How to Protect Your Domains and Other Sensitive Data, Part III

[This is final segment of a three part series addressing security measures and precautions you can take to protect your domains and other data. Check out parts 1 and 2.]

From Wi-Fi “honeypots” to social engineering heists, we’ve covered the most common types of attacks on your domains and data. This final segment will expose the more sophisticated  schemes criminals use to steal your digital assets: malicious applications that run in the background. Note that even if you are a Mac user, your computer is still open to malware! Some of the most common signs of an “infection” are random pop-ups, a sluggish computer, constant crashing, large network activity, and altered browser settings. The most talented virtual thieves will design programs that don’t have any “tells” so they can quietly run in the background for the life of your device and collect your information without detection. Most of these criminals utilize classic “bait-and-switch” tactics–posing their applications as a game, tool, or media file waiting to be downloaded.

Incognito Malicious Application Attacks and How to Prevent Them

  1. Common Delivery Methods – The most common avenues for malevolent application downloads are malicious sites, new or unrated games or tools in the app store, and emails. Quite often, email spoofing is the culprit. An email attachment could be infected, or contain links that will take you to another site that requests you enter a captcha. This captcha then downloads the application to your computer. You might also receive an email from your registrar asking you to confirm your WHOIS information. Another common attempt is through newsletter emails you never subscribed to.  When you click on the unsubscribe link, it forwards you to a site that either tries to download a program to your computer, or signs you up for more spam as a recognized account.
    • Most of these tactics and others can be evaded with commonplace free antivirus and anti-malware software. This software will scan emails, links, and websites for antagonistic applications.
  2. Bait and Switch Apps – It’s not often that people look at mobile apps and think “danger.” Light widgets, fun games, and other tools can get the best of users. These apps will function as normal, but secretly run malicious applications in the background. They may even go as far as to clone your phone. Cloned phones allow hackers to see everything you’re doing and actually perform tasks themselves without your knowledge. Some of these include: making phone calls, sending out emails, reading any information stored on the phone, using the phone’s camera and recording features, gps, etc. Stealing your domains (or anything else) is child’s play if you’ve stored your unencrypted login credentials on your device, especially if you have all two step verifications set up to go through it, and it has access to your account email.
    • Only download trusted apps from the app store with a substantial amount of reviews and other downloads. If you’re using android, make sure to actually read the permissions you’re giving them. An exercise app shouldn’t conspicuously require permission to use your camera.
    • For iPhone users, the real threat comes from jailbreaking your phone.
    • Install security apps like Blue Box and Lookout for consumer android mobile protection, and remember to individually password protect the most sensitive areas of your phone with a memorized login.
  3. Bitcoin Ransom – This tactic is known as cryptolocker ransomware. After your computer is infected, it encrypts areas of your hard drive, then presents the option of paying for a key to the encryption using bitcoins. If the ransom remains unpaid after a predetermined amount of time,  it will wipe the information from your hard drive. The original cryptolocker malware was taken down by security firms, but many clones have taken its place. In this particular example, they’re seeking untraceable funds as the ransom, but with more targeted attempts, it could easily be domains, social media handles, and other digital assets.
    • Basic antivirus and antimalware software is a first step to preventing these attacks.
    • Having external access to your information will eliminate their leverage if it does happen. Setup an automated backup through an external hard drive and an online cloud service (however, remember to always encrypt login credentials, old tax returns, and other sensitive data and never store those in the cloud!).
  4. Keyloggers – These programs record your computer’s and device’s keystrokes and will eventually divulge your passwords.
    • Free anti-virus and anti-malware programs will help you avoid these. WOT is also a great free browser add-on for Chrome that alerts you to suspicious sites.
  5. Donated or Sold Devices – After donating or selling your device to a 3rd party, criminals will often run programs that unearth sensitive information even after it’s been deleted several times.
    • A good rule of thumb is to never donate or sell a piece of technology that has ever housed sensitive data. If you must, make sure you run a program that writes and rewrites information to it countless times. One method is “zero-fill” where a program just overwrites data with zeros. Especially with magnetic mediums, the safest and simplest method (albeit most paranoid) is following the same standards for government data sanitization protocols used by the Department of Defense, Department of Energy, CIA, and  Nuclear Regulatory Commission. They use degaussing technology and/or physically destroy the devices.

We’ve covered quite a few precautions throughout this series so I’ve summarized them in the following list for you to easily peruse

  1. Install virus and malware protection.
  2. Backup data.
  3. Encrypt anything of importance.
  4. Create varying strong passwords, secure-emails, and usernames for different types of accounts.
    • Regularly swap out passwords and credit cards on an annual basis.
    • Invent answers that can’t be Googled to reset password protocols.
    • Use a secure password manager.
    • Don’t share login credentials.
  5. Use multi-step authentication methods.
  6. Automatically update your OS and protection programs.
  7. Only use secure connections and avoid using public WiFi for important tasks.

Using these safeguards is a great start to protect your domains and other digital assets. Remember that these suggestions are intended to help and not hinder your performance. Prioritize your long term goals and take the proactive steps that will save you the most time and stress. For example, most banking institutions do not make themselves 100% completely impervious to theft because it is too expensive and time intensive to be worth the effort. This isn’t to say they don’t take any precautions either, and we know they deter a vast majority of attempts. Find a happy medium by thinking long term and having a strategy for a maintainable defensive.

If you have any additional recommendations, please share them!

{ 0 comments… add one }

Leave a Comment