Jun 3, 2013

Common Online Threats and How to Protect Yourself

We discuss online threats and breaches a fair bit on the LastPass blog, but we wanted to take a step back and dive into more detail on the types of threats you may encounter. We throw around a lot of technical terms (phishing, malware, viruses, hashing, salting, and more) but want to provide more information on what some of those terms mean, and how they can potentially affect you. Some of these “attacks” attempt to “spy” on you or steal information from your computer, while others install faulty programs to your desktop, but they all have one thing in common: they pose a security risk to consumers and businesses alike. These just scratch the surface, but are the ones that the average user is most likely to encounter.

The Most Common Threats


Malware, or “Malicious Software”, are types of adware or spyware programmed by attackers trying to infect your computer, steal your data, or even gain access to your network. A total of 91.9 million URLs serving malicious code were detected in the fall of 2012. Malware is a generic term for many different types of “infections” that may be downloaded to your computer.

Phishing is a scam where an attacker uses fake or partial information to try to trick someone into revealing passwords and other confidential information, typically via email or social media. LastPass helps protect you against fake-website phishing attacks by not filling your credentials when it does not see a URL or field match.

Viruses are programs that infect software on your computer. When you run this software, it causes the virus to spread throughout your computer. Basically, the virus can replicate itself and continue spreading to other computers (much like a biological virus), causing hardware and software issues.

Worms are programs that replicate and spread through a network, infecting multiple devices. Unlike a virus, a worm does not need to attach itself to an existing software. Worms cause harm to a network, while viruses cause harm to a targeted computer.

Trojans are software that “appear” genuine, and invites the user to run it, but instead, it releases a malicious load that deletes your files and harms your computer. 49% of all Kaspersky Lab threat detections in Q2 of 2012 were multi-functional Trojans.

A backdoor is a method of bypassing normal authentication to illegally gain remote access to the machine and the data on it. It can be installed to computers by Trojans or worms.
Spyware is a software that gathers a users information without their knowledge, and sends this data to third parties.

KeyLogger software captures the keystrokes entered on your computer keyboard. The keylogger software is then able to transmit these keystrokes where they can be viewed. As a prevention against keyloggers, when using a public or “untrusted” computer, LastPass offers the option to input your master password with a 'Virtual Keyboard’, allowing you to login without using the keyboard to type your master password.
Adware are programs that send advertisements or “pop-ups,” to users based on their internet usage, which can display annoying ads or link you to more malicious software.

Scareware is malware trying to pose as a viable solution to a “fake” virus on your computer. The idea behind Scareware is to “scare” you into installing an antivirus software directly to your computer, which in reality is the virus, and then may hold your data ransom.

Rootkits modify a user’s operating system so a malware can stay hidden.

Spam are bulk emails sent without any consent from the receivers. According to the Electronic Commerce in Canada, 80% of emails sent today are spam.

Apps are a relatively new threat, but their popularity extends the risk they may pose (over 50 billion apps are available for download from the iTunes App Store). Many users believe that apps are safe because they are sold from “trusted” providers, like the iTunes App Store or Google Play Store. However, legitimate apps may be infected and sold through these locations. An example, the Dougalek malicious program, which tens of thousands of people downloaded, led to one of the biggest data breaches ever caused as a result of mobile devices. Also, free apps from unofficial providers are frequently compromised as well.

How Can You Stay Safe?


We want to emphasize that using LastPass makes you safer and that following these practices will further help to improve your security:
  1. Never tell your LastPass master password to anyone for any reason.
  2. Always use and make sure your anti-virus, anti-malware, and firewall software are up-to-date.
  3. Never click on any links in emails unless you specifically requested that the email be sent to you. Even then, if it seems out of character, double-check with the sender before opening a link or attachment.
  4. Never assume that any email you receive was actually sent by the recipient listed as the sender.
  5. Avoid using untrusted computers or untrusted computer networks.
  6. Do not trust any communications claiming to be from LastPass that reveal any personal or confidential information about you whatsoever.
  7. Use LastPass to automatically fill login credentials for websites you visit to avoid the risk of phishing attacks.
  8. Always click on the LastPass browser plugin icon to access your LastPass vault, rather than links in any suspicious emails.
  9. Only download apps from trusted companies, and check all permissions before completing the download. 
  10. Use multifactor authentication for increased security.
In the end, good security is about being proactive and vigilant. What other tips and tricks would you recommend?

Have a question you'd like to see answered by the LastPass team in a blog post? Let us know in comments or send us a note at marketing[at]lastpass.com. If we choose your question, you'll get a Tshirt!

13 comments:

  1. Don't use Java
    Don't us Adobe Reader
    Don't use Windows.

    ReplyDelete
    Replies
    1. I particularly like your last suggestion mvario.

      Delete
  2. Thanks very much for this text. It came in right moment. I was just about searching how to use the internet most safely on the public computers, because my wife will be several months absent from home, working on a cruise ships where practically the only way to use internet is on the public computers. We are using lastpass at home, and these 10 suggestions are magnificent. I wasn't aware of the possibility to use virtual keyboard :( untill now. And auto filling passwords is also outstanding possibility. Multifactor authentication is something what we will start using now.

    I told her also to use private mode on such computers, where she will need to pay for surfing, if the crew allowed private mode. As far we heard, they have only IE installed on their ship computers, so I also will need in the next several days to become more familiar with IE, which I stopped using long time ago :D

    Thanks again lastpass for being with us and for giving us marvelous easy options to secure ourselves.

    ReplyDelete
    Replies
    1. Thanks, we're glad to hear it was helpful! If she's allowed to use USB thumb drives on those machines on the ship, she may want to look into running a portable browser, such as Firefox or Chrome, from the thumb drive with LastPass installed: https://helpdesk.lastpass.com/lastpass-on-the-go-2/lastpass-portable/

      Delete
    2. Thanks Ms.Gott. I'll prepare one usb flash disk with chrome portable installed , with also last pass portable, just in case if that is allowed to use. Nice suggestion. I didn't have that in mind.

      Best regards :D

      Delete
    3. Buy USB stick, download portable browser, Install Lastpass Portable, enable LastPass Secame. If she has to use the Master Password use this> http://www.aplin.com.au/

      Delete
    4. Thanks very much guys for these suggestions. Especially I liked aplin. p.s. we found out today, that usb stick isn't allowed to be plugged into their computers, so we'll need more to focus on online protection. And private mode in IE. ;)

      Delete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. "over 50 billion apps are available for download from the iTunes App Store"

    It's actually 50 billion apps have been downloaded and there are about 850 000 apps on the store.

    ReplyDelete
    Replies
    1. Thanks for the clarification, apologies for our error.

      Delete
  5. thanx, i got lot of information for my examination, thanx a lot once again

    ReplyDelete