Internet Security - Frequently Asked Questions On Cybersecurity

Cybersecurity is the field of action that intends to ensure the security and protection of information and of the corresponding technological infrastructures that are usually associated with Internet Security. This technology can be of corporate nature, such as servers, databases, routers, firewalls, etc., as well as information of individual nature, such as computers, mobile devices, or even IoT (Internet of Things) devices.

Data protection is becoming a considerably important area, not only for companies but also from a personal point of view, as the use of information technologies is growing exponentially, thus intensifying the need and risks related with the security of information.

Cybersecurity is a comprehensive area of ​​activity. It is not limited to information technologies but its application also encompasses processes and people (users), as they are equally potential vectors of attack and targets for the exploitation of potential vulnerabilities with techniques such as Social Engineering.

Cybersecurity consists on working consistently to assess risk and to make management decisions and a structured mitigation of risks in order to minimize them to an acceptable level, given the benefits of such actions.

Approximately 70% of the attackers have cybercrime as their exclusive purpose, the rest being composed of Online Activists (Hacktivism), espionage, among others.

Within the setting of Cybercriminals there is a growing trend of organised, structured and financed groups with the purpose of obtaining financial gains. These groups act as an actual company, with professionals dedicated to Computer Crime and specialization areas according to the different types of cybernetic attacks and targets.

Imagine a scenario in which there is a house robbery with the goal of stealing your material belongings. In common language, the attack would be described as a "house robbery". However, the house robbery had an entry way, such as the breaking of the lock.
Following this line of thought, in terms of cyberattacks, the attack vectors are typically:

•  The exploitation of Technological Vulnerabilities (well-known and vulnerabilities that could be solved with a system updating, or unknown and called 0-Day)
•  The exploitation of authentication weaknesses
•  The exploitation of an insecure design of architectures and systems
•  The exploitation of weak processes
•  The exploitation of flaws in the means that access the Internet
•  The exploitation of codes/applications without security
•  The exploitation of protocols without security
•  The exploitation of non-existent technological controls
•  Exploiting the users' lack of knowledge, or scarce preparedness, by way of social engineering attacks
•  Other

The terms used to describe typical attacks, namely Ransomware, Phishing, Malware, Eavesdropping, Sql Injection, Zero-Day, among others, always relate to one or more of the previously indicated attack vectors.

The direct consequences of a cyberattack are frequently related to the breach of confidentiality, integrity or availability of the resources in question. The indirect consequences can be of different types, depending on the context. For example: financial loss, loss of competitive advantage, reputational damage, loss of digital information, identity theft, incapability to produce or work, as well as examples of companies subject to insolvency procedures due to successful Cyberattacks.

Such protection entails a set of measures that must be selected in accordance with the specific context, that is, depending on what and who we want to protect.

It is essential to carry out a transversal risk analysis, identify the threats and respective vulnerability level and, considering the potential impact, implementing mitigation measures. From a corporate perspective, the adoption of the Internacional Standard ISO 27001 is an excellent starting point, while from a personal point of view, users should seek to increase their knowledge and level of resilience by acquiring an overall knowledge on the subject or through training courses on Information Security awareness.

It is expected that with the increasing use of information technologies that we have been observing, cybercrime will also follow this growing trend.

In addition to the growing pattern of cybercrime, it is also expected that attackers will become increasingly organised, structured and specialized, as it happens with traditional crime.

During the 90s and the 2000 decades, the preferred targets were the corporate, banking and insurance sectors. Currently, Cybercriminals have been diversifying their practices far beyond those target areas, and presently any entity or person can be a Cybercrime target.

Social Engineering is the designation given to the set of persuasion techniques which purpose is getting users to execute or leverage actions in line with the attackers' goals.

Social engineering attacks are applicable in the context of cybersecurity as they can be applied in combination with attacks of technological nature. An example of this is the Phishing attack, in which a given user is induced to provide information or access to resources, under the illusion of being in contact with a trustworthy entity.

Learn how to avoid these attacks here with Oscar.

The General Data Protection Regulation (GDPR) is the European regulation that addresses the privacy and protection of personal data. In addition, it has the purpose of safeguarding the citizens' rights and protect them from risks and threats related to the provision or misuse of their data.

Therefore, this regulation legislates several rights in defence of the holders of personal data, specifically, the right to transparency, information, access, rectification, erasure ('right to be forgotten'), among others.

Therefore, the entities to which the regulation is applicable have the legal responsibility to provide resources to safeguard such rights, in addition to implement the necessary measures to ensure the adequate protection of the holders' data.

This adequate protection, which is specified in article 32 of the regulation, mentions "The capability to ensure the permanent confidentiality, integrity, availability and resilience of data processing systems and services", and it is precisely here where there is a strong connection between the GDPR and Cybersecurity.

It is therefore crucial to apply the practices and controls associated with Cybersecurity, namely as regards Access Control, Data Encryption, Backups, Resilience, Tests, among other fundamental procedures, in order to guarantee the purpose of personal data protection measures.

Accordingly, there is a considerable intersection between these two areas, Privacy and Cybersecurity, although they may have different goals, as a considerable part of the controls to ensure Data Privacy involves the implementation of Information Security controls. For these reasons, the GDPR has effectively reinforced the importance of Cybersecurity.

The padlock on a website provides users a guarantee on the authenticity of the website they are visiting, regarding the internet domain of the page in question, also guaranteeing the encryption of the data transmitted and received from that page, being this the effective function of the digital certificate. which is represented by the padlock. Despite these security properties (domain authenticity and data encryption), the certificate does not guarantee, among other risks, whether the site is secure to manage the users' data or whether the site is reliable for carrying out financial transactions.

As an example, imagine that you are going to buy an item from a store that you do not know. In fact, if the store has a guard at the door, it will certainly provide you with a higher level of reliability, but then again, it does not necessarily mean that the items you will buy in that store are not, for example, defective or counterfeit.

Phishing is a means of cyberattack in which attackers try, through email, applications or websites, to illicitly acquire users' data, i.e., passwords, financial or bank data, credit card numbers and other confidential information. The aim is to manipulate users and obtain such private data for identity theft, bank accounts theft, etc.

Phishing attacks are frequently carried out on a large scale, which means that attackers send an email (apparently coming from a legitimate entity in the market) to thousands of users, instead of spear phishing, which is directed at specific targets, whether they be individuals or companies.

To avoid being victims of this type of attack, users should be alert to emails sent by unknown persons or entities; they should not open suspicious attachments or attached files that they are not expecting to receive and, before opening any link, they should always check if it is trustworthy.

For protection against new phishing scams, users must also install and always keep their protection software updated and shielded from viruses, malware, and other that may be applicable. More information here.

Vishing (combination of Voice and Phishing) is a variation of phishing but carried out through voice calls in which the attacker calls the victim, impersonating another person or entity with the aim of acquiring confidential information or induce actions with a view to acquiring this data. These telephone calls can be made either by a single person or by an automated system.

Smishing, in turn, represents an attack that is similar to phishing or vishing, but this one is made by SMS messages and with the same intent - persuade the user to perform a certain action in order to obtain data or illicit accesses.

To avoid this type of attack, users must be careful whenever answering unknown numbers. It is better to write down the name of the calling entity, look up the number on the Internet and call directly. One should never assume that the call is genuine just because they have the correct personal data; sensitive data (namely financial or access data by this means) should never be made available; you should never make certain actions or payments during the call, and it is always best to be suspicious and request technical information (to which only a reliable employee would have access) or, if the doubt persists, even hang up the phone and seek the contact of the entity and validate that the number is, in fact, reliable. More information here.

Spoofing is becoming an increasingly common practice in cyber attacks, where assailants impersonate others to gain the trust of individuals and access systems to steal data, money, or distribute malware.

Attackers usually use techniques that allow the sender of the message to be altered in order to impersonate an authority, organisation or even a trusted contact. In practice, the number that appears on the device will be identified with the name of an organisation or with the same name as the one you have stored in your contacts if it is a person you know. In this type of attack, the victims are more vulnerable to being attacked because of the techniques used, which make everything seem real.

These attacks may involve forgeries such as emails, websites, phone calls, and text messages. Common methods include sending phishing emails with deceptive links and phone calls where cyber attackers pretend to be legitimate representatives, such as from banks. The constant evolution of these threats underscores the importance of good cybersecurity practices to prevent and protect against spoofing attacks. Learn more about this topic and how to safeguard yourself from spoofing attacks here.

Most websites and services require or advise users to use strong passwords so that attackers cannot crack them.

In fact, there are so many websites asking for passwords that sometimes it would be more practical to use always the same password, although this is a huge mistake, as anyone who can guess the password of a service will be able to access all others.

One of the techniques used by attackers to guess passwords is called Dictionary Attack, in which the dictionary is automatically used with the purpose of identifying the password. Therefore, you should never use names, sequences or obvious things; you must use long and complex passwords, mix uppercases with lowercases and symbols; be careful and change passwords frequently; never disclose them to anyone and avoid repeating previously used passwords. More information here.

A Wi-Fi network is generally a means of accessing the Internet. With the proper security settings, a Wi-Fi network has an adequate protection, which is usually the scenario of the personal Wi-Fi networks we have in our homes. However, in many contexts we end up using Wi-Fi networks that do not belong to us or whose configuration has not been effectively validated. In those contexts, we are accessing resources through a means that cannot be completely reliable, resulting in multiple risks for users, namely the possibility that someone with malicious intent may, at the limit, intercept or monitor the content of your connection while using this means of access.

Therefore, not all Wi-Fi networks are secure, and we should consider very carefully whenever we connect to a public Wi-Fi network, and the kind of transactions and applications we use in such context.

Another important risk is that, by connecting to this Wi-Fi network, our equipment will become more exposed to all other users of the same Wi-Fi network. This should also be taken into account as it may cause a probable intrusion or the infection of your equipment with malicious software. Find out more here with Oscar.

In recent years, online shopping has skyrocketed given the convenience and speed it offers; however, it is important for users to know how to protect themselves. First, they must check if the website address has the protocol sign HTTPS in the URL, as this guarantees the legitimacy of the e-commerce as well as the encryption of the exchanged data, and therefore, transactions can be carried out with security (you can also read the Privacy Policies). You should also avoid carrying out online purchases using public Wi-Fi networks as it is always safer to do it using private networks, which are known in advance to be secure. However, if you are shopping in a public access spot, choose well-known networks, even if they are free of charge. It is also convenient to enter directly the official website address, instead of accessing it from a link and, if you suspect a website, do not forget carrying out the competent due diligence.

It is also important to create secure and strong passwords, changing them often, as well as checking your statements of account.

Make regular updates of your security software and put the update settings into automatic mode.

Regarding payment, before doing so, you should always read the terms and conditions and the terms of sale. As for the payment method, you should choose the one that provides the most security, and it should be noted that if you choose cards, the safest ones are those that require additional authentication.

Finally, if you're going to buy gift cards, make sure the site has a solid warranty policy.

In any case, it is important to be informed about consumer rights: Shopping: consumer rights in the EU - Your Europe (europa.eu)

Find out more here.

Formjacking is another means of cyberattack. It occurs when attackers inject malicious JavaScript code with the aim of tampering a website and being able to modify the functioning of its payment page. This type of attack represents a serious threat to both companies and users, as it is used to steal data of credit cards and the users' personal and confidential data.

To avoid this type of threat, users can take some measures such as: choosing to shop in websites they already know; seek information on the previous experience of other users; check the page URL and verify if the address bar indicates 'HTTPS', and not 'HTTP', and provide the strictly necessary information in order to proceed with the transaction. More information here.

A cybersecurity specialist is a qualified professional responsible for safeguarding computer systems, networks, data, and information against cyber threats, playing a pivotal role in protecting systems from cyber threats in a digital environment. Their qualifications are essential to maintain the integrity, confidentiality, and availability of secure information technology infrastructure. Therefore, the primary responsibilities and activities of a cybersecurity specialist include:

•  Risk Analysis
•  Security Monitoring
•  Incident Response
•  Technology Assessment
•  Ongoing Updates
•  Penetration Testing
•  Security Policy Development
•  Data Protection

By carrying out these practices, a cybersecurity specialist can achieve better results and ensure greater security effectiveness in computer systems.

Artificial Intelligence (AI) has a significantly positive impact on cybersecurity, as it can be used to enhance threat detection and bolster defense against cyberattacks.

AI can contribute to cybersecurity in various ways, such as:

•  Threat Detection
•  Behavioral Analysis
•  Malware Analysis
•  Incident Response
•  Threat Prediction
•  Multi-Factor Authentication
•  Access Management
•  Log Analysis
•  Combating Advanced Persistent Threats (APTs)
•  Machine Learning for Defense

Although AI is a tool that positively contributes to the development of cybersecurity, it's important to be aware that the same technology can be used and exploited by cyber attackers to create even more dangerous threats.

Thus, AI plays a crucial role in this ongoing evolution of cyberattacks, both for defense and offense. However, it remains an essential resource for protecting systems and data and contributing to cybersecurity.

Malware (short for malicious software) is related to any type of software created with the purpose of causing harm to computers, devices, or networks and carrying out malicious activities without the user's knowledge or consent.

Malware can take various forms, most of which are harmful. The following examples pertain to the most common types of malware: Viruses, Worms, Trojans, Spyware, Adware, Ransomware, Rootkits, Botnets, Keyloggers, Mobile Malware.

Typically, the spread of malware occurs through downloads of unknown software, malicious email attachments, compromised websites, or the exploitation of security vulnerabilities in outdated systems. However, it is possible to protect our devices from malware by using antivirus systems and firewalls and adopting secure cybersecurity practices. It's also important to keep systems and software up to date.

A ransomware attack is a type of cyberattack in which attackers encrypt the data of a system or network, preventing legitimate users from accessing it. This type of attack is called ransomware because the attackers hold the data and information hostage and demand a ransom (usually a payment made in cryptocurrencies) in exchange for a key that can decrypt the data.

There is a similar pattern among various ransomware attacks:

•  System Entry: Attackers introduce ransomware into the system through email attachments, downloads, or compromised websites.
•  Encryption: Once introduced into the system, the malware initiates the encryption process, rendering the system's data and information inaccessible without the appropriate decryption key.
•  Ransom Demand: After encrypting the data, cybercriminals display a notification or introduce a ransom note into the system, informing the victim that their data has been encrypted and demanding a specific amount of money for users to obtain the decryption key.
•  Deadline: Attackers set a deadline for the ransom payment, threatening the permanent deletion of all information if the payment is not made within the specified timeframe.
•  Payment: If the victim chooses to make the payment, attackers typically provide the decryption key, allowing the user to recover their data. However, there are no guarantees that the attackers will honor the agreement, as in many cases, victims are unable to recover their data even after paying the ransom.

Ransomware attacks can be devastating for users, businesses, and organizations, as they result in a complete loss of security, the loss of critical data and information, and significant costs. Therefore, implementing cybersecurity measures, keeping systems and software up to date, and regularly creating backups can be practical solutions to protect against ransomware attacks.

Learn how to protect from these attacks with Oscar here.

Spyware is a type of malware designed to collect information about a user's activity on a computer or device without their knowledge or consent. This information can include personal data like passwords, browsing history, credit card information, and other confidential data. Spyware is often used for identity theft, financial fraud, and cyber espionage.

There are some cybersecurity practices to detect spyware, such as using antivirus software and being vigilant for unwanted pop-up signs.

To prevent spyware, it's essential to be cautious about downloading and unknown emails, keep antivirus software up to date, perform regular computer updates, and use a firewall. These cybersecurity measures can significantly reduce the risk of a spyware attack.

If you have a spyware infection, it's crucial to mitigate this risk. Spyware can be removed using anti-spyware software, restoring from a backup, or, in extreme cases, by formatting and reinstalling the system.

ISO 27001 is an international standard that establishes requirements and guidelines for information security management, cybersecurity, and privacy protection in organizations. It was developed to help organizations establish, implement, maintain, and continually improve an Information Security Management System (ISMS).

ISO 27001 is fundamental to the development of best cybersecurity practices as it identifies information assets relevant to the organization, assesses the risks of information security, cybersecurity, and privacy, provides guidance on responding to cyber threats or attacks, lists mitigating risk controls, and addresses awareness and personal training for information security, cybersecurity, and privacy.

There is also an extension of ISO 27001, ISO 27701, which primarily focuses on the protection of personal information. It aligns with the requirements and obligations of the European Union's General Data Protection Regulation (GDPR) and other privacy regulations. Specific requirements for personal data protection, guidelines for managing privacy incidents, risk assessment, and documentation requirements for data processing are examples of various practices and measures in ISO 27701 that can significantly benefit the advancement of information security and cybersecurity.

PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards developed by major payment card companies, such as Visa, MasterCard, and American Express. These standards were created to protect payment information and banking data, ensure the security of credit card transactions, and reduce fraud.

In organizations and businesses that handle payment information, such as merchants and banks, there is a heightened commitment to PCI DSS by complying with the guidelines and requirements it contains. Therefore, many companies invest in security and cybersecurity measures to ensure compliance with PCI DSS, in order to protect customers' credit card data and maintain consumer trust.

An ethical hacker, also known as a pentester, is a cybersecurity expert who leverages their technical hacking knowledge to identify vulnerabilities in computer systems, networks, and applications so that these vulnerabilities can be resolved.

Ethical hackers operate legally and with proper authorization, adhering to ethical principles, with the goal of safeguarding the security and privacy of systems and data and assisting companies in strengthening their cybersecurity systems. Through penetration testing (pentesting), system flaw analysis, and security assessments, an ethical hacker plays a vital role in the cybersecurity industry.

Bluesnarfing is a cyberattack technique that allows cyber attackers to steal personal data, confidential information, and even money from devices through Bluetooth.

For a bluesnarfing attack to be successful, several conditions need to be met:

1. The device's Bluetooth needs to be enabled: The target device must have Bluetooth enabled for the attacker to attempt to establish a connection.
2. Physical proximity: Due to the limited range of Bluetooth technology, the attacker needs to be physically close to the victim, usually within a radius of up to 10 metres.
3. Specialised software: Cyber attackers need specialised software to exploit the device's vulnerabilities, allowing them to establish a connection without the user's consent.
4. User behaviour or device vulnerability:
   • Inappropriate user behaviour: The user may inadvertently leave the device visible or accept unknown connections.
   • Device vulnerabilities: The device may have known vulnerabilities in its Bluetooth software, which attackers can exploit to gain unauthorised access.

Newer devices tend to be less vulnerable to this type of cyberattack as they have the latest security patches. However, it is important to adopt certain measures to prevent bluesnarfing attacks and minimise risks, such as keeping Bluetooth turned off when not in use; setting your device to be "non-discoverable/invisible" when Bluetooth is enabled, as this makes it harder to locate your device; applying security updates regularly, and not accepting Bluetooth connection requests from unknown devices.

Learn more tips about how to Protect your mobile devices here.

Keylogging is a technique used to record all the keystrokes typed by a user on a keyboard. This recording is done through programs or devices called keyloggers, which can be used for both legitimate purposes, such as monitoring activities in a company, and for malicious activities, such as stealing passwords and confidential data. Keyloggers can be software installed on the operating system or physical devices connected to the keyboard.

From a cybersecurity perspective, keylogging is a serious threat because, when used by cybercriminals, it can capture personal and financial information without the victim's knowledge. To protect against this type of attack, it's important to use up-to-date antivirus software, firewalls, and good security practices, such as avoiding clicking on suspicious links or downloading files from untrusted sources.

A Man-in-the-Middle (MITM) attack is an attack in which an attacker secretly positions themselves between two systems or users who believe they are communicating directly with each other. In this way, the attacker is able to intercept, read or modify communications without the victim realising, making everything appear to function normally.

This type of attack frequently occurs on unsecured Wi-Fi networks, through malicious access points (Evil Twin / Rogue Wi-Fi), or within internal networks using techniques such as ARP spoofing, which allow traffic to be redirected through the attacker. It may also involve DNS manipulation, leading users to fake websites for credential theft or malware distribution.

There are variations of MITM, such as Man-in-the-Browser (MitB), in which malware compromises the victim's browser and alters pages or transactions, as well as attacks that rely on social engineering to bypass multi-factor authentication (MFA), including real-time phishing or SIM swap attacks, where the attacker receives SMS codes intended for the victim.

These attacks exploit unencrypted connections, outdated protocols or weaknesses in certificate validation, and can result in data theft, credential compromise and unauthorised access to systems.