Cybersecurity For Beginners

Cybersecurity - information for the home PC user.

 

I have been working repairing computers for a number of years now and get asked every day about doing lessons and teaching people to do things for themselves. Time constraints currently mean this is just not feasible. To try and help others I started writing information guides a couple of years ago now. These have been free for our customers in store and recently I have began adding these online into the blog section of our website. We hope these prove to be of use to someone! It is also a good experience writing them too. Every day I answer questions from customers about online security and are they protected enough. How do you really answer that question? When are you ever going to have enough protection??

In order to try and explain to people what causes the problems with their computers, I have written this short guide explaining in simple terms that everyone can grasp what viruses, malware, adware are and what internet protection does. In addition to this I will explain how you can get these infections. I will make some suggestions to help you to protect yourself and what signs may give you a clue that you have a problem. In terms of infections on computers things have changed since the very first computer virus. In the modern world information is what it is all about. Most forms of computer infection are about getting your data in some way.

Infomation is with worth money. The bad people behind these nasties will harvest your data for their own use or sell it to other people. It is all about what you are doing, where you have been online, your personal details and passwords and where you have accounts held. This is all worth money to someone.

 

Viruses

These little pieces of replicating computer code are responsible for billions of dollars and pounds worth of economic losses every year. These nasty little blighters usually require you to open a file of some type - more often than not in the form of an executable file (.exe or rar still format) whereby you have to unpack and install something. Usually you believe that you are gaining some genuine and real software or program. They lead to catastrophic system failiures, increased maintenance costs and data corruption. There have been so many notorious viruses that nearly everyone can name at least one due to press involvement. Different operating systems have different weaknesses to viruses. Later versions of Windows are less susceptible to this type of infection fuelling a move towads malware and adware. Viruses do not tend to be so much about your data as much as they are about causing damage to both the hardware and software at both individual user and large scale computer netwworks. There are many different types that at this level I will not go into. Many websites offer free removal tools. Microsoft for Windows systems offers a software called Microsoft Security Essentials that we install on many machines. This is very effective protection against viruses. It comes with a built-in firewall too that goes a long way to protect you. I will explain more about firewalls in a moment. 

 

Adware

This is a specific type of malware that most of us will have encountered at some point. It is classes as any form of software that generates adverts with the aim of generating revenue for its author. You or someone you know will most certainly have encountered adware it is so common. This comes in the form of constant internet pop-ups. You know those annoying windows that keeping coming up when you are trying to search using Google or purchase something on eBay??! They are very irritating. They can be installed as toolbars and/or browser extensions so it is always worth checking and removing any extensions or toolbars that you have not installed yourself. I would highly suggest keeping both of these to a mimimum anyway to keep risks down. Toolbars are like highways for allowing traffic in and out. It is inevitable that if you have huge numbers of toolbars you are likely to hit issues with adware. Some of these come with their own search engines like Search Protect that then diverts all your internet searches through their own engines and thus can manipulate the results that you see. Ensure that all your internet searches are set to run through trusted search engines like Google or Yahoo. This way you know that you are getting the best and most relevant results from your search.

Trojan Horses

A trojan horse in myth and legend was a means of subterfuge that the Greeks used to enter the city of Troy. The Greeks gave a giant statue of a horse to their foes and once it was within the city walls Greek soliders poured out of its belly and attacked the city. This is where this particular piece of unwanted nastiness gets its name. It is a program that whilst it does not replicate itself like a virus has the power to be even more destructive. it is a term used to describe something that seems friendly and benign but actually is very destructive. These often come in the form of programs that you download thinking that they are beneficial or when you download something benign and it come attached to it without your knowledge. The trojan horse once installed on your machine can then begin its task much like the Greek soldiers in the city of Troy. These take the form of 7 types:

•    Denial of service (DoS)Trojans
•    Remote Access Trojans
•    Destructive Trojans
•    Data sending Trojans
•    Proxy Trojans
•    FTP Trojans
•    Security Software Disabler Trojans

These all sound like frightening nasty names for a reason. These can be amongst the most diffifcult of infections to deal with and the hardest to detect. As the program is usually installed by the computer user themselves, (whether they are aware of it or not), the machine sees it as being okay to action. Often they will come with a security software disable function built in to tell any software on the machine that it is to switch off and everything is ok. This means that the trojan can be installed without issue and then set out to do what is was intended for. Some trojans purely have the aim of disabling security software. This can be especially detrimental in big companies whereby disabling of security softwares can result in large security breaches. This type of software can also be used by hackers to enable easier access into the system. Once into a single machine they can then permeate large networks and cost companies potentially millions in lost revenue and damages.

As a smaller home user the most likely trojan that you are likely to encounter are fake anti-virus and security softwares that install on the machine and tell you that you have hundreds of infected files and you need to purchase a licence for the software to clean the machine. This is of course all bogus but the threat can scare people into handing over their details and in turn this can result in identity theft. Most modern security systems are on high alert for detecting this type of things but some systems are better than others. We see hundreds of machines a year from both home and business users that are infected with these trojans and they can be tricky to remove. This can result in having to reinstall the operating system and potential data losses. This is why is it especially important to keep your data backed up.

 

FTP trojans affect file transfers and can be detrimental to business users more so than home pc users. It affects port 21 on your computer allowing access through this channel. It is used for the transfer of data. This type of infection can lead to massive data leaks and policy breaches within companies. You can be infected with this type of infection and never know it. This is why keeping internet security software up to date is so vital. The exact form the infection types varies and the people making this software are very skilled and often way ahead of those designing security software. The only way to ensure that you cannot become infected with this type of infection is to keep your computer off the internet! Port 21 is an internet traffic port so if there is no internet connection there is no threat. It is for this reason that some companies often run certain computers without an internet connection.

Proxy Trojans are a fancy name for a very nasty attack. This trojan will turn your machine into a proxy server - a type of hub to put it in simple terms through which traffic flows. This means that someone can use your computer to direct traffic through committing a whole host of crimes including credit card fraud and the use of your computer as a host to launch other malicious attacks that will then be traced back to your machine. It is a very frightening world in which we live today and whilst the internet holds the world of information at a few clicks of a button it does come at a price and as in the real world criminals exist everywhere. The internet is no exception!

DoS Trojans - denial of service trojans are designed to affect networks and thus have very little impact upon home users. they are designed to prevent internet services over TCP/IP communications thus preventing any form of internet traffic, email or internet based communication services running. This type of infection can cripple business by bringing down networks. When most businesses nowadays run all their services including printing, inhouse communications, file sharing services and internet access and email through their network having these services denied and held to ransom can ruin a business. Major threats of this type have included the Ping of Death and Teardrop attacks. For the most part these types of infections are often directed and come from research about a company. They are often carried out by hackers who have gotten into a network and then carried out the DoS attack. Like most other types of computer infection new ones are being created all the type giving hackers and criminals alike a whole host of tools at their fingertips. DoS attacks have been the focus of many modern TV shows incluing Scorpion and Arrow.

 

 

Data sending trojans are the type of infection that is most detrimental to small business and home users. This type of infection is designed to send your sensitive data back to criminals who will then use it for their own gain. This type on information can include everything from IM login details, credit card information, website login details, passwords, internet banking details and installation or inclusion of keylogger software. Keyloggers are an element of malware that can be incorporated into other malware or exist purely on its own merit. It is designed to record and transmit every keystroke therefore everything you type back to another computer or server whereby the data can be sifted through and any valuable data extracted. These types of infections are designed to remain unseen and to not be destructive to the computer. In order for them to succeed they require the machine to be running and unaffected by its presence so that users will contiune to use their computers within the normal manner. These are common infections and for the most part easily detected and removed by any good security system.

Ransomware

This does exactly what the name suggests. It is a terrifying form of attack that leaves all computer users feeling exposed and vulnerable. It is also one of the few types of infection that internet security remains fairly useless against. Cryptolocker - a type of ransomware infection that spread recently is estimated to have cost computer users over $3 million dollars in paid ransom monies. This type of infection typically starts out as a trojan attack (see above). It functions by limiting or completely preventing access to a users data until a ransom is paid. In some cases removal of the hard drive and scanning with security software can be successful if caught early. Those carrying out the attack will systematically encrypt a users data preventing access to it. Those being held to ransom then have to pay a fee to get their data back again. Often this will only allow partial access with further demands then being made. Once on the machine this type of infection can spread easily through a network via server access and become very detrimental to businesses and home users.

This type of trojan based malware can totally prevent access to a machine. In recent years there have been variations of this type of software involving locking of the machine with an image with a phone number telling you to call this number as local police have blocked your machine. This particular example just locks you out and with scanning externally the machine can be cleaned and access restored with relative ease. There is no encryption of data so once access is restored then the data can be accessed once again. This is a nasty and scary type of malware that has escalated in prevalence in the last few years with many, many variations becoming part of a criminals toolkit.

In June 205 Cryptowall another type of ransomware that entered through an infected strain of Javascript (information that makes certain parts of websites work) coding. This was targeted to infect Windows based machines and the FBI estimate that it has caused over $18million in losses. It spread rapidly and incorporated spyware that transmitted password information and details of Bitcoin accounts resulting in huge finanacial losses for those infected. This is a nice example of the package type modern malware is taking whereby you do not just suffer from one infection type like with previous viruses - now it is combined attacks. Data is worth money and it is what criminals target in this modern world where everyone does everything online.

 

Overview

 

As this has been just a brief overview of some of the types of malware and virus there are many, many more that I have not even mentioned. I will try and add further information as time goes by to the blog on other types of infection. There are many more like spyware, malware and scareware to name but a few that we have mentioned in passing that I will also try to add more information on. Another area of attack in recent times that is worth a mention before I leave this particular post for the moment to move on to other things is that of the remote access attack. These are now so common in occurence that I have had 4 attempts at this type of attack in the last week alone. These take the form of the following: ..........Your phone will ring...."Hello sir/madam I am phoning from your internet provider/TalkTalk/BT/Sky Broadband/the police and or various other organisations that sound official and scary. We are calling to report a problem with your computer. If you could just click on the following website or allow me access by doing the following I will correct this problem for you"...... Let me explain this in another way. If I were to ring your house now and tell you that I am the president of the USA and I was calling to tell you that your computer was infected causing a problem that was bringing down the internet throughout the entire USA, would you believe me?????? What proof do you have that someone ringing you at home or work is who they say they are? Engage brain before mouth and do not panic!! Do not tell anyone on the phone anything. Either tell them you will call back and take a number that you can then Google to check for authenticity or ring the support number off the relevant companies website and ask them if they contacted you before you tell anyone anything. People do have a tendency to panic and this results in them granting access to their laptop, computer or tablet without a second thought. Once they are into the machine they open ports and will plant malware and trojans onto your computer that means that they can monitor your every move via keyloggers, steal your data and passwords using spyware or just generally infect your machine and be a menace. Once they are in that access is permanent and the only way to ensure that all the damage is undone is to data wipe and reinstall the operating system thus restoring everything to a new state. It would take hours to manually check a machine to ensure you have completely removed all trace and access from and by these predators. Remember - if in doubt, do not do it!!! Ask for help from those with a better knowledge. Reporting of these incidents to the police along with any details you may have is beneficial too.

The same can be said for your online activities. People are only too happy to click away without a second thought but a little bit of application of common sense beforehand can save a lot of pain and heartache in the long run. It can prevent your details being stolen, your identity being cloned and losses of data. NEVER click on links in emails saying they are from your bank, Paypal, eBay or any other company or organisation unless you are 100% sure of the authenticity of the email. Check the address the email is from...is it a contact or someone you know? Does it look as though it is an official bank email address? Are you expecting an email from that company? If in doubt call in to the local branch or phone the company and verify the details enclosed before you click on anything and certainly before you log in to any website from that link. It is so easy to be caught out. In the early days of email crime of this type even my boss got caught out and clicked on an email from Paypal (we will use that term in a loose manner) asking him to log in and change his password. Panic kicked in and he clicked on it. This created a whole mess of having to change passwords. This brings me to another point on which I will create another blog post - password security.

Very quickly - never use the same password for social media sites like Facebook and Twiiter as you do for your email and especially site like internet banking and Paypal. Social media sites by their very nature leave users exposed in their ease to hack.Once someone has your Facebook email and password they can systemically try that on any website needing log in details till they hit the jackpot and before you know it you have brought £2000 in TVs and clothes off Amazon and ordered a seat for the season at Old Trafford. They can then set about changing your passwords and locking you out of your own accounts. Email addresses contain a domain id for the company that provides that email account meaning that it is easy to know where you go to access your email - be it Yahoo, gmail, Hotmail or BT not to mention the millions of others that are around. Ensure that you also follow advice to ensure that your password is as secure as possible. Avoid using any date of births or children/pet names that you have added on your social media site as these are common account reset answers.

I hope that this guide has been of help in educating you even just a little in how to stay safe online. Even if it is just in warning of what not to do! I will add further blog posts when I have time with other details of security and safety. If you have questions feel free to email me or contact us through the website or on social media. Links for all of these are on the site and I will try and respond as quickly as possible. One product that I would highly suggest installing and scanning your machine with is Malwarebytes Anti-Malware. They offer a free version but the full paid version is great value for money too. I cannot give a high enough appraisal to the people behind the scenes of this software and if you check out our social media you will see numerous posts from us praising them on a job well done. Scan the device fully and see what it finds!