BASIC COMPUTER SECURITY TIPS
The Taxonomy of a compromised computer:
(what the malicious actors will do once they control your computer)
When someone hacks your computer it means they have remote access to your computer, where they can retrieve passwords, information about you and information on your program files etc. They usually hack people's computers through the use of browser, link, attachment, scanning or social engineering. Once inside they are able to view what you are doing on your computer and they can use your computer as a bot system, harvest your data, or if you really unlucky lock your system files up with ransomware.
- Harvest your Data
- Bitcoin mining
The basic use can be classified into three (3) categories:
A botnet is a network of compromised third-party computers running software robots (bots). These bots can be remotely controlled – initially by the actual attacker, and subsequently by a party who pays the attacker for use of the botnet – for any number of unauthorized or illegal activities
- See Shadowserver.
- See Senate testimony - taking-down-botnets
- Gameover Takedown
- See Shadow server checker to see if you are infected by Gameover takedown.
- Distributed denial of service attacks (DDoS) Malicious actors are elevating their crimes by now compromising of web servers as opposed to web-servers because they are always on a carry more bandwidth. With DDOS there are basically two types of attacks, Network Attack (Bandwidth depletion) or an Application Attack (Resource Depletion)
- Spam: There is a correlation between botnets and spam. Including spam attacks involving the further distribution and installation of malware on other information systems.
- Bitcoin mining: they want to hijack the processing power of your computer to create more bitcoins. The malicious actors are now using hijacked computer and servers to do this illegally through botnets.
- A proxy server is computer that functions as an intermediary between a web browser (such as Internet Explorer) and the Internet. Allows you to bounce your web traffic between different servers. Some Proxy servers help improve web performance by storing a copy of frequently used webpages. Others like Squid proxy do not store information.
2. Harvest your data:
Instantly gaining access to a huge part of his online life. Information on your online services, passwords, email accounts and other items such as:
- Identity theft: Employees like remote access because it gives them access to work files, programs and networks, enabling them to work from home or while traveling. However, they must be aware that if their remote login credentials are compromised, malicious actors will be able to login and have access to a massive amount of data. A wide range of sensitive information such as names, addresses, dates of birth, social security numbers, driver’s license numbers, credit card and bank account numbers can be found within a targeted organization’s computer system, which can be used to commit crimes such as identity theft. Malicious actors will use any information they can gather for financial gain.
- Hi-jacked Bank Accounts: Vulnerabilities in the implementation and usage of remote access software facilitates massive financial losses to our business’s infrastructure, with malicious actors utilizing varying levels of sophistication to steal credentials and passwords in order to hi-jack or create banking sessions to steal money from the account of the targeted business. These types of attacks have led to millions of dollars in unauthorized electronic financial transactions being sent to banking systems in Hong Kong, China, and other foreign countries.
- Intellectual Property Theft: Unauthorized remote access to business’s databases can also lead to theft of intellectual property, which could include anything from trade secrets to proprietary products. Intellectual property theft costs U.S. businesses billions of dollars each year with overseas companies taking this information and using it to build cheaper and less expensive versions of products without the cost of research and development. This causes significant job losses in the United States. The loss or compromise of data can result in an array of impacts to your organization, including financial penalties, fines and even loss of consumer loyalty and confidence.
- Stolen Credit Cards: Credit card point of sale systems of small to mid-sized businesses are being targeted and compromised at an alarming rate. Compromised card holder data is costing businesses in the United States millions of dollars in fraudulent transactions, regulatory fines, and investigation and recovery fees. Point of sale integrators frequently use weak and/or default passwords on point of sale terminals allowing malicious actors to brute-force or successfully guess remote access into the system. Once inside they install malware specifically designed to steal payment card data from that system.
- Espionage Malware can be and has been used to gain access to or spy on business and government operations and gather information that could be critical to business operations or national security.
- If it’s a server they install a simple logging program and watch as all the traffic flies passed in clear text, most will be HTTP traffic, unsecured, plain text details which can be easily read.
- The owner will be asked to pay a ransom for the “key” used to encrypt their data, and which is often required to reverse that process and restore the data. Such attacks, not only deny the user/owner access to their own data, but harm the confidentiality and integrity of that data by the attacker’s unauthorized access to it and encryption of it.
- Encrypts any network drive that is mapped to the system.
- Primarily an email based attack vector.