
power monitors, and more. We’re using more
and more of these devices in our homes and
businesses, but we often pay little attention to
their security, and their designers often favour
convenience over security.
In September, this came to a head with the
release of the Mirai botnet. Mirai malware
infected IoT devices running versions of Linux
by simply trying to access them with default
passwords. Millions of routers and IP cameras
in particular were infected and remote
controlled, and then used for a sustained
denial of service attack that took down a big
chunk of the internet.
What to do about it: Take the security of
your non-PC devices seriously. Changing
default passwords is a good start, but it’s also
worth reading up on individual devices before
you buy them to see if there are any known
security risks.
3. MOBILE THREATS
The most persistent trend in the past few years
has been the shift in focus from PC security to
mobile security. By and large, we’ve actually
gotten much better at protecting our PCs, and
most people run some kind of firewall and
anti-malware. Mobiles, however, are fair game
and often poorly protected.
This is especially true on Android, where its
openness is both a blessing and curse. It allows
you to do more stuff than you can on Apple
devices, but it also makes core system elements
more susceptible to hacking. Perhaps more
significantly, it’s generally up to the phone
vendors to keep updating the software to deal
with new threats, and frankly most of them
suck at it. On iOS devices updates are frequent
and universal; on Android, older devices are
usually never patched and even when they are
it’s often a year or more between updates.
Google has been trying to fix this in recent
versions of Android by moving a lot of system
components over into the Google Play update
system, but it still has a long way to go.
There were a lot of significant threats on
Android in the last year: Dresscode, a remote
control malware that appeared on hundreds of
Google Play apps; Lockdroid, which disguised
itself as a system update; ‘clickjacking’
malware that creates invisible hyperlinks
on-screen that give admin rights when
pressed; and Mazar, a worm that sends SMS
messages containing links that when clicked
will infect the system with malware.
iOS, it must be said, has not been completely
immune. Some infected apps have made it
through Apple’s vetting process on iTunes,
and a few system vulnerabilities have been
exploited, such as Pegasus, which used SMS
much the same way Mazar does on Android.
Apple actually provided a patch for Pegasus,
which again points to how much better it is
at security right now.
What to do about it: We have a whole
section specifically on securing Android
devices on page 58.
OTHER THREATS
Those may be the big ones, but there are others
you should be aware of:
- MAN IN THE MIDDLE AT TACKS
This involves jacking into your network
The Jigsaw ransomware
progressively deletes files
the longer you take to pay.
Make sure you change the
default passwords of IP
cameras, routers and other
internet-connected devices.
SUPERGUIDE
KNOW THE THREATS