PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name "Perspectives From the Campus Series”, we invite experts -- immersed in the pursuit of educating their students -- to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the Executive Director at the Center for Security Services and Cyber Defense at Anderson University, shares some important information regarding four cyber threats and what you need to know to stay protected.

By David Dungan

When it comes to cyber threats, it’s a matter of trust.

For a scheme or a scam to be successful, cybercriminals are relying on the notion that we will trust whatever it is we’re seeing or being asked to do in an email, or what we’re doing when we’re setting up a device at home (products we now refer to as the “Internet of Things”) and that it’s OK and, otherwise, is considered safe and secure.  Unfortunately, as we’ve discovered, that’s simply not true.

This year, there are four cyber threats that have emerged as providing the greatest risk for consumers and while they’re not new, it reminds us of the importance that comes with protecting ourselves when we’re online.

IoT Insecurities

The beloved Alexa, a smart tv, and the newest cars all have one aspect in common: these products are considered a part of the “Internet of Things” (IoT) because they are devices connected to the internet or a network that can automatically collect and transmit data.

The Open Worldwide Application Security Project (OWASP) has reported on several top risks involving IoT, including weak passwords, outdated components, lacking update capabilities, and insecure privacy protections. Attackers can also use infected IoT devices as bots for Distributed Denial of Service (DDoS) attacks to disrupt or degrade a network.

Before you buy an IoT device, it’s a good idea to do some research before purchasing it, so as to help avoid purchasing a device with some known exploits. If the devices have update capabilities, be sure tto install these as soon as possible.

Ransomware

Ransomware is malware that affects devices or a network of devices by holding the system and its files “hostage” by demanding the user pay for access to their own devices and data. Victims can get ransomware through spam, malicious advertising, or forms of phishing. Fortunately, there are steps that you can take to mitigate the risks of cybersecurity attacks, such as maintaining backups, frequently updating systems, utilizing secure configuration settings, implementing antivirus software, and educating yourself about any potential risks. In the event that you or your company are a victim of a ransomware attack, the Cybersecurity Infrastructure and Security Agency (CISA) offers a Ransomware Response Checklist to help you respond and recover.

Pig Butchering Schemes

Pig butchering schemes occur when the attacker works to gain the victim’s trust before manipulating the victim to willingly invest in the attacker’s false investment scheme. Once that happens, the attacker disappears with their pilfered funds, leaving the victim broke and heartbroken.

You can distinguish pig-butchering schemes by noting if the attacker sends unsolicited messages, is an unknown contact, refuses to participate in video chats, requests financial information, or invites you to invest in their newest vague financial scheme, makes an irrational claim, or insists with urgency that you need to make the investment.

A good rule of thumb is to give yourself time and scrutinize the legitimacy of any supposed investment opportunities.

Phishing Scheme Variants

Phishing scams utilize online interactions to trick individuals into revealing sensitive information regarding themselves or their financial information. Smishing can occur through text messages, vishing through phone calls, or social media attacks. This can result in divulging sensitive information for future attacks, extortion, or an attempt at financial fraud of an individual or an organization.

These phishing schemes all have an underlying solution: do not interact with suspicious calls, text messages, emails, or fraudulent interactions online.

In Indiana, whether you are an organization experiencing a cyber incident or cyberattack, or you’re an individual who is a victim of identity theft, you can visit the Indiana Cyber Hub website’s Report a Cyber Incident page featuring a step-by-step process that’s easy to follow. The Consumer Protection Division of the Indiana Attorney General’s Office also offers a variety of free resources to help you. And the Indiana State Police Cyber Crime Unit also provides law enforcement officers to assist in criminal investigations involving the use of digital media as an integral part of the crime.

If you or someone you know is the victim of identity fraud or cybercrime, the FBI’s Internet Crime Complaint Center is another essential reporting tool to submit suspected cybercrimes. This helps to prevent internet crimes by promoting the sharing of information about threats.