Fortinet cybersecurity solutions has warned companies and individuals in South Africa to brace for escalating cyber-attacks as cyber-criminals expand their targets to home network devices and mobile devices. Fortinet’s latest Global Threat Landscape Report for Q2 2017 revealed that 90% of organisations recorded attacks targeting system and device vulnerabilities that were at least 3 years old, even though updates and patches that corrected those vulnerabilities had long been available.
Even more alarming, about 60% of organisations reported successful attacks that had targeted vulnerabilities that were 10 or more years old. A growing percentage of such attacks also target home network devices, such as routers and wireless access points. And 1 in 20 of such attacks today target mobile devices, such as Android-based smartphones and tablets.
Cyber attackers target a wide range of known vulnerabilities in these devices − known collectively as the Internet of Things or IoT − in order to control them remotely, collect users’ data, or install malicious code that allows attackers to aggregate millions of similarly compromised devices into huge cyber weapons known as botnets that can be used to generate huge volumes of data traffic that can overwhelm and shut down targeted online organisations or cripple Internet traffic.
“We are now living in a digital world, and cybercrime is part of that new reality,” said Anthony Giandomenico, senior security strategist/researcher, Fortinet. “We have all learned to lock our cars, deadbolt our doors, look both ways before crossing the street, and avoid dark alleyways and streets at night. It is time to develop the same good habits as we navigate through our digital environment.”
Fortinet offers the following cyber-safety tips to mitigate the risks of cyber-attacks:
1. Control Your Social Media. Be careful who you “friend” on your application. Cybercriminals often set up fake pages or accounts and request to be added as a friend. Look out for the following to identify fake requests from criminals hoping to steal data or trick you into clicking on links to infected sites:
- Always look at the home page of the person making the request. When was it set up? What year do they claim to have graduated from college or started their new job? Can you see photos of normal activity or does their page seem to mostly be glamour photos? If you don’t know the person making the request, or anything on their site seems odd, simply dismiss their request.
- If the person making the request is someone you know, check to see if he or she is already a friend of yours. Look at their vital information. Do the dates seem correct? If you still have doubts, contact them directly to see if they have built a new page. If not, their account has been hijacked or duplicated.
2. Scrutinise Your Online Transactions. Your bank will never initiate a request to verify your account or provide your login credentials. Such requests, either online or via email, can safely be ignored or deleted. Should one receive an email or a browser page with a link attached, always look at the URL before you click it. Hover over the link and look at the address that shows up. It should start with a real address, such as “www.(yourbank).com”. The address should also be reasonably short. To remove any doubts, simply log into the site directly rather than use the link provided, or call your financial institution to ensure that the request is legitimate.
3. Inspect Your Email. The most common way to get users to load malicious software or malware onto their systems is through an email attachment. Known as phishing, these attacks often claim that the file attached to your email is a receipt or bill for a fictitious transaction, a fake document that needs immediate attention, or a message from a friend or family member. NEVER click on an attachment or web link in an email from someone you do not know, that you did not request, or that does not seem entirely legitimate.
- A quick way to check the validity of an email is to simply look at the email address of the sender (you can do that by double-clicking on the name of the sender or by hitting reply.) Does the email match the organization? Is it especially long, from a different organization or location from what you expected, or does it include strings of letters or numbers? If so, you can safely delete it.
4. Update Your Devices. Review devices in your home that are connected to the Internet. These should include phones, DVRs, TVs, security cameras and other online devices, and even home routers and wireless access points. Write down the names of the manufacturers and the model numbers, and list all the software running on these systems. Once you have a complete inventory list, search for known vulnerabilities or patches, and make sure that these devices and applications are running the latest patches and the most current versions of their operating systems, firmware, or software. If a device or application is no longer supported by the manufacturer, the safest thing to do is to replace it.