Russian Aviator Girl: Premiere on RT Documentary
Erick's List: Trains

Phishing in Troubled Waters: How To Protect Yourself from Hacker Attacks?

With more people working online during the global pandemic, the FBI has sounded the alarm that cybercriminals are building up their offensive capabilities. The number of hacker attacks has reportedly quadrupled. Moreover, it looks like the damage hackers can inflict on companies and organisations is growing each year. RT Documentary outlines the most common types of cyberattacks and ways to protect yourself from them. To learn more, see the premiere of the second episode of I Am Hacked on Monday!

Ananika fell victim to a hacker attack

“I was looking for an apartment to rent in March 2020. And I got a random email on my Gmail from Angela Morison. She claimed to be from the UK… An old couple who could not travel to UAE anymore,” says Anamika, a cybercrime victim from Dubai, UAE. “And they had bought the apartment in a trendy street called City Walk. She said that she wants to leave it out because it's empty – and she's dealt with Airbnb. So, I thought: OK, maybe, because it's Airbnb, an international brand and name, it'll be… It'll be OK to deal with it.”

The link Ananika received from the lady directed her to the site that looked exactly like Airbnb: photos of the apartment with the official logo, ratings, and feedback from different guests. She was asked to pay via the website and received an official notification about the website's chat bot transaction.

The website Ananika was directed to looked precisely like Airbnb

However, when she saw the transaction was in euros and not in dirhams, Ananika suspected something was wrong. Though the chatbot promised her a refund and made another transaction in her local currency, it only made the second part. When Ananika called the Airbnb helpline, it turned out they didn't have her card details or any data about the lady whose apartment she was trying to rent.

“We are humans, we trust. We trust that…” says Ananika recalling her misfortunate experience. “When I received that email that she is old and she has a house here, that was very believable. Nobody can say it was a fake website.”

Hackers are becoming increasingly advanced in their malicious art / Marcus Spiske via Unsplash

Are we all hacked?

Stories like this are becoming increasingly common every year. And the pandemic seems to have exacerbated the trend. According to the Central Bank of Russia, in 2018, scammers stole $14 million from personal cards. A mere two years later, in 2020, the figure reached $135 million.

Hackers are becoming increasingly advanced in their malicious art. According to an IBM report, organisations that fall victim to their attacks deal with growing costs. In the US, the average price of a data breach increased from $7.91 to $8.64 between 2018 and 2020.

During the pandemic, the number of hacker attacks has skyrocketed / KeepCoding via Unsplash

How can we protect ourselves and our financial accounts from the dangers of the cyber world?

Well, they say if you are warned, you are armed. So the first step should be to see the enemy in the face and learn his methods. Here are the three most common types of hacker attacks and some tips on dealing with them.

1. Malware attacks

Malware refers to many types of malicious software used to break into a computer or a computer system of a private user or an organisation to disrupt its operations, demand ransom, spy on the person or organisation, or control their data flows. Malware includes worms, ransomware, spyware and other means. According to a recent study by a security company MonsterCloud, the number of malware attacks has skyrocketed by eight times since early 2020.

According to a recent study by a security company MonsterCloud, the number of malware attacks has increased by eight times since early 2020 / Michael Geiger via Unsplash

One of the most well-known attacks of the type was the WannaCry virus, supposedly created by North Korean hackers, that provoked a global cyber epidemic in 2017. The virus infiltrated Microsoft's operating system, blocked access to affected users to their computers by encrypting their data and demanded ransom in Bitcoins for its return. At first, the hackers demanded $300 in bitcoins but then increased the ransom twofold. If the used refused to pay the sum, the attackers threatened to delete all their files.

Around 230,000 users from all over the world fell victims of the WannaCry virus The British NHS healthcare system was among the most affected by the attack. Thousands of hospitals across the UK were under threat of a complete disruption of their operation, with ambulances being reportedly rerouted and leaving patients without urgent care. The costs of the attack for the NHS are estimated to be a whopping £92 million. 

To protect yourself from this kind of attack, you need to keep your operating systems up to date to ensure all security bugs have been dealt with. Experts from the Kaspersky cyber security company say the damage caused by the WannyCry attack could have been avoided but for the continued use of outdated software and poor education about the need to update it regularly. Antivirus software is also a good tip. Finally, don't forget that it's no good opening links from dubious sources as they can be malicious.

2. Phishing attacks

Phishing attacks aim to steal data from users or trick them into downloading viruses by sending them malicious emails and messages that look normal but turn out to be a scam. In addition, hackers often try to steal users' credentials, including credit card details and social media passwords. However, the ultimate goal is to usually to demand ransom from users or organisations threatening to reveal sensitive information.

Phishing is believed to be the most common cause of data breaches worldwide

“Most often, here we deal with the malware mailing,” says Aleksandr Kalinin, head of the computer emergency team at a Russian cybersecurity company Group-IB.

“For instance, a person received an email with some trojan virus attached. Here we also detect scam websites, like phishing — you see a familiar web page that looks the same. However, it's a fraudulent website that belongs to a phisher. And all the data you enter are being sent to them, not the real website."

Phishing is believed to be the most common cause of data breaches worldwide. In 2020, 75% of organisations and users worldwide experienced phishing attacks, three-quarters of which were successful. Over the last four years, this number increased by about 11 times.

One of the largest phishing attacks was launched in 2015. A series of malicious emails were sent to the employees of Sony, a Japanese tech giant. Having researched the employees’ data on LinkedIn, hackers pretended to be their colleagues, sending them phishing emails. As a result, more than 100 terabytes of Sony’s data were stolen. The attack cost the company about $100 million. 

To protect yourself, you need again to be very cautious about the links you follow, emails and text messages you open – be sure they come from the sources you are familiar with. As for some other measures, experts from the Kaspersky Lab advise using VPN when connecting to public Wi-Fi as this makes computers more vulnerable.

3. Distributed denial of service (DDoS) attacks

DDoS attacks aim to disrupt the operation of a website, application, service, or network by flooding it with an overwhelming amount of internet traffic from compromised computer networks that block its activities and prevents users from accessing it. A DDoS attack is a traffic jam that prevents regular traffic from reaching its destination in layman's terms.

According to the Kaspersky cyber security company, DDoS attacks are common, and they have risen significantly during the pandemic. In 2018, Git Hub, a prominent American software production company, fell victim to the largest DDoS attack that froze all its operations for almost 10 minutes. In September 2021, a Russian tech giant Yandex reported to have repelled the largest DDoS attack in history. The attack began in August and continued till the beginning of September.

“Our experts did manage to repel a record attack of nearly 22 million requests per second (RPS). This is the biggest known attack in the history of the internet,” Yandex said in a statement.

In 2018, Git Hub fell victim to the largest DDoS attack that froze all its operations for almost 10 minutes

These attacks are tricky because it's pretty hard to distinguish between them and regular traffic. However, a way to prevent such attacks against your devices is to install a web application firewall to detect suspicious traffic patterns. In addition, there’s always such thing as cyber hygiene. It goes without saying that you should engage in best security practices, including changing passwords.

To learn more about cyber hygiene, read RT Documentary’s story Are We Hacked?

Cyber hygiene refers to a set of rules you need to abide by to in order to ensure your basic security online.

Did you like the article? Then, see the premiere of the second episode of I Am Hacked to learn more about hacker attacks and ways to protect from them!